You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
typeServiceAccountTokenProjectionstruct {
...// expirationSeconds is the requested duration of validity of the service// account token. As the token approaches expiration, the kubelet volume// plugin will proactively rotate the service account token. The kubelet will// start trying to rotate the token if the token is older than 80 percent of// its time to live or if the token is older than 24 hours.Defaults to 1 hour// and must be at least 10 minutes.//+optionalExpirationSeconds*int64`json:"expirationSeconds,omitempty" protobuf:"varint,2,opt,name=expirationSeconds"`
Thus, token expiration can configure more shorter value. However, it is not possible for users to change it. I think making MinTokenExpiration configurable with validation(at least 10 min) is reasonable.
I'm very welcome to contribute to this.
The text was updated successfully, but these errors were encountered:
What would you like to be added:
make
MinTokenExpirationconfigurable because there is no way to configure token expiration duration less than this valueWhy is this needed:
Although the comment of
MinTokenExpirationsays:amazon-eks-pod-identity-webhook/pkg/constants.go
Lines 21 to 22 in 0d254ee
k8s API says:
https://github.com/kubernetes/api/blob/1eb735bf86030410bc1d8323332500c7502dad70/core/v1/types.go#L1667-L1674
Thus, token expiration can configure more shorter value. However, it is not possible for users to change it. I think making
MinTokenExpirationconfigurable with validation(at least 10 min) is reasonable.I'm very welcome to contribute to this.
The text was updated successfully, but these errors were encountered: