Skip to content
This repository has been archived by the owner on Oct 23, 2024. It is now read-only.

Commit

Permalink
Implement kubernetes token refresh (which is enabled by default in ku…
Browse files Browse the repository at this point in the history 
…bernetes 1.21+) (#2679)
  • Loading branch information
@hughesjj
hughesjj authored Jan 13, 2023
1 parent 01a48cc commit 8e1e990
Showing 1 changed file with 6 additions and 7 deletions.
13 changes: 6 additions & 7 deletions pkg/core/common/kubelet/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (

"github.com/pkg/errors"
log "github.com/sirupsen/logrus"
k8sTransport "k8s.io/client-go/transport"

"github.com/signalfx/signalfx-agent/pkg/core/common/auth"
)
Expand Down Expand Up @@ -91,8 +92,8 @@ func NewClient(kubeletAPI *APIConfig, logger log.FieldLogger) (*Client, error) {
if err != nil {
return nil, err
}

token, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/token")
tokenPath := "/var/run/secrets/kubernetes.io/serviceaccount/token"
token, err := ioutil.ReadFile(tokenPath)
if err != nil {
return nil, errors.Wrap(err, "Could not read service account token at default location, are "+
"you sure service account tokens are mounted into your containers by default?")
Expand All @@ -106,12 +107,10 @@ func NewClient(kubeletAPI *APIConfig, logger log.FieldLogger) (*Client, error) {
tlsConfig.RootCAs = certs
t := transport.(*http.Transport)
t.TLSClientConfig = tlsConfig

transport = &auth.TransportWithToken{
RoundTripper: t,
Token: string(token),
transport, err = k8sTransport.NewBearerAuthWithRefreshRoundTripper(string(token), tokenPath, t)
if err != nil {
return nil, errors.Wrap(err, "Could not set up refreshable context for kubernetes AuthTypeService")
}

logger.Debug("Using service account authentication for Kubelet")
default:
transport.(*http.Transport).TLSClientConfig = tlsConfig
Expand Down

0 comments on commit 8e1e990

Please sign in to comment.