kubefwd
kubefwd copied to clipboard
kubefwd does not refresh the oidc token
We're using a ~/.kube/config
file with a configuration similar to this:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: (redacted)
server: https://api.(redacted)
name: (redacted)
contexts:
- context:
cluster: (redacted)
user: (redacted email)
name: (redacted)
current-context: (redacted)
kind: Config
preferences: {}
users:
- name: (redacted email address)
user:
auth-provider:
config:
client-id: (redacted)
client-secret: (redacted)
id-token: (redacted)
idp-issuer-url: https://accounts.google.com/
refresh-token: (redacted)
name: oidc
While kubectl
has no issue using it (and refreshing it every hour or so), with kubefwd
we observed that after id_token expires it is not refreshed.
The workaround is calling kubectl
manually, but any chance this functionality can be added to kubefwd?
I tried to simulate it, but my OIDC token gets refreshed. Furthermore I believe the token refresh functionality is implemented in kubernetes/client-go. @alexef Can you please check what kubefwd version do you have?
I can not reproduce this issue without more information. Seems to be working for others as well.
I know this is closed, but I started using kubefwd and am having the same problem. . I'm using 1.18.0 version of kubefwd on windows. Not sure it matters, but using AKS 1.18.14 with integrated AAD.
@davejhahn kubefwd
uses the official kubernetes/client-go. There is a section in readme client-go#whats-included listing the plugin/pkg/client/auth packages
containing optional authentication plugins for obtaining credentials from external sources.
https://github.com/kubernetes/client-go/tree/master/plugin/pkg/client/auth
I don't see specific instructions for enabling these but I can take a deeper look this weekend unless you can point me to a good example. Thanks!
@davejhahn could you try updating to at least 1.18.1?
There's a version bump for the underlying kubernetes go client. It fixed a similar sounding issue I had, since there is a new option that was introduced in a newer version of kuectl, that the kubernetes go client in kubefwd version 1.18.0 doesn't properly support.
I don't remember the details, but my 4 hours of investigating an issue with access tokens not refreshing properly with Azure Kubernetes resulted in me just bumping the kubefwd version to solve the problem.