You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Karpenter should refresh access tokens periodically to ensure that they do not expire.
Actual Behavior
Karpenter does not seem to refresh access tokens.
The GetToken function doesn't seem to be invoked anywhere in the codebase. I have noticed permission errors in the Karpenter pod logs when I have a node running for over 12 hours and the error message is typically about missing read permissions on the VM. The permissions are present and simply restarting the Karpenter pod fixes the problem, which leads me to suspect that the token is not being refreshed. My organisation has a 12 hour expiry policy for user login, but I do not know if that applies to identities. The start of the errors in the logs seems to correspond with the timeline.
Steps to Reproduce the Problem
Ensure that tokens expire after a period of time.
Deploy karpenter and a workload to trigger the creation of a pod on a Karpenter-managed node.
Wait till the token expires (12 hours in my case).
Notice that the pod logs mention read errors when trying to fetch VM details from ARM.
Resource Specs and Logs
TODO: I don't have the relevant logs currently, but I'll attach logs after reproducing the issue.
Community Note
Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment
The text was updated successfully, but these errors were encountered:
Version
Karpenter Version: v0.7.0
Kubernetes Version: v1.30.5
Expected Behavior
Karpenter should refresh access tokens periodically to ensure that they do not expire.
Actual Behavior
Karpenter does not seem to refresh access tokens.
The GetToken function doesn't seem to be invoked anywhere in the codebase. I have noticed permission errors in the Karpenter pod logs when I have a node running for over 12 hours and the error message is typically about missing read permissions on the VM. The permissions are present and simply restarting the Karpenter pod fixes the problem, which leads me to suspect that the token is not being refreshed. My organisation has a 12 hour expiry policy for user login, but I do not know if that applies to identities. The start of the errors in the logs seems to correspond with the timeline.
Steps to Reproduce the Problem
Resource Specs and Logs
TODO: I don't have the relevant logs currently, but I'll attach logs after reproducing the issue.
Community Note
The text was updated successfully, but these errors were encountered: