node tuning: failed to list *v1.Job: Unauthorized #2287
Labels
kind/bug
Categorizes issue or PR as related to a bug.
priority/important-longterm
Important over the long term, but may not be staffed and/or may need multiple releases to complete.
What happened?
It appears that serviceaccount/tokens used by the
cluster-node-setup
daemonset are not refreshed after a certain period of time (in my case 106d) - I can see logs as follows:Verified that the RBAC is setup correctly - a simple restart of the daemonset resolves the issue.
This is problematic because scylla nodes will fail to startup as the associated nodeconfig configmap will be blocked:
What did you expect to happen?
the
cluster-node-setup
daemonset should have pods that refresh their tokens correctly and be able to query the kubernetes API for it to function correctly.How can we reproduce it (as minimally and precisely as possible)?
Deploy a nodeConfig CR for e.g.:
leave it running for 100d+
Scylla Operator version
scylla-operator:1.13
Kubernetes platform name and version
Kubernetes platform info:
EKS
Please attach the must-gather archive.
NA
Anything else we need to know?
No response
The text was updated successfully, but these errors were encountered: