Kubernetes: EKS 1.21 Expiration IRSA Token

[jplanckeel]

Environment

• Airbyte version: 0.35.2-alpha
• OS Version / Instance: EKS 1.12, AWS node.
• Deployment: Kubernetes

Tell us about the problem you're trying to solve

We use IRSA to give IAM access to Airbyte container to access Database. But since EKS 1.21 a feature token expire is activated by default. But AWS tells us a pod with token expired is present for Airbyte. For the moment is not a problem but in futur the application can't run on kubernetes.

Describe the solution you’d like

AWS recomand to upgrade Kubernetes lib to solve the problem.

[marcosmarxm]

Thanks for opening this @jplanckeel added the issue to team backlog.

[jplanckeel]

Hello, I wanted to know if you had any news on the subject?

i linked for you issue on library k8s fabric8io/kubernetes-client#2112

thanks you ;)

[marcosmarxm]

@davinchia could you give your opinion on this issue?

[davinchia]

Hi, sorry for the late reply.

I'm not sure I understand why this blocks us in the future if this is the default since 1.21. We are currently on 1.22 internally and not seeing issues. Can you say more?

[adam-bloom]

@davinchia I linked some more resources at https://discuss.airbyte.io/t/support-for-k8s-1-24/2206 (and looks like we have a duplicate github issue: #15523

[calebfornari]

@davinchia please see the EKS release page also, particularly the 1.22 release notes section. The first item highlighted explains that 1.22 has a grace period for legacy token behavior but this goes away in 1.23.

https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html

[davinchia]

Got it, thank you all! Will digest and come back with updates.