Authentication Issue for AWS EKS Cluster
garretthoffman opened this issue · 3 comments
We are attempting to connect to our AWS EKS cluter (via Apache Airflow) and are getting an Authentication error for jobs running longer than 15 minutes. We are using the aws-iam-authenticator for authentication. The issue is that this provides an auth token that expires every 15 minutes, so I think that the client is not able to update the token the currently running job as it is monitoring its status, so after 15 minutes it tries to get a status update with the old token then fails due to the unauthorized error.
We tried attacking an IAM role in our .kube_config to increase this token expiration to 2 hours, but this isn't changing anything. Looking into it it seems like there was a similar issue with the Kubernetes Python Client for Google Cloud Platform that was fixed last year.
This is actually the same issue as this: kubernetes-client/python#741
I think this caused by kubernetes-sigs/aws-iam-authenticator#63 see the comment for more details about why this is happening.
Ultimately looks like it's an AWS problem.
Thanks, I will go ahead and close this.