Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Enable node to update CNI kubeconfig as needed #344
When using projected serviceaccount tokens, the kubelet will rotate the token file periodically. This invalidates the one in use by the Calico CNI plugin.
This PR enabled node to detect when the token has changed, and update the CNI plugin's kubeconfig file with the new information in response so long as the following is true:
@tmjd We could, fundamentally. I think this is simpler and nicer (the old approach was some janky bash script). The old approach was also just for etcd secrets, not the k8s API access credentials.