Hi team, Bumping this up again, from the AWS docs, the suggested approach is to simply upgrade the K8s java SDK client ( https://github.com/kubernetes-client/java/) being used. However, in Flink's case with the io.fabric8 K8s client, I am not sure how to handle it. Any help and guidance would be much appreciated.
Thanks, ---------- Forwarded message --------- From: Berkay Polat <bpo...@salesforce.com> Date: Thu, Nov 17, 2022 at 12:36 PM Subject: Stand alone K8s HA mode with Static Tokens Used by Service Accounts To: <user@flink.apache.org> Hi, Our team has been using flink 1.15 and we have a stand alone K8s flink setup that uses K8s HA services for its HA mode. Recently, our organization is in the works of updating their EKS clusters' Kubernetes versions to 1.21 or later. We received a request from our support team that the service accounts associated with our stand alone flink cluster have been using static tokens, which is not permitted for newer K8s versions. Instead, they requested us to switch to a refresh token approach ( https://docs.aws.amazon.com/eks/latest/userguide/service-accounts.html#identify-pods-using-stale-tokens ). >From what I understand, in flink 1.15, HA mode is using version 5.5.0 of io.fabric8's kubernetes client and it seems that it is compatible with K8s 1.21.1 and later ( https://github.com/fabric8io/kubernetes-client#compatibility-matrix) so I am not sure what the underlying limitation/issue is here. The AWS doc link I referred to earlier recommends upgrading versions for Kubernetes Client SDKs but it refers to io.kubernetes's client SDKs, not io.fabric8. Could someone shed some light on it? Would it be worth it to request a change to upgrade the io.fabric8 kubernetes client version to a newer version? Thanks, -- *BERKAY POLAT* Software Engineer SMTS | MuleSoft at Salesforce Mobile: 443-710-7021 <https://smart.salesforce.com/sig/bpolat//us_mb/default/link.html> -- *BERKAY POLAT* Software Engineer SMTS | MuleSoft at Salesforce Mobile: 443-710-7021
