akhilesharora commented on PR #63020:
URL: https://github.com/apache/airflow/pull/63020#issuecomment-4018683639
> Looks fine. But there was one critical issue that I have commented on
already. And I do have one other concern:
>
> Since the EKS authentication token generated by
`fetch_access_token_for_cluster` typically expires after approx. 15 minutes,
I’m wondering how this behaves for longer-running triggers. If the trigger
polls the Kubernetes API for longer than the token lifetime, could the embedded
token expire and cause authentication failures?
>
> CI needs to be run to see if there any other issues.
Yes, if the trigger polls for longer than ~14 minutes, the token could
expire. Anticipating most pod operations (startup, completion monitoring) to
finish well within this window, and `trigger_reentry()` generates fresh
credentials when the trigger completes.
For very long-running pods, token refresh in the trigger could be a future
enhancement.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
