Does fluent bit support token refresh in kubernetes plugin

[jyotimahapatra]

Bug Report

Hi 👋 . I'm a kubernetes cluster operator in AWS EKS. While looking at some of the call patterns from UserAgent Fluent-Bit, i realized that fluent bit kubernetes plugin does not refresh the token periodically. Starting kubernetes 1.21, BoundServiceAccountTokens became enabled by default in kubernetes. This means that tokens mounted on the pod are refreshed at least every day and the clients must refresh the token in the calls to apiserver.

I'm not sure if my understanding around the token refresh is accurate, since i am not familiar with fluent bit code and C in general. I'd appreciate guidance around it. If the assumption is correct, with guidance I can help create a PR to fix the token refresh too :)

[PettitWesley]

Probably the way this should work in the code should be to store the token read time with the token, and refresh it after one day. The refresh time can be made user configurable. That's my proposal for the implementation.

[novegit]

#4487 solves it.