Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make 15-minute token limit configurable #63

Closed
chris-codaio opened this issue Mar 26, 2018 · 9 comments
Closed

Make 15-minute token limit configurable #63

chris-codaio opened this issue Mar 26, 2018 · 9 comments
Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.

Comments

@chris-codaio
Copy link

15 minutes is annoying short for my dev team's experience. We use Okta federated AWS authentication, so having to go through the password + 2FA dance every 15 minutes is really asking too much.
@kamatama41 kamatama41 mentioned this issue Apr 13, 2018
Closed
@jsco2t
Copy link

jsco2t commented Nov 8, 2018

Our team has a similar setup - and have been using the generated tokens to perform auth into the k8s dashboard. This same 15 minute limitation makes it a serious pain to do any real work with the dashboard.

@joegoggins
Copy link

I followed the referenced #75 and saw that this technical capability is more complex than it seems.

The technical blocker is AWS. Their "Authenticating Requests (AWS Signature Version 4)" does not provide configurability with regard to the token's time limit. ( here is the referenced document)

This is really unfortunate. I'm all 👍 for security, but this limitation destroys team productivity and creates frustration. My team loves our Kubernetes tooling as is, this 15 minute token limit will kill that joy once we we begin enforcing it. I'm hoping there is a way to address this or perhaps a scalable work around we could consider.

Is there anyone reading this that works at AWS that could comment or recommend potential next steps to take to move in a direction that allows this token's time limit to be increased?

@llamahunter llamahunter mentioned this issue Jan 11, 2019
Merged
@marsewe marsewe mentioned this issue Mar 21, 2019
Closed
@TigerC10 TigerC10 mentioned this issue Apr 2, 2019
Closed
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 26, 2019
@nckturner
Copy link
Contributor

Increasing the pre-signed URL duration is not something we can do at this point, but let me know if #193 addressed the difficulties around MFA. It caches the temporary credentials instead of the token.

@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels May 27, 2019
@fejta-bot
Copy link

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

@k8s-ci-robot
Copy link
Contributor

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@cdobbyn cdobbyn mentioned this issue Aug 26, 2019
Closed
@norganna
Copy link

For anyone else affected by this 15 minute limitation that is interested in a sideways hack around this issue, I have created a proxy that performs the regular aws-iam-authentication every 10 minutes for you and injects the tokens into the requests as it forwards them on.

Hopefully one day there will be the ability to authenticate for more than 15 minutes at a time, but for now this solution improves my productivity:

kdash authenticating dashboard proxy

@booleanbetrayal
Copy link

Definitely seems like this is still relevant. Seems like AWS Signature Version 4 should allow some reasonable range of token expiration. What's the best way to approach that request?

joanayma pushed a commit to joanayma/aws-iam-authenticator that referenced this issue Aug 11, 2021
@brandonjbjelland
Merge pull request kubernetes-sigs#63 from terraform-aws-modules/feat…
bc84805 
…ure/release-1.3.0

release 1.3.0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@joegoggins @norganna @booleanbetrayal @nckturner @jsco2t @chris-codaio @k8s-ci-robot @fejta-bot