shahar1 opened a new pull request, #69025:
URL: https://github.com/apache/airflow/pull/69025

   `apache-airflow-providers-cncf-kubernetes` 10.18.0 widened the kubernetes 
client bound to allow 36.x (#68041). Client 36.x breaks authentication to the 
cluster: tasks fail with a **401 Unauthorized** once the auth token rotates, 
because a copied `Configuration` no longer shares the refreshed token 
([kubernetes-client/python#1946](https://github.com/kubernetes-client/python/issues/1946)).
 This was caught while testing the google (GKE) provider, and downgrading the 
provider to 10.17.1 (client 35.x) is the reported workaround.
   
   This is the same 36.x `Configuration` change behind the in-cluster pickling 
crash (#68827). 35.x is the last known-good line, so this restores the previous 
`<36` cap for both `kubernetes` and `kubernetes_asyncio` until the provider 
auth paths are made robust to the 36.x semantics and validated against an 
expiring token.
   
   Full kubernetes 36.x support (cncf + google auth fixes + a token-rotation 
regression test) is tracked in #69023, and the cap site in `pyproject.toml` 
links to it.
   
   related: #69023
   related: #68827
   
   ---
   
   ##### Was generative AI tooling used to co-author this PR?
   
   - [X] Yes — Claude Code (Opus 4.8)
   
   Generated-by: Claude Code (Opus 4.8) following [the 
guidelines](https://github.com/apache/airflow/blob/main/contributing-docs/05_pull_requests.rst#gen-ai-assisted-contributions)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to