From 6d144de7355facbee613dd99afc5c4657b580808 Mon Sep 17 00:00:00 2001
From: Brad Rydzewski <brad.rydzewski@gmail.com>
Date: Wed, 5 Dec 2018 18:52:20 -0800
Subject: [PATCH] Fix for #2541

---
 plugins/secrets/vault/vault.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/plugins/secrets/vault/vault.go b/plugins/secrets/vault/vault.go
index 5afab8b14ac..36982ff5bbd 100644
--- a/plugins/secrets/vault/vault.go
+++ b/plugins/secrets/vault/vault.go
@@ -206,6 +206,14 @@ func (v *vault) renewLoop() {
 
 			logrus.Debugf("vault: refreshing token: increment %v", v.ttl)
 			_, err := v.client.Auth().Token().RenewSelf(incr)
+			
+			// kubernetes tokens have a max age of 32 days. If the
+			// token cannot be refreshed we may need to generate a
+			// new token.
+			if err != nil && v.auth == "kubernetes" {
+				err = v.initKubernetes()
+			}
+			
 			if err != nil {
 				logrus.Errorf("vault: refreshing token failed: %s", err)
 			} else {