Tokens expires after 1 hr on istio based deployments

[SuperSecureHuman]

Hi,

I am currently running the reverse proxy on a istio based cluster. I notice that the token expires after an hour.

{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"Unauthorized","reason":"Unauthorized","code":401}

I believe its because of aggressive caching of envoy.

Additionally, having the healthy probe to get the token itself would be a better option, in case if it finds the endpoint dead, it will restart.

Right now I am testing the charts with

podAnnotations:
  traffic.sidecar.istio.io/excludeOutboundPorts: "443"

Having something like might help (?)

livenessProbe:
  httpGet:
    path: /openid/v1/jwks
    port: http

I am going to wait for some time to see if it helps anymore. I would like to hear any thoughts on this. (BTW i am new to istio, and might be wrong somewhere)

[SuperSecureHuman]

Update.

Using this as the liveliness probe seems to help my case

livenessProbe:
  exec:
    command:
      - sh
      - -c
      - |
        resp=$(wget -qO- http://127.0.0.1:8080/openid/v1/jwks) || exit 1
        echo "$resp" | grep -q '"code":401' && exit 1 || exit 0

But would like to find what is actually causing the issue.