avito-tech · mergify · Apr 4, 2020 · Apr 4, 2020 · Apr 4, 2020 · Apr 4, 2020
diff --git a/buildSrc/src/main/kotlin/Dependencies.kt b/buildSrc/src/main/kotlin/Dependencies.kt
@@ -38,9 +38,11 @@ object Dependencies {
     val rxJava = "io.reactivex:rxjava:1.3.8"
     val statsd = "com.timgroup:java-statsd-client:3.1.0"
 
-    // we don't use an official client https://github.com/kubernetes-client/java because fabric8 one has much better api,
-    // support all features we need and actively maintained
+    // We use this client due to better API
+    // It supports all features we need and actively maintained
     val kubernetesClient = "io.fabric8:kubernetes-client:4.9.0"
+    // We use the official kubernetes client only for missing features
+    val officialKubernetesClient = "io.kubernetes:client-java:8.0.0"
     val kubernetesDsl = "com.fkorotkov:kubernetes-dsl:2.7.1"
     val dexlib = "org.smali:dexlib2:2.3"
     val commonsText = "org.apache.commons:commons-text:1.6"

diff --git a/subprojects/gradle/kubernetes/build.gradle.kts b/subprojects/gradle/kubernetes/build.gradle.kts
@@ -12,4 +12,5 @@ dependencies {
     api(project(":subprojects:gradle:kotlin-dsl-support"))
 
     implementation(gradleApi())
+    implementation(Dependencies.officialKubernetesClient)
 }
diff --git a/subprojects/gradle/kubernetes/src/main/kotlin/com/avito/utils/gradle/Kubernetes.kt b/subprojects/gradle/kubernetes/src/main/kotlin/com/avito/utils/gradle/Kubernetes.kt
@@ -4,6 +4,9 @@ import io.fabric8.kubernetes.client.Config
 import io.fabric8.kubernetes.client.ConfigBuilder
 import io.fabric8.kubernetes.client.DefaultKubernetesClient
 import io.fabric8.kubernetes.client.KubernetesClient
+import io.fabric8.kubernetes.client.OAuthTokenProvider
+import io.kubernetes.client.util.FilePersister
+import io.kubernetes.client.util.KubeConfig
 import java.io.File
 
 fun createKubernetesClient(
@@ -32,14 +35,27 @@ fun createKubernetesClient(
                     caCertFile = kubernetesCredentials.caCertFile
                 }
 
-                // work with multiple namespaces/contexts not supported
+                // working with multiple namespaces/contexts is not supported
                 require(getNamespace() == namespace) {
                     "kubernetes.context.namespace should be $namespace. " +
                         "Namespace hardcoded in plugin, and this check only prevents from using wrong context"
                 }
+                requestConfig.oauthTokenProvider = oauthTokenProvider(configFile)
             }
         }
     }
 
     return DefaultKubernetesClient(config)
 }
+
+/**
+ * OAuth token provider that automatically refreshes an expired token and persists changes to kube config.
+ * https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens
+ */
+private fun oauthTokenProvider(config: File): OAuthTokenProvider {
+    val kubeConfig = KubeConfig.loadKubeConfig(config.inputStream().reader())
+    val persister = FilePersister(config)
+    kubeConfig.setPersistConfig(persister)
+
+    return OAuthTokenProvider { kubeConfig.accessToken }
+}
diff --git a/...rojects/gradle/kubernetes/src/main/kotlin/com/avito/utils/gradle/KubernetesCredentials.kt b/...rojects/gradle/kubernetes/src/main/kotlin/com/avito/utils/gradle/KubernetesCredentials.kt
@@ -20,6 +20,7 @@ sealed class KubernetesCredentials : Serializable {
     ) : KubernetesCredentials(), Serializable
 }
 
+// TODO: get rid of this default. autoConfig is enabled by default
 private val kubeConfigDefaultPath: String by lazy {
     val userHome: String = requireUserHome()
     "${userHome}/.kube/config"