[AIRFLOW-5117] support refreshing EKS api tokens

[houqp]

Make sure you have checked all steps below.

Jira

• My PR addresses the following Airflow Jira issues and references them in the PR title. For example, "[AIRFLOW-XXX] My Airflow PR"
  • https://issues.apache.org/jira/browse/AIRFLOW-5117

Description

• Here are some details about my PR, including screenshots of any UI changes:

This PR patches upstream k8s client to check for EKS api token refresh. Without this, Airflow K8S integration won't work if not deployed in cluster.

When Airflow scheduler or worker is not deployed in K8S cluster, all K8S API call will fail with 401 error after running for about 14min.

This is due to EKS enforces a 15min timeout for all API tokens but the official k8S python client doesn't support token refresh.

Tests

• My PR adds the following unit tests OR does not need testing for this extremely good reason:

see: tests/kubernetes/test_client.py

Commits

• My commits all reference Jira issues in their subject lines, and I have squashed multiple commits if they address the same issue. In addition, my commits follow the guidelines from "How to write a good git commit message":
  1. Subject is separated from body by a blank line
  2. Subject is limited to 50 characters (not including Jira issue reference)
  3. Subject does not end with a period
  4. Subject uses the imperative mood ("add", not "adding")
  5. Body wraps at 72 characters
  6. Body explains "what" and "why", not "how"

Documentation

• In case of new functionality, my PR adds documentation that describes how to use it.
  • All the public functions and the classes in the PR contain docstrings that explain what it does
  • If you implement backwards incompatible changes, please leave a note in the Updating.md so we can assign it to a appropriate release

Code Quality

• Passes flake8

[houqp]

upstream patch for swagger-codegen: swagger-api/swagger-codegen#9624. I will work the PR for k8s client once the swagger-codegen PR is approved and merged.

[houqp]

@ashb tests added, ready for review :)

[houqp]

Looks like upstream k8s client is moving to a new openapi code generator, I have sent my code gen fix to openapi-generator as well. It will probably take awhile for the fix to land in upstream k8s client given they are still in the process of migrating to openapi-generator.

All my upstream fix activities can be tracked at kubernetes-client/python#741.

[dimberman]

@houqp I'm a bit conflicted about this. On the one hand this is a very important bug that we need to address, on the other hand I'd want to minimize how much k8s logic is in airflow. Would it be possible to further isolate this so it would be easier to remove once the necessary fixes are implemented?

[houqp]

@dimberman my original patch added comment for every function and Class that can be safely removed once patch lands in upstream. I have pushed a new change to move most of the patching logic into a separate module to make it easier to follow.

[dimberman]

Other than @ashb 's pylint comment and a a nit on my end this LGTM