cmd/kube-rbac-proxy/app: add comments to explain the attached Request…

…Info and different listeners/ports used
brancz · Jun 1, 2023 · c681496 · c681496
1 parent b410b96
commit c681496
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/cmd/kube-rbac-proxy/app/kube-rbac-proxy.go b/cmd/kube-rbac-proxy/app/kube-rbac-proxy.go
@@ -202,6 +202,7 @@ func Run(cfg *server.KubeRBACProxyConfig) error {
 	handler := identityheaders.WithAuthHeaders(proxy, cfg.KubeRBACProxyInfo.UpstreamHeaders)
 	handler = kubefilters.WithAuthorization(handler, authz, scheme.Codecs)
 	handler = kubefilters.WithAuthentication(handler, authenticator, http.HandlerFunc(filters.UnauthorizedHandler), cfg.DelegatingAuthentication.APIAudiences)
+	// passing an empty RequestInfoFactory results in attaching a non-resource RequestInfo to the context
 	handler = kubefilters.WithRequestInfo(handler, &request.RequestInfoFactory{})
 	handler = rewrite.WithKubeRBACProxyParamsHandler(handler, cfg.KubeRBACProxyInfo.Authorization.RewriteAttributesConfig)
 
@@ -210,9 +211,12 @@ func Run(cfg *server.KubeRBACProxyConfig) error {
 
 	gr := &run.Group{}
 	{
+		// listener for proxying HTTPS with authentication and authorization (on port --secure-port)
 		gr.Add(secureServerRunner(ctx, cfg.SecureServing, mux))
 
 		if cfg.KubeRBACProxyInfo.ProxyEndpointsSecureServing != nil {
+			// we need a second listener in order to serve proxy-specific endpoints
+			// on a different port (--proxy-endpoints-port)
 			proxyEndpointsMux := http.NewServeMux()
 			proxyEndpointsMux.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) { _, _ = w.Write([]byte("ok")) })