Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Minor improvements in cmd/kube-rbac-proxy #243

Merged
merged 5 commits into from
Jul 4, 2023
Merged

Minor improvements in cmd/kube-rbac-proxy #243

merged 5 commits into from
Jul 4, 2023

Conversation

liouk
Copy link

@liouk liouk commented Jun 7, 2023
edited
Loading

This PR addresses some of the issues from #238; in particular, the ones listed in this comment.

In particular:

  • (3) Replace func with cobra.Args link: see 71da752
  • (4) Run should run with a final config version. Complete should finish the necessary changes and those shouldn't happen anymore in Run. link: see b410b96
  • (5) Use context from Signals. link: see 0c10f9c
  • (10) Describe what an empty request info factory means link: see c681496
  • (11) Use safe wait group from k/k instead of run.Group link
  • (13) Comment why we have two listeners on different ports link: see b410b96
  • (15) Add serverconfig.SetupSignalContext link: see 0c10f9c
  • (17) Authorizers should only be added, when used link: see a24945c
  • (18) Verify that Rewrite Attributes is definitely turned off if not configured link: see a24945c

liouk
liouk commented Jun 7, 2023
View reviewed changes
cmd/kube-rbac-proxy/app/kube-rbac-proxy.go
@@ -207,6 +198,7 @@ func Run(opts *completedProxyRunOptions) error {
handler := identityheaders.WithAuthHeaders(proxy, cfg.KubeRBACProxyInfo.UpstreamHeaders)
handler = kubefilters.WithAuthorization(handler, authz, scheme.Codecs)
handler = kubefilters.WithAuthentication(handler, authenticator, http.HandlerFunc(filters.UnauthorizedHandler), cfg.DelegatingAuthentication.APIAudiences)
// passing an empty RequestInfoFactory results in attaching a non-resource RequestInfo to the context
Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ibihim I'm not sure if I'm missing any other implication of passing an empty RequestInfoFactory, please advise :)

cmd/kube-rbac-proxy/app/kube-rbac-proxy.go Outdated Show resolved Hide resolved
cmd/kube-rbac-proxy/app/kube-rbac-proxy.go Outdated Show resolved Hide resolved
@liouk liouk changed the title WIP: Minor improvements in cmd/kube-rbac-proxy Minor improvements in cmd/kube-rbac-proxy Jun 7, 2023
@liouk liouk marked this pull request as ready for review June 7, 2023 08:30
@liouk liouk mentioned this pull request Jun 7, 2023
Open
58 tasks
@liouk liouk marked this pull request as draft June 8, 2023 07:54
@liouk
Copy link
Author

liouk commented Jun 8, 2023

Added (11) to the list of addressed issues; converted to Draft while this is WIP.

@liouk liouk marked this pull request as ready for review June 8, 2023 09:05
@liouk liouk marked this pull request as draft June 8, 2023 09:13
@liouk liouk marked this pull request as ready for review June 8, 2023 15:04
ibihim
ibihim requested changes Jun 8, 2023
View reviewed changes
Copy link
Collaborator

@ibihim ibihim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great first contribution, thank you a lot!

@liouk liouk requested a review from ibihim June 14, 2023 14:54
@stlaz
Copy link
Collaborator

stlaz commented Jun 22, 2023

LGTM, leaving final ack to @ibihim

@liouk
Copy link
Author

liouk commented Jul 3, 2023

@ibihim after our discussions I've opted for a simple approach to handling the wait groups -- PTAL. I've dropped secureServerRunner() as I don't think it's necessary as per your suggestion, and put everything in Run().

ibihim
ibihim reviewed Jul 3, 2023
View reviewed changes
Copy link
Collaborator

@ibihim ibihim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

1 comment and 2 nits.

cmd/kube-rbac-proxy/app/kube-rbac-proxy.go Outdated
if err := opts.SecureServing.ApplyTo(&proxyConfig.SecureServing); err != nil {
return nil, err
if err := wg.Add(1); err != nil {
cancel()
Copy link
Collaborator

@ibihim ibihim Jul 3, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you move that into line 242 like so: defer cancel()? Like so:

serverCtx, cancel := context.WithCancel(ctx)
defer cancel()

cmd/kube-rbac-proxy/app/kube-rbac-proxy.go Outdated Show resolved Hide resolved
cmd/kube-rbac-proxy/app/kube-rbac-proxy.go Outdated Show resolved Hide resolved
ibihim
ibihim approved these changes Jul 4, 2023
View reviewed changes
Copy link
Collaborator

@ibihim ibihim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice. Thanks for the patience. Looking forward for more PRs 😄

@ibihim ibihim merged commit 01ff844 into brancz:sig-auth-acceptance Jul 4, 2023
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ibihim ibihim ibihim approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@liouk @stlaz @ibihim