Skip to content

Commit

Permalink
abstract secure server prepare logic into a function
Browse files Browse the repository at this point in the history
  • Loading branch information
stlaz committed Dec 15, 2022
1 parent abc945f commit cad9a34
Showing 1 changed file with 29 additions and 36 deletions.
65 changes: 29 additions & 36 deletions cmd/kube-rbac-proxy/app/kube-rbac-proxy.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ import (
utilerrors "k8s.io/apimachinery/pkg/util/errors"
"k8s.io/apiserver/pkg/authentication/authenticator"
"k8s.io/apiserver/pkg/authorization/union"
serverconfig "k8s.io/apiserver/pkg/server"
"k8s.io/client-go/rest"
k8sapiflag "k8s.io/component-base/cli/flag"
"k8s.io/component-base/cli/globalflag"
Expand Down Expand Up @@ -259,52 +260,22 @@ func Run(opts *completedProxyRunOptions) error {
mux := http.NewServeMux()
mux.Handle("/", handler)

var gr run.Group
gr := &run.Group{}
{
if len(opts.LegacyOptions.SecureListenAddress) > 0 {
cfg.SecureServing.ClientCA, err = cfg.GetClientCAProvider()
clientCAProvider, err := cfg.GetClientCAProvider()
if err != nil {
return err
}

serverStopCtx, serverCtxCancel := context.WithCancel(ctx)
gr.Add(func() error {
stoppedCh, listenerStoppedCh, err := cfg.SecureServing.Serve(mux, 10*time.Second, serverStopCtx.Done())
if err != nil {
serverCtxCancel()
return err
}

<-listenerStoppedCh
<-stoppedCh
return err
}, func(err error) {
serverCtxCancel()
})
cfg.SecureServing.ClientCA = clientCAProvider
prepareSecureServer(ctx, gr, cfg.SecureServing, mux)

if cfg.KubeRBACProxyInfo.ProxyEndpointsSecureServing != nil {
proxyEndpointsMux := http.NewServeMux()
proxyEndpointsMux.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) { _, _ = w.Write([]byte("ok")) })

cfg.KubeRBACProxyInfo.ProxyEndpointsSecureServing.ClientCA, err = cfg.GetClientCAProvider()
if err != nil {
return err
}

proxyServerStopCtx, proxyServerCtxCancel := context.WithCancel(ctx)
gr.Add(func() error {
proxyStoppedCh, proxyListenerStoppedCh, err := cfg.KubeRBACProxyInfo.ProxyEndpointsSecureServing.Serve(
proxyEndpointsMux, 10*time.Second, proxyServerStopCtx.Done())
if err != nil {
proxyServerCtxCancel()
return err
}
<-proxyListenerStoppedCh
<-proxyStoppedCh
return err
}, func(err error) {
proxyServerCtxCancel()
})
cfg.KubeRBACProxyInfo.ProxyEndpointsSecureServing.ClientCA = clientCAProvider
prepareSecureServer(ctx, gr, cfg.KubeRBACProxyInfo.ProxyEndpointsSecureServing, proxyEndpointsMux)
}
}
}
Expand Down Expand Up @@ -372,3 +343,25 @@ func createKubeRBACProxyConfig(opts *completedProxyRunOptions) (*server.KubeRBAC

return proxyConfig, nil
}

func prepareSecureServer(
ctx context.Context,
runGroup *run.Group,
config *serverconfig.SecureServingInfo,
handler http.Handler,
) {
serverStopCtx, serverCtxCancel := context.WithCancel(ctx)
runGroup.Add(func() error {
stoppedCh, listenerStoppedCh, err := config.Serve(handler, 10*time.Second, serverStopCtx.Done())
if err != nil {
serverCtxCancel()
return err
}

<-listenerStoppedCh
<-stoppedCh
return err
}, func(err error) {
serverCtxCancel()
})
}

0 comments on commit cad9a34

Please sign in to comment.