From cad9a34c399da6815928e6a0625361cd55128630 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka <slaznick@redhat.com>
Date: Wed, 14 Dec 2022 18:10:56 +0100
Subject: [PATCH] abstract secure server prepare logic into a function

---
 cmd/kube-rbac-proxy/app/kube-rbac-proxy.go | 65 ++++++++++------------
 1 file changed, 29 insertions(+), 36 deletions(-)

diff --git a/cmd/kube-rbac-proxy/app/kube-rbac-proxy.go b/cmd/kube-rbac-proxy/app/kube-rbac-proxy.go
index b56e76e07..a17653d9c 100644
--- a/cmd/kube-rbac-proxy/app/kube-rbac-proxy.go
+++ b/cmd/kube-rbac-proxy/app/kube-rbac-proxy.go
@@ -38,6 +38,7 @@ import (
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
 	"k8s.io/apiserver/pkg/authentication/authenticator"
 	"k8s.io/apiserver/pkg/authorization/union"
+	serverconfig "k8s.io/apiserver/pkg/server"
 	"k8s.io/client-go/rest"
 	k8sapiflag "k8s.io/component-base/cli/flag"
 	"k8s.io/component-base/cli/globalflag"
@@ -259,52 +260,22 @@ func Run(opts *completedProxyRunOptions) error {
 	mux := http.NewServeMux()
 	mux.Handle("/", handler)
 
-	var gr run.Group
+	gr := &run.Group{}
 	{
 		if len(opts.LegacyOptions.SecureListenAddress) > 0 {
-			cfg.SecureServing.ClientCA, err = cfg.GetClientCAProvider()
+			clientCAProvider, err := cfg.GetClientCAProvider()
 			if err != nil {
 				return err
 			}
-
-			serverStopCtx, serverCtxCancel := context.WithCancel(ctx)
-			gr.Add(func() error {
-				stoppedCh, listenerStoppedCh, err := cfg.SecureServing.Serve(mux, 10*time.Second, serverStopCtx.Done())
-				if err != nil {
-					serverCtxCancel()
-					return err
-				}
-
-				<-listenerStoppedCh
-				<-stoppedCh
-				return err
-			}, func(err error) {
-				serverCtxCancel()
-			})
+			cfg.SecureServing.ClientCA = clientCAProvider
+			prepareSecureServer(ctx, gr, cfg.SecureServing, mux)
 
 			if cfg.KubeRBACProxyInfo.ProxyEndpointsSecureServing != nil {
 				proxyEndpointsMux := http.NewServeMux()
 				proxyEndpointsMux.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) { _, _ = w.Write([]byte("ok")) })
 
-				cfg.KubeRBACProxyInfo.ProxyEndpointsSecureServing.ClientCA, err = cfg.GetClientCAProvider()
-				if err != nil {
-					return err
-				}
-
-				proxyServerStopCtx, proxyServerCtxCancel := context.WithCancel(ctx)
-				gr.Add(func() error {
-					proxyStoppedCh, proxyListenerStoppedCh, err := cfg.KubeRBACProxyInfo.ProxyEndpointsSecureServing.Serve(
-						proxyEndpointsMux, 10*time.Second, proxyServerStopCtx.Done())
-					if err != nil {
-						proxyServerCtxCancel()
-						return err
-					}
-					<-proxyListenerStoppedCh
-					<-proxyStoppedCh
-					return err
-				}, func(err error) {
-					proxyServerCtxCancel()
-				})
+				cfg.KubeRBACProxyInfo.ProxyEndpointsSecureServing.ClientCA = clientCAProvider
+				prepareSecureServer(ctx, gr, cfg.KubeRBACProxyInfo.ProxyEndpointsSecureServing, proxyEndpointsMux)
 			}
 		}
 	}
@@ -372,3 +343,25 @@ func createKubeRBACProxyConfig(opts *completedProxyRunOptions) (*server.KubeRBAC
 
 	return proxyConfig, nil
 }
+
+func prepareSecureServer(
+	ctx context.Context,
+	runGroup *run.Group,
+	config *serverconfig.SecureServingInfo,
+	handler http.Handler,
+) {
+	serverStopCtx, serverCtxCancel := context.WithCancel(ctx)
+	runGroup.Add(func() error {
+		stoppedCh, listenerStoppedCh, err := config.Serve(handler, 10*time.Second, serverStopCtx.Done())
+		if err != nil {
+			serverCtxCancel()
+			return err
+		}
+
+		<-listenerStoppedCh
+		<-stoppedCh
+		return err
+	}, func(err error) {
+		serverCtxCancel()
+	})
+}