[Deprecation] Removal of insecure options: `--insecure-listen-addresss` and unset `--tls-cert-file`, `--tls-private-key-file`

[ibihim]

What

We are removing the option to run kube-rbac-proxy without configured TLS certificates.
This means that:

• using insecure-listen-addresss won't work any more.
• not setting tls-cert-file and tls-private-key-file won't work any more.

Upstream H2C should still work, but we might remove verified claims about an identity that are send to upstream in the future.

Why

We are aware that we create obstacles in running kube-rbac-proxy for testing or debugging purposes.
But we reduce the probability for an insecure set up of kube-rbac-proxy, which is a security relevant component.

Running kube-rbac-proxy without TLS certificates, makes it possible to impersonate kube-rbac-proxy.

The reason that we remove that capability is a pre-acceptance requirement for kube-rbac-proxy, before we can donate the project so sig-auth of k8s.

Reference

• Sig-Auth Pre-Acceptance TODOs #169
• main.go: add warn logs when insecure opts in use #188
• [wip] remove insecure listen address #186

[ibihim]

Gathering deprecation in this issue: #196