Adds documentation for extra impersonation headers

Signed-off-by: JoshVanL <[email protected]>

Author: JoshVanL

Makefile

@@ -76,9 +76,10 @@ go_lint: $(BINDIR)/golangci-lint ## lint golang code for problems
 clean: ## clean up created files
 	rm -rf \
 		$(BINDIR) \
-		pkg/mocks/authenticator.go \
-		demo/bin \
-		test/e2e/framework/issuer/bin
+		$(CURDIR)/pkg/mocks/authenticator.go \
+		$(CURDIR)/demo/bin \
+		$(CURDIR)/test/e2e/framework/issuer/bin \
+		$(CURDIR)/test/e2e/framework/fake-apiserver/bin
 
 verify: depend verify_boilerplate go_fmt go_vet go_lint ## verify code and mod
 

README.md

@@ -128,6 +128,7 @@ users:
 ## Configuration
  - [Token Passthrough](./docs/tasks/token-passthrough.md)
  - [No Impersonation](./docs/tasks/no-impersonation.md)
+ - [Extra Impersonations Headers](./docs/tasks/extra-impersonation-headers.md)
 
 ## Development
 *NOTE*: building kube-oidc-proxy requires Go version 1.12 or higher.

docs/tasks/extra-impersonation-headers.md

@@ -0,0 +1,31 @@
+# Extra Impersonation Headers
+
+kube-oidc-proxy has support for adding 'extra' headers to the impersonation user
+info. This can be useful for passing extra information onto the target server
+about the proxy or client. kube-oidc-proxy currently supports two configuration
+options.
+
+# Client IP
+
+The following flag can be passed which will append the remote client IP as an
+extra header:
+
+`--extra-user-header-client-ip`
+
+Proxied requests will then contain the header
+`Impersonate-Extra-Remote-Client-Ip: <REMOTE_ADDR>` where  `<REMOTE_ADDR>` is
+the address of the client that made the request.
+
+# Extra User Headers
+
+The following flag accepts a number of key value pairs that will be added as
+extra impersonation headers with proxied requests. This flag accepts a number of
+key value pairs, separated by commas, where a single key may have multiple
+values:
+
+`--extra-user-headers=key1=foo,key2=bar,key1=bar`
+
+Proxied requests will then contain the headers
+
+`Impersonate-Extra-Key1: foo,bar`
+`Impersonate-Extra-Key2: foo`