kubecfg-config template shouldn't be publicly available

[spa-87]

We have our compute resources in multiple environments and multiple AWS regions. Every such region+environment is an individual Kubernetes cluster. Thus we have about 10 clusters. At the same time, we use kuberos to generate single configuration for getting access to all our clusters. In order to achieve this, we have to define the config template with cluster endpoints.

We use --email-domain in order to restrict authorization via kuberos to our corporate emails. It doesn't allow to generate config easily but I'm still able to get the template without any authentication by URL: https://kuberos.....com/kubecfg.yaml It won't have any credentials, but it still contains our template and exposes information about our topology. This information is sensitive for us and we don't want to make it publicly available.

I believe that /kubecfg.yaml endpoint has to be reachable only for users who passed authentication stage successfully.

[Sharma-Rajat]

I agree, it might be a good idea to lock this endpoint

[negz]

I agree, but don't have time to work on this project. I'm happy to review PRs to lock this down.