Improve Unauthed response

[JoshVanL]

Currently, when we fail a authentication on a request, we simply reply with a 403 with a "Unauthorized" response body. We may want to change this to instead return a k8s JSON object, similar to how the API server is doing it:

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "pods is forbidden: User \"system:anonymous\" cannot list resource \"pods\" in API group \"\" in the namespace \"default\": No policy matched.",
  "reason": "Forbidden",
  "details": {
    "kind": "pods"
  },
  "code": 403
}

There is some discussion to have around this:

• On one hand this will make sure that k8s based apps play nice with the proxy as they may be expecting/require this kind of response
• On the other hand, this makes the proxy even more k8s specific which might not be what we want for non-kubernetes based backend targets

/cc @munnerz

[jijiechen]

The proxy keeps responding Unauthorized without any extra information when correct permission is added for the "in cluster" service account. It took me days to guess what happened and now I have to give up.