ryanc/kubernaut
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ryanc:529abe67b13effe3b54e9dd0bceacff272d099a5
Branches Tags
ryanc:main ryanc:develop
ryanc:v0.2.5 ryanc:v0.2.4 ryanc:v0.2.3 ryanc:v0.2.2 ryanc:v0.2.1 ryanc:v0.2.0 ryanc:v0.1.4 ryanc:v0.1.3 ryanc:v0.1.2 ryanc:v0.1.1 ryanc:v0.1.0
...
compare: ryanc:51657595582b023a2141ea116024026afa672925
Branches Tags
ryanc:develop ryanc:main
ryanc:v0.2.5 ryanc:v0.2.4 ryanc:v0.2.3 ryanc:v0.2.2 ryanc:v0.2.1 ryanc:v0.2.0 ryanc:v0.1.4 ryanc:v0.1.3 ryanc:v0.1.2 ryanc:v0.1.1 ryanc:v0.1.0

10 Commits
529abe67b1 ... 5165759558

Author SHA1 Message Date
Ryan Cavicchioni
5165759558 add JWT secret reference
Some checks failed
Ruby Lint / lint (push) Successful in 20s
Details
Ruby Test / test (push) Successful in 24s
Details
Release / docker (push) Has been cancelled
Details
2025-05-10 18:13:02 -05:00
Ryan Cavicchioni
10f73b96ec refer to the session secret using the application name prefix 2025-05-10 18:12:37 -05:00
Ryan Cavicchioni
5097e551e2 just call the Kubernetes secret "kubernaut" 2025-05-10 18:10:50 -05:00
Ryan Cavicchioni
820d2d8c51 move secret related contstants to Config class
Some checks failed
Ruby Lint / lint (push) Failing after 13s
Details
Ruby Test / test (push) Successful in 16s
Details
2025-05-10 17:46:46 -05:00
Ryan Cavicchioni
eb5c12ca91 remove secret from Kustomize 2025-05-10 17:46:46 -05:00
Ryan Cavicchioni
2d1c9f7418 /token should provide pretty-printing
All checks were successful
Ruby Test / test (push) Successful in 18s
Details
Ruby Lint / lint (push) Successful in 24s
Details
2025-05-09 10:50:26 -05:00
Ryan Cavicchioni
3c2e0cdcb8 /token should provide JSON 2025-05-09 10:49:24 -05:00
Ryan Cavicchioni
66c2c3b6a2 fix undefined references to JWT_SECRET 2025-05-09 10:47:10 -05:00
Ryan Cavicchioni
b92f6688c7 add .dockerignore 2025-05-06 17:38:23 -05:00
Ryan Cavicchioni
85d00a53f6 make RUN stanza formatting consistent 2025-05-06 17:13:36 -05:00
8 changed files with 29 additions and 31 deletions
Expand all files Collapse all files

7
.dockerignore Normal file
View File

@@ -0,0 +1,7 @@
**/.git
**/.gitignore
/.devcontainer
/.gitea
/.github
/.vscode
/charts

12
app.rb
View File

@@ -24,8 +24,6 @@ require "config"
VERSION = "0.2.1"
CHUNK_SIZE = 1024**2
SESSION_SECRET_HEX_LENGTH = 64
JWT_SECRET_HEX_LENGTH = 64
DEFAULT_FLAKEY = 50
NAME = "kubernaut".freeze
@@ -380,19 +378,21 @@ get "/pid", provides: "json" do
jsonify({ppid: ppid, pid: Process.pid}, pretty:)
end
get "/token" do
get "/token", provides: "json" do
pretty = params.key? :pretty
exp = Time.now.to_i + SECONDS_PER_MINUTE * 2
payload = {name: "anonymous", exp: exp, jti: Random.uuid}
expires_at = Time.at(exp).to_datetime
token = JWT.encode payload, JWT_SECRET, "HS256"
token = JWT.encode payload, config.jwt_secret.unwrap, "HS256"
x = {token: token, expires_at: expires_at}
jsonify x
jsonify x, pretty:
end
get "/token/validate" do
token = req_headers["authorization"].split[1]
payload = JWT.decode token, JWT_SECRET, true, algorithm: "HS256"
payload = JWT.decode token, config.jwt_secret.unwrap, true, algorithm: "HS256"
jsonify payload
end

5
dockerfiles/alpine.Dockerfile
View File

@@ -40,10 +40,9 @@ FROM base
ENV PORT=4567
RUN <<EOT
addgroup --system --gid 666 kubernaut
RUN \
addgroup --system --gid 666 kubernaut; \
adduser --system --uid 666 --ingroup kubernaut --shell /bin/bash --disabled-password kubernaut
EOT
COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
COPY --from=build /kubernaut /kubernaut

5
dockerfiles/bookworm.Dockerfile
View File

@@ -48,10 +48,9 @@ FROM base
ENV PORT=4567
RUN <<EOT
groupadd --system --gid 666 kubernaut
RUN \
groupadd --system --gid 666 kubernaut; \
useradd --system --uid 666 --gid kubernaut --create-home --shell /bin/bash kubernaut
EOT
COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
COPY --from=build /kubernaut /kubernaut

10
kustomize/app/deployment.yaml
View File

@@ -22,12 +22,18 @@ spec:
- name: sinatra-web
containerPort: 4567
env:
- name: SESSION_SECRET
- name: KUBERNAUT_SESSION_SECRET
valueFrom:
secretKeyRef:
name: kubernaut-session-secret
name: kubernaut
key: session_secret
optional: true
- name: KUBERNAUT_JWT_SECRET
valueFrom:
secretKeyRef:
name: kubernaut
key: jwt_secret
optional: true
envFrom:
- configMapRef:
name: kubernaut-configmap

1
kustomize/app/kustomization.yaml
View File

@@ -3,7 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubernaut
resources:
- secret.yaml
- configmap.yaml
- deployment.yaml
- hpa.yaml

15
kustomize/app/secret.yaml
View File

@@ -1,15 +0,0 @@
---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: kubernaut-session-secret
namespace: kubernaut
spec:
encryptedData:
session_secret: AgCY08t0AU418znEZt5d252J+lH+fwYki2g6jdJpfdRfVQjnA+b52P0KWrs/x5pB0PKab6Z3JY/Tz0SQCaoIsCR4IzUO3a095aulRqb6Qr1Lz8udBVta4JJMZLmo26tuUfVHlpD1d6J8rkBSm8vzckFLkOA1Wfl/9rS3K4qwiDogA5pI0ULghFkeEx1yKdRwPq0k8PuvOvLUJ6oNq3e5n+B/BrVWdQ+7XQxUq/AMANJrDbe+RD33f99LArHYA7bFMbY8YRazXSTAkeunpTlxTjuGZKYvJKupo29LHz2OVbZVX/hI0nZkdVpcgqvbxF6Vw9CuCeAmtKYl7A3qsAWqDLUdP3hRLsk2P9RDNhEzYWh4ml8APzziWzihdJbGEjwLy7HsHgKslM0XbBnRQDlxp/JtvcWdjQp33A+QOON32zOKHi+qJjDYyGebS1+xkPbnyb1MPSJVAtFpj7dlLbFekLFDZEbXuJYUl1wKdFOIjJHmNK/MTEV2kOhtiVj/aeKgSXwor9hR7Uxzs5ZSawp9uWw+hpr58EX6I+RtfO4yjFC6FjnagiU6SlI1Q2F7/nv82g1UWTYMpNN5bduS1YFWmsnXvK+W7YQHpSForr5ndtCSHmclbXb5Fc33sywC5u6Bi2Gu5/MW6d73BOog5BC3QtOuEQ044Q+cuU3RIlKADBqKLzZmHlmukyyGuZfXJnGjlWGKp3J1KecucTo6XC9QHpUkjXEKdlE63mOI1VuOGyBIHl60v4bnWiBg+aDZVHipz4JLKsVB0HOgBBK7+tOX6tr1GDG/F7Nz/i9ebzUV6i8Ec1jHf+2ZcTtBkNXBIkHc84+4Qd33/gOuP+lizLfIhfQ3DFWbwyfYumpVbeapyYhB0CE=
template:
metadata:
creationTimestamp: null
name: kubernaut-session-secret
namespace: kubernaut

5
lib/config.rb
View File

@@ -1,5 +1,8 @@
require "sensitive"
SESSION_SECRET_HEX_LENGTH = 64
JWT_SECRET_HEX_LENGTH = 64
class Config
attr_accessor :cat
@@ -9,7 +12,7 @@ class Config
@prefix = prefix
@cat = cat
session_secret ||= ENV.fetch "SESSION_SECRET" do
session_secret ||= fetch_env "SESSION_SECRET" do
SecureRandom.hex SESSION_SECRET_HEX_LENGTH
end