v0.2.2

.dockerignore

@@ -0,0 +1,7 @@
+**/.git
+**/.gitignore
+/.devcontainer
+/.gitea
+/.github
+/.vscode
+/charts

app.rb

@@ -21,11 +21,9 @@ $LOAD_PATH.unshift File.dirname(__FILE__) + "/lib"
 
 require "config"
 
-VERSION = "0.2.1"
+VERSION = "0.2.2"
 
 CHUNK_SIZE = 1024**2
-SESSION_SECRET_HEX_LENGTH = 64
-JWT_SECRET_HEX_LENGTH = 64
 DEFAULT_FLAKEY = 50
 
 NAME = "kubernaut".freeze
@@ -380,19 +378,21 @@ get "/pid", provides: "json" do
   jsonify({ppid: ppid, pid: Process.pid}, pretty:)
 end
 
-get "/token" do
+get "/token", provides: "json" do
+  pretty = params.key? :pretty
+
   exp = Time.now.to_i + SECONDS_PER_MINUTE * 2
   payload = {name: "anonymous", exp: exp, jti: Random.uuid}
   expires_at = Time.at(exp).to_datetime
-  token = JWT.encode payload, JWT_SECRET, "HS256"
+  token = JWT.encode payload, config.jwt_secret.unwrap, "HS256"
   x = {token: token, expires_at: expires_at}
 
-  jsonify x
+  jsonify x, pretty:
 end
 
 get "/token/validate" do
   token = req_headers["authorization"].split[1]
-  payload = JWT.decode token, JWT_SECRET, true, algorithm: "HS256"
+  payload = JWT.decode token, config.jwt_secret.unwrap, true, algorithm: "HS256"
 
   jsonify payload
 end

charts/kubernaut/Chart.yaml

@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.1
+version: 0.2.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.2.1"
+appVersion: "0.2.2"

dockerfiles/alpine.Dockerfile

@@ -40,10 +40,9 @@ FROM base
 
 ENV PORT=4567
 
-RUN <<EOT
-  addgroup --system --gid 666 kubernaut
+RUN \
+  addgroup --system --gid 666 kubernaut; \
   adduser --system --uid 666 --ingroup kubernaut --shell /bin/bash --disabled-password kubernaut
-EOT
 
 COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
 COPY --from=build /kubernaut /kubernaut

dockerfiles/bookworm.Dockerfile

@@ -48,10 +48,9 @@ FROM base
 
 ENV PORT=4567
 
-RUN <<EOT
-  groupadd --system --gid 666 kubernaut
+RUN \
+  groupadd --system --gid 666 kubernaut; \
   useradd --system --uid 666 --gid kubernaut --create-home --shell /bin/bash kubernaut
-EOT
 
 COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
 COPY --from=build /kubernaut /kubernaut

kustomize/app/deployment.yaml

@@ -16,18 +16,24 @@ spec:
     spec:
       containers:
         - name: kubernaut
-          image: git.kill0.net/ryanc/kubernaut:0.2.1
+          image: git.kill0.net/ryanc/kubernaut:0.2.2
           imagePullPolicy: Always
           ports:
             - name: sinatra-web
               containerPort: 4567
           env:
-            - name: SESSION_SECRET
+            - name: KUBERNAUT_SESSION_SECRET
               valueFrom:
                 secretKeyRef:
-                  name: kubernaut-session-secret
+                  name: kubernaut
                   key: session_secret
                   optional: true
+            - name: KUBERNAUT_JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: kubernaut
+                  key: jwt_secret
+                  optional: true
           envFrom:
             - configMapRef:
                 name: kubernaut-configmap

kustomize/app/kustomization.yaml

@@ -3,7 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: kubernaut
 resources:
-  - secret.yaml
   - configmap.yaml
   - deployment.yaml
   - hpa.yaml

kustomize/app/secret.yaml

@@ -1,15 +0,0 @@
----
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: kubernaut-session-secret
-  namespace: kubernaut
-spec:
-  encryptedData:
-    session_secret: AgCY08t0AU418znEZt5d252J+lH+fwYki2g6jdJpfdRfVQjnA+b52P0KWrs/x5pB0PKab6Z3JY/Tz0SQCaoIsCR4IzUO3a095aulRqb6Qr1Lz8udBVta4JJMZLmo26tuUfVHlpD1d6J8rkBSm8vzckFLkOA1Wfl/9rS3K4qwiDogA5pI0ULghFkeEx1yKdRwPq0k8PuvOvLUJ6oNq3e5n+B/BrVWdQ+7XQxUq/AMANJrDbe+RD33f99LArHYA7bFMbY8YRazXSTAkeunpTlxTjuGZKYvJKupo29LHz2OVbZVX/hI0nZkdVpcgqvbxF6Vw9CuCeAmtKYl7A3qsAWqDLUdP3hRLsk2P9RDNhEzYWh4ml8APzziWzihdJbGEjwLy7HsHgKslM0XbBnRQDlxp/JtvcWdjQp33A+QOON32zOKHi+qJjDYyGebS1+xkPbnyb1MPSJVAtFpj7dlLbFekLFDZEbXuJYUl1wKdFOIjJHmNK/MTEV2kOhtiVj/aeKgSXwor9hR7Uxzs5ZSawp9uWw+hpr58EX6I+RtfO4yjFC6FjnagiU6SlI1Q2F7/nv82g1UWTYMpNN5bduS1YFWmsnXvK+W7YQHpSForr5ndtCSHmclbXb5Fc33sywC5u6Bi2Gu5/MW6d73BOog5BC3QtOuEQ044Q+cuU3RIlKADBqKLzZmHlmukyyGuZfXJnGjlWGKp3J1KecucTo6XC9QHpUkjXEKdlE63mOI1VuOGyBIHl60v4bnWiBg+aDZVHipz4JLKsVB0HOgBBK7+tOX6tr1GDG/F7Nz/i9ebzUV6i8Ec1jHf+2ZcTtBkNXBIkHc84+4Qd33/gOuP+lizLfIhfQ3DFWbwyfYumpVbeapyYhB0CE=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: kubernaut-session-secret
-      namespace: kubernaut

lib/config.rb

@@ -1,5 +1,8 @@
 require "sensitive"
 
+SESSION_SECRET_HEX_LENGTH = 64
+JWT_SECRET_HEX_LENGTH = 64
+
 class Config
   attr_accessor :cat
 
@@ -9,7 +12,7 @@ class Config
     @prefix = prefix
     @cat = cat
 
-    session_secret ||= ENV.fetch "SESSION_SECRET" do
+    session_secret ||= fetch_env "SESSION_SECRET" do
       SecureRandom.hex SESSION_SECRET_HEX_LENGTH
     end