v0.1.2

2025-04-01 21:06:55 -05:00
20 changed files with 204 additions and 337 deletions
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@ -6,7 +6,7 @@
        "vscode": {
            "extensions": [
                "Shopify.ruby-lsp",
-                "docker.docker"
+                "ms-azuretools.vscode-docker"
            ]
        }
    },
--- a/.dockerignore
+++ b/.dockerignore
@ -1,7 +0,0 @@
 **/.git
 **/.gitignore
 /.devcontainer
 /.gitea
 /.github
 /.vscode
 /charts
--- a/.gitea/workflows/release.yaml
+++ b/.gitea/workflows/release.yaml
@ -1,27 +1,74 @@
 ---
-name: Release
+name: Gitea Actions Demo
 run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
 on:
  schedule: 
-    - cron: "0 0 * * *"
+    - cron: "0 10 * * *"
  push:
    branches:
-      - main
+      - "**"
    tags:
      - "v*.*.*"
  pull_request:
 jobs:
-  docker:
+  lint:
    runs-on: ubuntu-latest
    permissions:
      checks: write
      contents: write
    steps:
      - name: Login to Docker
        uses: docker/login-action@v3
        with:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Checkout
        uses: actions/checkout@v4
      - name: Ruby Setup
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: '3.4'
          bundler-cache: true
      - run: bundle install
      - name: Standard Ruby
        run: bundle exec standardrb
  test:
    needs: lint
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Test
        uses: ruby/setup-ruby@v1
        with:
          ruby-version: '3.4'
          bundler-cache: true
      - run: bundle exec rake
  docker:
    needs: test
    runs-on: ubuntu-latest
    container:
      image: catthehacker/ubuntu:act-latest
    env:
      DOCKER_ORG: ryanc
      DOCKER_LATEST: latest
    defaults:
      run:
        shell: bash
    outputs:
      metadata: ${{ steps.output.outputs.metadata }}
    steps:
      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@v4
        with:
          fetch-depth: 0 # all history for all branches and tags
@ -36,69 +83,40 @@ jobs:
          printf "GITHUB_SHA=%s\n" "$GITHUB_SHA"
          printf "VERSION=%s\n" "$VERSION" | tee -a "$GITHUB_OUTPUT"
-      - name: Set up QEMU
+      - name: Docker meta
-        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+        id: meta
        uses: docker/metadata-action@v5
        with:
          images: |
            git.kill0.net/ryanc/kubernaut
          tags: |
            type=schedule
            type=ref,event=branch
            type=ref,event=pr
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
            type=sha
      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+        uses: docker/setup-buildx-action@v3
      - name: Login to Gitea registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@v3
        with:
          registry: git.kill0.net
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Docker meta (debian)
        id: meta
        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
        with:
          images: |
            git.kill0.net/ryanc/kubernaut
          flavor: |
            latest=auto
          bake-target: docker-metadata-action
          tags: |
            type=schedule,pattern=nightly
            type=edge
            type=ref,event=branch
            type=ref,event=pr
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
            type=sha
      - name: Docker meta (alpine)
        id: meta-alpine
        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
        with:
          images: |
            git.kill0.net/ryanc/kubernaut
          bake-target: docker-metadata-action-alpine
          flavor: |
            latest=auto
            suffix=-alpine,onlatest=true
          tags: |
            type=schedule,pattern=nightly
            type=edge
            type=ref,event=branch
            type=ref,event=pr
            type=semver,pattern={{version}}
            type=semver,pattern={{major}}.{{minor}}
            type=semver,pattern={{major}}
            type=sha
      - name: Docker build and push
-        uses: docker/bake-action@76f9fa3a758507623da19f6092dc4089a7e61592 # v6.6.0
+        uses: docker/build-push-action@v5
        with:
          push: ${{ github.event_name != 'pull_request' }}
-          files: |
+          tags: ${{ steps.meta.outputs.tags }}
-            ./docker-bake.hcl
+          labels: ${{ steps.meta.outputs.labels }}
            cwd://${{ steps.meta.outputs.bake-file }}
            cwd://${{ steps.meta-alpine.outputs.bake-file }}
      - name: Setup Helm
-        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
+        uses: azure/setup-helm@v4.3.0
      - name: Publish Helm chart
        if: ${{ contains(github.ref, 'refs/tags/') }}
--- a/.gitea/workflows/lint.yaml
+++ b/.gitea/workflows/lint.yaml
@ -1,23 +0,0 @@
 ---
 name: Ruby Lint
 on:
  push:
    branches:
      - "**"
  pull_request:
 jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Ruby Setup
        uses: ruby/setup-ruby@dffc446db9ba5a0c4446edb5bca1c5c473a806c5 # v1.235.0
        with:
          ruby-version: '3.4'
          bundler-cache: true
      - name: Standard Ruby
        run: bundle exec standardrb
--- a/.gitea/workflows/test.yaml
+++ b/.gitea/workflows/test.yaml
@ -1,22 +0,0 @@
 ---
 name: Ruby Test
 on:
  push:
    branches:
      - "**"
  pull_request:
 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
      - name: Test
        uses: ruby/setup-ruby@dffc446db9ba5a0c4446edb5bca1c5c473a806c5 # v1.235.0
        with:
          ruby-version: '3.4'
          bundler-cache: true
      - run: bundle exec rake
--- a/40
+++ b/40
@ -0,0 +1,40 @@
 FROM ruby:alpine AS base
 WORKDIR /app
 RUN <<EOT
  gem update --system --no-document
  gem install -N bundler
  apk update
  apk upgrade --no-cache
 EOT
 FROM base AS build
 RUN <<EOT
  apk add gcc musl-dev ruby-dev make
 EOT
 COPY Gemfile* .
 RUN <<EOT
  bundle config set --local without development
  bundle install
 EOT
 FROM base
 # RUN useradd ruby --home /app --shell /bin/sh
 RUN adduser ruby -h /app -D
 USER ruby:ruby
 COPY --from=build /usr/local/bundle /usr/local/bundle
 COPY --from=build --chown=ruby:ruby /app /app
 COPY --chown=ruby:ruby . .
 EXPOSE 4567
 CMD [ "bundle", "exec", "rackup", "--host", "0.0.0.0", "--port", "4567" ]
--- a/1
+++ b/1
@ -3,6 +3,7 @@ source "https://rubygems.org"
 gem "sinatra"
 gem "sinatra-contrib"
 gem "puma"
 gem "rackup"
 gem "anyflake"
 gem "ksuid"
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -5,13 +5,13 @@ GEM
    ast (2.4.3)
    base64 (0.2.0)
    bigdecimal (3.1.9)
-    csv (3.3.4)
+    csv (3.3.3)
    diff-lcs (1.6.1)
    httparty (0.23.1)
      csv
      mini_mime (>= 1.0.0)
      multi_xml (>= 0.5.2)
-    json (2.11.3)
+    json (2.10.2)
    jwt (2.10.1)
      base64
    ksuid (1.0.0)
@ -27,15 +27,15 @@ GEM
      ruby2_keywords (~> 0.0.1)
    nanoid (2.0.0)
    nio4r (2.7.4)
-    parallel (1.27.0)
+    parallel (1.26.3)
-    parser (3.3.8.0)
+    parser (3.3.7.4)
      ast (~> 2.4.1)
      racc
    prism (1.4.0)
    puma (6.6.0)
      nio4r (~> 2.0)
    racc (1.8.1)
-    rack (3.1.13)
+    rack (3.1.12)
    rack-protection (4.1.1)
      base64 (>= 0.1.0)
      logger (>= 1.6.0)
@ -45,6 +45,8 @@ GEM
      rack (>= 3.0.0)
    rack-test (2.2.0)
      rack (>= 1.3)
    rackup (2.2.1)
      rack (>= 3)
    rainbow (3.1.1)
    rake (13.2.1)
    rbs (3.9.2)
@ -63,7 +65,7 @@ GEM
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.13.0)
    rspec-support (3.13.2)
-    rubocop (1.75.4)
+    rubocop (1.73.2)
      json (~> 2.3)
      language_server-protocol (~> 3.17.0.2)
      lint_roller (~> 1.1.0)
@ -71,17 +73,17 @@ GEM
      parser (>= 3.3.0.2)
      rainbow (>= 2.2.2, < 4.0)
      regexp_parser (>= 2.9.3, < 3.0)
-      rubocop-ast (>= 1.44.0, < 2.0)
+      rubocop-ast (>= 1.38.0, < 2.0)
      ruby-progressbar (~> 1.7)
      unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.44.1)
+    rubocop-ast (1.43.0)
      parser (>= 3.3.7.2)
      prism (~> 1.4)
-    rubocop-performance (1.25.0)
+    rubocop-performance (1.24.0)
      lint_roller (~> 1.1)
-      rubocop (>= 1.75.0, < 2.0)
+      rubocop (>= 1.72.1, < 2.0)
      rubocop-ast (>= 1.38.0, < 2.0)
-    ruby-lsp (0.23.15)
+    ruby-lsp (0.23.13)
      language_server-protocol (~> 3.17.0)
      prism (>= 1.2, < 2.0)
      rbs (>= 3, < 4)
@ -101,19 +103,19 @@ GEM
      rack-protection (= 4.1.1)
      sinatra (= 4.1.1)
      tilt (~> 2.0)
-    sorbet-runtime (0.5.12043)
+    sorbet-runtime (0.5.11971)
-    standard (1.49.0)
+    standard (1.47.0)
      language_server-protocol (~> 3.17.0.2)
      lint_roller (~> 1.0)
-      rubocop (~> 1.75.2)
+      rubocop (~> 1.73.0)
      standard-custom (~> 1.0.0)
-      standard-performance (~> 1.8)
+      standard-performance (~> 1.7)
    standard-custom (1.0.2)
      lint_roller (~> 1.0)
      rubocop (~> 1.50)
-    standard-performance (1.8.0)
+    standard-performance (1.7.0)
      lint_roller (~> 1.1)
-      rubocop-performance (~> 1.25.0)
+      rubocop-performance (~> 1.24.0)
    tilt (2.6.0)
    ulid (1.4.0)
    unicode-display_width (3.1.4)
@ -136,6 +138,7 @@ DEPENDENCIES
  nanoid
  puma
  rack-test
  rackup
  rake
  rspec
  ruby-lsp
@ -146,4 +149,4 @@ DEPENDENCIES
  uuid7
 BUNDLED WITH
-   2.6.8
+   2.6.6
--- a/app.rb
+++ b/app.rb
@ -2,7 +2,6 @@ require "bundler/setup"
 require "sinatra"
 require "sinatra/cookies"
 require "sinatra/multi_route"
 require "sinatra/quiet_logger"
 require "time"
 require "fileutils"
 require "json"
@ -21,9 +20,11 @@ $LOAD_PATH.unshift File.dirname(__FILE__) + "/lib"
 require "config"
-VERSION = "0.2.1"
+VERSION = "0.1.1"
 CHUNK_SIZE = 1024**2
 SESSION_SECRET_HEX_LENGTH = 64
 JWT_SECRET_HEX_LENGTH = 64
 DEFAULT_FLAKEY = 50
 NAME = "kubernaut".freeze
@ -51,12 +52,9 @@ DURATION_PARTS = [
 config = Config.new
 set :quiet_logger_prefixes, %w[livez readyz]
 set :session_secret, config.session_secret.unwrap
 set :public_folder, __dir__ + "/static"
 register Sinatra::QuietLogger
 module Sinatra
  module RequestHeadersHelper
    def req_headers
@ -115,6 +113,7 @@ class TickTock
  def initialize
    @pid = ppid
    @procfs_f = format "/proc/%s/stat", @pid
    puts @pid
  end
  def uptime
@ -165,7 +164,7 @@ class Sleep
  include State
  def initialize
-    @file = "/dev/shm/sleepy"
+    @file = "/dev/shm/sleep"
  end
  def asleep?
@ -182,11 +181,20 @@ class Sleep
 end
 def ppid
-  pid = ENV.fetch "PUMA_PID", Process.pid
+  pid = Process.pid
-  begin
+  # self
-    Integer pid
+  ps = File.open "/proc/#{pid}/stat", &:readline
-  rescue ArgumentError
+  ps = ps.split(" ")
-    -1
+  ppid = Integer(ps[3])
  # ppid
  ps = File.open "/proc/#{ppid}/stat", &:readline
  ps = ps.split(" ")
  if ps[1].include? "ruby"
    ppid
  else
    pid
  end
 end
@ -224,7 +232,9 @@ end
 enable :sessions
-puts "#{NAME} #{VERSION} staring, per aspera ad astra"
+on_start do
  puts "#{NAME} #{VERSION} staring, per aspera ad astra"
 end
 configure do
  mime_type :json, "application/json"
@ -299,23 +309,6 @@ get "/headers", provides: "json" do
  jsonify h, pretty:
 end
 get "/uptime", provides: "json" do
  tt = TickTock.new
  x = {started_at: tt.started_at, seconds: tt.uptime.to_i, human: human_time(tt.uptime.to_i)}
  jsonify x
 end
 post "/api/livez/toggle" do
  Health.instance.toggle
  "ok\n"
 end
 post "/api/livez/sleep" do
  Sleep.instance.toggle
  "ok\n"
 end
 get "/livez" do
  error 503 unless Health.instance.healthy?
@ -324,6 +317,23 @@ get "/livez" do
  Health.instance.to_s
 end
 get "/livez/uptime" do
  tt = TickTock.new
  x = {started_at: tt.started_at, seconds: tt.uptime.to_i, human: human_time(tt.uptime.to_i)}
  jsonify x
 end
 post "/livez/toggle" do
  Health.instance.toggle
  "ok\n"
 end
 post "/livez/sleep" do
  Sleep.instance.toggle
  "ok\n"
 end
 get "/readyz" do
  error 503 unless Ready.instance.ready?
@ -372,27 +382,25 @@ post "/halt" do
  nil
 end
-get "/pid", provides: "json" do
+get "/pid" do
  pretty = params.key? :pretty
  jsonify({ppid: ppid, pid: Process.pid}, pretty:)
 end
-get "/token", provides: "json" do
+get "/token" do
  pretty = params.key? :pretty
  exp = Time.now.to_i + SECONDS_PER_MINUTE * 2
  payload = {name: "anonymous", exp: exp, jti: Random.uuid}
  expires_at = Time.at(exp).to_datetime
-  token = JWT.encode payload, config.jwt_secret.unwrap, "HS256"
+  token = JWT.encode payload, JWT_SECRET, "HS256"
  x = {token: token, expires_at: expires_at}
-  jsonify x, pretty:
+  jsonify x
 end
 get "/token/validate" do
  token = req_headers["authorization"].split[1]
-  payload = JWT.decode token, config.jwt_secret.unwrap, true, algorithm: "HS256"
+  payload = JWT.decode token, JWT_SECRET, true, algorithm: "HS256"
  jsonify payload
 end
--- a/charts/kubernaut/Chart.yaml
+++ b/charts/kubernaut/Chart.yaml
@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.1
+version: 0.1.2
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.2.1"
+appVersion: "0.1.2"
--- a/charts/kubernaut/values.yaml
+++ b/charts/kubernaut/values.yaml
@ -97,7 +97,7 @@ readinessProbe:
 # This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
 autoscaling:
-  enabled: true
+  enabled: false
  minReplicas: 2
  maxReplicas: 100
  targetCPUUtilizationPercentage: 80
--- a/config/puma.rb
+++ b/config/puma.rb
@ -1,5 +0,0 @@
 ENV["PUMA_PID"] = Process.pid.to_s
 port ENV.fetch("PORT", 4567)
 pidfile ENV["PIDFILE"] if ENV["PIDFILE"]
--- a/docker-bake.hcl
+++ b/docker-bake.hcl
@ -1,22 +0,0 @@
 group "default" {
    targets = [ "bookworm", "alpine" ]
 }
 target "docker-metadata-action" {}
 target "docker-metadata-action-alpine" {}
 target "_common" {
    args = {
        RUBY_VERSION = "3.4.3"
    }
 }
 target "bookworm" {
    dockerfile = "./dockerfiles/bookworm.Dockerfile"
    inherits = [ "_common", "docker-metadata-action" ]
 }
 target "alpine" {
    dockerfile = "./dockerfiles/alpine.Dockerfile"
    inherits = [ "_common", "docker-metadata-action-alpine" ]
 }
--- a/dockerfiles/alpine.Dockerfile
+++ b/dockerfiles/alpine.Dockerfile
@ -1,54 +0,0 @@
 ARG RUBY_VERSION="3.4.3"
 ARG BASE_REGISTRY="docker.io"
 FROM ${BASE_REGISTRY}/ruby:${RUBY_VERSION}-alpine AS base
 ENV RACK_ENV="production" \
  BUNDLE_DEPLOYMENT=true \
  BUNDLE_PATH="/usr/local/bundle" \
  BUNDLE_WITHOUT="development test" \
  RUBY_YJIT_ENABLE=true
 WORKDIR /kubernaut
 RUN \
  --mount=type=cache,id=var-cache-apk,target=/var/cache/apk,sharing=locked \
  apk update -q; \
  apk add bash jemalloc
 RUN \
  --mount=type=cache,id=usr-local-bundle-cache,target=${BUNDLE_PATH},sharing=locked \
  gem update --system --no-document; \
  gem install -N bundler
 FROM base AS build
 RUN \
  --mount=type=cache,id=var-cache-apk,target=/var/cache/apk,sharing=locked \
  apk update -q; \
  apk add musl-dev gcc make; \
  apk add bash jemalloc
 COPY Gemfile Gemfile.lock ./
 RUN \
  --mount=type=cache,id=usr-local-bundle-ruby-cache,target=${BUNDLE_PATH}/ruby/3.4.0/cache,sharing=locked \
  bundle install
 COPY . .
 FROM base
 ENV PORT=4567
 RUN \
  addgroup --system --gid 666 kubernaut; \
  adduser --system --uid 666 --ingroup kubernaut --shell /bin/bash --disabled-password kubernaut
 COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
 COPY --from=build /kubernaut /kubernaut
 USER kubernaut:kubernaut
 EXPOSE $PORT
 ENTRYPOINT [ "/kubernaut/dockerfiles/entrypoint.sh" ]
 CMD [ "bundle", "exec", "puma" ]
--- a/dockerfiles/bookworm.Dockerfile
+++ b/dockerfiles/bookworm.Dockerfile
@ -1,62 +0,0 @@
 ARG RUBY_VERSION="3.4.3"
 ARG BASE_REGISTRY="docker.io"
 ARG DEBIAN_VERSION="bookworm"
 FROM ${BASE_REGISTRY}/ruby:${RUBY_VERSION}-slim-${DEBIAN_VERSION} AS base
 ENV RACK_ENV="production" \
  BUNDLE_DEPLOYMENT=true \
  BUNDLE_PATH="/usr/local/bundle" \
  BUNDLE_WITHOUT="development test" \
  RUBY_YJIT_ENABLE=true
 WORKDIR /kubernaut
 RUN rm -f /etc/apt/apt.conf.d/docker-clean
 RUN \
  --mount=type=cache,id=var-cache-apt,target=/var/cache/apt,sharing=locked \
  --mount=type=cache,id=var-lib-apt,target=/var/lib/apt,sharing=locked \
  apt-get update -qq; \
  apt-get install --yes --no-install-recommends \
  libjemalloc2
 RUN \
  --mount=type=cache,id=usr-local-bundle-cache,target=${BUNDLE_PATH},sharing=locked \
  gem update --system --no-document; \
  gem install -N bundler
 ENV DEBIAN_FRONTEND="noninteractive"
 FROM base AS build
 RUN \
  --mount=type=cache,id=var-cache-apt,target=/var/cache/apt,sharing=locked \
  --mount=type=cache,id=var-lib-apt,target=/var/lib/apt,sharing=locked \
  apt-get update -qq; \
  apt-get install --yes --no-install-recommends \
  build-essential
 COPY Gemfile Gemfile.lock ./
 RUN \
  --mount=type=cache,id=usr-local-bundle-ruby-cache,target=${BUNDLE_PATH}/ruby/3.4.0/cache,sharing=locked \
  bundle install
 COPY . .
 FROM base
 ENV PORT=4567
 RUN \
  groupadd --system --gid 666 kubernaut; \
  useradd --system --uid 666 --gid kubernaut --create-home --shell /bin/bash kubernaut
 COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
 COPY --from=build /kubernaut /kubernaut
 USER kubernaut:kubernaut
 EXPOSE $PORT
 ENTRYPOINT [ "/kubernaut/dockerfiles/entrypoint.sh" ]
 CMD [ "bundle", "exec", "puma" ]
--- a/dockerfiles/entrypoint.sh
+++ b/dockerfiles/entrypoint.sh
@ -1,15 +0,0 @@
 #!/usr/bin/env bash
 set -euo pipefail
 # output debugging info
 ruby --version
 printf "rubygems %s\n" "$(gem --version)"
 bundle version
 if [ -z "${LD_PRELOAD+x}" ]; then
    LD_PRELOAD="$(find /usr/lib -name libjemalloc.so.2 -print -quit)"
    export LD_PRELOAD
 fi
 exec "${@}"
--- a/kustomize/app/deployment.yaml
+++ b/kustomize/app/deployment.yaml
@ -16,24 +16,18 @@ spec:
    spec:
      containers:
        - name: kubernaut
-          image: git.kill0.net/ryanc/kubernaut:0.2.1
+          image: git.kill0.net/ryanc/kubernaut:0.1.2
          imagePullPolicy: Always
          ports:
            - name: sinatra-web
              containerPort: 4567
          env:
-            - name: KUBERNAUT_SESSION_SECRET
+            - name: SESSION_SECRET
              valueFrom:
                secretKeyRef:
-                  name: kubernaut
+                  name: kubernaut-session-secret
                  key: session_secret
                  optional: true
            - name: KUBERNAUT_JWT_SECRET
              valueFrom:
                secretKeyRef:
                  name: kubernaut
                  key: jwt_secret
                  optional: true
          envFrom:
            - configMapRef:
                name: kubernaut-configmap
--- a/kustomize/app/kustomization.yaml
+++ b/kustomize/app/kustomization.yaml
@ -3,6 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: kubernaut
 resources:
  - secret.yaml
  - configmap.yaml
  - deployment.yaml
  - hpa.yaml
--- a/kustomize/app/secret.yaml
+++ b/kustomize/app/secret.yaml
@ -0,0 +1,15 @@
 ---
 apiVersion: bitnami.com/v1alpha1
 kind: SealedSecret
 metadata:
  creationTimestamp: null
  name: kubernaut-session-secret
  namespace: kubernaut
 spec:
  encryptedData:
    session_secret: AgCY08t0AU418znEZt5d252J+lH+fwYki2g6jdJpfdRfVQjnA+b52P0KWrs/x5pB0PKab6Z3JY/Tz0SQCaoIsCR4IzUO3a095aulRqb6Qr1Lz8udBVta4JJMZLmo26tuUfVHlpD1d6J8rkBSm8vzckFLkOA1Wfl/9rS3K4qwiDogA5pI0ULghFkeEx1yKdRwPq0k8PuvOvLUJ6oNq3e5n+B/BrVWdQ+7XQxUq/AMANJrDbe+RD33f99LArHYA7bFMbY8YRazXSTAkeunpTlxTjuGZKYvJKupo29LHz2OVbZVX/hI0nZkdVpcgqvbxF6Vw9CuCeAmtKYl7A3qsAWqDLUdP3hRLsk2P9RDNhEzYWh4ml8APzziWzihdJbGEjwLy7HsHgKslM0XbBnRQDlxp/JtvcWdjQp33A+QOON32zOKHi+qJjDYyGebS1+xkPbnyb1MPSJVAtFpj7dlLbFekLFDZEbXuJYUl1wKdFOIjJHmNK/MTEV2kOhtiVj/aeKgSXwor9hR7Uxzs5ZSawp9uWw+hpr58EX6I+RtfO4yjFC6FjnagiU6SlI1Q2F7/nv82g1UWTYMpNN5bduS1YFWmsnXvK+W7YQHpSForr5ndtCSHmclbXb5Fc33sywC5u6Bi2Gu5/MW6d73BOog5BC3QtOuEQ044Q+cuU3RIlKADBqKLzZmHlmukyyGuZfXJnGjlWGKp3J1KecucTo6XC9QHpUkjXEKdlE63mOI1VuOGyBIHl60v4bnWiBg+aDZVHipz4JLKsVB0HOgBBK7+tOX6tr1GDG/F7Nz/i9ebzUV6i8Ec1jHf+2ZcTtBkNXBIkHc84+4Qd33/gOuP+lizLfIhfQ3DFWbwyfYumpVbeapyYhB0CE=
  template:
    metadata:
      creationTimestamp: null
      name: kubernaut-session-secret
      namespace: kubernaut
--- a/lib/config.rb
+++ b/lib/config.rb
@ -1,8 +1,5 @@
 require "sensitive"
 SESSION_SECRET_HEX_LENGTH = 64
 JWT_SECRET_HEX_LENGTH = 64
 class Config
  attr_accessor :cat
@ -12,7 +9,7 @@ class Config
    @prefix = prefix
    @cat = cat
-    session_secret ||= fetch_env "SESSION_SECRET" do
+    session_secret ||= ENV.fetch "SESSION_SECRET" do
      SecureRandom.hex SESSION_SECRET_HEX_LENGTH
    end