v0.2.0

Gemfile.lock

@@ -11,7 +11,7 @@ GEM
       csv
       mini_mime (>= 1.0.0)
       multi_xml (>= 0.5.2)
-    json (2.10.2)
+    json (2.11.3)
     jwt (2.10.1)
       base64
     ksuid (1.0.0)
@@ -65,7 +65,7 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-support (3.13.2)
-    rubocop (1.75.2)
+    rubocop (1.75.4)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
@@ -83,7 +83,7 @@ GEM
       lint_roller (~> 1.1)
       rubocop (>= 1.75.0, < 2.0)
       rubocop-ast (>= 1.38.0, < 2.0)
-    ruby-lsp (0.23.14)
+    ruby-lsp (0.23.15)
       language_server-protocol (~> 3.17.0)
       prism (>= 1.2, < 2.0)
       rbs (>= 3, < 4)
@@ -103,7 +103,7 @@ GEM
       rack-protection (= 4.1.1)
       sinatra (= 4.1.1)
       tilt (~> 2.0)
-    sorbet-runtime (0.5.12026)
+    sorbet-runtime (0.5.12043)
     standard (1.49.0)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.0)

app.rb

@@ -21,7 +21,7 @@ $LOAD_PATH.unshift File.dirname(__FILE__) + "/lib"
 
 require "config"
 
-VERSION = "0.1.4"
+VERSION = "0.2.0"
 
 CHUNK_SIZE = 1024**2
 SESSION_SECRET_HEX_LENGTH = 64

charts/kubernaut/Chart.yaml

@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.4
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.4"
+appVersion: "0.2.0"

config/puma.rb

@@ -1 +1,5 @@
 ENV["PUMA_PID"] = Process.pid.to_s
+
+port ENV.fetch("PORT", 4567)
+
+pidfile ENV["PIDFILE"] if ENV["PIDFILE"]

dockerfiles/alpine.Dockerfile

@@ -1,41 +1,51 @@
 ARG RUBY_VERSION="3.4.3"
-FROM ruby:${RUBY_VERSION}-alpine AS base
+FROM docker.io/library/ruby:${RUBY_VERSION}-alpine AS base
 
-WORKDIR /app
+WORKDIR /kubernaut
 
 RUN <<EOT
-  apk update
+  apk update -q
+  apk add bash
+  rm -rf /var/cache/apk
   gem update --system --no-document
   gem install -N bundler
 EOT
 
+ENV RACK_ENV="production" \
+  BUNDLE_DEPLOYMENT=true \
+  BUNDLE_PATH="/usr/local/bundle" \
+  BUNDLE_WITHOUT="development test"
 
 FROM base AS build
 
 RUN <<EOT
   apk add musl-dev gcc make
+  rm -rf /var/cache/apk
 EOT
 
-COPY Gemfile* .
+COPY Gemfile Gemfile.lock ./
 
 RUN <<EOT
-  bundle config set --local without development
   bundle install
+  rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git
 EOT
 
+COPY . .
 
 FROM base
 
 ENV PORT=4567
 
-RUN adduser --home /app --disabled-password app
+RUN <<EOT
+  addgroup --system --gid 666 kubernaut
+  adduser --system --uid 666 --ingroup kubernaut --shell /bin/bash --disabled-password kubernaut
+EOT
 
-USER app:app
+COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
+COPY --from=build /kubernaut /kubernaut
 
-COPY --from=build /usr/local/bundle /usr/local/bundle
-COPY --from=build --chown=app:app /app /app
+USER kubernaut:kubernaut
 
-COPY --chown=app:app . .
-
-EXPOSE 4567
-CMD [ "puma", "--bind", "0.0.0.0", "--port", "$PORT" ]
+EXPOSE $PORT
+ENTRYPOINT [ "/kubernaut/dockerfiles/entrypoint.sh" ]
+CMD [ "bundle", "exec", "puma" ]

dockerfiles/bookworm.Dockerfile

@@ -1,42 +1,51 @@
 ARG RUBY_VERSION="3.4.3"
-FROM ruby:${RUBY_VERSION}-slim-bookworm AS base
+FROM docker.io/library/ruby:${RUBY_VERSION}-slim-bookworm AS base
 
-WORKDIR /app
+WORKDIR /kubernaut
 
 RUN <<EOT
-  apt-get update
+  apt-get update -qq
+  rm -rf /var/lib/apt/lists /var/cache/apt/archives
   gem update --system --no-document
   gem install -N bundler
 EOT
 
+ENV RACK_ENV="production" \
+  BUNDLE_DEPLOYMENT=true \
+  BUNDLE_PATH="/usr/local/bundle" \
+  BUNDLE_WITHOUT="development test"
 
 FROM base AS build
 
 RUN <<EOT
-  apt-get install --yes gcc make
+  apt-get update -qq
+  apt-get install --yes --no-install-recommends gcc make libc-dev
+  rm -rf /var/lib/apt/lists /var/cache/apt/archives
 EOT
 
-COPY Gemfile* .
+COPY Gemfile Gemfile.lock ./
 
 RUN <<EOT
-  bundle config set --local without development
   bundle install
+  rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git
 EOT
 
+COPY . .
 
 FROM base
 
 ENV PORT=4567
 
-# RUN useradd ruby --home /app --shell /bin/sh
-RUN useradd --home /app --create-home app
+RUN <<EOT
+  groupadd --system --gid 666 kubernaut
+  useradd --system --uid 666 --gid kubernaut --create-home --shell /bin/bash kubernaut
+EOT
 
-USER app:app
+COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
+COPY --from=build /kubernaut /kubernaut
 
-COPY --from=build /usr/local/bundle /usr/local/bundle
-COPY --from=build --chown=app:app /app /app
+USER kubernaut:kubernaut
 
-COPY --chown=app:app . .
-
-EXPOSE 4567
-CMD [ "puma", "--bind", "0.0.0.0", "--port", "$PORT" ]
+EXPOSE $PORT
+ENTRYPOINT [ "/kubernaut/dockerfiles/entrypoint.sh" ]
+CMD [ "bundle", "exec", "puma" ]

dockerfiles/entrypoint.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# output debugging info
+ruby --version
+printf "rubygems %s\n" "$(gem --version)"
+bundle version
+
+exec "${@}"

kustomize/app/deployment.yaml

@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
         - name: kubernaut
-          image: git.kill0.net/ryanc/kubernaut:0.1.4
+          image: git.kill0.net/ryanc/kubernaut:0.2.0
           imagePullPolicy: Always
           ports:
             - name: sinatra-web