remove rubocop

.devcontainer/Dockerfile

@@ -1,2 +1,5 @@
 ARG VARIANT="3.4.2"
 FROM ghcr.io/rails/devcontainer/images/ruby:${VARIANT}
+
+RUN mkdir /run/kubernaut && \
+    chown vscode: /run/kubernaut

.devcontainer/compose.yml

@@ -5,8 +5,7 @@ services:
       context: .
       dockerfile: Dockerfile
     volumes:
-      - ..:/workspace:cached
+      - ..:/workspace
-      - /var/run/docker.sock:/var/run/docker-host.sock
     command: sleep infinity
   memcached:
     image: memcached:latest

.devcontainer/devcontainer.json

@@ -6,15 +6,12 @@
         "vscode": {
             "extensions": [
                 "Shopify.ruby-lsp",
-                "docker.docker"
+                "ms-azuretools.vscode-docker"
             ]
         }
     },
     "postCreateCommand": ".devcontainer/boot.sh",
     "forwardPorts": [
         4567
-    ],
+    ]
-    "features": {
-        "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {}
-    }
 }

.dockerignore

@@ -1,7 +0,0 @@
-**/.git
-**/.gitignore
-/.devcontainer
-/.gitea
-/.github
-/.vscode
-/charts

.gitea/workflows/ci.yaml

@@ -0,0 +1,72 @@
+---
+name: Gitea Actions Demo
+run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
+on: [push]
+
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    permissions:
+      checks: write
+      contents: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Ruby Setup
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.3'
+          bundler-cache: true
+
+      - run: bundle install
+
+      - name: Standard Ruby
+        run: bundle exec standardrb
+
+
+  test:
+    needs: lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Test
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.4'
+          bundler-cache: true
+
+      - run: bundle exec rake
+
+  release-image:
+    needs: test
+    if: github.ref == 'refs/heads/main'
+    runs-on: ubuntu-latest
+    container:
+      image: catthehacker/ubuntu:act-latest
+    env:
+      DOCKER_ORG: ryanc
+      DOCKER_LATEST: latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # all history for all branches and tags
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Gitea registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.kill0.net
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Docker build and push
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          tags: git.kill0.net/ryanc/kubernaut:latest

.gitea/workflows/lint.yaml

@@ -1,23 +0,0 @@
----
-name: Ruby Lint
-on:
-  push:
-    branches:
-      - "**"
-  pull_request:
-jobs:
-  lint:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Ruby Setup
-        uses: ruby/setup-ruby@dffc446db9ba5a0c4446edb5bca1c5c473a806c5 # v1.235.0
-        with:
-          ruby-version: '3.4'
-          bundler-cache: true
-
-      - name: Standard Ruby
-        run: bundle exec standardrb
-

.gitea/workflows/release.yaml

@@ -1,109 +0,0 @@
----
-name: Release
-on:
-  schedule: 
-    - cron: "0 0 * * *"
-  push:
-    branches:
-      - main
-    tags:
-      - "v*.*.*"
-jobs:
-  docker:
-    runs-on: ubuntu-latest
-    env:
-      DOCKER_ORG: ryanc
-      DOCKER_LATEST: latest
-    defaults:
-      run:
-        shell: bash
-    outputs:
-      metadata: ${{ steps.output.outputs.metadata }}
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          fetch-depth: 0 # all history for all branches and tags
-
-      - name: Prepare
-        id: prep
-        run: |
-          VERSION="sha-${GITHUB_SHA::8}"
-          if [[ "$GITHUB_REF" == refs/tags/* ]]; then
-            VERSION="${GITHUB_REF/refs\/tags\//}"
-          fi
-          printf "GITHUB_REF=%s\n" "$GITHUB_REF"
-          printf "GITHUB_SHA=%s\n" "$GITHUB_SHA"
-          printf "VERSION=%s\n" "$VERSION" | tee -a "$GITHUB_OUTPUT"
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
-
-      - name: Login to Gitea registry
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
-        with:
-          registry: git.kill0.net
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Docker meta (debian)
-        id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
-        with:
-          images: |
-            git.kill0.net/ryanc/kubernaut
-          flavor: |
-            latest=auto
-          bake-target: docker-metadata-action
-          tags: |
-            type=schedule,pattern=nightly
-            type=edge
-            type=ref,event=branch
-            type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
-            type=sha
-
-      - name: Docker meta (alpine)
-        id: meta-alpine
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
-        with:
-          images: |
-            git.kill0.net/ryanc/kubernaut
-          bake-target: docker-metadata-action-alpine
-          flavor: |
-            latest=auto
-            suffix=-alpine,onlatest=true
-          tags: |
-            type=schedule,pattern=nightly
-            type=edge
-            type=ref,event=branch
-            type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
-            type=sha
-
-      - name: Docker build and push
-        uses: docker/bake-action@76f9fa3a758507623da19f6092dc4089a7e61592 # v6.6.0
-        with:
-          push: ${{ github.event_name != 'pull_request' }}
-          files: |
-            ./docker-bake.hcl
-            cwd://${{ steps.meta.outputs.bake-file }}
-            cwd://${{ steps.meta-alpine.outputs.bake-file }}
-
-      - name: Setup Helm
-        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
-
-      - name: Publish Helm chart
-        if: ${{ contains(github.ref, 'refs/tags/') }}
-        run: |
-          HELM_VERSION="${{ steps.prep.outputs.VERSION }}"
-          HELM_VERSION="${HELM_VERSION#v}"
-          helm package charts/kubernaut
-          helm push "kubernaut-${HELM_VERSION}.tgz" oci://git.kill0.net/ryanc/helm-charts

.gitea/workflows/test.yaml

@@ -1,22 +0,0 @@
----
-name: Ruby Test
-on:
-  push:
-    branches:
-      - "**"
-  pull_request:
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Test
-        uses: ruby/setup-ruby@dffc446db9ba5a0c4446edb5bca1c5c473a806c5 # v1.235.0
-        with:
-          ruby-version: '3.4'
-          bundler-cache: true
-
-      - run: bundle exec rake
-

.gitignore

@@ -1,3 +1,5 @@
 .bundle
+.cache
+.local
 .ruby-lsp
-/vendor
+.ash_history

.vscode/settings.json

@@ -1,9 +0,0 @@
-{
-  "[ruby]": {
-    "editor.defaultFormatter": "Shopify.ruby-lsp"
-  },
-  "rubyLsp.formatter": "standard",
-  "rubyLsp.linters": [
-    "standard"
-  ],
-}

Dockerfile

@@ -0,0 +1,55 @@
+FROM ruby:alpine AS base
+
+WORKDIR /app
+
+RUN <<EOT
+  gem update --system --no-document
+  gem install -N bundler
+  apk update
+  apk upgrade --no-cache
+EOT
+
+RUN mkdir -p /run/app
+
+
+FROM base AS build
+
+RUN <<EOT
+  apk add gcc musl-dev ruby-dev make
+EOT
+
+COPY Gemfile* .
+
+RUN <<EOT
+  bundle config set --local without development
+  bundle install
+EOT
+
+FROM build AS dev
+
+WORKDIR /app
+
+RUN <<EOT
+  bundle install
+EOT
+
+CMD [ "sleep", "infinity" ]
+
+FROM base
+
+# RUN useradd ruby --home /app --shell /bin/sh
+RUN adduser ruby -h /app -D
+
+RUN mkdir -p /run/app
+
+RUN chown ruby:ruby /run/app
+
+USER ruby:ruby
+
+COPY --from=build /usr/local/bundle /usr/local/bundle
+COPY --from=build --chown=ruby:ruby /app /app
+
+COPY --chown=ruby:ruby . .
+
+EXPOSE 4567
+CMD [ "bundle", "exec", "rackup", "--host", "0.0.0.0", "--port", "4567" ]

Gemfile

@@ -3,6 +3,7 @@ source "https://rubygems.org"
 gem "sinatra"
 gem "sinatra-contrib"
 gem "puma"
+gem "rackup"
 
 gem "anyflake"
 gem "ksuid"

Gemfile.lock

@@ -4,22 +4,22 @@ GEM
     anyflake (0.0.1)
     ast (2.4.3)
     base64 (0.2.0)
-    bigdecimal (3.1.9)
+    bigdecimal (3.1.8)
-    csv (3.3.4)
+    csv (3.3.0)
-    diff-lcs (1.6.1)
+    diff-lcs (1.6.0)
-    httparty (0.23.1)
+    httparty (0.22.0)
       csv
       mini_mime (>= 1.0.0)
       multi_xml (>= 0.5.2)
-    json (2.11.3)
+    json (2.10.2)
     jwt (2.10.1)
       base64
     ksuid (1.0.0)
     language_server-protocol (3.17.0.4)
     lint_roller (1.1.0)
-    logger (1.7.0)
+    logger (1.6.6)
     mini_mime (1.1.5)
-    minitest (5.25.5)
+    minitest (5.25.4)
     multi_json (1.15.0)
     multi_xml (0.7.1)
       bigdecimal (~> 3.1)
@@ -27,15 +27,15 @@ GEM
       ruby2_keywords (~> 0.0.1)
     nanoid (2.0.0)
     nio4r (2.7.4)
-    parallel (1.27.0)
+    parallel (1.26.3)
-    parser (3.3.8.0)
+    parser (3.3.7.2)
       ast (~> 2.4.1)
       racc
-    prism (1.4.0)
+    prism (1.3.0)
     puma (6.6.0)
       nio4r (~> 2.0)
     racc (1.8.1)
-    rack (3.1.13)
+    rack (3.1.11)
     rack-protection (4.1.1)
       base64 (>= 0.1.0)
       logger (>= 1.6.0)
@@ -45,9 +45,11 @@ GEM
       rack (>= 3.0.0)
     rack-test (2.2.0)
       rack (>= 1.3)
+    rackup (2.2.1)
+      rack (>= 3)
     rainbow (3.1.1)
     rake (13.2.1)
-    rbs (3.9.2)
+    rbs (3.8.1)
       logger
     regexp_parser (2.10.0)
     rspec (3.13.0)
@@ -63,7 +65,7 @@ GEM
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
     rspec-support (3.13.2)
-    rubocop (1.75.4)
+    rubocop (1.73.2)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
@@ -71,17 +73,16 @@ GEM
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 2.9.3, < 3.0)
-      rubocop-ast (>= 1.44.0, < 2.0)
+      rubocop-ast (>= 1.38.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.44.1)
+    rubocop-ast (1.41.0)
       parser (>= 3.3.7.2)
-      prism (~> 1.4)
+    rubocop-performance (1.24.0)
-    rubocop-performance (1.25.0)
       lint_roller (~> 1.1)
-      rubocop (>= 1.75.0, < 2.0)
+      rubocop (>= 1.72.1, < 2.0)
       rubocop-ast (>= 1.38.0, < 2.0)
-    ruby-lsp (0.23.15)
+    ruby-lsp (0.23.11)
       language_server-protocol (~> 3.17.0)
       prism (>= 1.2, < 2.0)
       rbs (>= 3, < 4)
@@ -101,19 +102,19 @@ GEM
       rack-protection (= 4.1.1)
       sinatra (= 4.1.1)
       tilt (~> 2.0)
-    sorbet-runtime (0.5.12043)
+    sorbet-runtime (0.5.11911)
-    standard (1.49.0)
+    standard (1.47.0)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.0)
-      rubocop (~> 1.75.2)
+      rubocop (~> 1.73.0)
       standard-custom (~> 1.0.0)
-      standard-performance (~> 1.8)
+      standard-performance (~> 1.7)
     standard-custom (1.0.2)
       lint_roller (~> 1.0)
       rubocop (~> 1.50)
-    standard-performance (1.8.0)
+    standard-performance (1.7.0)
       lint_roller (~> 1.1)
-      rubocop-performance (~> 1.25.0)
+      rubocop-performance (~> 1.24.0)
     tilt (2.6.0)
     ulid (1.4.0)
     unicode-display_width (3.1.4)
@@ -136,6 +137,7 @@ DEPENDENCIES
   nanoid
   puma
   rack-test
+  rackup
   rake
   rspec
   ruby-lsp
@@ -146,4 +148,4 @@ DEPENDENCIES
   uuid7
 
 BUNDLED WITH
-   2.6.8
+   2.5.13

app.rb

@@ -2,7 +2,6 @@ require "bundler/setup"
 require "sinatra"
 require "sinatra/cookies"
 require "sinatra/multi_route"
-require "sinatra/quiet_logger"
 require "time"
 require "fileutils"
 require "json"
@@ -21,13 +20,12 @@ $LOAD_PATH.unshift File.dirname(__FILE__) + "/lib"
 
 require "config"
 
-VERSION = "0.2.2"
-
 CHUNK_SIZE = 1024**2
+SESSION_SECRET_HEX_LENGTH = 64
+JWT_SECRET_HEX_LENGTH = 64
 DEFAULT_FLAKEY = 50
 
-NAME = "kubernaut".freeze
+ENV_PREFIX = "KUBERNAUT"
-ENV_PREFIX = NAME.upcase
 
 CLK_TCK = 100
 PROC_UPTIME_PATH = "/proc/uptime".freeze
@@ -51,12 +49,9 @@ DURATION_PARTS = [
 
 config = Config.new
 
-set :quiet_logger_prefixes, %w[livez readyz]
 set :session_secret, config.session_secret.unwrap
 set :public_folder, __dir__ + "/static"
 
-register Sinatra::QuietLogger
-
 module Sinatra
   module RequestHeadersHelper
     def req_headers
@@ -115,6 +110,7 @@ class TickTock
   def initialize
     @pid = ppid
     @procfs_f = format "/proc/%s/stat", @pid
+    puts @pid
   end
 
   def uptime
@@ -165,7 +161,7 @@ class Sleep
   include State
 
   def initialize
-    @file = "/dev/shm/sleepy"
+    @file = "/dev/shm/sleep"
   end
 
   def asleep?
@@ -182,11 +178,20 @@ class Sleep
 end
 
 def ppid
-  pid = ENV.fetch "PUMA_PID", Process.pid
+  pid = Process.pid
-  begin
+  # self
-    Integer pid
+  ps = File.open "/proc/#{pid}/stat", &:readline
-  rescue ArgumentError
+  ps = ps.split(" ")
-    -1
+  ppid = Integer(ps[3])
+
+  # ppid
+  ps = File.open "/proc/#{ppid}/stat", &:readline
+  ps = ps.split(" ")
+
+  if ps[1].include? "ruby"
+    ppid
+  else
+    pid
   end
 end
 
@@ -224,8 +229,6 @@ end
 
 enable :sessions
 
-puts "#{NAME} #{VERSION} staring, per aspera ad astra"
-
 configure do
   mime_type :json, "application/json"
 end
@@ -276,10 +279,6 @@ helpers do
       @auth.credentials and
       @auth.credentials == ["qwer", "asdf"]
   end
-
-  def hostname
-    ENV["HOSTNAME"]
-  end
 end
 
 get "/" do
@@ -299,23 +298,6 @@ get "/headers", provides: "json" do
   jsonify h, pretty:
 end
 
-get "/uptime", provides: "json" do
-  tt = TickTock.new
-  x = {started_at: tt.started_at, seconds: tt.uptime.to_i, human: human_time(tt.uptime.to_i)}
-
-  jsonify x
-end
-
-post "/api/livez/toggle" do
-  Health.instance.toggle
-  "ok\n"
-end
-
-post "/api/livez/sleep" do
-  Sleep.instance.toggle
-  "ok\n"
-end
-
 get "/livez" do
   error 503 unless Health.instance.healthy?
 
@@ -324,6 +306,23 @@ get "/livez" do
   Health.instance.to_s
 end
 
+get "/livez/uptime" do
+  tt = TickTock.new
+  x = {started_at: tt.started_at, seconds: tt.uptime.to_i, human: human_time(tt.uptime.to_i)}
+
+  jsonify x
+end
+
+post "/livez/toggle" do
+  Health.instance.toggle
+  "ok\n"
+end
+
+post "/livez/sleep" do
+  Sleep.instance.toggle
+  "ok\n"
+end
+
 get "/readyz" do
   error 503 unless Ready.instance.ready?
 
@@ -372,27 +371,25 @@ post "/halt" do
   nil
 end
 
-get "/pid", provides: "json" do
+get "/pid" do
   pretty = params.key? :pretty
 
   jsonify({ppid: ppid, pid: Process.pid}, pretty:)
 end
 
-get "/token", provides: "json" do
+get "/token" do
-  pretty = params.key? :pretty
-
   exp = Time.now.to_i + SECONDS_PER_MINUTE * 2
   payload = {name: "anonymous", exp: exp, jti: Random.uuid}
   expires_at = Time.at(exp).to_datetime
-  token = JWT.encode payload, config.jwt_secret.unwrap, "HS256"
+  token = JWT.encode payload, JWT_SECRET, "HS256"
   x = {token: token, expires_at: expires_at}
 
-  jsonify x, pretty:
+  jsonify x
 end
 
 get "/token/validate" do
   token = req_headers["authorization"].split[1]
-  payload = JWT.decode token, config.jwt_secret.unwrap, true, algorithm: "HS256"
+  payload = JWT.decode token, JWT_SECRET, true, algorithm: "HS256"
 
   jsonify payload
 end
@@ -420,20 +417,6 @@ get "/config", provides: "json" do
   jsonify config.as_json, pretty:
 end
 
-get "/_cat" do
-  stream do |out|
-    out << "=^.^=\n"
-    x = Sinatra::Application.routes.map do |method, route|
-      route.map do |route|
-        route.first.to_s
-      end
-    end
-    x.flatten.sort.uniq.each do |route|
-      out << "#{route}\n" if route.start_with? "/_cat"
-    end
-  end
-end
-
 get "/_cat/headers" do
   stream do |out|
     req_headers.each do |k, v|
@@ -473,14 +456,6 @@ get "/_cat/config" do
   end
 end
 
-get "/_cat/pid" do
-  stream do |out|
-    {ppid: ppid, pid: Process.pid}.sort.each do |k, v|
-      out << "#{k}=#{v}\n"
-    end
-  end
-end
-
 route :delete, :get, :patch, :post, :put, "/status/:code" do
   # hello
   code = Integer(params[:code])

charts/kubernaut/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

charts/kubernaut/Chart.yaml

@@ -1,24 +0,0 @@
-apiVersion: v2
-name: kubernaut
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.2
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-# It is recommended to use it with quotes.
-appVersion: "0.2.2"

charts/kubernaut/templates/NOTES.txt

@@ -1,22 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
-  {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
-  {{- end }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "kubernaut.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "kubernaut.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "kubernaut.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kubernaut.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-{{- end }}

charts/kubernaut/templates/_helpers.tpl

@@ -1,62 +0,0 @@
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "kubernaut.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "kubernaut.fullname" -}}
-{{- if .Values.fullnameOverride }}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- $name := default .Chart.Name .Values.nameOverride }}
-{{- if contains $name .Release.Name }}
-{{- .Release.Name | trunc 63 | trimSuffix "-" }}
-{{- else }}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
-{{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "kubernaut.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
-{{- end }}
-
-{{/*
-Common labels
-*/}}
-{{- define "kubernaut.labels" -}}
-helm.sh/chart: {{ include "kubernaut.chart" . }}
-{{ include "kubernaut.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "kubernaut.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "kubernaut.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "kubernaut.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create }}
-{{- default (include "kubernaut.fullname" .) .Values.serviceAccount.name }}
-{{- else }}
-{{- default "default" .Values.serviceAccount.name }}
-{{- end }}
-{{- end }}

charts/kubernaut/templates/configmap.yaml

@@ -1,8 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ .Release.Name }}-configmap
-data:
-  {{- with.Values.cat }}
-  KUBERNAUT_CAT: {{ toYaml . }}
-  {{- end }}

charts/kubernaut/templates/deployment.yaml

@@ -1,78 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "kubernaut.fullname" . }}
-  labels:
-    {{- include "kubernaut.labels" . | nindent 4 }}
-spec:
-  {{- if not .Values.autoscaling.enabled }}
-  replicas: {{ .Values.replicaCount }}
-  {{- end }}
-  selector:
-    matchLabels:
-      {{- include "kubernaut.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      {{- with .Values.podAnnotations }}
-      annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      labels:
-        {{- include "kubernaut.labels" . | nindent 8 }}
-        {{- with .Values.podLabels }}
-        {{- toYaml . | nindent 8 }}
-        {{- end }}
-    spec:
-      {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      serviceAccountName: {{ include "kubernaut.serviceAccountName" . }}
-      {{- with .Values.podSecurityContext }}
-      securityContext:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      containers:
-        - name: {{ .Chart.Name }}
-          {{- with .Values.securityContext }}
-          securityContext:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.port }}
-              protocol: TCP
-          {{- with .Values.livenessProbe }}
-          livenessProbe:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.readinessProbe }}
-          readinessProbe:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.resources }}
-          resources:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- with .Values.volumeMounts }}
-          volumeMounts:
-            {{- toYaml . | nindent 12 }}
-          {{- end }}
-      {{- with .Values.volumes }}
-      volumes:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-      {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}

charts/kubernaut/templates/hpa.yaml

@@ -1,32 +0,0 @@
-{{- if .Values.autoscaling.enabled }}
-apiVersion: autoscaling/v2
-kind: HorizontalPodAutoscaler
-metadata:
-  name: {{ include "kubernaut.fullname" . }}
-  labels:
-    {{- include "kubernaut.labels" . | nindent 4 }}
-spec:
-  scaleTargetRef:
-    apiVersion: apps/v1
-    kind: Deployment
-    name: {{ include "kubernaut.fullname" . }}
-  minReplicas: {{ .Values.autoscaling.minReplicas }}
-  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
-  metrics:
-    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: cpu
-        target:
-          type: Utilization
-          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
-    {{- end }}
-    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
-    - type: Resource
-      resource:
-        name: memory
-        target:
-          type: Utilization
-          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
-    {{- end }}
-{{- end }}

charts/kubernaut/templates/ingress.yaml

@@ -1,43 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: {{ include "kubernaut.fullname" . }}
-  labels:
-    {{- include "kubernaut.labels" . | nindent 4 }}
-  {{- with .Values.ingress.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  {{- with .Values.ingress.className }}
-  ingressClassName: {{ . }}
-  {{- end }}
-  {{- if .Values.ingress.tls }}
-  tls:
-    {{- range .Values.ingress.tls }}
-    - hosts:
-        {{- range .hosts }}
-        - {{ . | quote }}
-        {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
-  {{- end }}
-  rules:
-    {{- range .Values.ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ .path }}
-            {{- with .pathType }}
-            pathType: {{ . }}
-            {{- end }}
-            backend:
-              service:
-                name: {{ include "kubernaut.fullname" $ }}
-                port:
-                  number: {{ $.Values.service.port }}
-          {{- end }}
-    {{- end }}
-{{- end }}

charts/kubernaut/templates/service.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "kubernaut.fullname" . }}
-  labels:
-    {{- include "kubernaut.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    {{- include "kubernaut.selectorLabels" . | nindent 4 }}

charts/kubernaut/templates/serviceaccount.yaml

@@ -1,13 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "kubernaut.serviceAccountName" . }}
-  labels:
-    {{- include "kubernaut.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
-{{- end }}

charts/kubernaut/templates/tests/test-connection.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "kubernaut.fullname" . }}-test-connection"
-  labels:
-    {{- include "kubernaut.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "kubernaut.fullname" . }}:{{ .Values.service.port }}']
-  restartPolicy: Never

charts/kubernaut/values.yaml

@@ -1,123 +0,0 @@
-# Default values for kubernaut.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
-replicaCount: 1
-
-# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
-image:
-  repository: git.kill0.net/ryanc/kubernaut
-  # This sets the pull policy for images.
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion.
-  tag: ""
-
-# This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
-imagePullSecrets: []
-# This is to override the chart name.
-nameOverride: ""
-fullnameOverride: ""
-
-# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Automatically mount a ServiceAccount's API credentials?
-  automount: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-
-# This is for setting Kubernetes Annotations to a Pod.
-# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
-podAnnotations: {}
-# This is for setting Kubernetes Labels to a Pod.
-# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
-podLabels: {}
-
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
-
-# This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
-service:
-  # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
-  type: ClusterIP
-  # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
-  port: 4567
-
-# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
-ingress:
-  enabled: true
-  className: ""
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  hosts:
-    - host:
-      paths:
-        - path: /
-          pathType: ImplementationSpecific
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-# This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
-livenessProbe:
-  httpGet:
-    path: /livez
-    port: http
-readinessProbe:
-  httpGet:
-    path: /readyz
-    port: http
-
-# This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
-autoscaling:
-  enabled: true
-  minReplicas: 2
-  maxReplicas: 100
-  targetCPUUtilizationPercentage: 80
-  # targetMemoryUtilizationPercentage: 80
-
-# Additional volumes on the output Deployment definition.
-volumes: []
-# - name: foo
-#   secret:
-#     secretName: mysecret
-#     optional: false
-
-# Additional volumeMounts on the output Deployment definition.
-volumeMounts: []
-# - name: foo
-#   mountPath: "/etc/foo"
-#   readOnly: true
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}

config/puma.rb

@@ -1,5 +0,0 @@
-ENV["PUMA_PID"] = Process.pid.to_s
-
-port ENV.fetch("PORT", 4567)
-
-pidfile ENV["PIDFILE"] if ENV["PIDFILE"]

docker-bake.hcl

@@ -1,22 +0,0 @@
-group "default" {
-    targets = [ "bookworm", "alpine" ]
-}
-
-target "docker-metadata-action" {}
-target "docker-metadata-action-alpine" {}
-
-target "_common" {
-    args = {
-        RUBY_VERSION = "3.4.3"
-    }
-}
-
-target "bookworm" {
-    dockerfile = "./dockerfiles/bookworm.Dockerfile"
-    inherits = [ "_common", "docker-metadata-action" ]
-}
-
-target "alpine" {
-    dockerfile = "./dockerfiles/alpine.Dockerfile"
-    inherits = [ "_common", "docker-metadata-action-alpine" ]
-}

docker-compose.yml

@@ -0,0 +1,15 @@
+services:
+  web:
+    build:
+      context: .
+      target: dev
+    ports:
+      - "4567:4567"
+    volumes:
+      - .:/app
+    environment:
+      {}
+      # WEB_CONCURRENCY: 3
+    command:
+      - sleep
+      - infinity

dockerfiles/alpine.Dockerfile

@@ -1,54 +0,0 @@
-ARG RUBY_VERSION="3.4.3"
-ARG BASE_REGISTRY="docker.io"
-FROM ${BASE_REGISTRY}/ruby:${RUBY_VERSION}-alpine AS base
-
-ENV RACK_ENV="production" \
-  BUNDLE_DEPLOYMENT=true \
-  BUNDLE_PATH="/usr/local/bundle" \
-  BUNDLE_WITHOUT="development test" \
-  RUBY_YJIT_ENABLE=true
-
-WORKDIR /kubernaut
-
-RUN \
-  --mount=type=cache,id=var-cache-apk,target=/var/cache/apk,sharing=locked \
-  apk update -q; \
-  apk add bash jemalloc
-
-RUN \
-  --mount=type=cache,id=usr-local-bundle-cache,target=${BUNDLE_PATH},sharing=locked \
-  gem update --system --no-document; \
-  gem install -N bundler
-
-FROM base AS build
-
-RUN \
-  --mount=type=cache,id=var-cache-apk,target=/var/cache/apk,sharing=locked \
-  apk update -q; \
-  apk add musl-dev gcc make; \
-  apk add bash jemalloc
-
-COPY Gemfile Gemfile.lock ./
-
-RUN \
-  --mount=type=cache,id=usr-local-bundle-ruby-cache,target=${BUNDLE_PATH}/ruby/3.4.0/cache,sharing=locked \
-  bundle install
-
-COPY . .
-
-FROM base
-
-ENV PORT=4567
-
-RUN \
-  addgroup --system --gid 666 kubernaut; \
-  adduser --system --uid 666 --ingroup kubernaut --shell /bin/bash --disabled-password kubernaut
-
-COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
-COPY --from=build /kubernaut /kubernaut
-
-USER kubernaut:kubernaut
-
-EXPOSE $PORT
-ENTRYPOINT [ "/kubernaut/dockerfiles/entrypoint.sh" ]
-CMD [ "bundle", "exec", "puma" ]

dockerfiles/bookworm.Dockerfile

@@ -1,62 +0,0 @@
-ARG RUBY_VERSION="3.4.3"
-ARG BASE_REGISTRY="docker.io"
-ARG DEBIAN_VERSION="bookworm"
-FROM ${BASE_REGISTRY}/ruby:${RUBY_VERSION}-slim-${DEBIAN_VERSION} AS base
-
-ENV RACK_ENV="production" \
-  BUNDLE_DEPLOYMENT=true \
-  BUNDLE_PATH="/usr/local/bundle" \
-  BUNDLE_WITHOUT="development test" \
-  RUBY_YJIT_ENABLE=true
-
-WORKDIR /kubernaut
-
-RUN rm -f /etc/apt/apt.conf.d/docker-clean
-
-RUN \
-  --mount=type=cache,id=var-cache-apt,target=/var/cache/apt,sharing=locked \
-  --mount=type=cache,id=var-lib-apt,target=/var/lib/apt,sharing=locked \
-  apt-get update -qq; \
-  apt-get install --yes --no-install-recommends \
-  libjemalloc2
-
-RUN \
-  --mount=type=cache,id=usr-local-bundle-cache,target=${BUNDLE_PATH},sharing=locked \
-  gem update --system --no-document; \
-  gem install -N bundler
-
-ENV DEBIAN_FRONTEND="noninteractive"
-
-FROM base AS build
-
-RUN \
-  --mount=type=cache,id=var-cache-apt,target=/var/cache/apt,sharing=locked \
-  --mount=type=cache,id=var-lib-apt,target=/var/lib/apt,sharing=locked \
-  apt-get update -qq; \
-  apt-get install --yes --no-install-recommends \
-  build-essential
-
-COPY Gemfile Gemfile.lock ./
-
-RUN \
-  --mount=type=cache,id=usr-local-bundle-ruby-cache,target=${BUNDLE_PATH}/ruby/3.4.0/cache,sharing=locked \
-  bundle install
-
-COPY . .
-
-FROM base
-
-ENV PORT=4567
-
-RUN \
-  groupadd --system --gid 666 kubernaut; \
-  useradd --system --uid 666 --gid kubernaut --create-home --shell /bin/bash kubernaut
-
-COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
-COPY --from=build /kubernaut /kubernaut
-
-USER kubernaut:kubernaut
-
-EXPOSE $PORT
-ENTRYPOINT [ "/kubernaut/dockerfiles/entrypoint.sh" ]
-CMD [ "bundle", "exec", "puma" ]

dockerfiles/entrypoint.sh

@@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-# output debugging info
-ruby --version
-printf "rubygems %s\n" "$(gem --version)"
-bundle version
-
-if [ -z "${LD_PRELOAD+x}" ]; then
-    LD_PRELOAD="$(find /usr/lib -name libjemalloc.so.2 -print -quit)"
-    export LD_PRELOAD
-fi
-
-exec "${@}"

kustomize/app/deployment.yaml

@@ -16,24 +16,18 @@ spec:
     spec:
       containers:
         - name: kubernaut
-          image: git.kill0.net/ryanc/kubernaut:0.2.2
+          image: git.kill0.net/ryanc/kubernaut:latest
           imagePullPolicy: Always
           ports:
             - name: sinatra-web
               containerPort: 4567
           env:
-            - name: KUBERNAUT_SESSION_SECRET
+            - name: SESSION_SECRET
               valueFrom:
                 secretKeyRef:
-                  name: kubernaut
+                  name: kubernaut-session-secret
                   key: session_secret
                   optional: true
-            - name: KUBERNAUT_JWT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: kubernaut
-                  key: jwt_secret
-                  optional: true
           envFrom:
             - configMapRef:
                 name: kubernaut-configmap

kustomize/app/kustomization.yaml

@@ -3,6 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: kubernaut
 resources:
+  - secret.yaml
   - configmap.yaml
   - deployment.yaml
   - hpa.yaml

kustomize/app/secret.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: kubernaut-session-secret
+  namespace: kubernaut
+spec:
+  encryptedData:
+    session_secret: AgCY08t0AU418znEZt5d252J+lH+fwYki2g6jdJpfdRfVQjnA+b52P0KWrs/x5pB0PKab6Z3JY/Tz0SQCaoIsCR4IzUO3a095aulRqb6Qr1Lz8udBVta4JJMZLmo26tuUfVHlpD1d6J8rkBSm8vzckFLkOA1Wfl/9rS3K4qwiDogA5pI0ULghFkeEx1yKdRwPq0k8PuvOvLUJ6oNq3e5n+B/BrVWdQ+7XQxUq/AMANJrDbe+RD33f99LArHYA7bFMbY8YRazXSTAkeunpTlxTjuGZKYvJKupo29LHz2OVbZVX/hI0nZkdVpcgqvbxF6Vw9CuCeAmtKYl7A3qsAWqDLUdP3hRLsk2P9RDNhEzYWh4ml8APzziWzihdJbGEjwLy7HsHgKslM0XbBnRQDlxp/JtvcWdjQp33A+QOON32zOKHi+qJjDYyGebS1+xkPbnyb1MPSJVAtFpj7dlLbFekLFDZEbXuJYUl1wKdFOIjJHmNK/MTEV2kOhtiVj/aeKgSXwor9hR7Uxzs5ZSawp9uWw+hpr58EX6I+RtfO4yjFC6FjnagiU6SlI1Q2F7/nv82g1UWTYMpNN5bduS1YFWmsnXvK+W7YQHpSForr5ndtCSHmclbXb5Fc33sywC5u6Bi2Gu5/MW6d73BOog5BC3QtOuEQ044Q+cuU3RIlKADBqKLzZmHlmukyyGuZfXJnGjlWGKp3J1KecucTo6XC9QHpUkjXEKdlE63mOI1VuOGyBIHl60v4bnWiBg+aDZVHipz4JLKsVB0HOgBBK7+tOX6tr1GDG/F7Nz/i9ebzUV6i8Ec1jHf+2ZcTtBkNXBIkHc84+4Qd33/gOuP+lizLfIhfQ3DFWbwyfYumpVbeapyYhB0CE=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: kubernaut-session-secret
+      namespace: kubernaut

lib/config.rb

@@ -1,8 +1,5 @@
 require "sensitive"
 
-SESSION_SECRET_HEX_LENGTH = 64
-JWT_SECRET_HEX_LENGTH = 64
-
 class Config
   attr_accessor :cat
 
@@ -12,7 +9,7 @@ class Config
     @prefix = prefix
     @cat = cat
 
-    session_secret ||= fetch_env "SESSION_SECRET" do
+    session_secret ||= ENV.fetch "SESSION_SECRET" do
       SecureRandom.hex SESSION_SECRET_HEX_LENGTH
     end