remove memcached deployment

Use bake-action instead of build-and-push action.

.devcontainer/Dockerfile

@@ -1,2 +1,2 @@
-ARG VARIANT="3.4.2"
+ARG VARIANT="3.4.4"
 FROM ghcr.io/rails/devcontainer/images/ruby:${VARIANT}

.devcontainer/devcontainer.json

@@ -6,7 +6,7 @@
         "vscode": {
             "extensions": [
                 "Shopify.ruby-lsp",
-                "ms-azuretools.vscode-docker"
+                "docker.docker"
             ]
         }
     },

.dockerignore

@@ -0,0 +1,7 @@
+**/.git
+**/.gitignore
+/.devcontainer
+/.gitea
+/.github
+/.vscode
+/charts

.gitea/workflows/ci.yaml

@@ -1,96 +0,0 @@
----
-name: Gitea Actions Demo
-run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
-
-on:
-  schedule: 
-    - cron: "0 10 * * *"
-  push:
-    branches:
-      - "**"
-    tags:
-      - "v*.*.*"
-  pull_request:
-
-jobs:
-  lint:
-    runs-on: ubuntu-latest
-    permissions:
-      checks: write
-      contents: write
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Ruby Setup
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: '3.4'
-          bundler-cache: true
-
-      - run: bundle install
-
-      - name: Standard Ruby
-        run: bundle exec standardrb
-
-
-  test:
-    needs: lint
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Test
-        uses: ruby/setup-ruby@v1
-        with:
-          ruby-version: '3.4'
-          bundler-cache: true
-
-      - run: bundle exec rake
-
-  docker:
-    needs: test
-    runs-on: ubuntu-latest
-    container:
-      image: catthehacker/ubuntu:act-latest
-    env:
-      DOCKER_ORG: ryanc
-      DOCKER_LATEST: latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0 # all history for all branches and tags
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: |
-            git.kill0.net/ryanc/kubernaut
-          tags: |
-            type=schedule
-            type=ref,event=branch
-            type=ref,event=pr
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{major}}
-            type=sha
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Login to Gitea registry
-        uses: docker/login-action@v3
-        with:
-          registry: git.kill0.net
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Docker build and push
-        uses: docker/build-push-action@v5
-        with:
-          push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}

.gitea/workflows/lint.yaml

@@ -0,0 +1,23 @@
+---
+name: Ruby Lint
+on:
+  push:
+    branches:
+      - "**"
+  pull_request:
+jobs:
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Ruby Setup
+        uses: ruby/setup-ruby@dffc446db9ba5a0c4446edb5bca1c5c473a806c5 # v1.235.0
+        with:
+          ruby-version: '3.4'
+          bundler-cache: true
+
+      - name: Standard Ruby
+        run: bundle exec standardrb
+

.gitea/workflows/release.yaml

@@ -0,0 +1,109 @@
+---
+name: Release
+on:
+  schedule: 
+    - cron: "0 0 * * *"
+  push:
+    branches:
+      - main
+    tags:
+      - "v*.*.*"
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_ORG: ryanc
+      DOCKER_LATEST: latest
+    defaults:
+      run:
+        shell: bash
+    outputs:
+      metadata: ${{ steps.output.outputs.metadata }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0 # all history for all branches and tags
+
+      - name: Prepare
+        id: prep
+        run: |
+          VERSION="sha-${GITHUB_SHA::8}"
+          if [[ "$GITHUB_REF" == refs/tags/* ]]; then
+            VERSION="${GITHUB_REF/refs\/tags\//}"
+          fi
+          printf "GITHUB_REF=%s\n" "$GITHUB_REF"
+          printf "GITHUB_SHA=%s\n" "$GITHUB_SHA"
+          printf "VERSION=%s\n" "$VERSION" | tee -a "$GITHUB_OUTPUT"
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+
+      - name: Login to Gitea registry
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          registry: git.kill0.net
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Docker meta (debian)
+        id: meta
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+        with:
+          images: |
+            git.kill0.net/ryanc/kubernaut
+          flavor: |
+            latest=auto
+          bake-target: docker-metadata-action
+          tags: |
+            type=schedule,pattern=nightly
+            type=edge
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+
+      - name: Docker meta (alpine)
+        id: meta-alpine
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+        with:
+          images: |
+            git.kill0.net/ryanc/kubernaut
+          bake-target: docker-metadata-action-alpine
+          flavor: |
+            latest=auto
+            suffix=-alpine,onlatest=true
+          tags: |
+            type=schedule,pattern=nightly
+            type=edge
+            type=ref,event=branch
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+            type=sha
+
+      - name: Docker build and push
+        uses: docker/bake-action@76f9fa3a758507623da19f6092dc4089a7e61592 # v6.6.0
+        with:
+          push: ${{ github.event_name != 'pull_request' }}
+          files: |
+            ./docker-bake.hcl
+            cwd://${{ steps.meta.outputs.bake-file }}
+            cwd://${{ steps.meta-alpine.outputs.bake-file }}
+
+      - name: Setup Helm
+        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
+
+      - name: Publish Helm chart
+        if: ${{ contains(github.ref, 'refs/tags/') }}
+        run: |
+          HELM_VERSION="${{ steps.prep.outputs.VERSION }}"
+          HELM_VERSION="${HELM_VERSION#v}"
+          helm package charts/kubernaut
+          helm push "kubernaut-${HELM_VERSION}.tgz" oci://git.kill0.net/ryanc/helm-charts

.gitea/workflows/test.yaml

@@ -0,0 +1,22 @@
+---
+name: Ruby Test
+on:
+  push:
+    branches:
+      - "**"
+  pull_request:
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Test
+        uses: ruby/setup-ruby@dffc446db9ba5a0c4446edb5bca1c5c473a806c5 # v1.235.0
+        with:
+          ruby-version: '3.4'
+          bundler-cache: true
+
+      - run: bundle exec rake
+

Dockerfile

@@ -1,40 +0,0 @@
-FROM ruby:alpine AS base
-
-WORKDIR /app
-
-RUN <<EOT
-  gem update --system --no-document
-  gem install -N bundler
-  apk update
-  apk upgrade --no-cache
-EOT
-
-
-FROM base AS build
-
-RUN <<EOT
-  apk add gcc musl-dev ruby-dev make
-EOT
-
-COPY Gemfile* .
-
-RUN <<EOT
-  bundle config set --local without development
-  bundle install
-EOT
-
-
-FROM base
-
-# RUN useradd ruby --home /app --shell /bin/sh
-RUN adduser ruby -h /app -D
-
-USER ruby:ruby
-
-COPY --from=build /usr/local/bundle /usr/local/bundle
-COPY --from=build --chown=ruby:ruby /app /app
-
-COPY --chown=ruby:ruby . .
-
-EXPOSE 4567
-CMD [ "bundle", "exec", "rackup", "--host", "0.0.0.0", "--port", "4567" ]

Gemfile

@@ -3,13 +3,13 @@ source "https://rubygems.org"
 gem "sinatra"
 gem "sinatra-contrib"
 gem "puma"
-gem "rackup"
 
 gem "anyflake"
 gem "ksuid"
 gem "nanoid"
 gem "ulid"
 gem "uuid7"
+gem "cuid2"
 
 gem "jwt"
 gem "httparty"

Gemfile.lock

@@ -3,69 +3,68 @@ GEM
   specs:
     anyflake (0.0.1)
     ast (2.4.3)
-    base64 (0.2.0)
-    bigdecimal (3.1.8)
-    csv (3.3.0)
-    diff-lcs (1.6.0)
-    httparty (0.22.0)
+    base64 (0.3.0)
+    bigdecimal (3.2.2)
+    csv (3.3.5)
+    cuid2 (1.0.1)
+    diff-lcs (1.6.2)
+    httparty (0.23.1)
       csv
       mini_mime (>= 1.0.0)
       multi_xml (>= 0.5.2)
-    json (2.10.2)
-    jwt (2.10.1)
+    json (2.12.2)
+    jwt (3.1.1)
       base64
     ksuid (1.0.0)
-    language_server-protocol (3.17.0.4)
+    language_server-protocol (3.17.0.5)
     lint_roller (1.1.0)
-    logger (1.6.6)
+    logger (1.7.0)
     mini_mime (1.1.5)
-    minitest (5.25.4)
+    minitest (5.25.5)
     multi_json (1.15.0)
-    multi_xml (0.7.1)
+    multi_xml (0.7.2)
       bigdecimal (~> 3.1)
     mustermann (3.0.3)
       ruby2_keywords (~> 0.0.1)
     nanoid (2.0.0)
     nio4r (2.7.4)
-    parallel (1.26.3)
-    parser (3.3.7.2)
+    parallel (1.27.0)
+    parser (3.3.8.0)
       ast (~> 2.4.1)
       racc
-    prism (1.3.0)
+    prism (1.4.0)
     puma (6.6.0)
       nio4r (~> 2.0)
     racc (1.8.1)
-    rack (3.1.11)
+    rack (3.1.16)
     rack-protection (4.1.1)
       base64 (>= 0.1.0)
       logger (>= 1.6.0)
       rack (>= 3.0.0, < 4)
-    rack-session (2.1.0)
+    rack-session (2.1.1)
       base64 (>= 0.1.0)
       rack (>= 3.0.0)
     rack-test (2.2.0)
       rack (>= 1.3)
-    rackup (2.2.1)
-      rack (>= 3)
     rainbow (3.1.1)
-    rake (13.2.1)
-    rbs (3.8.1)
+    rake (13.3.0)
+    rbs (3.9.4)
       logger
     regexp_parser (2.10.0)
-    rspec (3.13.0)
+    rspec (3.13.1)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
       rspec-mocks (~> 3.13.0)
-    rspec-core (3.13.3)
+    rspec-core (3.13.5)
       rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.3)
+    rspec-expectations (3.13.5)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-mocks (3.13.2)
+    rspec-mocks (3.13.5)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-support (3.13.2)
-    rubocop (1.73.2)
+    rspec-support (3.13.4)
+    rubocop (1.75.8)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
@@ -73,19 +72,20 @@ GEM
       parser (>= 3.3.0.2)
       rainbow (>= 2.2.2, < 4.0)
       regexp_parser (>= 2.9.3, < 3.0)
-      rubocop-ast (>= 1.38.0, < 2.0)
+      rubocop-ast (>= 1.44.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.41.0)
+    rubocop-ast (1.45.1)
       parser (>= 3.3.7.2)
-    rubocop-performance (1.24.0)
+      prism (~> 1.4)
+    rubocop-performance (1.25.0)
       lint_roller (~> 1.1)
-      rubocop (>= 1.72.1, < 2.0)
+      rubocop (>= 1.75.0, < 2.0)
       rubocop-ast (>= 1.38.0, < 2.0)
-    ruby-lsp (0.23.11)
+    ruby-lsp (0.24.2)
       language_server-protocol (~> 3.17.0)
       prism (>= 1.2, < 2.0)
-      rbs (>= 3, < 4)
+      rbs (>= 3, < 5)
       sorbet-runtime (>= 0.5.10782)
     ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
@@ -102,19 +102,19 @@ GEM
       rack-protection (= 4.1.1)
       sinatra (= 4.1.1)
       tilt (~> 2.0)
-    sorbet-runtime (0.5.11911)
-    standard (1.47.0)
+    sorbet-runtime (0.5.12204)
+    standard (1.50.0)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.0)
-      rubocop (~> 1.73.0)
+      rubocop (~> 1.75.5)
       standard-custom (~> 1.0.0)
-      standard-performance (~> 1.7)
+      standard-performance (~> 1.8)
     standard-custom (1.0.2)
       lint_roller (~> 1.0)
       rubocop (~> 1.50)
-    standard-performance (1.7.0)
+    standard-performance (1.8.0)
       lint_roller (~> 1.1)
-      rubocop-performance (~> 1.24.0)
+      rubocop-performance (~> 1.25.0)
     tilt (2.6.0)
     ulid (1.4.0)
     unicode-display_width (3.1.4)
@@ -122,7 +122,7 @@ GEM
     unicode-emoji (4.0.4)
     uuid7 (0.2.0)
       zeitwerk (~> 2.4)
-    zeitwerk (2.7.2)
+    zeitwerk (2.7.3)
 
 PLATFORMS
   ruby
@@ -130,6 +130,7 @@ PLATFORMS
 
 DEPENDENCIES
   anyflake
+  cuid2
   httparty
   jwt
   ksuid
@@ -137,7 +138,6 @@ DEPENDENCIES
   nanoid
   puma
   rack-test
-  rackup
   rake
   rspec
   ruby-lsp
@@ -148,4 +148,4 @@ DEPENDENCIES
   uuid7
 
 BUNDLED WITH
-   2.6.6
+   2.6.9

app.rb

@@ -2,6 +2,7 @@ require "bundler/setup"
 require "sinatra"
 require "sinatra/cookies"
 require "sinatra/multi_route"
+require "sinatra/quiet_logger"
 require "time"
 require "fileutils"
 require "json"
@@ -20,9 +21,9 @@ $LOAD_PATH.unshift File.dirname(__FILE__) + "/lib"
 
 require "config"
 
+VERSION = "0.2.2"
+
 CHUNK_SIZE = 1024**2
-SESSION_SECRET_HEX_LENGTH = 64
-JWT_SECRET_HEX_LENGTH = 64
 DEFAULT_FLAKEY = 50
 
 NAME = "kubernaut".freeze
@@ -50,9 +51,12 @@ DURATION_PARTS = [
 
 config = Config.new
 
+set :quiet_logger_prefixes, %w[livez readyz]
 set :session_secret, config.session_secret.unwrap
 set :public_folder, __dir__ + "/static"
 
+register Sinatra::QuietLogger
+
 module Sinatra
   module RequestHeadersHelper
     def req_headers
@@ -111,7 +115,6 @@ class TickTock
   def initialize
     @pid = ppid
     @procfs_f = format "/proc/%s/stat", @pid
-    puts @pid
   end
 
   def uptime
@@ -162,7 +165,7 @@ class Sleep
   include State
 
   def initialize
-    @file = "/dev/shm/sleep"
+    @file = "/dev/shm/sleepy"
   end
 
   def asleep?
@@ -179,20 +182,11 @@ class Sleep
 end
 
 def ppid
-  pid = Process.pid
-  # self
-  ps = File.open "/proc/#{pid}/stat", &:readline
-  ps = ps.split(" ")
-  ppid = Integer(ps[3])
-
-  # ppid
-  ps = File.open "/proc/#{ppid}/stat", &:readline
-  ps = ps.split(" ")
-
-  if ps[1].include? "ruby"
-    ppid
-  else
-    pid
+  pid = ENV.fetch "PUMA_PID", Process.pid
+  begin
+    Integer pid
+  rescue ArgumentError
+    -1
   end
 end
 
@@ -230,6 +224,8 @@ end
 
 enable :sessions
 
+puts "#{NAME} #{VERSION} staring, per aspera ad astra"
+
 configure do
   mime_type :json, "application/json"
 end
@@ -303,31 +299,31 @@ get "/headers", provides: "json" do
   jsonify h, pretty:
 end
 
-get "/livez" do
-  error 503 unless Health.instance.healthy?
-
-  return Health.instance.to_json if request.env["HTTP_ACCEPT"] == "application/json"
-
-  Health.instance.to_s
-end
-
-get "/livez/uptime" do
+get "/uptime", provides: "json" do
   tt = TickTock.new
   x = {started_at: tt.started_at, seconds: tt.uptime.to_i, human: human_time(tt.uptime.to_i)}
 
   jsonify x
 end
 
-post "/livez/toggle" do
+post "/api/livez/toggle" do
   Health.instance.toggle
   "ok\n"
 end
 
-post "/livez/sleep" do
+post "/api/livez/sleep" do
   Sleep.instance.toggle
   "ok\n"
 end
 
+get "/livez" do
+  error 503 unless Health.instance.healthy?
+
+  return Health.instance.to_json if request.env["HTTP_ACCEPT"] == "application/json"
+
+  Health.instance.to_s
+end
+
 get "/readyz" do
   error 503 unless Ready.instance.ready?
 
@@ -376,25 +372,27 @@ post "/halt" do
   nil
 end
 
-get "/pid" do
+get "/pid", provides: "json" do
   pretty = params.key? :pretty
 
   jsonify({ppid: ppid, pid: Process.pid}, pretty:)
 end
 
-get "/token" do
+get "/token", provides: "json" do
+  pretty = params.key? :pretty
+
   exp = Time.now.to_i + SECONDS_PER_MINUTE * 2
   payload = {name: "anonymous", exp: exp, jti: Random.uuid}
   expires_at = Time.at(exp).to_datetime
-  token = JWT.encode payload, JWT_SECRET, "HS256"
+  token = JWT.encode payload, config.jwt_secret.unwrap, "HS256"
   x = {token: token, expires_at: expires_at}
 
-  jsonify x
+  jsonify x, pretty:
 end
 
 get "/token/validate" do
   token = req_headers["authorization"].split[1]
-  payload = JWT.decode token, JWT_SECRET, true, algorithm: "HS256"
+  payload = JWT.decode token, config.jwt_secret.unwrap, true, algorithm: "HS256"
 
   jsonify payload
 end

charts/kubernaut/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/kubernaut/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: kubernaut
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.2.2
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.2.2"

charts/kubernaut/templates/NOTES.txt

@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "kubernaut.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "kubernaut.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "kubernaut.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "kubernaut.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}

charts/kubernaut/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kubernaut.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kubernaut.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kubernaut.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kubernaut.labels" -}}
+helm.sh/chart: {{ include "kubernaut.chart" . }}
+{{ include "kubernaut.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kubernaut.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kubernaut.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kubernaut.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "kubernaut.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

charts/kubernaut/templates/configmap.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-configmap
+data:
+  {{- with.Values.cat }}
+  KUBERNAUT_CAT: {{ toYaml . }}
+  {{- end }}

charts/kubernaut/templates/deployment.yaml

@@ -0,0 +1,78 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "kubernaut.fullname" . }}
+  labels:
+    {{- include "kubernaut.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "kubernaut.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "kubernaut.labels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "kubernaut.serviceAccountName" . }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: {{ .Chart.Name }}
+          {{- with .Values.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.service.port }}
+              protocol: TCP
+          {{- with .Values.livenessProbe }}
+          livenessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.readinessProbe }}
+          readinessProbe:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.volumeMounts }}
+          volumeMounts:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      {{- with .Values.volumes }}
+      volumes:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

charts/kubernaut/templates/hpa.yaml

@@ -0,0 +1,32 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "kubernaut.fullname" . }}
+  labels:
+    {{- include "kubernaut.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "kubernaut.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}

charts/kubernaut/templates/ingress.yaml

@@ -0,0 +1,43 @@
+{{- if .Values.ingress.enabled -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "kubernaut.fullname" . }}
+  labels:
+    {{- include "kubernaut.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- with .Values.ingress.className }}
+  ingressClassName: {{ . }}
+  {{- end }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- with .pathType }}
+            pathType: {{ . }}
+            {{- end }}
+            backend:
+              service:
+                name: {{ include "kubernaut.fullname" $ }}
+                port:
+                  number: {{ $.Values.service.port }}
+          {{- end }}
+    {{- end }}
+{{- end }}

charts/kubernaut/templates/service.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "kubernaut.fullname" . }}
+  labels:
+    {{- include "kubernaut.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "kubernaut.selectorLabels" . | nindent 4 }}

charts/kubernaut/templates/serviceaccount.yaml

@@ -0,0 +1,13 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "kubernaut.serviceAccountName" . }}
+  labels:
+    {{- include "kubernaut.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automount }}
+{{- end }}

charts/kubernaut/templates/tests/test-connection.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "kubernaut.fullname" . }}-test-connection"
+  labels:
+    {{- include "kubernaut.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "kubernaut.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never

charts/kubernaut/values.yaml

@@ -0,0 +1,123 @@
+# Default values for kubernaut.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
+replicaCount: 1
+
+# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
+image:
+  repository: git.kill0.net/ryanc/kubernaut
+  # This sets the pull policy for images.
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+
+# This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+imagePullSecrets: []
+# This is to override the chart name.
+nameOverride: ""
+fullnameOverride: ""
+
+# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Automatically mount a ServiceAccount's API credentials?
+  automount: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+# This is for setting Kubernetes Annotations to a Pod.
+# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+podAnnotations: {}
+# This is for setting Kubernetes Labels to a Pod.
+# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+podLabels: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+# This is for setting up a service more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/
+service:
+  # This sets the service type more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types
+  type: ClusterIP
+  # This sets the ports more information can be found here: https://kubernetes.io/docs/concepts/services-networking/service/#field-spec-ports
+  port: 4567
+
+# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/
+ingress:
+  enabled: true
+  className: ""
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host:
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+# This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
+livenessProbe:
+  httpGet:
+    path: /livez
+    port: http
+readinessProbe:
+  httpGet:
+    path: /readyz
+    port: http
+
+# This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
+autoscaling:
+  enabled: true
+  minReplicas: 2
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+# Additional volumes on the output Deployment definition.
+volumes: []
+# - name: foo
+#   secret:
+#     secretName: mysecret
+#     optional: false
+
+# Additional volumeMounts on the output Deployment definition.
+volumeMounts: []
+# - name: foo
+#   mountPath: "/etc/foo"
+#   readOnly: true
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

config/puma.rb

@@ -0,0 +1,5 @@
+ENV["PUMA_PID"] = Process.pid.to_s
+
+port ENV.fetch("PORT", 4567)
+
+pidfile ENV["PIDFILE"] if ENV["PIDFILE"]

docker-bake.hcl

@@ -0,0 +1,22 @@
+group "default" {
+    targets = [ "bookworm", "alpine" ]
+}
+
+target "docker-metadata-action" {}
+target "docker-metadata-action-alpine" {}
+
+target "_common" {
+    args = {
+        RUBY_VERSION = "3.4.4"
+    }
+}
+
+target "bookworm" {
+    dockerfile = "./dockerfiles/bookworm.Dockerfile"
+    inherits = [ "_common", "docker-metadata-action" ]
+}
+
+target "alpine" {
+    dockerfile = "./dockerfiles/alpine.Dockerfile"
+    inherits = [ "_common", "docker-metadata-action-alpine" ]
+}

dockerfiles/alpine.Dockerfile

@@ -0,0 +1,54 @@
+ARG RUBY_VERSION="3.4.4"
+ARG BASE_REGISTRY="docker.io"
+FROM ${BASE_REGISTRY}/ruby:${RUBY_VERSION}-alpine AS base
+
+ENV RACK_ENV="production" \
+  BUNDLE_DEPLOYMENT=true \
+  BUNDLE_PATH="/usr/local/bundle" \
+  BUNDLE_WITHOUT="development test" \
+  RUBY_YJIT_ENABLE=true
+
+WORKDIR /kubernaut
+
+RUN \
+  --mount=type=cache,id=var-cache-apk,target=/var/cache/apk,sharing=locked \
+  apk update -q; \
+  apk add bash jemalloc
+
+RUN \
+  --mount=type=cache,id=usr-local-bundle-cache,target=${BUNDLE_PATH},sharing=locked \
+  gem update --system --no-document; \
+  gem install -N bundler
+
+FROM base AS build
+
+RUN \
+  --mount=type=cache,id=var-cache-apk,target=/var/cache/apk,sharing=locked \
+  apk update -q; \
+  apk add musl-dev gcc make; \
+  apk add bash jemalloc
+
+COPY Gemfile Gemfile.lock ./
+
+RUN \
+  --mount=type=cache,id=usr-local-bundle-ruby-cache,target=${BUNDLE_PATH}/ruby/3.4.0/cache,sharing=locked \
+  bundle install
+
+COPY . .
+
+FROM base
+
+ENV PORT=4567
+
+RUN \
+  addgroup --system --gid 666 kubernaut; \
+  adduser --system --uid 666 --ingroup kubernaut --shell /bin/bash --disabled-password kubernaut
+
+COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
+COPY --from=build /kubernaut /kubernaut
+
+USER kubernaut:kubernaut
+
+EXPOSE $PORT
+ENTRYPOINT [ "/kubernaut/dockerfiles/entrypoint.sh" ]
+CMD [ "bundle", "exec", "puma" ]

dockerfiles/bookworm.Dockerfile

@@ -0,0 +1,62 @@
+ARG RUBY_VERSION="3.4.4"
+ARG BASE_REGISTRY="docker.io"
+ARG DEBIAN_VERSION="bookworm"
+FROM ${BASE_REGISTRY}/ruby:${RUBY_VERSION}-slim-${DEBIAN_VERSION} AS base
+
+ENV RACK_ENV="production" \
+  BUNDLE_DEPLOYMENT=true \
+  BUNDLE_PATH="/usr/local/bundle" \
+  BUNDLE_WITHOUT="development test" \
+  RUBY_YJIT_ENABLE=true
+
+WORKDIR /kubernaut
+
+RUN rm -f /etc/apt/apt.conf.d/docker-clean
+
+RUN \
+  --mount=type=cache,id=var-cache-apt,target=/var/cache/apt,sharing=locked \
+  --mount=type=cache,id=var-lib-apt,target=/var/lib/apt,sharing=locked \
+  apt-get update -qq; \
+  apt-get install --yes --no-install-recommends \
+  libjemalloc2
+
+RUN \
+  --mount=type=cache,id=usr-local-bundle-cache,target=${BUNDLE_PATH},sharing=locked \
+  gem update --system --no-document; \
+  gem install -N bundler
+
+ENV DEBIAN_FRONTEND="noninteractive"
+
+FROM base AS build
+
+RUN \
+  --mount=type=cache,id=var-cache-apt,target=/var/cache/apt,sharing=locked \
+  --mount=type=cache,id=var-lib-apt,target=/var/lib/apt,sharing=locked \
+  apt-get update -qq; \
+  apt-get install --yes --no-install-recommends \
+  build-essential
+
+COPY Gemfile Gemfile.lock ./
+
+RUN \
+  --mount=type=cache,id=usr-local-bundle-ruby-cache,target=${BUNDLE_PATH}/ruby/3.4.0/cache,sharing=locked \
+  bundle install
+
+COPY . .
+
+FROM base
+
+ENV PORT=4567
+
+RUN \
+  groupadd --system --gid 666 kubernaut; \
+  useradd --system --uid 666 --gid kubernaut --create-home --shell /bin/bash kubernaut
+
+COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
+COPY --from=build /kubernaut /kubernaut
+
+USER kubernaut:kubernaut
+
+EXPOSE $PORT
+ENTRYPOINT [ "/kubernaut/dockerfiles/entrypoint.sh" ]
+CMD [ "bundle", "exec", "puma" ]

dockerfiles/entrypoint.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+# output debugging info
+ruby --version
+printf "rubygems %s\n" "$(gem --version)"
+bundle version
+
+if [ -z "${LD_PRELOAD+x}" ]; then
+    LD_PRELOAD="$(find /usr/lib -name libjemalloc.so.2 -print -quit)"
+    export LD_PRELOAD
+fi
+
+exec "${@}"

kustomize/app/deployment.yaml

@@ -16,18 +16,24 @@ spec:
     spec:
       containers:
         - name: kubernaut
-          image: git.kill0.net/ryanc/kubernaut:latest
-          imagePullPolicy: Always
+          image: git.kill0.net/ryanc/kubernaut:0.2.2
+          imagePullPolicy: IfNotPresent
           ports:
             - name: sinatra-web
               containerPort: 4567
           env:
-            - name: SESSION_SECRET
+            - name: KUBERNAUT_SESSION_SECRET
               valueFrom:
                 secretKeyRef:
-                  name: kubernaut-session-secret
+                  name: kubernaut
                   key: session_secret
                   optional: true
+            - name: KUBERNAUT_JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: kubernaut
+                  key: jwt_secret
+                  optional: true
           envFrom:
             - configMapRef:
                 name: kubernaut-configmap

kustomize/app/kustomization.yaml

@@ -3,7 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: kubernaut
 resources:
-  - secret.yaml
   - configmap.yaml
   - deployment.yaml
   - hpa.yaml

kustomize/app/secret.yaml

@@ -1,15 +0,0 @@
----
-apiVersion: bitnami.com/v1alpha1
-kind: SealedSecret
-metadata:
-  creationTimestamp: null
-  name: kubernaut-session-secret
-  namespace: kubernaut
-spec:
-  encryptedData:
-    session_secret: AgCY08t0AU418znEZt5d252J+lH+fwYki2g6jdJpfdRfVQjnA+b52P0KWrs/x5pB0PKab6Z3JY/Tz0SQCaoIsCR4IzUO3a095aulRqb6Qr1Lz8udBVta4JJMZLmo26tuUfVHlpD1d6J8rkBSm8vzckFLkOA1Wfl/9rS3K4qwiDogA5pI0ULghFkeEx1yKdRwPq0k8PuvOvLUJ6oNq3e5n+B/BrVWdQ+7XQxUq/AMANJrDbe+RD33f99LArHYA7bFMbY8YRazXSTAkeunpTlxTjuGZKYvJKupo29LHz2OVbZVX/hI0nZkdVpcgqvbxF6Vw9CuCeAmtKYl7A3qsAWqDLUdP3hRLsk2P9RDNhEzYWh4ml8APzziWzihdJbGEjwLy7HsHgKslM0XbBnRQDlxp/JtvcWdjQp33A+QOON32zOKHi+qJjDYyGebS1+xkPbnyb1MPSJVAtFpj7dlLbFekLFDZEbXuJYUl1wKdFOIjJHmNK/MTEV2kOhtiVj/aeKgSXwor9hR7Uxzs5ZSawp9uWw+hpr58EX6I+RtfO4yjFC6FjnagiU6SlI1Q2F7/nv82g1UWTYMpNN5bduS1YFWmsnXvK+W7YQHpSForr5ndtCSHmclbXb5Fc33sywC5u6Bi2Gu5/MW6d73BOog5BC3QtOuEQ044Q+cuU3RIlKADBqKLzZmHlmukyyGuZfXJnGjlWGKp3J1KecucTo6XC9QHpUkjXEKdlE63mOI1VuOGyBIHl60v4bnWiBg+aDZVHipz4JLKsVB0HOgBBK7+tOX6tr1GDG/F7Nz/i9ebzUV6i8Ec1jHf+2ZcTtBkNXBIkHc84+4Qd33/gOuP+lizLfIhfQ3DFWbwyfYumpVbeapyYhB0CE=
-  template:
-    metadata:
-      creationTimestamp: null
-      name: kubernaut-session-secret
-      namespace: kubernaut

kustomize/kustomization.yaml

@@ -6,4 +6,3 @@ metadata:
 resources:
   - namespace.yaml
   - ./app
-  - ./memcached

kustomize/memcached/deployment.yaml

@@ -1,21 +0,0 @@
----
-kind: Deployment
-apiVersion: apps/v1
-metadata:
-  name: kubernaut-memcached
-
-spec:
-  selector:
-    matchLabels:
-      app: kubernaut-memcached
-  template:
-    metadata:
-      labels:
-        app: kubernaut-memcached
-    spec:
-      containers:
-        - name: kubernaut-memcached
-          image: memcached:latest
-          ports:
-            - name: memcached
-              containerPort: 11211

kustomize/memcached/kustomization.yaml

@@ -1,7 +0,0 @@
----
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-namespace: kubernaut
-resources:
-  - deployment.yaml
-  - services.yaml

kustomize/memcached/services.yaml

@@ -1,13 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: kubernaut-memcached
-
-spec:
-  ports:
-    - name: memcached
-      port: 11211
-      targetPort: memcached
-  selector:
-    app: kubernaut-memcached

lib/config.rb

@@ -1,5 +1,8 @@
 require "sensitive"
 
+SESSION_SECRET_HEX_LENGTH = 64
+JWT_SECRET_HEX_LENGTH = 64
+
 class Config
   attr_accessor :cat
 
@@ -9,7 +12,7 @@ class Config
     @prefix = prefix
     @cat = cat
 
-    session_secret ||= ENV.fetch "SESSION_SECRET" do
+    session_secret ||= fetch_env "SESSION_SECRET" do
       SecureRandom.hex SESSION_SECRET_HEX_LENGTH
     end