use BUNDLE_PATH in COPY

.devcontainer/Dockerfile

@@ -1,2 +1,2 @@
-ARG VARIANT="3.4.4"
+ARG VARIANT="3.4.2"
 FROM ghcr.io/rails/devcontainer/images/ruby:${VARIANT}

.devcontainer/devcontainer.json

@@ -6,7 +6,7 @@
         "vscode": {
             "extensions": [
                 "Shopify.ruby-lsp",
-                "docker.docker"
+                "ms-azuretools.vscode-docker"
             ]
         }
     },

.dockerignore

@@ -1,7 +0,0 @@
-**/.git
-**/.gitignore
-/.devcontainer
-/.gitea
-/.github
-/.vscode
-/charts

.gitea/workflows/ci.yaml

@@ -1,16 +1,65 @@
 ---
-name: Release
+name: Gitea Actions Demo
+run-name: ${{ gitea.actor }} is testing out Gitea Actions 🚀
+
 on:
   schedule: 
-    - cron: "0 0 * * *"
+    - cron: "0 10 * * *"
   push:
     branches:
-      - main
+      - "**"
     tags:
       - "v*.*.*"
+  pull_request:
+
 jobs:
-  docker:
+  lint:
     runs-on: ubuntu-latest
+    permissions:
+      checks: write
+      contents: write
+    steps:
+      - name: Login to Docker
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        with:
+          username: ${{ vars.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Ruby Setup
+        uses: ruby/setup-ruby@dffc446db9ba5a0c4446edb5bca1c5c473a806c5 # v1.235.0
+        with:
+          ruby-version: '3.4'
+          bundler-cache: true
+
+      - run: bundle install
+
+      - name: Standard Ruby
+        run: bundle exec standardrb
+
+
+  test:
+    needs: lint
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Test
+        uses: ruby/setup-ruby@dffc446db9ba5a0c4446edb5bca1c5c473a806c5 # v1.235.0
+        with:
+          ruby-version: '3.4'
+          bundler-cache: true
+
+      - run: bundle exec rake
+
+  docker:
+    needs: test
+    runs-on: ubuntu-latest
+    container:
+      image: catthehacker/ubuntu:act-latest
     env:
       DOCKER_ORG: ryanc
       DOCKER_LATEST: latest
@@ -36,9 +85,6 @@ jobs:
           printf "GITHUB_SHA=%s\n" "$GITHUB_SHA"
           printf "VERSION=%s\n" "$VERSION" | tee -a "$GITHUB_OUTPUT"
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
-
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
 
@@ -59,8 +105,7 @@ jobs:
             latest=auto
           bake-target: docker-metadata-action
           tags: |
-            type=schedule,pattern=nightly
-            type=edge
+            type=schedule
             type=ref,event=branch
             type=ref,event=pr
             type=semver,pattern={{version}}
@@ -79,8 +124,7 @@ jobs:
             latest=auto
             suffix=-alpine,onlatest=true
           tags: |
-            type=schedule,pattern=nightly
-            type=edge
+            type=schedule
             type=ref,event=branch
             type=ref,event=pr
             type=semver,pattern={{version}}

.gitea/workflows/lint.yaml

@@ -1,23 +0,0 @@
----
-name: Ruby Lint
-on:
-  push:
-    branches:
-      - "**"
-  pull_request:
-jobs:
-  lint:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Ruby Setup
-        uses: ruby/setup-ruby@dffc446db9ba5a0c4446edb5bca1c5c473a806c5 # v1.235.0
-        with:
-          ruby-version: '3.4'
-          bundler-cache: true
-
-      - name: Standard Ruby
-        run: bundle exec standardrb
-

.gitea/workflows/test.yaml

@@ -1,22 +0,0 @@
----
-name: Ruby Test
-on:
-  push:
-    branches:
-      - "**"
-  pull_request:
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Test
-        uses: ruby/setup-ruby@dffc446db9ba5a0c4446edb5bca1c5c473a806c5 # v1.235.0
-        with:
-          ruby-version: '3.4'
-          bundler-cache: true
-
-      - run: bundle exec rake
-

Dockerfile

@@ -0,0 +1,42 @@
+ARG RUBY_VERSION="3.4.3"
+FROM ruby:${RUBY_VERSION} AS base
+
+WORKDIR /app
+
+RUN <<EOT
+  apt-get update
+  gem update --system --no-document
+  gem install -N bundler
+EOT
+
+
+FROM base AS build
+
+RUN <<EOT
+  apt-get install --yes gcc make
+EOT
+
+COPY Gemfile* .
+
+RUN <<EOT
+  bundle config set --local without development
+  bundle install
+EOT
+
+
+FROM base
+
+ENV PORT=4567
+
+# RUN useradd ruby --home /app --shell /bin/sh
+RUN useradd --home /app --create-home app
+
+USER app:app
+
+COPY --from=build /usr/local/bundle /usr/local/bundle
+COPY --from=build --chown=app:app /app /app
+
+COPY --chown=app:app . .
+
+EXPOSE 4567
+CMD [ "puma", "--bind", "0.0.0.0", "--port", "$PORT" ]

Gemfile

@@ -3,13 +3,13 @@ source "https://rubygems.org"
 gem "sinatra"
 gem "sinatra-contrib"
 gem "puma"
+gem "rackup"
 
 gem "anyflake"
 gem "ksuid"
 gem "nanoid"
 gem "ulid"
 gem "uuid7"
-gem "cuid2"
 
 gem "jwt"
 gem "httparty"

Gemfile.lock

@@ -3,26 +3,25 @@ GEM
   specs:
     anyflake (0.0.1)
     ast (2.4.3)
-    base64 (0.3.0)
-    bigdecimal (3.2.2)
-    csv (3.3.5)
-    cuid2 (1.0.1)
-    diff-lcs (1.6.2)
+    base64 (0.2.0)
+    bigdecimal (3.1.9)
+    csv (3.3.4)
+    diff-lcs (1.6.1)
     httparty (0.23.1)
       csv
       mini_mime (>= 1.0.0)
       multi_xml (>= 0.5.2)
-    json (2.12.2)
-    jwt (3.1.1)
+    json (2.11.3)
+    jwt (2.10.1)
       base64
     ksuid (1.0.0)
-    language_server-protocol (3.17.0.5)
+    language_server-protocol (3.17.0.4)
     lint_roller (1.1.0)
     logger (1.7.0)
     mini_mime (1.1.5)
     minitest (5.25.5)
     multi_json (1.15.0)
-    multi_xml (0.7.2)
+    multi_xml (0.7.1)
       bigdecimal (~> 3.1)
     mustermann (3.0.3)
       ruby2_keywords (~> 0.0.1)
@@ -36,35 +35,37 @@ GEM
     puma (6.6.0)
       nio4r (~> 2.0)
     racc (1.8.1)
-    rack (3.1.16)
+    rack (3.1.13)
     rack-protection (4.1.1)
       base64 (>= 0.1.0)
       logger (>= 1.6.0)
       rack (>= 3.0.0, < 4)
-    rack-session (2.1.1)
+    rack-session (2.1.0)
       base64 (>= 0.1.0)
       rack (>= 3.0.0)
     rack-test (2.2.0)
       rack (>= 1.3)
+    rackup (2.2.1)
+      rack (>= 3)
     rainbow (3.1.1)
-    rake (13.3.0)
-    rbs (3.9.4)
+    rake (13.2.1)
+    rbs (3.9.2)
       logger
     regexp_parser (2.10.0)
-    rspec (3.13.1)
+    rspec (3.13.0)
       rspec-core (~> 3.13.0)
       rspec-expectations (~> 3.13.0)
       rspec-mocks (~> 3.13.0)
-    rspec-core (3.13.5)
+    rspec-core (3.13.3)
       rspec-support (~> 3.13.0)
-    rspec-expectations (3.13.5)
+    rspec-expectations (3.13.3)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-mocks (3.13.5)
+    rspec-mocks (3.13.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.13.0)
-    rspec-support (3.13.4)
-    rubocop (1.75.8)
+    rspec-support (3.13.2)
+    rubocop (1.75.4)
       json (~> 2.3)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.1.0)
@@ -75,17 +76,17 @@ GEM
       rubocop-ast (>= 1.44.0, < 2.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.45.1)
+    rubocop-ast (1.44.1)
       parser (>= 3.3.7.2)
       prism (~> 1.4)
     rubocop-performance (1.25.0)
       lint_roller (~> 1.1)
       rubocop (>= 1.75.0, < 2.0)
       rubocop-ast (>= 1.38.0, < 2.0)
-    ruby-lsp (0.24.2)
+    ruby-lsp (0.23.15)
       language_server-protocol (~> 3.17.0)
       prism (>= 1.2, < 2.0)
-      rbs (>= 3, < 5)
+      rbs (>= 3, < 4)
       sorbet-runtime (>= 0.5.10782)
     ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
@@ -102,11 +103,11 @@ GEM
       rack-protection (= 4.1.1)
       sinatra (= 4.1.1)
       tilt (~> 2.0)
-    sorbet-runtime (0.5.12204)
-    standard (1.50.0)
+    sorbet-runtime (0.5.12043)
+    standard (1.49.0)
       language_server-protocol (~> 3.17.0.2)
       lint_roller (~> 1.0)
-      rubocop (~> 1.75.5)
+      rubocop (~> 1.75.2)
       standard-custom (~> 1.0.0)
       standard-performance (~> 1.8)
     standard-custom (1.0.2)
@@ -122,7 +123,7 @@ GEM
     unicode-emoji (4.0.4)
     uuid7 (0.2.0)
       zeitwerk (~> 2.4)
-    zeitwerk (2.7.3)
+    zeitwerk (2.7.2)
 
 PLATFORMS
   ruby
@@ -130,7 +131,6 @@ PLATFORMS
 
 DEPENDENCIES
   anyflake
-  cuid2
   httparty
   jwt
   ksuid
@@ -138,6 +138,7 @@ DEPENDENCIES
   nanoid
   puma
   rack-test
+  rackup
   rake
   rspec
   ruby-lsp
@@ -148,4 +149,4 @@ DEPENDENCIES
   uuid7
 
 BUNDLED WITH
-   2.6.9
+   2.6.8

app.rb

@@ -21,9 +21,11 @@ $LOAD_PATH.unshift File.dirname(__FILE__) + "/lib"
 
 require "config"
 
-VERSION = "0.2.3"
+VERSION = "0.2.0"
 
 CHUNK_SIZE = 1024**2
+SESSION_SECRET_HEX_LENGTH = 64
+JWT_SECRET_HEX_LENGTH = 64
 DEFAULT_FLAKEY = 50
 
 NAME = "kubernaut".freeze
@@ -378,21 +380,19 @@ get "/pid", provides: "json" do
   jsonify({ppid: ppid, pid: Process.pid}, pretty:)
 end
 
-get "/token", provides: "json" do
-  pretty = params.key? :pretty
-
+get "/token" do
   exp = Time.now.to_i + SECONDS_PER_MINUTE * 2
   payload = {name: "anonymous", exp: exp, jti: Random.uuid}
   expires_at = Time.at(exp).to_datetime
-  token = JWT.encode payload, config.jwt_secret.unwrap, "HS256"
+  token = JWT.encode payload, JWT_SECRET, "HS256"
   x = {token: token, expires_at: expires_at}
 
-  jsonify x, pretty:
+  jsonify x
 end
 
 get "/token/validate" do
   token = req_headers["authorization"].split[1]
-  payload = JWT.decode token, config.jwt_secret.unwrap, true, algorithm: "HS256"
+  payload = JWT.decode token, JWT_SECRET, true, algorithm: "HS256"
 
   jsonify payload
 end
@@ -444,13 +444,7 @@ end
 
 get "/_cat/env" do
   stream do |out|
-    e = if params.key? :rack
-      env
-    else
-      ENV
-    end
-
-    e.sort.each do |k, v|
+    ENV.sort.each do |k, v|
       out << "#{k}=#{v}\n"
     end
   end

charts/kubernaut/Chart.yaml

@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.2.3
+version: 0.2.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.2.3"
+appVersion: "0.2.0"

docker-bake.hcl

@@ -7,7 +7,7 @@ target "docker-metadata-action-alpine" {}
 
 target "_common" {
     args = {
-        RUBY_VERSION = "3.4.4"
+        RUBY_VERSION = "3.4.3"
     }
 }
 

dockerfiles/alpine.Dockerfile

@@ -1,38 +1,34 @@
-ARG RUBY_VERSION="3.4.4"
-ARG BASE_REGISTRY="docker.io"
-FROM ${BASE_REGISTRY}/ruby:${RUBY_VERSION}-alpine AS base
+ARG RUBY_VERSION="3.4.3"
+FROM docker.io/library/ruby:${RUBY_VERSION}-alpine AS base
+
+WORKDIR /kubernaut
+
+RUN <<EOT
+  apk update -q
+  apk add bash
+  rm -rf /var/cache/apk
+  gem update --system --no-document
+  gem install -N bundler
+EOT
 
 ENV RACK_ENV="production" \
   BUNDLE_DEPLOYMENT=true \
   BUNDLE_PATH="/usr/local/bundle" \
-  BUNDLE_WITHOUT="development test" \
-  RUBY_YJIT_ENABLE=true
-
-WORKDIR /kubernaut
-
-RUN \
-  --mount=type=cache,id=var-cache-apk,target=/var/cache/apk,sharing=locked \
-  apk update -q; \
-  apk add bash jemalloc
-
-RUN \
-  --mount=type=cache,id=usr-local-bundle-cache,target=${BUNDLE_PATH},sharing=locked \
-  gem update --system --no-document; \
-  gem install -N bundler
+  BUNDLE_WITHOUT="development test"
 
 FROM base AS build
 
-RUN \
-  --mount=type=cache,id=var-cache-apk,target=/var/cache/apk,sharing=locked \
-  apk update -q; \
-  apk add musl-dev gcc make; \
-  apk add bash jemalloc
+RUN <<EOT
+  apk add musl-dev gcc make
+  rm -rf /var/cache/apk
+EOT
 
 COPY Gemfile Gemfile.lock ./
 
-RUN \
-  --mount=type=cache,id=usr-local-bundle-ruby-cache,target=${BUNDLE_PATH}/ruby/3.4.0/cache,sharing=locked \
+RUN <<EOT
   bundle install
+  rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git
+EOT
 
 COPY . .
 
@@ -40,9 +36,10 @@ FROM base
 
 ENV PORT=4567
 
-RUN \
-  addgroup --system --gid 666 kubernaut; \
+RUN <<EOT
+  addgroup --system --gid 666 kubernaut
   adduser --system --uid 666 --ingroup kubernaut --shell /bin/bash --disabled-password kubernaut
+EOT
 
 COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
 COPY --from=build /kubernaut /kubernaut

dockerfiles/bookworm.Dockerfile

@@ -1,46 +1,34 @@
-ARG RUBY_VERSION="3.4.4"
-ARG BASE_REGISTRY="docker.io"
-ARG DEBIAN_VERSION="bookworm"
-FROM ${BASE_REGISTRY}/ruby:${RUBY_VERSION}-slim-${DEBIAN_VERSION} AS base
+ARG RUBY_VERSION="3.4.3"
+FROM docker.io/library/ruby:${RUBY_VERSION}-slim-bookworm AS base
+
+WORKDIR /kubernaut
+
+RUN <<EOT
+  apt-get update -qq
+  rm -rf /var/lib/apt/lists /var/cache/apt/archives
+  gem update --system --no-document
+  gem install -N bundler
+EOT
 
 ENV RACK_ENV="production" \
   BUNDLE_DEPLOYMENT=true \
   BUNDLE_PATH="/usr/local/bundle" \
-  BUNDLE_WITHOUT="development test" \
-  RUBY_YJIT_ENABLE=true
-
-WORKDIR /kubernaut
-
-RUN rm -f /etc/apt/apt.conf.d/docker-clean
-
-RUN \
-  --mount=type=cache,id=var-cache-apt,target=/var/cache/apt,sharing=locked \
-  --mount=type=cache,id=var-lib-apt,target=/var/lib/apt,sharing=locked \
-  apt-get update -qq; \
-  apt-get install --yes --no-install-recommends \
-  libjemalloc2
-
-RUN \
-  --mount=type=cache,id=usr-local-bundle-cache,target=${BUNDLE_PATH},sharing=locked \
-  gem update --system --no-document; \
-  gem install -N bundler
-
-ENV DEBIAN_FRONTEND="noninteractive"
+  BUNDLE_WITHOUT="development test"
 
 FROM base AS build
 
-RUN \
-  --mount=type=cache,id=var-cache-apt,target=/var/cache/apt,sharing=locked \
-  --mount=type=cache,id=var-lib-apt,target=/var/lib/apt,sharing=locked \
-  apt-get update -qq; \
-  apt-get install --yes --no-install-recommends \
-  build-essential
+RUN <<EOT
+  apt-get update -qq
+  apt-get install --yes --no-install-recommends gcc make libc-dev
+  rm -rf /var/lib/apt/lists /var/cache/apt/archives
+EOT
 
 COPY Gemfile Gemfile.lock ./
 
-RUN \
-  --mount=type=cache,id=usr-local-bundle-ruby-cache,target=${BUNDLE_PATH}/ruby/3.4.0/cache,sharing=locked \
+RUN <<EOT
   bundle install
+  rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git
+EOT
 
 COPY . .
 
@@ -48,9 +36,10 @@ FROM base
 
 ENV PORT=4567
 
-RUN \
-  groupadd --system --gid 666 kubernaut; \
+RUN <<EOT
+  groupadd --system --gid 666 kubernaut
   useradd --system --uid 666 --gid kubernaut --create-home --shell /bin/bash kubernaut
+EOT
 
 COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"
 COPY --from=build /kubernaut /kubernaut

dockerfiles/entrypoint.sh

@@ -7,9 +7,4 @@ ruby --version
 printf "rubygems %s\n" "$(gem --version)"
 bundle version
 
-if [ -z "${LD_PRELOAD+x}" ]; then
-    LD_PRELOAD="$(find /usr/lib -name libjemalloc.so.2 -print -quit)"
-    export LD_PRELOAD
-fi
-
 exec "${@}"

kustomize/app/deployment.yaml

@@ -16,24 +16,18 @@ spec:
     spec:
       containers:
         - name: kubernaut
-          image: git.kill0.net/ryanc/kubernaut:0.2.3
-          imagePullPolicy: IfNotPresent
+          image: git.kill0.net/ryanc/kubernaut:0.2.0
+          imagePullPolicy: Always
           ports:
             - name: sinatra-web
               containerPort: 4567
           env:
-            - name: KUBERNAUT_SESSION_SECRET
+            - name: SESSION_SECRET
               valueFrom:
                 secretKeyRef:
-                  name: kubernaut
+                  name: kubernaut-session-secret
                   key: session_secret
                   optional: true
-            - name: KUBERNAUT_JWT_SECRET
-              valueFrom:
-                secretKeyRef:
-                  name: kubernaut
-                  key: jwt_secret
-                  optional: true
           envFrom:
             - configMapRef:
                 name: kubernaut-configmap

kustomize/app/kustomization.yaml

@@ -3,6 +3,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: kubernaut
 resources:
+  - secret.yaml
   - configmap.yaml
   - deployment.yaml
   - hpa.yaml

kustomize/app/secret.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: kubernaut-session-secret
+  namespace: kubernaut
+spec:
+  encryptedData:
+    session_secret: AgCY08t0AU418znEZt5d252J+lH+fwYki2g6jdJpfdRfVQjnA+b52P0KWrs/x5pB0PKab6Z3JY/Tz0SQCaoIsCR4IzUO3a095aulRqb6Qr1Lz8udBVta4JJMZLmo26tuUfVHlpD1d6J8rkBSm8vzckFLkOA1Wfl/9rS3K4qwiDogA5pI0ULghFkeEx1yKdRwPq0k8PuvOvLUJ6oNq3e5n+B/BrVWdQ+7XQxUq/AMANJrDbe+RD33f99LArHYA7bFMbY8YRazXSTAkeunpTlxTjuGZKYvJKupo29LHz2OVbZVX/hI0nZkdVpcgqvbxF6Vw9CuCeAmtKYl7A3qsAWqDLUdP3hRLsk2P9RDNhEzYWh4ml8APzziWzihdJbGEjwLy7HsHgKslM0XbBnRQDlxp/JtvcWdjQp33A+QOON32zOKHi+qJjDYyGebS1+xkPbnyb1MPSJVAtFpj7dlLbFekLFDZEbXuJYUl1wKdFOIjJHmNK/MTEV2kOhtiVj/aeKgSXwor9hR7Uxzs5ZSawp9uWw+hpr58EX6I+RtfO4yjFC6FjnagiU6SlI1Q2F7/nv82g1UWTYMpNN5bduS1YFWmsnXvK+W7YQHpSForr5ndtCSHmclbXb5Fc33sywC5u6Bi2Gu5/MW6d73BOog5BC3QtOuEQ044Q+cuU3RIlKADBqKLzZmHlmukyyGuZfXJnGjlWGKp3J1KecucTo6XC9QHpUkjXEKdlE63mOI1VuOGyBIHl60v4bnWiBg+aDZVHipz4JLKsVB0HOgBBK7+tOX6tr1GDG/F7Nz/i9ebzUV6i8Ec1jHf+2ZcTtBkNXBIkHc84+4Qd33/gOuP+lizLfIhfQ3DFWbwyfYumpVbeapyYhB0CE=
+  template:
+    metadata:
+      creationTimestamp: null
+      name: kubernaut-session-secret
+      namespace: kubernaut

kustomize/kustomization.yaml

@@ -6,3 +6,4 @@ metadata:
 resources:
   - namespace.yaml
   - ./app
+  - ./memcached

kustomize/memcached/deployment.yaml

@@ -0,0 +1,21 @@
+---
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: kubernaut-memcached
+
+spec:
+  selector:
+    matchLabels:
+      app: kubernaut-memcached
+  template:
+    metadata:
+      labels:
+        app: kubernaut-memcached
+    spec:
+      containers:
+        - name: kubernaut-memcached
+          image: memcached:latest
+          ports:
+            - name: memcached
+              containerPort: 11211

kustomize/memcached/kustomization.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kubernaut
+resources:
+  - deployment.yaml
+  - services.yaml

kustomize/memcached/services.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kubernaut-memcached
+
+spec:
+  ports:
+    - name: memcached
+      port: 11211
+      targetPort: memcached
+  selector:
+    app: kubernaut-memcached

lib/config.rb

@@ -1,8 +1,5 @@
 require "sensitive"
 
-SESSION_SECRET_HEX_LENGTH = 64
-JWT_SECRET_HEX_LENGTH = 64
-
 class Config
   attr_accessor :cat
 
@@ -12,7 +9,7 @@ class Config
     @prefix = prefix
     @cat = cat
 
-    session_secret ||= fetch_env "SESSION_SECRET" do
+    session_secret ||= ENV.fetch "SESSION_SECRET" do
       SecureRandom.hex SESSION_SECRET_HEX_LENGTH
     end