ryanc/kubernaut
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ryanc:v0.2.4
Branches Tags
ryanc:main ryanc:develop
ryanc:v0.2.4 ryanc:v0.2.3 ryanc:v0.2.2 ryanc:v0.2.1 ryanc:v0.2.0 ryanc:v0.1.4 ryanc:v0.1.3 ryanc:v0.1.2 ryanc:v0.1.1 ryanc:v0.1.0
..
compare: ryanc:d593d59bed275a5c4dd23f167c5548a790f7023f
Branches Tags
ryanc:develop ryanc:main
ryanc:v0.2.4 ryanc:v0.2.3 ryanc:v0.2.2 ryanc:v0.2.1 ryanc:v0.2.0 ryanc:v0.1.4 ryanc:v0.1.3 ryanc:v0.1.2 ryanc:v0.1.1 ryanc:v0.1.0

1 Commits
v0.2.4 ... d593d59bed

Author SHA1 Message Date
Ryan Cavicchioni
d593d59bed remove secret from Kustomize
All checks were successful
Ruby Test / test (push) Successful in 18s
Details
Ruby Lint / lint (push) Successful in 22s
Details
2025-05-10 17:43:46 -05:00
16 changed files with 121 additions and 131 deletions
Expand all files Collapse all files

2
.devcontainer/Dockerfile
View File

@@ -1,2 +1,2 @@
ARG VARIANT="3.4.4"
ARG VARIANT="3.4.2"
FROM ghcr.io/rails/devcontainer/images/ruby:${VARIANT}

3
Gemfile
View File

@@ -9,13 +9,10 @@ gem "ksuid"
gem "nanoid"
gem "ulid"
gem "uuid7"
gem "cuid2"
gem "jwt"
gem "httparty"
gem "prometheus-client"
group :development do
gem "ruby-lsp"
gem "rack-test"

59
Gemfile.lock
View File

@@ -3,26 +3,25 @@ GEM
specs:
anyflake (0.0.1)
ast (2.4.3)
base64 (0.3.0)
bigdecimal (3.2.2)
csv (3.3.5)
cuid2 (1.0.1)
diff-lcs (1.6.2)
base64 (0.2.0)
bigdecimal (3.1.9)
csv (3.3.4)
diff-lcs (1.6.1)
httparty (0.23.1)
csv
mini_mime (>= 1.0.0)
multi_xml (>= 0.5.2)
json (2.12.2)
jwt (3.1.2)
json (2.11.3)
jwt (2.10.1)
base64
ksuid (1.0.0)
language_server-protocol (3.17.0.5)
language_server-protocol (3.17.0.4)
lint_roller (1.1.0)
logger (1.7.0)
mini_mime (1.1.5)
minitest (5.25.5)
multi_json (1.15.0)
multi_xml (0.7.2)
multi_xml (0.7.1)
bigdecimal (~> 3.1)
mustermann (3.0.3)
ruby2_keywords (~> 0.0.1)
@@ -33,40 +32,38 @@ GEM
ast (~> 2.4.1)
racc
prism (1.4.0)
prometheus-client (4.2.5)
base64
puma (6.6.0)
nio4r (~> 2.0)
racc (1.8.1)
rack (3.1.16)
rack (3.1.13)
rack-protection (4.1.1)
base64 (>= 0.1.0)
logger (>= 1.6.0)
rack (>= 3.0.0, < 4)
rack-session (2.1.1)
rack-session (2.1.0)
base64 (>= 0.1.0)
rack (>= 3.0.0)
rack-test (2.2.0)
rack (>= 1.3)
rainbow (3.1.1)
rake (13.3.0)
rbs (3.9.4)
rake (13.2.1)
rbs (3.9.2)
logger
regexp_parser (2.10.0)
rspec (3.13.1)
rspec (3.13.0)
rspec-core (~> 3.13.0)
rspec-expectations (~> 3.13.0)
rspec-mocks (~> 3.13.0)
rspec-core (3.13.5)
rspec-core (3.13.3)
rspec-support (~> 3.13.0)
rspec-expectations (3.13.5)
rspec-expectations (3.13.3)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.13.0)
rspec-mocks (3.13.5)
rspec-mocks (3.13.2)
diff-lcs (>= 1.2.0, < 2.0)
rspec-support (~> 3.13.0)
rspec-support (3.13.4)
rubocop (1.75.8)
rspec-support (3.13.2)
rubocop (1.75.4)
json (~> 2.3)
language_server-protocol (~> 3.17.0.2)
lint_roller (~> 1.1.0)
@@ -77,17 +74,18 @@ GEM
rubocop-ast (>= 1.44.0, < 2.0)
ruby-progressbar (~> 1.7)
unicode-display_width (>= 2.4.0, < 4.0)
rubocop-ast (1.45.1)
rubocop-ast (1.44.1)
parser (>= 3.3.7.2)
prism (~> 1.4)
rubocop-performance (1.25.0)
lint_roller (~> 1.1)
rubocop (>= 1.75.0, < 2.0)
rubocop-ast (>= 1.38.0, < 2.0)
ruby-lsp (0.25.0)
ruby-lsp (0.23.15)
language_server-protocol (~> 3.17.0)
prism (>= 1.2, < 2.0)
rbs (>= 3, < 5)
rbs (>= 3, < 4)
sorbet-runtime (>= 0.5.10782)
ruby-progressbar (1.13.0)
ruby2_keywords (0.0.5)
sinatra (4.1.1)
@@ -103,10 +101,11 @@ GEM
rack-protection (= 4.1.1)
sinatra (= 4.1.1)
tilt (~> 2.0)
standard (1.50.0)
sorbet-runtime (0.5.12043)
standard (1.49.0)
language_server-protocol (~> 3.17.0.2)
lint_roller (~> 1.0)
rubocop (~> 1.75.5)
rubocop (~> 1.75.2)
standard-custom (~> 1.0.0)
standard-performance (~> 1.8)
standard-custom (1.0.2)
@@ -115,14 +114,14 @@ GEM
standard-performance (1.8.0)
lint_roller (~> 1.1)
rubocop-performance (~> 1.25.0)
tilt (2.6.1)
tilt (2.6.0)
ulid (1.4.0)
unicode-display_width (3.1.4)
unicode-emoji (~> 4.0, >= 4.0.4)
unicode-emoji (4.0.4)
uuid7 (0.2.0)
zeitwerk (~> 2.4)
zeitwerk (2.7.3)
zeitwerk (2.7.2)
PLATFORMS
ruby
@@ -130,13 +129,11 @@ PLATFORMS
DEPENDENCIES
anyflake
cuid2
httparty
jwt
ksuid
minitest
nanoid
prometheus-client
puma
rack-test
rake
@@ -149,4 +146,4 @@ DEPENDENCIES
uuid7
BUNDLED WITH
2.6.9
2.6.8

40
app.rb
View File

@@ -12,8 +12,6 @@ require "securerandom"
require "random/formatter"
require "ulid"
require "anyflake"
require "cuid2"
require "ksuid"
require "jwt"
@@ -23,17 +21,11 @@ $LOAD_PATH.unshift File.dirname(__FILE__) + "/lib"
require "config"
require "rack"
require "prometheus/middleware/collector"
require "prometheus/middleware/exporter"
use Rack::Deflater
use Prometheus::Middleware::Collector
use Prometheus::Middleware::Exporter
VERSION = "0.2.4"
VERSION = "0.2.1"
CHUNK_SIZE = 1024**2
SESSION_SECRET_HEX_LENGTH = 64
JWT_SECRET_HEX_LENGTH = 64
DEFAULT_FLAKEY = 50
NAME = "kubernaut".freeze
@@ -372,24 +364,6 @@ get "/snowflake" do
end
end
get "/cuid2" do
n = params.fetch(:n, 1).to_i
stream do |out|
n.times do |_|
out << format("%s\n", Cuid2.generate)
end
end
end
get "/ksuid" do
n = params.fetch(:n, 1).to_i
stream do |out|
n.times do |_|
out << format("%s\n", KSUID.new)
end
end
end
post "/quit" do
Process.kill("TERM", ppid)
nil
@@ -472,13 +446,7 @@ end
get "/_cat/env" do
stream do |out|
e = if params.key? :rack
env
else
ENV
end
e.sort.each do |k, v|
ENV.sort.each do |k, v|
out << "#{k}=#{v}\n"
end
end

4
charts/kubernaut/Chart.yaml
View File

@@ -15,10 +15,10 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.2.4
version: 0.2.1
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.2.4"
appVersion: "0.2.1"

6
docker-bake.hcl
View File

@@ -7,12 +7,8 @@ target "docker-metadata-action-alpine" {}
target "_common" {
args = {
RUBY_VERSION = "3.4.4"
RUBY_VERSION = "3.4.3"
}
platforms = [
"linux/amd64",
"linux/arm64",
]
}
target "bookworm" {

22
dockerfiles/alpine.Dockerfile
View File

@@ -1,6 +1,5 @@
ARG RUBY_VERSION="3.4.4"
ARG RUBY_VERSION="3.4.3"
ARG BASE_REGISTRY="docker.io"
FROM ${BASE_REGISTRY}/ruby:${RUBY_VERSION}-alpine AS base
ENV RACK_ENV="production" \
@@ -12,21 +11,28 @@ ENV RACK_ENV="production" \
WORKDIR /kubernaut
RUN \
apk update -q && \
--mount=type=cache,id=var-cache-apk,target=/var/cache/apk,sharing=locked \
apk update -q; \
apk add bash jemalloc
RUN \
--mount=type=cache,id=usr-local-bundle-cache,target=${BUNDLE_PATH},sharing=locked \
gem update --system --no-document; \
gem install -N bundler
FROM base AS build
RUN \
apk update -q && \
apk add musl-dev gcc make && \
--mount=type=cache,id=var-cache-apk,target=/var/cache/apk,sharing=locked \
apk update -q; \
apk add musl-dev gcc make; \
apk add bash jemalloc
COPY Gemfile Gemfile.lock ./
RUN \
bundle install && \
rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git
--mount=type=cache,id=usr-local-bundle-ruby-cache,target=${BUNDLE_PATH}/ruby/3.4.0/cache,sharing=locked \
bundle install
COPY . .
@@ -35,7 +41,7 @@ FROM base
ENV PORT=4567
RUN \
addgroup --system --gid 666 kubernaut && \
addgroup --system --gid 666 kubernaut; \
adduser --system --uid 666 --ingroup kubernaut --shell /bin/bash --disabled-password kubernaut
COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"

34
dockerfiles/bookworm.Dockerfile
View File

@@ -1,7 +1,6 @@
ARG RUBY_VERSION="3.4.4"
ARG RUBY_VERSION="3.4.3"
ARG BASE_REGISTRY="docker.io"
ARG DEBIAN_VERSION="bookworm"
FROM ${BASE_REGISTRY}/ruby:${RUBY_VERSION}-slim-${DEBIAN_VERSION} AS base
ENV RACK_ENV="production" \
@@ -12,23 +11,36 @@ ENV RACK_ENV="production" \
WORKDIR /kubernaut
RUN rm -f /etc/apt/apt.conf.d/docker-clean
RUN \
apt-get update -qq && \
apt-get install --yes --no-install-recommends libjemalloc2 && \
rm -rf /var/lib/apt/lists /var/cache/apt/archives
--mount=type=cache,id=var-cache-apt,target=/var/cache/apt,sharing=locked \
--mount=type=cache,id=var-lib-apt,target=/var/lib/apt,sharing=locked \
apt-get update -qq; \
apt-get install --yes --no-install-recommends \
libjemalloc2
RUN \
--mount=type=cache,id=usr-local-bundle-cache,target=${BUNDLE_PATH},sharing=locked \
gem update --system --no-document; \
gem install -N bundler
ENV DEBIAN_FRONTEND="noninteractive"
FROM base AS build
RUN \
apt-get update -qq && \
apt-get install --yes --no-install-recommends build-essential && \
rm -rf /var/lib/apt/lists /var/cache/apt/archives
--mount=type=cache,id=var-cache-apt,target=/var/cache/apt,sharing=locked \
--mount=type=cache,id=var-lib-apt,target=/var/lib/apt,sharing=locked \
apt-get update -qq; \
apt-get install --yes --no-install-recommends \
build-essential
COPY Gemfile Gemfile.lock ./
RUN \
bundle install && \
rm -rf ~/.bundle/ "${BUNDLE_PATH}"/ruby/*/cache "${BUNDLE_PATH}"/ruby/*/bundler/gems/*/.git
--mount=type=cache,id=usr-local-bundle-ruby-cache,target=${BUNDLE_PATH}/ruby/3.4.0/cache,sharing=locked \
bundle install
COPY . .
@@ -37,7 +49,7 @@ FROM base
ENV PORT=4567
RUN \
groupadd --system --gid 666 kubernaut && \
groupadd --system --gid 666 kubernaut; \
useradd --system --uid 666 --gid kubernaut --create-home --shell /bin/bash kubernaut
COPY --from=build "${BUNDLE_PATH}" "${BUNDLE_PATH}"

19
kustomize/app/cronjob.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: batch/v1
kind: CronJob
metadata:
name: kubernaut
spec:
schedule: "* * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: hello
image: busybox:1.37
imagePullPolicy: IfNotPresent
command:
- /bin/sh
- -c
- echo "=^.^= <(meow)"
restartPolicy: OnFailure

14
kustomize/app/deployment.yaml
View File

@@ -16,24 +16,18 @@ spec:
spec:
containers:
- name: kubernaut
image: git.kill0.net/ryanc/kubernaut:0.2.4
imagePullPolicy: IfNotPresent
image: git.kill0.net/ryanc/kubernaut:0.2.1
imagePullPolicy: Always
ports:
- name: sinatra-web
containerPort: 4567
env:
- name: KUBERNAUT_SESSION_SECRET
- name: SESSION_SECRET
valueFrom:
secretKeyRef:
name: kubernaut
name: kubernaut-session-secret
key: session_secret
optional: true
- name: KUBERNAUT_JWT_SECRET
valueFrom:
secretKeyRef:
name: kubernaut
key: jwt_secret
optional: true
envFrom:
- configMapRef:
name: kubernaut-configmap

2
kustomize/app/kustomization.yaml
View File

@@ -3,8 +3,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubernaut
resources:
- secret.yaml
- configmap.yaml
- deployment.yaml
- hpa.yaml
- services.yaml
- cronjob.yaml

1
kustomize/kustomization.yaml
View File

@@ -6,3 +6,4 @@ metadata:
resources:
- namespace.yaml
- ./app
- ./memcached

21
kustomize/memcached/deployment.yaml Normal file
View File

@@ -0,0 +1,21 @@
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: kubernaut-memcached
spec:
selector:
matchLabels:
app: kubernaut-memcached
template:
metadata:
labels:
app: kubernaut-memcached
spec:
containers:
- name: kubernaut-memcached
image: memcached:latest
ports:
- name: memcached
containerPort: 11211

7
kustomize/memcached/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: kubernaut
resources:
- deployment.yaml
- services.yaml

13
kustomize/memcached/services.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: Service
metadata:
name: kubernaut-memcached
spec:
ports:
- name: memcached
port: 11211
targetPort: memcached
selector:
app: kubernaut-memcached

5
lib/config.rb
View File

@@ -1,8 +1,5 @@
require "sensitive"
SESSION_SECRET_HEX_LENGTH = 64
JWT_SECRET_HEX_LENGTH = 64
class Config
attr_accessor :cat
@@ -12,7 +9,7 @@ class Config
@prefix = prefix
@cat = cat
session_secret ||= fetch_env "SESSION_SECRET" do
session_secret ||= ENV.fetch "SESSION_SECRET" do
SecureRandom.hex SESSION_SECRET_HEX_LENGTH
end