Merge pull request #447 from stefanprodan/release-6.10.0

Release v6.10.0
2026-04-07 03:26:54 +00:00 · 2026-02-01 12:34:49 +02:00 · 2026-02-01 12:30:00 +02:00 · 2026-02-01 12:27:17 +02:00 · 2026-02-01 12:22:40 +02:00 · 2026-02-01 12:13:50 +02:00
583 changed files with 41701 additions and 49133 deletions
--- a/.cosign/README.md
+++ b/.cosign/README.md
@@ -0,0 +1,61 @@
+# Podinfo signed releases
+
+Podinfo release assets (container image, Helm chart, Flux artifact, Timoni module)
+are published to GitHub Container Registry and are signed with
+[Cosign v2](https://github.com/sigstore/cosign) keyless & GitHub Actions OIDC.
+
+## Verify podinfo with cosign
+
+Install the [cosign](https://github.com/sigstore/cosign) CLI:
+
+```sh
+brew install sigstore/tap/cosign
+```
+
+### Container image
+
+Verify the podinfo container image hosted on GHCR:
+
+```sh
+cosign verify ghcr.io/stefanprodan/podinfo:6.5.0 \
+--certificate-identity-regexp="^https://github.com/stefanprodan/podinfo.*$" \
+--certificate-oidc-issuer=https://token.actions.githubusercontent.com
+```
+
+Verify the podinfo container image hosted on Docker Hub:
+
+```sh
+cosign verify docker.io/stefanprodan/podinfo:6.5.0 \
+--certificate-identity-regexp="^https://github.com/stefanprodan/podinfo.*$" \
+--certificate-oidc-issuer=https://token.actions.githubusercontent.com
+```
+
+### Helm chart
+
+Verify the podinfo [Helm](https://helm.sh) chart hosted on GHCR:
+
+```sh
+cosign verify ghcr.io/stefanprodan/charts/podinfo:6.5.0 \
+--certificate-identity-regexp="^https://github.com/stefanprodan/podinfo.*$" \
+--certificate-oidc-issuer=https://token.actions.githubusercontent.com
+```
+
+### Flux artifact
+
+Verify the podinfo [Flux](https://fluxcd.io) artifact hosted on GHCR:
+
+```sh
+cosign verify ghcr.io/stefanprodan/manifests/podinfo:6.5.0 \
+--certificate-identity-regexp="^https://github.com/stefanprodan/podinfo.*$" \
+--certificate-oidc-issuer=https://token.actions.githubusercontent.com
+```
+
+### Timoni module
+
+Verify the podinfo [Timoni](https://timoni.sh) module hosted on GHCR:
+
+```sh
+cosign verify ghcr.io/stefanprodan/modules/podinfo:6.5.0 \
+--certificate-identity-regexp="^https://github.com/stefanprodan/podinfo.*$" \
+--certificate-oidc-issuer=https://token.actions.githubusercontent.com
+```
--- a/.cosign/cosign.pub
+++ b/.cosign/cosign.pub
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEST+BqQ1XZhhVYx0YWQjdUJYIG5Lt
+iz2+UxRIqmKBqNmce2T+l45qyqOs99qfD7gLNGmkVZ4vtJ9bM7FxChFczg==
+-----END PUBLIC KEY-----
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1 @@
+timoni/podinfo/cue.mod/** linguist-vendored
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1 @@
+github: stefanprodan
--- a/.github/actions/kubeconform/action.yml
+++ b/.github/actions/kubeconform/action.yml
@@ -0,0 +1,38 @@
+name: Setup kubeconform
+description: A GitHub Action for running kubeconform commands
+author: Stefan Prodan
+branding:
+  color: blue
+  icon: command
+inputs:
+  version:
+    description: "kubeconform version e.g. 0.5.0 (defaults to latest stable release)"
+    required: false
+  arch:
+    description: "arch can be amd64 or arm64"
+    required: true
+    default: "amd64"
+runs:
+  using: composite
+  steps:
+    - name: "Download binary to the GH runner cache"
+      shell: bash
+      run: |  
+        ARCH=${{ inputs.arch }}
+        VERSION=${{ inputs.version }}
+
+        if [ -z $VERSION ]; then
+          VERSION=$(curl https://api.github.com/repos/yannh/kubeconform/releases/latest -sL | grep tag_name | sed -E 's/.*"([^"]+)".*/\1/' | cut -c 2-)
+        fi
+        
+        BIN_URL="https://github.com/yannh/kubeconform/releases/download/v${VERSION}/kubeconform-linux-${ARCH}.tar.gz"
+        BIN_DIR=$RUNNER_TOOL_CACHE/kubeconform/$VERSION/$ARCH
+        
+        if [[ ! -x "$BIN_DIR/kind" ]]; then
+          mkdir -p $BIN_DIR
+          cd $BIN_DIR
+          curl -sL $BIN_URL | tar xz
+          chmod +x kubeconform
+        fi
+        
+        echo "$BIN_DIR" >> "$GITHUB_PATH"
--- a/.github/actions/runner-cleanup/action.yml
+++ b/.github/actions/runner-cleanup/action.yml
@@ -0,0 +1,24 @@
+name: Runner Cleanup
+description: A GitHub Action for removing bloat from Ubuntu GitHub Actions runner.
+author: Stefan Prodan
+branding:
+  color: blue
+  icon: command
+runs:
+  using: composite
+  steps:
+    - name: "Disk Usage Before Cleanup"
+      shell: bash
+      run: |
+        df -h
+    - name: "Remove .NET, Android and Haskell"
+      shell: bash
+      run: |
+        sudo rm -rf /usr/share/dotnet || true
+        sudo rm -rf /usr/local/lib/android || true
+        sudo rm -rf /opt/ghc || true
+        sudo rm -rf /usr/local/.ghcup || true
+    - name: "Disk Usage After Cleanup"
+      shell: bash
+      run: |
+        df -h
--- a/.github/dependabot.yaml
+++ b/.github/dependabot.yaml
@@ -0,0 +1,11 @@
+version: 2
+
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    groups:
+      actions:
+        patterns:
+          - "*"
+    schedule:
+      interval: "weekly"
--- a/.github/workflows/cve-scan.yml
+++ b/.github/workflows/cve-scan.yml
@@ -0,0 +1,25 @@
+name: cve-scan
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "master"
+  pull_request:
+    branches:
+      - "master"
+
+permissions:
+  contents: read
+
+jobs:
+  govulncheck:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: ./.github/actions/runner-cleanup
+      - name: Vulnerability scan
+        id: govulncheck
+        uses: golang/govulncheck-action@v1
+        with:
+          repo-checkout: false
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -0,0 +1,80 @@
+name: e2e
+
+on:
+  pull_request:
+  push:
+    branches:
+      - 'master'
+
+permissions:
+  contents: read
+
+jobs:
+  kind-helm:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+      - name: Disk Cleanup
+        uses: ./.github/actions/runner-cleanup
+      - name: Setup Kubernetes
+        uses: helm/kind-action@v1.13.0
+        with:
+          cluster_name: kind
+      - name: Build container image
+        run: |
+          ./test/build.sh
+          kind load docker-image test/podinfo:latest
+      - name: Setup Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: v3.17.3
+      - name: Deploy
+        run: ./test/deploy.sh
+      - name: Run integration tests
+        run: ./test/test.sh
+      - name: Debug failure
+        if: failure()
+        run: |
+          kubectl logs -l app=podinfo || true
+  kind-timoni:
+    runs-on: ubuntu-latest
+    services:
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
+    env:
+      PODINFO_IMAGE_URL: "test/podinfo"
+      PODINFO_MODULE_URL: "oci://localhost:5000/podinfo"
+      PODINFO_VERSION: "0.0.0-devel"
+    steps:
+      - uses: actions/checkout@v6
+      - uses: ./.github/actions/runner-cleanup
+      - name: Setup Timoni
+        uses: stefanprodan/timoni/actions/setup@main
+      - name: Setup Kubernetes
+        uses: helm/kind-action@v1.13.0
+        with:
+          cluster_name: kind
+      - name: Build container
+        run: |
+          docker build -t ${PODINFO_IMAGE_URL}:${PODINFO_VERSION} --build-arg "REVISION=${GITHUB_SHA}"  -f Dockerfile.xx .
+          kind load docker-image ${PODINFO_IMAGE_URL}:${PODINFO_VERSION}
+      - name: Vet module
+        run: |
+          timoni mod vet ./timoni/podinfo --debug
+      - name: Build module
+        run: |
+          timoni mod push ./timoni/podinfo ${PODINFO_MODULE_URL} -v ${PODINFO_VERSION}
+      - name: Apply bundle
+        run: |
+          timoni bundle apply -f ./timoni/bundles/test.podinfo.cue --runtime-from-env
+      - name: Verify status
+        run: |
+          timoni -n podinfo status backend
+          timoni -n podinfo status frontend
+      - name: Debug failure
+        if: failure()
+        run: |
+          kubectl -n podinfo get all || true
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -0,0 +1,168 @@
+name: release
+
+on:
+  push:
+    tags:
+      - '*'
+
+permissions:
+  contents: read
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # needed to write releases
+      id-token: write # needed for keyless signing
+      packages: write # needed for ghcr access
+    steps:
+      - uses: actions/checkout@v6
+      - uses: ./.github/actions/runner-cleanup
+      - uses: sigstore/cosign-installer@v4.0.0
+        with:
+          cosign-release: v2.6.1
+      - uses: fluxcd/flux2/action@v2.7.5
+      - uses: stefanprodan/timoni/actions/setup@v0.25.2
+      - name: Setup Notation CLI
+        uses: notaryproject/notation-action/setup@v1
+        with:
+          version: "1.1.0"
+      - name: Setup Notation signing keys
+        run: |
+          mkdir -p ~/.config/notation/localkeys/
+          cp ./.notation/signingkeys.json ~/.config/notation/
+          cp ./.notation/notation.crt ~/.config/notation/localkeys/
+          echo "$NOTATION_KEY" > ~/.config/notation/localkeys/notation.key
+        env:
+          NOTATION_KEY: ${{ secrets.NOTATION_SIGNING_KEY }}
+      - name: Setup Go
+        uses: actions/setup-go@v6
+        with:
+          go-version: 1.25.x
+      - name: Setup Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: v3.17.3
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: all
+      - name: Setup Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v3
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Prepare
+        id: prep
+        run: |
+          VERSION=sha-${GITHUB_SHA::8}
+          if [[ $GITHUB_REF == refs/tags/* ]]; then
+            VERSION=${GITHUB_REF/refs\/tags\//}
+          fi
+          echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT
+          echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
+          echo "REVISION=${GITHUB_SHA}" >> $GITHUB_OUTPUT
+      - name: Generate images meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            docker.io/stefanprodan/podinfo
+            ghcr.io/stefanprodan/podinfo
+          tags: |
+            type=raw,value=${{ steps.prep.outputs.VERSION }}
+            type=raw,value=latest
+      - name: Publish multi-arch image
+        uses: docker/build-push-action@v6
+        with:
+          sbom: true
+          provenance: true
+          push: true
+          builder: ${{ steps.buildx.outputs.name }}
+          context: .
+          file: ./Dockerfile.xx
+          build-args: |
+            REVISION=${{ steps.prep.outputs.REVISION }}
+          platforms: linux/amd64,linux/arm/v7,linux/arm64
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+      - name: Publish Timoni module to GHCR
+        run: |
+          timoni mod push ./timoni/podinfo oci://ghcr.io/stefanprodan/modules/podinfo \
+          --sign cosign \
+          --version ${{ steps.prep.outputs.VERSION }} \
+          -a 'org.opencontainers.image.source=https://github.com/stefanprodan/podinfo' \
+          -a 'org.opencontainers.image.licenses=Apache-2.0' \
+          -a 'org.opencontainers.image.description=A timoni.sh module for deploying Podinfo.' \
+          -a 'org.opencontainers.image.documentation=https://github.com/stefanprodan/podinfo/blob/main/timoni/podinfo/README.md'
+      - name: Publish Helm chart to GHCR
+        run: |
+          helm package charts/podinfo
+          helm push podinfo-${{ steps.prep.outputs.VERSION }}.tgz oci://ghcr.io/stefanprodan/charts
+          rm podinfo-${{ steps.prep.outputs.VERSION }}.tgz
+      - name: Publish Flux OCI artifact to GHCR
+        run: |
+          flux push artifact oci://ghcr.io/stefanprodan/manifests/podinfo:${{ steps.prep.outputs.VERSION }} \
+            --path="./kustomize" \
+            --source="${{ github.event.repository.html_url }}" \
+            --revision="${GITHUB_REF_NAME}/${GITHUB_SHA}"
+          flux tag artifact oci://ghcr.io/stefanprodan/manifests/podinfo:${{ steps.prep.outputs.VERSION }} --tag latest
+      - name: Sign artifacts with Cosign
+        env:
+          COSIGN_EXPERIMENTAL: 1
+        run: |
+          cosign sign docker.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }} --yes
+          cosign sign ghcr.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }} --yes
+          cosign sign ghcr.io/stefanprodan/charts/podinfo:${{ steps.prep.outputs.VERSION }} --yes
+          cosign sign ghcr.io/stefanprodan/manifests/podinfo:${{ steps.prep.outputs.VERSION }} --yes
+      - name: Publish base image
+        uses: docker/build-push-action@v6
+        with:
+          push: true
+          builder: ${{ steps.buildx.outputs.name }}
+          context: .
+          platforms: linux/amd64
+          file: ./Dockerfile.base
+          tags: docker.io/stefanprodan/podinfo-base:latest
+      - name: Publish helm chart
+        uses: stefanprodan/helm-gh-pages@master
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Publish config artifact
+        run: |
+          flux push artifact oci://ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }} \
+            --path="./kustomize" \
+            --source="${{ github.event.repository.html_url }}" \
+            --revision="${GITHUB_REF_NAME}/${GITHUB_SHA}"
+          flux tag artifact oci://ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }} --tag latest
+      - name: Sign config artifact with cso
+        run: |
+          echo "$COSIGN_KEY" > /tmp/cosign.key
+          cosign sign -key /tmp/cosign.key ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }} --yes
+          cosign sign -key /tmp/cosign.key ghcr.io/stefanprodan/podinfo-deploy:latest --yes
+        env:
+          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+          COSIGN_KEY: ${{secrets.COSIGN_KEY}}
+      - name: Sign artifacts with Notation
+        run: |
+          notation sign --signature-format cose ghcr.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }}
+          notation sign --signature-format cose ghcr.io/stefanprodan/charts/podinfo:${{ steps.prep.outputs.VERSION }}
+          notation sign --signature-format cose ghcr.io/stefanprodan/manifests/podinfo:${{ steps.prep.outputs.VERSION }}
+          notation sign --signature-format cose ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }}
+          notation sign --signature-format cose ghcr.io/stefanprodan/podinfo-deploy:latest
+      - name: Publish release
+        uses: goreleaser/goreleaser-action@v6
+        with:
+          version: latest
+          args: release --skip=validate
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -0,0 +1,73 @@
+name: test
+
+on:
+  pull_request:
+  push:
+    branches:
+      - 'master'
+
+permissions:
+  contents: read
+
+env:
+  KUBERNETES_VERSION: 1.31.0
+  HELM_VERSION: 3.17.3
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: ./.github/actions/runner-cleanup
+      - name: Setup Go
+        uses: actions/setup-go@v6
+        with:
+          go-version: 1.25.x
+          cache-dependency-path: |
+            **/go.sum
+            **/go.mod
+      - name: Setup kubectl
+        uses: azure/setup-kubectl@v4
+        with:
+          version: v${{ env.KUBERNETES_VERSION }}
+      - name: Setup kubeconform
+        uses: ./.github/actions/kubeconform
+      - name: Setup Helm
+        uses: azure/setup-helm@v4
+        with:
+          version: v${{ env.HELM_VERSION }}
+      - name: Setup CUE
+        uses: cue-lang/setup-cue@v1.0.1
+      - name: Setup Timoni
+        uses: stefanprodan/timoni/actions/setup@v0.25.2
+      - name: Run unit tests
+        run: make test
+      - name: Validate Helm chart
+        run: |
+          helm lint ./charts/podinfo/
+          helm template ./charts/podinfo/ | kubeconform -strict -summary -kubernetes-version ${{ env.KUBERNETES_VERSION }}
+      - name: Validate Kustomize overlay
+        run: |
+          kubectl kustomize ./kustomize/ | kubeconform -strict -summary -kubernetes-version ${{ env.KUBERNETES_VERSION }}
+      - name: Verify CUE formatting
+        working-directory: ./timoni/podinfo
+        run: |
+          cue fmt ./...
+          status=$(git status . --porcelain)
+          [[ -z "$status" ]] || {
+            echo "CUE files are not correctly formatted"
+            echo "$status"
+            git diff
+            exit 1
+          }
+      - name: Validate Timoni module
+        working-directory: ./timoni/podinfo
+        run: |
+          timoni mod lint . 
+          timoni build podinfo . -f test_values.cue | kubeconform -strict -summary -skip=ServiceMonitor -kubernetes-version ${{ env.KUBERNETES_VERSION }}
+      - name: Check if working tree is dirty
+        run: |
+          if [[ $(git diff --stat) != '' ]]; then
+            echo 'run make test and commit changes'
+            exit 1
+          fi
--- a/.gitignore
+++ b/.gitignore
@@ -10,8 +10,19 @@
 # Output of the go coverage tool, specifically when used with LiteIDE
 *.out

+.DS_Store
+
 # Project-local glide cache, RE: https://github.com/Masterminds/glide/issues/736
 .glide/
 .idea/
 release/
 build/
+gcloud/
+dist/
+bin/
+cue/cue.mod/gen/
+cue/go.mod
+cue/go.sum
+
+.notation/podinfo.csr
+.notation/podinfo.key
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -0,0 +1,35 @@
+version: 2
+
+# xref: https://goreleaser.com/customization/project/
+project_name: podinfo
+
+# xref: https://goreleaser.com/customization/hooks/
+before:
+  hooks:
+    - go mod download
+
+# xref: https://goreleaser.com/customization/env/
+env:
+  - CGO_ENABLED=0
+
+# xref: https://goreleaser.com/customization/build/
+builds:
+  - main: ./cmd/podcli
+    binary: podcli
+    ldflags: -s -w -X github.com/stefanprodan/podinfo/pkg/version.REVISION={{.Commit}}
+    goos:
+      - windows
+      - darwin
+      - linux
+    goarch:
+      - amd64
+
+# xref: https://goreleaser.com/customization/archive/
+archives:
+  - name_template: "{{ .Binary }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
+    files:
+      - LICENSE
+
+# xref: https://goreleaser.com/customization/changelog/
+changelog:
+  use: github-native
--- a/.notation/README.md
+++ b/.notation/README.md
@@ -0,0 +1,15 @@
+# Podinfo signed releases
+
+Podinfo release assets such as the Helm chart and the Flux artifact
+are published to GitHub Container Registry and are signed with
+[Notation](https://github.com/notaryproject/notation).
+
+## Generate signing keys
+
+Generate a new signing key pair:
+
+```sh
+openssl genrsa -out podinfo.key 2048
+openssl req -new -key podinfo.key -out podinfo.csr -config codesign.cnf
+openssl x509 -req -days 1826 -in podinfo.csr -signkey podinfo.key -out notation.crt -extensions v3_req -extfile codesign.cnf
+```
--- a/.notation/codesign.cnf
+++ b/.notation/codesign.cnf
@@ -0,0 +1,18 @@
+[ req ]
+default_bits           = 2048
+default_keyfile        = privatekey.pem
+distinguished_name     = req_distinguished_name
+req_extensions         = v3_req
+prompt                 = no
+
+[ req_distinguished_name ]
+C                      = RO
+ST                     = BU
+L                      = Bucharest
+O                      = Notary
+CN                     = stefanprodan.com
+
+[ v3_req ]
+keyUsage               = critical,digitalSignature
+extendedKeyUsage       = critical,codeSigning
+#subjectKeyIdentifier  = hash
--- a/.notation/notation.crt
+++ b/.notation/notation.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbDCCAlSgAwIBAgIUP7zhmTw5XTWLcgBGkBEsErMOkz4wDQYJKoZIhvcNAQEL
+BQAwWjELMAkGA1UEBhMCUk8xCzAJBgNVBAgMAkJVMRIwEAYDVQQHDAlCdWNoYXJl
+c3QxDzANBgNVBAoMBk5vdGFyeTEZMBcGA1UEAwwQc3RlZmFucHJvZGFuLmNvbTAe
+Fw0yNDAyMjUxMDAyMzZaFw0yOTAyMjQxMDAyMzZaMFoxCzAJBgNVBAYTAlJPMQsw
+CQYDVQQIDAJCVTESMBAGA1UEBwwJQnVjaGFyZXN0MQ8wDQYDVQQKDAZOb3Rhcnkx
+GTAXBgNVBAMMEHN0ZWZhbnByb2Rhbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDtH4oPi3SyX/DGv6NdjIvmApvD9eeSgsmHdwpAly8T9D2me+fx
+Z+wRNJmq4aq/A1anX+Sg28iwHzV+1WKpsHnjYzDAJSEYP2S8A5H1nGRKUoibdijw
+C3QBh5C75rjF/tmZVSX/Vgbf3HJJEsF4WUxWabLxoV2QLo7UlEsQd9+bSeKNMncx
+1+E6FdbRCrYo90iobvZJ8K/S2zCWq/JTeHfTnmSEDhx6nMJcaSjvMPn3zyauWcQw
+dDpkcaGiJ64fEJRT2OFxXv9u+vDmIMKzo/Wjbd+IzFj6YY4VisK88aU7tmDelnk5
+gQB9eu62PFoaVsYJp4VOhblFKvGJpQwbWB9BAgMBAAGjKjAoMA4GA1UdDwEB/wQE
+AwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAQEA
+6x+C6hAIbLwMvkNx4K5p7Qe/pLQR0VwQFAw10yr/5KSN+YKFpon6pQ0TebL7qll+
+uBGZvtQhN6v+DlnVqB7lvJKd+89isgirkkews5KwuXg7Gv5UPIugH0dXISZU8DMJ
+7J4oKREv5HzdFmfsUfNlQcfyVTjKL6UINXfKGdqNNxXxR9b4a1TY2JcmEhzBTHaq
+ZqX6HK784a0dB7aHgeFrFwPCCP4M684Hs7CFbk3jo2Ef4ljnB5AyWpe8pwCLMdRt
+UjSjL5xJWVQvRU+STQsPr6SvpokPCG4rLQyjgeYYk4CCj5piSxbSUZFavq8v1y7Y
+m91USVqfeUX7ZzjDxPHE2A==
+-----END CERTIFICATE-----
--- a/.notation/signingkeys.json
+++ b/.notation/signingkeys.json
@@ -0,0 +1,10 @@
+{
+    "default": "stefanprodan.com",
+    "keys": [
+        {
+            "name": "stefanprodan.com",
+            "keyPath": "/home/runner/.config/notation/localkeys/notation.key",
+            "certPath": "/home/runner/.config/notation/localkeys/notation.crt"
+        }
+    ]
+}
--- a/.notation/trustpolicy.json
+++ b/.notation/trustpolicy.json
@@ -0,0 +1,19 @@
+{
+    "version": "1.0",
+    "trustPolicies": [
+        {
+            "name": "stefanprodan.com",
+            "registryScopes": [
+                "ghcr.io/stefanprodan/podinfo-deploy",
+                "ghcr.io/stefanprodan/charts/podinfo"
+            ],
+            "signatureVerification": {
+                "level" : "strict"
+            },
+            "trustStores": [ "ca:stefanprodan.com" ],
+            "trustedIdentities": [
+                "x509.subject: C=RO, ST=BU, L=Bucharest, O=Notary, CN=stefanprodan.com"
+            ]
+        }
+    ]
+}
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,43 +0,0 @@
-sudo: required
-language: go
-
-go:
-  - 1.9.x
-
-services:
-  - docker
-
-addons:
-  apt:
-    packages:
-      - docker-ce
-
-before_install:
-  - make dep
-#  - curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl"
-#  - mkdir -p .bin; mv ./kubectl .bin/kubectl && chmod +x .bin/kubectl
-#  - export PATH="$TRAVIS_BUILD_DIR/.bin:$PATH"
-#  - wget https://cdn.rawgit.com/Mirantis/kubeadm-dind-cluster/master/fixed/dind-cluster-v1.8.sh && chmod +x dind-cluster-v1.8.sh && ./dind-cluster-v1.8.sh up
-#  - export PATH="$HOME/.kubeadm-dind-cluster:$PATH"
-
-script:
-  - make test
-  - make build docker-build
-#  - kubectl get nodes
-#  - kubectl run podinfo --image=podinfo:latest --port=9898
-#  - sleep 5
-#  - kubectl get pods
-
-after_success:
-  - if [ -z "$DOCKER_USER" ]; then
-      echo "PR build, skipping Docker Hub push";
-    else
-      docker login -u $DOCKER_USER -p $DOCKER_PASS;
-      make docker-push;
-    fi
-  - if [ -z "$QUAY_USER" ]; then
-      echo "PR build, skipping Quay push";
-    else
-      docker login -u $QUAY_USER -p $QUAY_PASS quay.io;
-      make quay-push;
-    fi
--- a/37
+++ b/37
@@ -1,14 +1,41 @@
-FROM alpine:3.7
+FROM golang:1.25-alpine AS builder
+
+ARG REVISION
+
+RUN mkdir -p /podinfo/
+
+WORKDIR /podinfo
+
+COPY . .
+
+RUN go mod download
+
+RUN CGO_ENABLED=0 go build -ldflags "-s -w \
+    -X github.com/stefanprodan/podinfo/pkg/version.REVISION=${REVISION}" \
+    -a -o bin/podinfo cmd/podinfo/*
+
+RUN CGO_ENABLED=0 go build -ldflags "-s -w \
+    -X github.com/stefanprodan/podinfo/pkg/version.REVISION=${REVISION}" \
+    -a -o bin/podcli cmd/podcli/*
+
+FROM alpine:3.23
+
+ARG BUILD_DATE
+ARG VERSION
+ARG REVISION
+
+LABEL maintainer="stefanprodan"

 RUN addgroup -S app \
-    && adduser -S -g app app \
+    && adduser -S -G app app \
    && apk --no-cache add \
-    curl openssl netcat-openbsd
+    ca-certificates curl netcat-openbsd

 WORKDIR /home/app

-ADD podinfo .
-
+COPY --from=builder /podinfo/bin/podinfo .
+COPY --from=builder /podinfo/bin/podcli /usr/local/bin/podcli
+COPY ./ui ./ui
 RUN chown -R app:app ./

 USER app
--- a/Dockerfile.base
+++ b/Dockerfile.base
@@ -0,0 +1,10 @@
+FROM golang:1.25
+
+WORKDIR /workspace
+
+# copy modules manifests
+COPY go.mod go.mod
+COPY go.sum go.sum
+
+# cache modules
+RUN go mod download
--- a/Dockerfile.build
+++ b/Dockerfile.build
@@ -1,5 +0,0 @@
-FROM alpine:3.7
-
-ADD podinfo /podinfo
-
-CMD ["./podinfo"]
--- a/Dockerfile.ci
+++ b/Dockerfile.ci
@@ -1,32 +0,0 @@
-FROM golang:1.9 as builder
-
-RUN mkdir -p /go/src/github.com/stefanprodan/k8s-podinfo/
-
-WORKDIR /go/src/github.com/stefanprodan/k8s-podinfo
-
-COPY . .
-
-RUN go test $(go list ./... | grep -v integration | grep -v /vendor/ | grep -v /template/) -cover
-
-RUN gofmt -l -d $(find . -type f -name '*.go' -not -path "./vendor/*") && \
-  GIT_COMMIT=$(git rev-list -1 HEAD) && \
-  CGO_ENABLED=0 GOOS=linux go build -ldflags "-s -w \
-  -X github.com/stefanprodan/k8s-podinfo/pkg/version.GITCOMMIT=${GIT_COMMIT}" \
-  -a -installsuffix cgo -o podinfo ./cmd/podinfo
-
-FROM alpine:3.7
-
-RUN addgroup -S app \
-    && adduser -S -g app app \
-    && apk --no-cache add \
-    curl openssl netcat-openbsd
-
-WORKDIR /home/app
-
-COPY --from=builder /go/src/github.com/stefanprodan/k8s-podinfo/podinfo .
-
-RUN chown -R app:app ./
-
-USER app
-
-CMD ["./podinfo"]
--- a/Dockerfile.xx
+++ b/Dockerfile.xx
@@ -0,0 +1,53 @@
+ARG GO_VERSION=1.25
+ARG XX_VERSION=1.9.0
+
+FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
+
+FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine as builder
+
+# Copy the build utilities.
+COPY --from=xx / /
+
+ARG TARGETPLATFORM
+ARG REVISION
+
+RUN mkdir -p /podinfo/
+
+WORKDIR /podinfo
+
+COPY . .
+
+RUN go mod download
+
+ENV CGO_ENABLED=0
+RUN xx-go build -ldflags "-s -w \
+    -X github.com/stefanprodan/podinfo/pkg/version.REVISION=${REVISION}" \
+    -a -o bin/podinfo cmd/podinfo/*
+
+RUN xx-go build -ldflags "-s -w \
+    -X github.com/stefanprodan/podinfo/pkg/version.REVISION=${REVISION}" \
+    -a -o bin/podcli cmd/podcli/*
+
+FROM alpine:3.23
+
+ARG BUILD_DATE
+ARG VERSION
+ARG REVISION
+
+LABEL maintainer="stefanprodan"
+
+RUN addgroup -S app \
+    && adduser -S -G app app \
+    && apk --no-cache add \
+    ca-certificates curl netcat-openbsd
+
+WORKDIR /home/app
+
+COPY --from=builder /podinfo/bin/podinfo .
+COPY --from=builder /podinfo/bin/podcli /usr/local/bin/podcli
+COPY ./ui ./ui
+RUN chown -R app:app ./
+
+USER app
+
+CMD ["./podinfo"]
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -1,85 +0,0 @@
-# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
-
-
-[[projects]]
-  branch = "master"
-  name = "github.com/beorn7/perks"
-  packages = ["quantile"]
-  revision = "4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9"
-
-[[projects]]
-  name = "github.com/golang/protobuf"
-  packages = ["proto"]
-  revision = "925541529c1fa6821df4e44ce2723319eb2be768"
-  version = "v1.0.0"
-
-[[projects]]
-  name = "github.com/matttproud/golang_protobuf_extensions"
-  packages = ["pbutil"]
-  revision = "3247c84500bff8d9fb6d579d800f20b3e091582c"
-  version = "v1.0.0"
-
-[[projects]]
-  name = "github.com/pkg/errors"
-  packages = ["."]
-  revision = "645ef00459ed84a119197bfb8d8205042c6df63d"
-  version = "v0.8.0"
-
-[[projects]]
-  name = "github.com/prometheus/client_golang"
-  packages = [
-    "prometheus",
-    "prometheus/promhttp"
-  ]
-  revision = "c5b7fccd204277076155f10851dad72b76a49317"
-  version = "v0.8.0"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/prometheus/client_model"
-  packages = ["go"]
-  revision = "99fa1f4be8e564e8a6b613da7fa6f46c9edafc6c"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/prometheus/common"
-  packages = [
-    "expfmt",
-    "internal/bitbucket.org/ww/goautoneg",
-    "model"
-  ]
-  revision = "e4aa40a9169a88835b849a6efb71e05dc04b88f0"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/prometheus/procfs"
-  packages = [
-    ".",
-    "internal/util",
-    "nfs",
-    "xfs"
-  ]
-  revision = "54d17b57dd7d4a3aa092476596b3f8a933bde349"
-
-[[projects]]
-  name = "github.com/rs/zerolog"
-  packages = [
-    ".",
-    "internal/json",
-    "log"
-  ]
-  revision = "56a970de510213e50dbaa39ad73ac07c9ec75606"
-  version = "v1.5.0"
-
-[[projects]]
-  name = "gopkg.in/yaml.v2"
-  packages = ["."]
-  revision = "7f97868eec74b32b0982dd158a51a446d1da7eb5"
-  version = "v2.1.1"
-
-[solve-meta]
-  analyzer-name = "dep"
-  analyzer-version = 1
-  inputs-digest = "4f1e9200a330a22000fc47075b59e68e57c94bcb3d9f444f3ce85cab77e07fde"
-  solver-name = "gps-cdcl"
-  solver-version = 1
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -1,20 +0,0 @@
-
-[[constraint]]
-  name = "github.com/pkg/errors"
-  version = "0.8.0"
-
-[[constraint]]
-  name = "github.com/prometheus/client_golang"
-  version = "0.8.0"
-
-[[constraint]]
-  name = "github.com/rs/zerolog"
-  version = "1.5.0"
-
-[[constraint]]
-  name = "gopkg.in/yaml.v2"
-  version = "2.1.1"
-
-[prune]
-  go-tests = true
-  unused-packages = true
--- a/214
+++ b/214
@@ -1,21 +1,201 @@
-MIT License
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/

-Copyright (c) 2018 Stefan Prodan
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION

-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+   1. Definitions.

-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.

-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2018 Stefan Prodan. All rights reserved.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
--- a/193
+++ b/193
@@ -1,113 +1,104 @@
-# Makefile for releasing Alpine multi-arch Docker images
+# Makefile for releasing podinfo
 #
 # The release version is controlled from pkg/version

-EMPTY:=
-SPACE:=$(EMPTY) $(EMPTY)
-COMMA:=$(EMPTY),$(EMPTY)
+TAG?=latest
 NAME:=podinfo
 DOCKER_REPOSITORY:=stefanprodan
 DOCKER_IMAGE_NAME:=$(DOCKER_REPOSITORY)/$(NAME)
-GITREPO:=github.com/stefanprodan/k8s-podinfo
-GITCOMMIT:=$(shell git describe --dirty --always)
+GIT_COMMIT:=$(shell git describe --dirty --always)
 VERSION:=$(shell grep 'VERSION' pkg/version/version.go | awk '{ print $$4 }' | tr -d '"')
-LINUX_ARCH:=arm arm64 ppc64le s390x amd64
-PLATFORMS:=$(subst $(SPACE),$(COMMA),$(foreach arch,$(LINUX_ARCH),linux/$(arch)))
+EXTRA_RUN_ARGS?=

-.PHONY: build
-build:
-	@echo Cleaning old builds
-	@rm -rf build && mkdir build
-	@echo Building: linux/$(LINUX_ARCH)  $(VERSION) ;\
-	for arch in $(LINUX_ARCH); do \
-	    mkdir -p build/linux/$$arch && CGO_ENABLED=0 GOOS=linux GOARCH=$$arch go build -ldflags="-s -w -X $(GITREPO)/pkg/version.GITCOMMIT=$(GITCOMMIT)" -o build/linux/$$arch/$(NAME) ./cmd/$(NAME) ;\
-	done
-
-.PHONY: tar
-tar: build
-	@echo Cleaning old releases
-	@rm -rf release && mkdir release
-	for arch in $(LINUX_ARCH); do \
-	    tar -zcf release/$(NAME)_$(VERSION)_linux_$$arch.tgz -C build/linux/$$arch $(NAME) ;\
-	done
-
-.PHONY: docker-build
-docker-build: tar
-	# Steps:
-	# 1. Copy appropriate podinfo binary to build/docker/linux/<arch>
-	# 2. Copy Dockerfile to build/docker/linux/<arch>
-	# 3. Replace base image from alpine:latest to <arch>/alpine:latest
-	# 4. Comment RUN in Dockerfile
-	# <arch>:
-	# arm: arm32v6
-	# arm64: arm64v8
-	rm -rf build/docker
-	@for arch in $(LINUX_ARCH); do \
-	    mkdir -p build/docker/linux/$$arch ;\
-	    tar -xzf release/$(NAME)_$(VERSION)_linux_$$arch.tgz -C build/docker/linux/$$arch ;\
-	    if [ $$arch == amd64 ]; then \
-		cp Dockerfile build/docker/linux/$$arch ;\
-		cp Dockerfile build/docker/linux/$$arch/Dockerfile.in ;\
-	    else \
-		cp Dockerfile.build build/docker/linux/$$arch/Dockerfile ;\
-		cp Dockerfile.build build/docker/linux/$$arch/Dockerfile.in ;\
-	    case $$arch in \
-	        arm) \
-	            BASEIMAGE=arm32v6 ;\
-	            ;; \
-	        arm64) \
-	            BASEIMAGE=arm64v8 ;\
-	            ;; \
-	        *) \
-	            BASEIMAGE=$$arch ;\
-	            ;; \
-	        esac ;\
-	        sed -e "s/alpine:latest/$$BASEIMAGE\\/alpine:latest/" -e "s/^\\s*RUN/#RUN/" build/docker/linux/$$arch/Dockerfile.in > build/docker/linux/$$arch/Dockerfile ;\
-	    fi ;\
-	    docker build -t $(NAME) build/docker/linux/$$arch ;\
-	    docker tag $(NAME) $(DOCKER_IMAGE_NAME):$(NAME)-$$arch ;\
-	done
-
-.PHONY: docker-push
-docker-push:
-	@echo Pushing: $(VERSION) to $(DOCKER_IMAGE_NAME)
-	for arch in $(LINUX_ARCH); do \
-	    docker push $(DOCKER_IMAGE_NAME):$(NAME)-$$arch ;\
-	done
-	manifest-tool push from-args --platforms $(PLATFORMS) --template $(DOCKER_IMAGE_NAME):podinfo-ARCH --target $(DOCKER_IMAGE_NAME):$(VERSION)
-	manifest-tool push from-args --platforms $(PLATFORMS) --template $(DOCKER_IMAGE_NAME):podinfo-ARCH --target $(DOCKER_IMAGE_NAME):latest
-
-.PHONY: quay-push
-quay-push:
-	@echo Pushing: $(VERSION) to quay.io/$(DOCKER_IMAGE_NAME):$(VERSION)
-	@cd build/docker/linux/amd64/ ; docker build -t quay.io/$(DOCKER_IMAGE_NAME):$(VERSION) . ; docker push quay.io/$(DOCKER_IMAGE_NAME):$(VERSION)
-
-.PHONY: clean
-clean:
-	rm -rf release
-	rm -rf build
-
-.PHONY: gcr-build
-gcr-build:
-	docker build -t gcr.io/$(DOCKER_IMAGE_NAME):$(VERSION) -f Dockerfile.ci .
+run:
+	go run -ldflags "-s -w -X github.com/stefanprodan/podinfo/pkg/version.REVISION=$(GIT_COMMIT)" cmd/podinfo/* \
+	--level=debug --grpc-port=9999 --backend-url=https://httpbin.org/status/401 --backend-url=https://httpbin.org/status/500 \
+	--ui-logo=https://raw.githubusercontent.com/stefanprodan/podinfo/gh-pages/cuddle_clap.gif $(EXTRA_RUN_ARGS)

 .PHONY: test
-test:
-	cd pkg/server ; go test -v -race ./...
+test: tidy fmt vet
+	go test ./... -coverprofile cover.out

-.PHONY: dep
-dep:
-	go get -u github.com/golang/dep/cmd/dep
-	go get -u github.com/estesp/manifest-tool
+build:
+	GIT_COMMIT=$$(git rev-list -1 HEAD) && CGO_ENABLED=0 go build  -ldflags "-s -w -X github.com/stefanprodan/podinfo/pkg/version.REVISION=$(GIT_COMMIT)" -a -o ./bin/podinfo ./cmd/podinfo/*
+	GIT_COMMIT=$$(git rev-list -1 HEAD) && CGO_ENABLED=0 go build  -ldflags "-s -w -X github.com/stefanprodan/podinfo/pkg/version.REVISION=$(GIT_COMMIT)" -a -o ./bin/podcli ./cmd/podcli/*

-.PHONY: charts
-charts:
-	cd charts/ && helm package podinfo/
-	mv charts/podinfo-0.1.0.tgz docs/
-	cd charts/ && helm package ambassador/
-	mv charts/ambassador-0.1.0.tgz docs/
-	cd charts/ && helm package grafana/
-	mv charts/grafana-0.1.0.tgz docs/
-	cd charts/ && helm package ngrok/
-	mv charts/ngrok-0.1.0.tgz docs/
-	helm repo index docs --url https://stefanprodan.github.io/k8s-podinfo --merge ./docs/index.yaml
+tidy:
+	rm -f go.sum; go mod tidy -compat=1.25
+
+vet:
+	go vet ./...
+
+fmt:
+	go fmt ./...
+
+build-charts:
+	helm lint charts/*
+	helm package charts/*
+
+build-container:
+	docker build -t $(DOCKER_IMAGE_NAME):$(VERSION) .
+
+build-xx:
+	docker buildx build \
+	--platform=linux/amd64 \
+	-t $(DOCKER_IMAGE_NAME):$(VERSION) \
+	--load \
+	-f Dockerfile.xx .
+
+build-base:
+	docker build -f Dockerfile.base -t $(DOCKER_REPOSITORY)/podinfo-base:latest .
+
+push-base: build-base
+	docker push $(DOCKER_REPOSITORY)/podinfo-base:latest
+
+test-container:
+	@docker rm -f podinfo || true
+	@docker run -dp 9898:9898 --name=podinfo $(DOCKER_IMAGE_NAME):$(VERSION)
+	@docker ps
+	@TOKEN=$$(curl -sd 'test' localhost:9898/token | jq -r .token) && \
+	curl -sH "Authorization: Bearer $${TOKEN}" localhost:9898/token/validate | grep test
+
+push-container:
+	docker tag $(DOCKER_IMAGE_NAME):$(VERSION) $(DOCKER_IMAGE_NAME):latest
+	docker push $(DOCKER_IMAGE_NAME):$(VERSION)
+	docker push $(DOCKER_IMAGE_NAME):latest
+	docker tag $(DOCKER_IMAGE_NAME):$(VERSION) quay.io/$(DOCKER_IMAGE_NAME):$(VERSION)
+	docker tag $(DOCKER_IMAGE_NAME):$(VERSION) quay.io/$(DOCKER_IMAGE_NAME):latest
+	docker push quay.io/$(DOCKER_IMAGE_NAME):$(VERSION)
+	docker push quay.io/$(DOCKER_IMAGE_NAME):latest
+
+version-set:
+	@next="$(TAG)" && \
+	current="$(VERSION)" && \
+	/usr/bin/sed -i '' "s/$$current/$$next/g" pkg/version/version.go && \
+	/usr/bin/sed -i '' "s/tag: $$current/tag: $$next/g" charts/podinfo/values.yaml && \
+	/usr/bin/sed -i '' "s/tag: $$current/tag: $$next/g" charts/podinfo/values-prod.yaml && \
+	/usr/bin/sed -i '' "s/appVersion: $$current/appVersion: $$next/g" charts/podinfo/Chart.yaml && \
+	/usr/bin/sed -i '' "s/version: $$current/version: $$next/g" charts/podinfo/Chart.yaml && \
+	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" kustomize/deployment.yaml && \
+	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/webapp/frontend/deployment.yaml && \
+	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/webapp/backend/deployment.yaml && \
+	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/frontend/deployment.yaml && \
+	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/backend/deployment.yaml && \
+	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/database/statefulset-primary.yaml && \
+	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/database/deployment-replica.yaml && \
+	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/database/cronjob-rollup-daily.yaml && \
+	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/database/cronjob-rollup-weekly.yaml && \
+	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/database/cronjob-backup-daily.yaml && \
+	/usr/bin/sed -i '' "s/$$current/$$next/g" timoni/podinfo/values.cue && \
+	echo "Version $$next set in code, deployment, module, chart and kustomize"
+
+release:
+	git tag -s -m $(VERSION) $(VERSION)
+	git push origin $(VERSION)
+
+swagger:
+	go install github.com/swaggo/swag/cmd/swag@latest
+	go get github.com/swaggo/swag/gen@latest
+	go get github.com/swaggo/swag/cmd/swag@latest
+	cd pkg/api/http && $$(go env GOPATH)/bin/swag init -g server.go
+
+.PHONY: timoni-build
+timoni-build:
+	@timoni build podinfo ./timoni/podinfo -f ./timoni/podinfo/debug_values.cue
--- a/README.md
+++ b/README.md
@@ -1,43 +1,212 @@
-# k8s-podinfo
+# podinfo

-Podinfo is a tiny web application made with Go 
-that showcases best practices of running microservices in Kubernetes.
+[![e2e](https://github.com/stefanprodan/podinfo/workflows/e2e/badge.svg)](https://github.com/stefanprodan/podinfo/blob/master/.github/workflows/e2e.yml)
+[![test](https://github.com/stefanprodan/podinfo/workflows/test/badge.svg)](https://github.com/stefanprodan/podinfo/blob/master/.github/workflows/test.yml)
+[![cve-scan](https://github.com/stefanprodan/podinfo/workflows/cve-scan/badge.svg)](https://github.com/stefanprodan/podinfo/blob/master/.github/workflows/cve-scan.yml)
+[![Go Report Card](https://goreportcard.com/badge/github.com/stefanprodan/podinfo)](https://goreportcard.com/report/github.com/stefanprodan/podinfo)
+[![Docker Pulls](https://img.shields.io/docker/pulls/stefanprodan/podinfo)](https://hub.docker.com/r/stefanprodan/podinfo)
+
+Podinfo is a tiny web application made with Go that showcases best practices of running microservices in Kubernetes.
+Podinfo is used by CNCF projects like [Flux](https://github.com/fluxcd/flux2) and [Flagger](https://github.com/fluxcd/flagger)
+for end-to-end testing and workshops.

 Specifications:

-* Multi-arch build and release automation (Make/TravisCI)
-* Multi-platform Docker image (amd64/arm/arm64/ppc64le/s390x)
 * Health checks (readiness and liveness)
 * Graceful shutdown on interrupt signals
-* Prometheus instrumentation (RED metrics)
-* Dependency management with golang/dep
-* Structured logging with zerolog
-* Error handling with pkg/errors
-* Helm chart
+* File watcher for secrets and configmaps
+* Instrumented with Prometheus and Open Telemetry
+* Structured logging with zap 
+* 12-factor app with viper
+* Fault injection (random errors and latency)
+* Swagger docs
+* Timoni, Helm and Kustomize installers
+* End-to-End testing with Kubernetes Kind and Helm
+* Multi-arch container image with Docker buildx and GitHub Actions
+* Container image signing with Sigstore cosign
+* SBOMs and SLSA Provenance embedded in the container image
+* CVE scanning with govulncheck

 Web API:

-* `GET /` prints runtime information, environment variables, labels and annotations
+* `GET /` prints runtime information
 * `GET /version` prints podinfo version and git commit hash 
-* `GET /metrics` http requests duration and Go runtime metrics
+* `GET /metrics` return HTTP requests duration and Go runtime metrics
 * `GET /healthz` used by Kubernetes liveness probe
 * `GET /readyz` used by Kubernetes readiness probe
 * `POST /readyz/enable` signals the Kubernetes LB that this instance is ready to receive traffic
 * `POST /readyz/disable` signals the Kubernetes LB to stop sending requests to this instance
-* `GET /error` returns code 500 and logs the error
+* `GET /status/{code}` returns the status code
 * `GET /panic` crashes the process with exit code 255
-* `POST /echo` echos the posted content, logs the SHA1 hash of the content
-* `GET /echoheaders` prints the request HTTP headers
-* `POST /job` long running job, json body: `{"wait":2}` 
-* `POST /write` writes the posted content to disk at /data/hash and returns the SHA1 hash of the content
-* `POST /read` receives a SHA1 hash and returns the content of the file /data/hash if exists
-* `POST /backend` forwards the call to the backend service on `http://backend-podinfo:9898/echo`
+* `POST /echo` forwards the call to the backend service and echos the posted content 
+* `GET /env` returns the environment variables as a JSON array
+* `GET /headers` returns a JSON with the request HTTP headers
+* `GET /delay/{seconds}` waits for the specified period
+* `POST /token` issues a JWT token valid for one minute `JWT=$(curl -sd 'anon' podinfo:9898/token | jq -r .token)`
+* `GET /token/validate` validates the JWT token `curl -H "Authorization: Bearer $JWT" podinfo:9898/token/validate`
+* `GET /configs` returns a JSON with configmaps and/or secrets mounted in the `config` volume
+* `POST/PUT /cache/{key}` saves the posted content to Redis
+* `GET /cache/{key}` returns the content from Redis if the key exists
+* `DELETE /cache/{key}` deletes the key from Redis if exists
+* `POST /store` writes the posted content to disk at /data/hash and returns the SHA1 hash of the content
+* `GET /store/{hash}` returns the content of the file /data/hash if exists
+* `GET /ws/echo` echos content via websockets `podcli ws ws://localhost:9898/ws/echo`
+* `GET /chunked/{seconds}` uses `transfer-encoding` type `chunked` to give a partial response and then waits for the specified period
+* `GET /swagger.json` returns the API Swagger docs, used for Linkerd service profiling and Gloo routes discovery
+
+gRPC API:
+
+* `/grpc.health.v1.Health/Check` health checking
+* `/grpc.EchoService/Echo` echos the received content
+* `/grpc.VersionService/Version` returns podinfo version and Git commit hash
+* `/grpc.DelayService/Delay` returns a successful response after the given seconds in the body of gRPC request
+* `/grpc.EnvService/Env` returns environment variables as a JSON array
+* `/grpc.HeaderService/Header` returns the headers present in the gRPC request. Any custom header can also be given as a part of request and that can be returned using this API
+* `/grpc.InfoService/Info` returns the runtime information
+* `/grpc.PanicService/Panic` crashes the process with gRPC status code as '1 CANCELLED'
+* `/grpc.StatusService/Status` returns the gRPC Status code given in the request body
+* `/grpc.TokenService/TokenGenerate` issues a JWT token valid for one minute
+* `/grpc.TokenService/TokenValidate` validates the JWT token
+
+Web UI:
+
+![podinfo-ui](https://raw.githubusercontent.com/stefanprodan/podinfo/gh-pages/screens/podinfo-ui-v3.png)
+
+To access the Swagger UI open `<podinfo-host>/swagger/index.html` in a browser.

 ### Guides

-* [Deploy and upgrade with Helm](docs/1-deploy.md)
-* [Horizontal Pod Auto-scaling](docs/2-autoscaling.md)
-* [Monitoring and alerting with Prometheus](docs/3-monitoring.md)
-* [StatefulSets with local persistent volumes](docs/4-statefulsets.md)
-* [Canary Deployments and A/B Testing](docs/5-canary.md)
-* [Expose Kubernetes services over HTTPS with Ngrok](docs/6-ngrok.md)
+* [Getting started with Timoni](https://timoni.sh/quickstart/)
+* [Getting started with Flux](https://fluxcd.io/flux/get-started/)
+* [Progressive Deliver with Flagger and Linkerd](https://docs.flagger.app/tutorials/linkerd-progressive-delivery)
+* [Automated canary deployments with Kubernetes Gateway API](https://docs.flagger.app/tutorials/gatewayapi-progressive-delivery)
+
+### Install
+
+To install Podinfo on Kubernetes the minimum required version is **Kubernetes v1.23**.
+
+#### Timoni
+
+Install with [Timoni](https://timoni.sh):
+
+```bash
+timoni -n default apply podinfo oci://ghcr.io/stefanprodan/modules/podinfo
+```
+
+#### Helm
+
+Install from github.io:
+
+```bash
+helm repo add podinfo https://stefanprodan.github.io/podinfo
+
+helm upgrade --install --wait frontend \
+--namespace test \
+--set replicaCount=2 \
+--set backend=http://backend-podinfo:9898/echo \
+podinfo/podinfo
+
+helm test frontend --namespace test
+
+helm upgrade --install --wait backend \
+--namespace test \
+--set redis.enabled=true \
+podinfo/podinfo
+```
+
+Install from ghcr.io:
+
+```bash
+helm upgrade --install --wait podinfo --namespace default \
+oci://ghcr.io/stefanprodan/charts/podinfo
+```
+
+#### Kustomize
+
+```bash
+kubectl apply -k github.com/stefanprodan/podinfo//kustomize
+```
+
+#### Docker
+
+```bash
+docker run -dp 9898:9898 stefanprodan/podinfo
+```
+
+### Continuous Delivery
+
+In order to install podinfo on a Kubernetes cluster and keep it up to date with the latest
+release in an automated manner, you can use [Flux](https://fluxcd.io).
+
+Install the Flux CLI on MacOS and Linux using Homebrew:
+
+```sh
+brew install fluxcd/tap/flux
+```
+
+Install the Flux controllers needed for Helm operations:
+
+```sh
+flux install \
+--namespace=flux-system \
+--network-policy=false \
+--components=source-controller,helm-controller
+```
+
+Add podinfo's Helm repository to your cluster and
+configure Flux to check for new chart releases every ten minutes:
+
+```sh
+flux create source helm podinfo \
+--namespace=default \
+--url=https://stefanprodan.github.io/podinfo \
+--interval=10m
+```
+
+Create a `podinfo-values.yaml` file locally:
+
+```sh
+cat > podinfo-values.yaml <<EOL
+replicaCount: 2
+resources:
+  limits:
+    memory: 256Mi
+  requests:
+    cpu: 100m
+    memory: 64Mi
+EOL
+```
+
+Create a Helm release for deploying podinfo in the default namespace:
+
+```sh
+flux create helmrelease podinfo \
+--namespace=default \
+--source=HelmRepository/podinfo \
+--release-name=podinfo \
+--chart=podinfo \
+--chart-version=">5.0.0" \
+--values=podinfo-values.yaml
+```
+
+Based on the above definition, Flux will upgrade the release automatically
+when a new version of podinfo is released. If the upgrade fails, Flux
+can [rollback](https://toolkit.fluxcd.io/components/helm/helmreleases/#configuring-failure-remediation)
+to the previous working version.
+
+You can check what version is currently deployed with:
+
+```sh
+flux get helmreleases -n default
+```
+
+To delete podinfo's Helm repository and release from your cluster run:
+
+```sh
+flux -n default delete source helm podinfo
+flux -n default delete helmrelease podinfo
+```
+
+If you wish to manage the lifecycle of your applications in a **GitOps** manner, check out
+this [workflow example](https://github.com/fluxcd/flux2-kustomize-helm-example)
+for multi-env deployments with Flux, Kustomize and Helm.
--- a/charts/ambassador/.helmignore
+++ b/charts/ambassador/.helmignore
@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
--- a/charts/ambassador/Chart.yaml
+++ b/charts/ambassador/Chart.yaml
@@ -1,11 +0,0 @@
-apiVersion: v1
-appVersion: "0.29.0"
-description: A Helm chart for Datawire Ambassador
-name: ambassador
-version: 0.1.0
-sources:
- https://github.com/datawire/ambassador
-maintainers:
-  - name: stefanprodan
-    email: stefanprodan@users.noreply.github.com
-engine: gotpl
--- a/charts/ambassador/README.md
+++ b/charts/ambassador/README.md
@@ -1,63 +0,0 @@
-# Ambassador
-
-Ambassador is an open source, Kubernetes-native [microservices API gateway](https://www.getambassador.io/about/microservices-api-gateways) built on the [Envoy Proxy](https://www.envoyproxy.io/). 
-
-## TL;DR;
-
-```console
-$ helm install stable/ambassador
-```
-
-## Introduction
-
-This chart bootstraps an [Ambassador](https://www.getambassador.io) deployment on 
-a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
-
-## Prerequisites
-
- Kubernetes 1.7+
-
-## Installing the Chart
-
-To install the chart with the release name `my-release`:
-
-```console
-$ helm install --name my-release stable/ambassador
-```
-
-The command deploys Ambassador API gateway on the Kubernetes cluster in the default configuration. 
-The [configuration](#configuration) section lists the parameters that can be configured during installation.
-
-## Uninstalling the Chart
-
-To uninstall/delete the `my-release` deployment:
-
-```console
-$ helm delete --purge my-release
-```
-
-The command removes all the Kubernetes components associated with the chart and deletes the release.
-
-## Configuration
-
-The following tables lists the configurable parameters of the Ambassador chart and their default values.
-
-| Parameter                       | Description                                | Default                                                    |
-| ------------------------------- | ------------------------------------------ | ---------------------------------------------------------- |
-| `image` | Image | `quay.io/datawire/ambassador` 
-| `imageTag` | Image tag | `0.29.0` 
-| `imagePullPolicy` | Image pull policy | `IfNotPresent` 
-| `replicaCount`  | Number of Ambassador replicas  | `1` 
-| `resources` | CPU/memory resource requests/limits | None 
-| `rbac.create` | If `true`, create and use RBAC resources | `true`
-| `serviceAccount.create` | If `true`, create a new service account | `true`
-| `serviceAccount.name` | Service account to be used | `ambassador`
-| `service.type` | Service type to be used | `LoadBalancer`
-| `adminService.create` | If `true`, create a service for Ambassador's admin UI | `true`
-| `adminService.type` | Ambassador's admin service type to be used | `ClusterIP`
-| `exporter.image` | Prometheus exporter image | `datawire/prom-statsd-exporter:0.6.0`
-| `timing.restart` | The minimum number of seconds between Envoy restarts | `15`
-| `timing.drain` | The number of seconds that the Envoy will wait for open connections to drain on a restart | `5`
-| `timing.shutdown` | The number of seconds that Ambassador will wait for the old Envoy to clean up and exit on a restart | `10`
-
-
--- a/charts/ambassador/templates/NOTES.txt
+++ b/charts/ambassador/templates/NOTES.txt
@@ -1,15 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "ambassador.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ template "ambassador.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "ambassador.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "ambassador.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:80
-{{- end }}
--- a/charts/ambassador/templates/_helpers.tpl
+++ b/charts/ambassador/templates/_helpers.tpl
@@ -1,43 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "ambassador.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "ambassador.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "ambassador.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "ambassador.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create -}}
-    {{ default (include "ambassador.fullname" .) .Values.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
--- a/charts/ambassador/templates/admin-service.yaml
+++ b/charts/ambassador/templates/admin-service.yaml
@@ -1,21 +0,0 @@
-{{- if .Values.adminService.create -}}
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "ambassador.fullname" . }}-admin
-  labels:
-    app: {{ template "ambassador.name" . }}
-    chart: {{ template "ambassador.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  type: {{ .Values.adminService.type }}
-  ports:
-    - port: 8877
-      targetPort: admin
-      protocol: TCP
-      name: admin
-  selector:
-    app: {{ template "ambassador.name" . }}
-    release: {{ .Release.Name }}
-{{- end -}}
--- a/charts/ambassador/templates/deployment.yaml
+++ b/charts/ambassador/templates/deployment.yaml
@@ -1,78 +0,0 @@
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  name: {{ template "ambassador.fullname" . }}
-  labels:
-    app: {{ template "ambassador.name" . }}
-    chart: {{ template "ambassador.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      app: {{ template "ambassador.name" . }}
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ template "ambassador.name" . }}
-        release: {{ .Release.Name }}
-      annotations:
-        prometheus.io/scrape: "true"
-        prometheus.io/port: "9102"
-    spec:
-      serviceAccountName: {{ template "ambassador.serviceAccountName" . }}
-      containers:
-        - name: statsd-sink
-          image: "{{ .Values.exporter.image }}"
-          ports:
-          - name: metrics
-            containerPort: 9102
-        - name: ambassador
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          ports:
-            - name: http
-              containerPort: 80
-            - name: https
-              containerPort: 443
-            - name: admin
-              containerPort: 8877
-          env:
-          - name: AMBASSADOR_NAMESPACE
-            valueFrom:
-              fieldRef:
-                fieldPath: metadata.namespace
-          - name: AMBASSADOR_RESTART_TIME
-            value: {{ .Values.timing.restart | quote }}
-          - name: AMBASSADOR_DRAIN_TIME
-            value: {{ .Values.timing.drain | quote }}
-          - name: AMBASSADOR_SHUTDOWN_TIME
-            value: {{ .Values.timing.shutdown | quote }}
-          livenessProbe:
-            httpGet:
-              path: /ambassador/v0/check_alive
-              port: admin
-            initialDelaySeconds: 30
-            periodSeconds: 3
-          readinessProbe:
-            httpGet:
-              path: /ambassador/v0/check_ready
-              port: admin
-            initialDelaySeconds: 30
-            periodSeconds: 3
-          resources:
-{{ toYaml .Values.resources | indent 12 }}
-    {{- with .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.affinity }}
-      affinity:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.tolerations }}
-      tolerations:
-{{ toYaml . | indent 8 }}
-    {{- end }}
--- a/charts/ambassador/templates/rbac.yaml
+++ b/charts/ambassador/templates/rbac.yaml
@@ -1,42 +0,0 @@
-{{- if .Values.rbac.create -}}
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRole
-metadata:
-  name: {{ template "ambassador.fullname" . }}
-  labels:
-    app: {{ template "ambassador.name" . }}
-    chart: {{ template "ambassador.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-rules:
-  - apiGroups: [""]
-    resources:
-    - services
-    verbs: ["get", "list", "watch"]
-  - apiGroups: [""]
-    resources:
-    - configmaps
-    verbs: ["create", "update", "patch", "get", "list", "watch"]
-  - apiGroups: [""]
-    resources:
-    - secrets
-    verbs: ["get", "list", "watch"]
---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: ClusterRoleBinding
-metadata:
-  name: {{ template "ambassador.fullname" . }}
-  labels:
-    app: {{ template "ambassador.name" . }}
-    chart: {{ template "ambassador.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: {{ template "ambassador.fullname" . }}
-subjects:
-  - name: {{ template "ambassador.serviceAccountName" . }}
-    namespace: {{ .Release.Namespace | quote }}
-    kind: ServiceAccount
-{{- end -}}
--- a/charts/ambassador/templates/service.yaml
+++ b/charts/ambassador/templates/service.yaml
@@ -1,23 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "ambassador.fullname" . }}
-  labels:
-    app: {{ template "ambassador.name" . }}
-    chart: {{ template "ambassador.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-    - port: 443
-      targetPort: https
-      protocol: TCP
-      name: https
-  selector:
-    app: {{ template "ambassador.name" . }}
-    release: {{ .Release.Name }}
--- a/charts/ambassador/templates/serviceaccount.yaml
+++ b/charts/ambassador/templates/serviceaccount.yaml
@@ -1,11 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ template "ambassador.serviceAccountName" . }}
-  labels:
-    app: {{ template "ambassador.name" . }}
-    chart: {{ template "ambassador.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-{{- end -}}
--- a/charts/ambassador/values.yaml
+++ b/charts/ambassador/values.yaml
@@ -1,56 +0,0 @@
-# Default values for ambassador.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-replicaCount: 1
-
-image:
-  repository: quay.io/datawire/ambassador
-  tag: 0.29.0
-  pullPolicy: IfNotPresent
-
-service:
-  type: LoadBalancer
-  port: 80
-
-adminService:
-  create: true
-  type: ClusterIP
-
-rbac:
-  # Specifies whether RBAC resources should be created
-  create: true
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name:
-
-resources: {}
-  # If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #  cpu: 100m
-  #  memory: 128Mi
-  # requests:
-  #  cpu: 100m
-  #  memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-exporter:
-  image: datawire/prom-statsd-exporter:0.6.0
-
-timing:
-  # sets the minimum number of seconds between Envoy restarts
-  restart: 15
-  # sets the number of seconds that the Envoy will wait for open connections to drain on a restart
-  drain: 5
-  # sets the number of seconds that Ambassador will wait for the old Envoy to clean up and exit on a restart
-  shutdown: 10
--- a/charts/grafana/.helmignore
+++ b/charts/grafana/.helmignore
@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
--- a/charts/grafana/Chart.yaml
+++ b/charts/grafana/Chart.yaml
@@ -1,5 +0,0 @@
-apiVersion: v1
-appVersion: "1.0"
-description: A Helm chart for Kubernetes
-name: grafana
-version: 0.1.0
--- a/charts/grafana/README.md
+++ b/charts/grafana/README.md
@@ -1,65 +0,0 @@
-# Weave Cloud Grafana
-
-Grafana v5 with Kubernetes dashboards and Prometheus and Weave Cloud data sources.
-
-## Installing the Chart
-
-To install the chart with the release name `my-release`:
-
-```console
-$ helm install stable/grafana --name my-release \
-    --set service.type=NodePort \
-    --set token=WEAVE-TOKEN \
-    --set password=admin
-```
-
-The command deploys Grafana on the Kubernetes cluster in the default namespace.
-The [configuration](#configuration) section lists the parameters that can be configured during installation.
-
-## Uninstalling the Chart
-
-To uninstall/delete the `my-release` deployment:
-
-```console
-$ helm delete --purge my-release
-```
-
-The command removes all the Kubernetes components associated with the chart and deletes the release.
-
-## Configuration
-
-The following tables lists the configurable parameters of the Grafana chart and their default values.
-
-Parameter | Description | Default
--- | --- | ---
-`image.repository` | Image repository | `grafana/grafana`
-`image.pullPolicy` | Image pull policy | `IfNotPresent`
-`image.tag` | Image tag | `5.0.1`
-`replicaCount` | desired number of pods | `1`
-`resources` | pod resources | `none`
-`tolerations` | List of node taints to tolerate | `[]`
-`affinity` | node/pod affinities | `node`
-`nodeSelector` | node labels for pod assignment | `{}`
-`service.type` | type of service | `LoadBalancer`
-`url` | Prometheus URL, used when Weave token is empty | `http://prometheus:9090`
-`token` | Weave Cloud token | `none`
-`user` | Grafana admin username | `admin`
-`password` | Grafana admin password | `none`
-
-Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
-
-```console
-$ helm install stable/grafana --name my-release \
-  --set=token=WEAVE-TOKEN \
-  --set password=admin
-```
-
-Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
-
-```console
-$ helm install stable/grafana --name my-release -f values.yaml
-```
-
-> **Tip**: You can use the default [values.yaml](values.yaml)
-```
-
--- a/charts/grafana/dashboards/ambassador.json
+++ b/charts/grafana/dashboards/ambassador.json
--- a/charts/grafana/dashboards/control-plane.json
+++ b/charts/grafana/dashboards/control-plane.json
--- a/charts/grafana/dashboards/deployments.json
+++ b/charts/grafana/dashboards/deployments.json
@@ -1,817 +0,0 @@
-{
-  "annotations": {
-    "list": [
-      {
-        "$$hashKey": "object:246",
-        "builtIn": 1,
-        "datasource": "-- Grafana --",
-        "enable": true,
-        "hide": true,
-        "iconColor": "rgba(0, 211, 255, 1)",
-        "name": "Annotations & Alerts",
-        "type": "dashboard"
-      }
-    ]
-  },
-  "editable": true,
-  "gnetId": null,
-  "graphTooltip": 1,
-  "id": null,
-  "iteration": 1521457664773,
-  "links": [],
-  "panels": [
-    {
-      "cacheTimeout": null,
-      "colorBackground": false,
-      "colorValue": false,
-      "colors": [
-        "rgba(245, 54, 54, 0.9)",
-        "rgba(237, 129, 40, 0.89)",
-        "rgba(50, 172, 45, 0.97)"
-      ],
-      "datasource": "prometheus",
-      "editable": true,
-      "error": false,
-      "format": "none",
-      "gauge": {
-        "maxValue": 100,
-        "minValue": 0,
-        "show": false,
-        "thresholdLabels": false,
-        "thresholdMarkers": true
-      },
-      "gridPos": {
-        "h": 4,
-        "w": 8,
-        "x": 0,
-        "y": 0
-      },
-      "id": 8,
-      "interval": null,
-      "links": [],
-      "mappingType": 1,
-      "mappingTypes": [
-        {
-          "name": "value to text",
-          "value": 1
-        },
-        {
-          "name": "range to text",
-          "value": 2
-        }
-      ],
-      "maxDataPoints": 100,
-      "nullPointMode": "connected",
-      "nullText": null,
-      "postfix": "cores",
-      "postfixFontSize": "50%",
-      "prefix": "",
-      "prefixFontSize": "50%",
-      "rangeMaps": [
-        {
-          "from": "null",
-          "text": "N/A",
-          "to": "null"
-        }
-      ],
-      "sparkline": {
-        "fillColor": "rgba(31, 118, 189, 0.18)",
-        "full": false,
-        "lineColor": "rgb(31, 120, 193)",
-        "show": true
-      },
-      "tableColumn": "",
-      "targets": [
-        {
-          "expr": "sum(rate(container_cpu_usage_seconds_total{namespace=\"$deployment_namespace\",pod_name=~\"$deployment_name.*\"}[3m])) ",
-          "format": "time_series",
-          "intervalFactor": 2,
-          "refId": "A",
-          "step": 600
-        }
-      ],
-      "thresholds": "",
-      "title": "CPU",
-      "type": "singlestat",
-      "valueFontSize": "110%",
-      "valueMaps": [
-        {
-          "op": "=",
-          "text": "N/A",
-          "value": "null"
-        }
-      ],
-      "valueName": "avg"
-    },
-    {
-      "cacheTimeout": null,
-      "colorBackground": false,
-      "colorValue": false,
-      "colors": [
-        "rgba(245, 54, 54, 0.9)",
-        "rgba(237, 129, 40, 0.89)",
-        "rgba(50, 172, 45, 0.97)"
-      ],
-      "datasource": "prometheus",
-      "editable": true,
-      "error": false,
-      "format": "none",
-      "gauge": {
-        "maxValue": 100,
-        "minValue": 0,
-        "show": false,
-        "thresholdLabels": false,
-        "thresholdMarkers": true
-      },
-      "gridPos": {
-        "h": 4,
-        "w": 8,
-        "x": 8,
-        "y": 0
-      },
-      "id": 9,
-      "interval": null,
-      "links": [],
-      "mappingType": 1,
-      "mappingTypes": [
-        {
-          "name": "value to text",
-          "value": 1
-        },
-        {
-          "name": "range to text",
-          "value": 2
-        }
-      ],
-      "maxDataPoints": 100,
-      "nullPointMode": "connected",
-      "nullText": null,
-      "postfix": "GB",
-      "postfixFontSize": "50%",
-      "prefix": "",
-      "prefixFontSize": "80%",
-      "rangeMaps": [
-        {
-          "from": "null",
-          "text": "N/A",
-          "to": "null"
-        }
-      ],
-      "sparkline": {
-        "fillColor": "rgba(31, 118, 189, 0.18)",
-        "full": false,
-        "lineColor": "rgb(31, 120, 193)",
-        "show": true
-      },
-      "tableColumn": "",
-      "targets": [
-        {
-          "expr": "sum(container_memory_usage_bytes{namespace=\"$deployment_namespace\",pod_name=~\"$deployment_name.*\"}) / 1024^3",
-          "format": "time_series",
-          "intervalFactor": 2,
-          "refId": "A",
-          "step": 600
-        }
-      ],
-      "thresholds": "",
-      "title": "Memory",
-      "type": "singlestat",
-      "valueFontSize": "110%",
-      "valueMaps": [
-        {
-          "op": "=",
-          "text": "N/A",
-          "value": "null"
-        }
-      ],
-      "valueName": "avg"
-    },
-    {
-      "cacheTimeout": null,
-      "colorBackground": false,
-      "colorValue": false,
-      "colors": [
-        "rgba(245, 54, 54, 0.9)",
-        "rgba(237, 129, 40, 0.89)",
-        "rgba(50, 172, 45, 0.97)"
-      ],
-      "datasource": "prometheus",
-      "editable": true,
-      "error": false,
-      "format": "Bps",
-      "gauge": {
-        "maxValue": 100,
-        "minValue": 0,
-        "show": false,
-        "thresholdLabels": false,
-        "thresholdMarkers": false
-      },
-      "gridPos": {
-        "h": 4,
-        "w": 8,
-        "x": 16,
-        "y": 0
-      },
-      "id": 7,
-      "interval": null,
-      "links": [],
-      "mappingType": 1,
-      "mappingTypes": [
-        {
-          "name": "value to text",
-          "value": 1
-        },
-        {
-          "name": "range to text",
-          "value": 2
-        }
-      ],
-      "maxDataPoints": 100,
-      "nullPointMode": "connected",
-      "nullText": null,
-      "postfix": "",
-      "postfixFontSize": "50%",
-      "prefix": "",
-      "prefixFontSize": "50%",
-      "rangeMaps": [
-        {
-          "from": "null",
-          "text": "N/A",
-          "to": "null"
-        }
-      ],
-      "sparkline": {
-        "fillColor": "rgba(31, 118, 189, 0.18)",
-        "full": false,
-        "lineColor": "rgb(31, 120, 193)",
-        "show": true
-      },
-      "tableColumn": "",
-      "targets": [
-        {
-          "expr": "sum(rate(container_network_transmit_bytes_total{namespace=\"$deployment_namespace\",pod_name=~\"$deployment_name.*\"}[3m])) + sum(rate(container_network_receive_bytes_total{namespace=\"$deployment_namespace\",pod_name=~\"$deployment_name.*\"}[3m])) ",
-          "format": "time_series",
-          "intervalFactor": 2,
-          "refId": "A",
-          "step": 600
-        }
-      ],
-      "thresholds": "",
-      "title": "Network",
-      "type": "singlestat",
-      "valueFontSize": "80%",
-      "valueMaps": [
-        {
-          "op": "=",
-          "text": "N/A",
-          "value": "null"
-        }
-      ],
-      "valueName": "avg"
-    },
-    {
-      "aliasColors": {},
-      "bars": false,
-      "dashLength": 10,
-      "dashes": false,
-      "datasource": "prometheus",
-      "editable": true,
-      "error": false,
-      "fill": 1,
-      "grid": {},
-      "gridPos": {
-        "h": 6,
-        "w": 20,
-        "x": 0,
-        "y": 4
-      },
-      "id": 1,
-      "legend": {
-        "alignAsTable": true,
-        "avg": false,
-        "current": true,
-        "hideZero": false,
-        "max": false,
-        "min": false,
-        "rightSide": true,
-        "show": true,
-        "total": false,
-        "values": true
-      },
-      "lines": true,
-      "linewidth": 2,
-      "links": [],
-      "nullPointMode": "connected",
-      "percentage": false,
-      "pointradius": 5,
-      "points": false,
-      "renderer": "flot",
-      "seriesOverrides": [],
-      "spaceLength": 10,
-      "stack": false,
-      "steppedLine": false,
-      "targets": [
-        {
-          "expr": "max(kube_deployment_status_replicas{deployment=\"$deployment_name\",namespace=\"$deployment_namespace\"}) without (instance, pod)",
-          "format": "time_series",
-          "intervalFactor": 2,
-          "legendFormat": "current replicas",
-          "refId": "A",
-          "step": 30
-        },
-        {
-          "expr": "min(kube_deployment_status_replicas_available{deployment=\"$deployment_name\",namespace=\"$deployment_namespace\"}) without (instance, pod)",
-          "format": "time_series",
-          "intervalFactor": 2,
-          "legendFormat": "available",
-          "refId": "B",
-          "step": 30
-        },
-        {
-          "expr": "max(kube_deployment_status_replicas_unavailable{deployment=\"$deployment_name\",namespace=\"$deployment_namespace\"}) without (instance, pod)",
-          "format": "time_series",
-          "intervalFactor": 2,
-          "legendFormat": "unavailable",
-          "refId": "C",
-          "step": 30
-        },
-        {
-          "expr": "min(kube_deployment_status_replicas_updated{deployment=\"$deployment_name\",namespace=\"$deployment_namespace\"}) without (instance, pod)",
-          "format": "time_series",
-          "intervalFactor": 2,
-          "legendFormat": "updated",
-          "refId": "D",
-          "step": 30
-        },
-        {
-          "expr": "max(kube_deployment_spec_replicas{deployment=\"$deployment_name\",namespace=\"$deployment_namespace\"}) without (instance, pod)",
-          "format": "time_series",
-          "intervalFactor": 2,
-          "legendFormat": "desired",
-          "refId": "E",
-          "step": 30
-        }
-      ],
-      "thresholds": [],
-      "timeFrom": null,
-      "timeShift": null,
-      "title": "Replicas",
-      "tooltip": {
-        "msResolution": true,
-        "shared": true,
-        "sort": 0,
-        "value_type": "cumulative"
-      },
-      "transparent": false,
-      "type": "graph",
-      "xaxis": {
-        "buckets": null,
-        "mode": "time",
-        "name": null,
-        "show": true,
-        "values": []
-      },
-      "yaxes": [
-        {
-          "format": "none",
-          "label": "",
-          "logBase": 1,
-          "max": null,
-          "min": null,
-          "show": true
-        },
-        {
-          "format": "short",
-          "label": null,
-          "logBase": 1,
-          "max": null,
-          "min": null,
-          "show": false
-        }
-      ]
-    },
-    {
-      "cacheTimeout": null,
-      "colorBackground": false,
-      "colorValue": false,
-      "colors": [
-        "rgba(245, 54, 54, 0.9)",
-        "rgba(237, 129, 40, 0.89)",
-        "rgba(50, 172, 45, 0.97)"
-      ],
-      "datasource": "prometheus",
-      "editable": true,
-      "error": false,
-      "format": "percent",
-      "gauge": {
-        "maxValue": 100,
-        "minValue": 0,
-        "show": true,
-        "thresholdLabels": false,
-        "thresholdMarkers": true
-      },
-      "gridPos": {
-        "h": 6,
-        "w": 4,
-        "x": 20,
-        "y": 4
-      },
-      "id": 11,
-      "interval": null,
-      "links": [],
-      "mappingType": 1,
-      "mappingTypes": [
-        {
-          "name": "value to text",
-          "value": 1
-        },
-        {
-          "name": "range to text",
-          "value": 2
-        }
-      ],
-      "maxDataPoints": 100,
-      "nullPointMode": "connected",
-      "nullText": null,
-      "postfix": "",
-      "postfixFontSize": "50%",
-      "prefix": "",
-      "prefixFontSize": "50%",
-      "rangeMaps": [
-        {
-          "from": "null",
-          "text": "N/A",
-          "to": "null"
-        }
-      ],
-      "sparkline": {
-        "fillColor": "rgba(31, 118, 189, 0.18)",
-        "full": false,
-        "lineColor": "rgb(31, 120, 193)",
-        "show": false
-      },
-      "tableColumn": "",
-      "targets": [
-        {
-          "expr": "(min(kube_deployment_status_replicas_available{deployment=\"$deployment_name\",namespace=\"$deployment_namespace\"}) without (instance, pod))\n/\n(min(kube_deployment_spec_replicas{deployment=\"$deployment_name\",namespace=\"$deployment_namespace\"}) without (instance, pod)) * 100\n",
-          "format": "time_series",
-          "intervalFactor": 2,
-          "legendFormat": "",
-          "refId": "A",
-          "step": 600
-        }
-      ],
-      "thresholds": "50,80",
-      "title": "Availability",
-      "type": "singlestat",
-      "valueFontSize": "80%",
-      "valueMaps": [
-        {
-          "op": "=",
-          "text": "N/A",
-          "value": "null"
-        }
-      ],
-      "valueName": "avg"
-    },
-    {
-      "aliasColors": {},
-      "bars": false,
-      "dashLength": 10,
-      "dashes": false,
-      "datasource": "prometheus",
-      "fill": 1,
-      "gridPos": {
-        "h": 6,
-        "w": 24,
-        "x": 0,
-        "y": 10
-      },
-      "id": 10,
-      "legend": {
-        "alignAsTable": true,
-        "avg": false,
-        "current": true,
-        "max": false,
-        "min": false,
-        "rightSide": true,
-        "show": true,
-        "sort": "current",
-        "sortDesc": true,
-        "total": false,
-        "values": true
-      },
-      "lines": true,
-      "linewidth": 1,
-      "links": [],
-      "nullPointMode": "null",
-      "percentage": false,
-      "pointradius": 5,
-      "points": false,
-      "renderer": "flot",
-      "seriesOverrides": [],
-      "spaceLength": 10,
-      "stack": false,
-      "steppedLine": false,
-      "targets": [
-        {
-          "expr": "sort_desc(\n\nsum by (pod_name) (rate(container_cpu_usage_seconds_total{image!=\"\",container_name!=\"POD\",namespace=\"$deployment_namespace\",pod_name=~\"$deployment_name.*\"}[1m])) \n\n)",
-          "format": "time_series",
-          "intervalFactor": 2,
-          "legendFormat": "{{ pod_name }}",
-          "refId": "A"
-        }
-      ],
-      "thresholds": [],
-      "timeFrom": null,
-      "timeShift": null,
-      "title": "Pods CPU",
-      "tooltip": {
-        "shared": true,
-        "sort": 0,
-        "value_type": "individual"
-      },
-      "type": "graph",
-      "xaxis": {
-        "buckets": null,
-        "mode": "time",
-        "name": null,
-        "show": true,
-        "values": []
-      },
-      "yaxes": [
-        {
-          "format": "none",
-          "label": "cores",
-          "logBase": 1,
-          "max": null,
-          "min": null,
-          "show": true
-        },
-        {
-          "format": "short",
-          "label": null,
-          "logBase": 1,
-          "max": null,
-          "min": null,
-          "show": true
-        }
-      ]
-    },
-    {
-      "aliasColors": {},
-      "bars": false,
-      "dashLength": 10,
-      "dashes": false,
-      "datasource": "prometheus",
-      "fill": 1,
-      "gridPos": {
-        "h": 6,
-        "w": 24,
-        "x": 0,
-        "y": 16
-      },
-      "id": 13,
-      "legend": {
-        "alignAsTable": true,
-        "avg": false,
-        "current": true,
-        "max": false,
-        "min": false,
-        "rightSide": true,
-        "show": true,
-        "sort": "current",
-        "sortDesc": true,
-        "total": false,
-        "values": true
-      },
-      "lines": true,
-      "linewidth": 1,
-      "links": [],
-      "nullPointMode": "null",
-      "percentage": false,
-      "pointradius": 5,
-      "points": false,
-      "renderer": "flot",
-      "seriesOverrides": [],
-      "spaceLength": 10,
-      "stack": false,
-      "steppedLine": false,
-      "targets": [
-        {
-          "expr": "sort_desc(\n\nsum by (pod_name) (container_memory_working_set_bytes{namespace=\"$deployment_namespace\",pod_name=~\"$deployment_name.*\"}) \n\n)",
-          "format": "time_series",
-          "intervalFactor": 2,
-          "legendFormat": "{{ pod_name }}",
-          "refId": "A"
-        }
-      ],
-      "thresholds": [],
-      "timeFrom": null,
-      "timeShift": null,
-      "title": "Pods Memory",
-      "tooltip": {
-        "shared": true,
-        "sort": 0,
-        "value_type": "individual"
-      },
-      "type": "graph",
-      "xaxis": {
-        "buckets": null,
-        "mode": "time",
-        "name": null,
-        "show": true,
-        "values": []
-      },
-      "yaxes": [
-        {
-          "format": "bytes",
-          "label": "",
-          "logBase": 1,
-          "max": null,
-          "min": null,
-          "show": true
-        },
-        {
-          "format": "short",
-          "label": null,
-          "logBase": 1,
-          "max": null,
-          "min": null,
-          "show": true
-        }
-      ]
-    },
-    {
-      "aliasColors": {},
-      "bars": false,
-      "dashLength": 10,
-      "dashes": false,
-      "datasource": "prometheus",
-      "fill": 1,
-      "gridPos": {
-        "h": 6,
-        "w": 24,
-        "x": 0,
-        "y": 22
-      },
-      "id": 12,
-      "legend": {
-        "alignAsTable": true,
-        "avg": false,
-        "current": true,
-        "max": false,
-        "min": false,
-        "rightSide": true,
-        "show": true,
-        "sort": "current",
-        "sortDesc": true,
-        "total": false,
-        "values": true
-      },
-      "lines": true,
-      "linewidth": 1,
-      "links": [],
-      "nullPointMode": "null",
-      "percentage": false,
-      "pointradius": 5,
-      "points": false,
-      "renderer": "flot",
-      "seriesOverrides": [],
-      "spaceLength": 10,
-      "stack": false,
-      "steppedLine": false,
-      "targets": [
-        {
-          "expr": "sort_desc(\n\nsum by (pod_name) (rate (container_network_receive_bytes_total{namespace=\"$deployment_namespace\",pod_name=~\"$deployment_name.*\"}[1m])) \n+\nsum by (pod_name) (rate (container_network_transmit_bytes_total{namespace=\"$deployment_namespace\",pod_name=~\"$deployment_name.*\"}[1m]))\n)",
-          "format": "time_series",
-          "intervalFactor": 2,
-          "legendFormat": "{{ pod_name }}",
-          "refId": "A"
-        }
-      ],
-      "thresholds": [],
-      "timeFrom": null,
-      "timeShift": null,
-      "title": "Pods Network I/O",
-      "tooltip": {
-        "shared": true,
-        "sort": 0,
-        "value_type": "individual"
-      },
-      "type": "graph",
-      "xaxis": {
-        "buckets": null,
-        "mode": "time",
-        "name": null,
-        "show": true,
-        "values": []
-      },
-      "yaxes": [
-        {
-          "format": "Bps",
-          "label": null,
-          "logBase": 1,
-          "max": null,
-          "min": null,
-          "show": true
-        },
-        {
-          "format": "short",
-          "label": null,
-          "logBase": 1,
-          "max": null,
-          "min": null,
-          "show": true
-        }
-      ]
-    }
-  ],
-  "refresh": "30s",
-  "schemaVersion": 16,
-  "style": "dark",
-  "tags": [],
-  "templating": {
-    "list": [
-      {
-        "allValue": ".*",
-        "current": {
-          "text": "default",
-          "value": "default"
-        },
-        "datasource": "prometheus",
-        "hide": 0,
-        "includeAll": false,
-        "label": "Namespace",
-        "multi": false,
-        "name": "deployment_namespace",
-        "options": [],
-        "query": "label_values(kube_deployment_metadata_generation, namespace)",
-        "refresh": 1,
-        "regex": "",
-        "sort": 0,
-        "tagValuesQuery": null,
-        "tags": [],
-        "tagsQuery": "",
-        "type": "query",
-        "useTags": false
-      },
-      {
-        "allValue": null,
-        "current": {
-          "text": "ga-podinfo",
-          "value": "ga-podinfo"
-        },
-        "datasource": "prometheus",
-        "hide": 0,
-        "includeAll": false,
-        "label": "Deployment",
-        "multi": false,
-        "name": "deployment_name",
-        "options": [],
-        "query": "label_values(kube_deployment_metadata_generation{namespace=\"$deployment_namespace\"}, deployment)",
-        "refresh": 1,
-        "regex": "",
-        "sort": 0,
-        "tagValuesQuery": "",
-        "tags": [],
-        "tagsQuery": "deployment",
-        "type": "query",
-        "useTags": false
-      }
-    ]
-  },
-  "time": {
-    "from": "now-5m",
-    "to": "now"
-  },
-  "timepicker": {
-    "refresh_intervals": [
-      "5s",
-      "10s",
-      "30s",
-      "1m",
-      "5m",
-      "15m",
-      "30m",
-      "1h",
-      "2h",
-      "1d"
-    ],
-    "time_options": [
-      "5m",
-      "15m",
-      "1h",
-      "6h",
-      "12h",
-      "24h",
-      "2d",
-      "7d",
-      "30d"
-    ]
-  },
-  "timezone": "browser",
-  "title": "Deployments",
-  "uid": "sgRyigkik",
-  "version": 2
-}
--- a/charts/grafana/dashboards/servers.json
+++ b/charts/grafana/dashboards/servers.json
--- a/charts/grafana/templates/NOTES.txt
+++ b/charts/grafana/templates/NOTES.txt
@@ -1,15 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "grafana.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ template "grafana.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "grafana.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "grafana.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:80
-{{- end }}
--- a/charts/grafana/templates/_helpers.tpl
+++ b/charts/grafana/templates/_helpers.tpl
@@ -1,32 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "grafana.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "grafana.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "grafana.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
--- a/charts/grafana/templates/dashboards-cfg.yaml
+++ b/charts/grafana/templates/dashboards-cfg.yaml
@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "grafana.fullname" . }}-dashboards
-data:
-{{ (.Files.Glob "dashboards/*").AsConfig | indent 2 }}
--- a/charts/grafana/templates/datasources-cfg.yaml
+++ b/charts/grafana/templates/datasources-cfg.yaml
@@ -1,32 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "grafana.fullname" . }}-datasources
-data:
-  datasources.yaml: |-
-    apiVersion: 1
-
-    deleteDatasources:
-      - name: prometheus
-{{- if .Values.token }}
-    datasources:
-    - name: prometheus
-      type: prometheus
-      access: proxy
-      url: https://cloud.weave.works/api/prom
-      isDefault: true
-      editable: true
-      version: 1
-      basicAuth: true
-      basicAuthUser: weave
-      basicAuthPassword: {{ .Values.token }}
-{{- else }}
-    datasources:
-    - name: prometheus
-      type: prometheus
-      access: proxy
-      url: {{ .Values.url }}
-      isDefault: true
-      editable: true
-      version: 1
-{{- end }}
--- a/charts/grafana/templates/deployment.yaml
+++ b/charts/grafana/templates/deployment.yaml
@@ -1,81 +0,0 @@
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  name: {{ template "grafana.fullname" . }}
-  labels:
-    app: {{ template "grafana.name" . }}
-    chart: {{ template "grafana.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      app: {{ template "grafana.name" . }}
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ template "grafana.name" . }}
-        release: {{ .Release.Name }}
-      annotations:
-        prometheus.io/scrape: 'false'
-    spec:
-      containers:
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          ports:
-            - name: http
-              containerPort: 3000
-              protocol: TCP
-#          livenessProbe:
-#            httpGet:
-#              path: /
-#              port: http
-#          readinessProbe:
-#            httpGet:
-#              path: /
-#              port: http
-          env:
-          - name: GF_SECURITY_ADMIN_USER
-            value: {{ .Values.user }}
-          - name: GF_SECURITY_ADMIN_PASSWORD
-            value: {{ .Values.password }}
-          - name: GF_PATHS_PROVISIONING
-            value: /etc/grafana/provisioning/
-          volumeMounts:
-          - name: grafana
-            mountPath: /var/lib/grafana
-          - name: dashboards
-            mountPath: /etc/grafana/dashboards
-          - name: datasources
-            mountPath: /etc/grafana/provisioning/datasources
-          - name: providers
-            mountPath: /etc/grafana/provisioning/dashboards
-          resources:
-{{ toYaml .Values.resources | indent 12 }}
-    {{- with .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.affinity }}
-      affinity:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.tolerations }}
-      tolerations:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-      volumes:
-      - name: grafana
-        emptyDir: {}
-      - name: dashboards
-        configMap:
-          name: {{ template "grafana.fullname" . }}-dashboards
-      - name: providers
-        configMap:
-          name: {{ template "grafana.fullname" . }}-providers
-      - name: datasources
-        configMap:
-          name: {{ template "grafana.fullname" . }}-datasources
--- a/charts/grafana/templates/providers-cfg.yaml
+++ b/charts/grafana/templates/providers-cfg.yaml
@@ -1,17 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "grafana.fullname" . }}-providers
-data:
-  providers.yaml: |+
-    apiVersion: 1
-
-    providers:
-    - name: 'default'
-      orgId: 1
-      folder: ''
-      type: file
-      disableDeletion: false
-      editable: true
-      options:
-        path: /etc/grafana/dashboards
--- a/charts/grafana/templates/service.yaml
+++ b/charts/grafana/templates/service.yaml
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "grafana.fullname" . }}
-  labels:
-    app: {{ template "grafana.name" . }}
-    chart: {{ template "grafana.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app: {{ template "grafana.name" . }}
-    release: {{ .Release.Name }}
--- a/charts/grafana/values.yaml
+++ b/charts/grafana/values.yaml
@@ -1,34 +0,0 @@
-# Default values for grafana.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-replicaCount: 1
-
-image:
-  repository: grafana/grafana
-  tag: 5.0.1
-  pullPolicy: IfNotPresent
-
-service:
-  type: ClusterIP
-  port: 80
-
-resources: {}
-  # limits:
-  #  cpu: 100m
-  #  memory: 128Mi
-  # requests:
-  #  cpu: 100m
-  #  memory: 128Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-user: admin
-password:
-
-url: http://prometheus:9090
-token:
--- a/charts/ngrok/.helmignore
+++ b/charts/ngrok/.helmignore
@@ -1,21 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
--- a/charts/ngrok/Chart.yaml
+++ b/charts/ngrok/Chart.yaml
@@ -1,5 +0,0 @@
-apiVersion: v1
-appVersion: "1.0"
-description: A Ngrok Helm chart for Kubernetes
-name: ngrok
-version: 0.1.0
--- a/charts/ngrok/README.md
+++ b/charts/ngrok/README.md
@@ -1,63 +0,0 @@
-# Ngrok
-
-Expose Kubernetes service with [Ngrok](https://ngrok.com).
-
-## Installing the Chart
-
-To install the chart with the release name `my-release`:
-
-```console
-$ helm install sp/ngrok --name my-release \
-  --set token=NGROK-TOKEN \
-  --set expose.service=podinfo:9898
-```
-
-The command deploys Ngrok on the Kubernetes cluster in the default namespace.
-The [configuration](#configuration) section lists the parameters that can be configured during installation.
-
-## Uninstalling the Chart
-
-To uninstall/delete the `my-release` deployment:
-
-```console
-$ helm delete --purge my-release
-```
-
-The command removes all the Kubernetes components associated with the chart and deletes the release.
-
-## Configuration
-
-The following tables lists the configurable parameters of the Grafana chart and their default values.
-
-Parameter | Description | Default
--- | --- | ---
-`image.repository` | Image repository | `stefanprodan/ngrok`
-`image.pullPolicy` | Image pull policy | `IfNotPresent`
-`image.tag` | Image tag | `latest`
-`replicaCount` | desired number of pods | `1`
-`tolerations` | List of node taints to tolerate | `[]`
-`affinity` | node/pod affinities | `node`
-`nodeSelector` | node labels for pod assignment | `{}`
-`service.type` | type of service | `ClusterIP`
-`token` | Ngrok auth token | `none`
-`expose.service` | Service address to be exposed as in `service-name:port` | `none`
-
-Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
-
-```console
-$ helm upgrade --install --wait tunel \
-  --set token=NGROK-TOKEN \
-  --set service.type=NodePort \
-  --set expose.service=podinfo:9898 \
-  sp/ngrok
-```
-
-Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
-
-```console
-$ helm install sp/grafana --name my-release -f values.yaml
-```
-
-> **Tip**: You can use the default [values.yaml](values.yaml)
-```
-
--- a/charts/ngrok/templates/NOTES.txt
+++ b/charts/ngrok/templates/NOTES.txt
@@ -1,15 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "ngrok.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ template "ngrok.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "ngrok.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "ngrok.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:80
-{{- end }}
--- a/charts/ngrok/templates/_helpers.tpl
+++ b/charts/ngrok/templates/_helpers.tpl
@@ -1,32 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "ngrok.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "ngrok.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "ngrok.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
--- a/charts/ngrok/templates/config.yaml
+++ b/charts/ngrok/templates/config.yaml
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "ngrok.fullname" . }}
-data:
-  ngrok.yml: |-
-    web_addr: 0.0.0.0:4040
-    update: false
-    log: stdout
-{{- if .Values.token }}
-    authtoken: {{ .Values.token }}
-{{- end }}
--- a/charts/ngrok/templates/deployment.yaml
+++ b/charts/ngrok/templates/deployment.yaml
@@ -1,62 +0,0 @@
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  name: {{ template "ngrok.fullname" . }}
-  labels:
-    app: {{ template "ngrok.name" . }}
-    chart: {{ template "ngrok.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  replicas: {{ .Values.replicaCount }}
-  selector:
-    matchLabels:
-      app: {{ template "ngrok.name" . }}
-      release: {{ .Release.Name }}
-  template:
-    metadata:
-      labels:
-        app: {{ template "ngrok.name" . }}
-        release: {{ .Release.Name }}
-      annotations:
-        prometheus.io/scrape: 'false'
-    spec:
-      containers:
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          command:
-            - ./ngrok
-            - http
-            - {{ .Values.expose.service }}
-          volumeMounts:
-          - name: config
-            mountPath: /home/ngrok/.ngrok2
-          ports:
-            - name: http
-              containerPort: 4040
-              protocol: TCP
-          livenessProbe:
-            httpGet:
-              path: /api/tunnels
-              port: http
-            initialDelaySeconds: 10
-            periodSeconds: 30
-          resources:
-{{ toYaml .Values.resources | indent 12 }}
-    {{- with .Values.nodeSelector }}
-      nodeSelector:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.affinity }}
-      affinity:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-    {{- with .Values.tolerations }}
-      tolerations:
-{{ toYaml . | indent 8 }}
-    {{- end }}
-      volumes:
-      - name: config
-        configMap:
-          name: {{ template "ngrok.fullname" . }}
--- a/charts/ngrok/templates/service.yaml
+++ b/charts/ngrok/templates/service.yaml
@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ template "ngrok.fullname" . }}
-  labels:
-    app: {{ template "ngrok.name" . }}
-    chart: {{ template "ngrok.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  selector:
-    app: {{ template "ngrok.name" . }}
-    release: {{ .Release.Name }}
--- a/charts/ngrok/values.yaml
+++ b/charts/ngrok/values.yaml
@@ -1,25 +0,0 @@
-# Default values for ngrok.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-replicaCount: 1
-
-image:
-  repository: stefanprodan/ngrok
-  tag: latest
-  pullPolicy: IfNotPresent
-
-service:
-  type: ClusterIP
-  port: 4040
-
-expose:
-  service: ga-podinfo:9898
-
-token: 4i3rDinhLqMHtvez71N9S_38rkS7onwv77VFNZTaUR6
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
--- a/charts/podinfo/Chart.yaml
+++ b/charts/podinfo/Chart.yaml
@@ -1,12 +1,13 @@
 apiVersion: v1
-appVersion: "0.2.1"
-description: Podinfo Helm chart for Kubernetes
+version: 6.10.0
+appVersion: 6.10.0
 name: podinfo
-version: 0.1.0
-home: https://github.com/stefanprodan/k8s-podinfo
-sources:
- https://github.com/stefanprodan/k8s-podinfo
-maintainers:
-  - name: stefanprodan
-    email: stefanprodan@users.noreply.github.com
 engine: gotpl
+description: Podinfo Helm chart for Kubernetes
+home: https://github.com/stefanprodan/podinfo
+maintainers:
+- email: stefanprodan@users.noreply.github.com
+  name: stefanprodan
+sources:
+- https://github.com/stefanprodan/podinfo
+kubeVersion: ">=1.23.0-0"
--- a/vendor/github.com/prometheus/client_golang/LICENSE
+++ b/vendor/github.com/prometheus/client_golang/LICENSE
@@ -186,7 +186,7 @@
      same "printed page" as the copyright notice for easier
      identification within third-party archives.

-   Copyright [yyyy] [name of copyright owner]
+   Copyright 2018 Stefan Prodan. All rights reserved.

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/charts/podinfo/README.md
+++ b/charts/podinfo/README.md
@@ -1,14 +1,38 @@
 # Podinfo

-Podinfo is a tiny web application made with Go 
+Podinfo is a tiny web application made with Go
 that showcases best practices of running microservices in Kubernetes.

+Podinfo is used by CNCF projects like [Flux](https://github.com/fluxcd/flux2)
+and [Flagger](https://github.com/fluxcd/flagger)
+for end-to-end testing and workshops.
+
 ## Installing the Chart

-To install the chart with the release name `my-release`:
+The Podinfo charts are published to
+[GitHub Container Registry](https://github.com/stefanprodan/podinfo/pkgs/container/charts%2Fpodinfo)
+and signed with [Cosign](https://github.com/sigstore/cosign) & GitHub Actions OIDC.
+
+To install the chart with the release name `podinfo` from GHCR:

 ```console
-$ helm install stable/podinfo --name my-release
+$ helm upgrade -i podinfo oci://ghcr.io/stefanprodan/charts/podinfo
+```
+
+To verify a chart version with Cosign:
+
+```console
+$ cosign verify ghcr.io/stefanprodan/charts/podinfo:<VERSION> \
+  --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
+  --certificate-identity-regexp=^https://github\\.com/stefanprodan/podinfo/.*$
+```
+
+Alternatively, you can install the chart from GitHub pages:
+
+```console
+$ helm repo add stefanprodan https://stefanprodan.github.io/podinfo
+
+$ helm upgrade -i podinfo stefanprodan/podinfo
 ```

 The command deploys podinfo on the Kubernetes cluster in the default namespace.
@@ -16,10 +40,10 @@ The [configuration](#configuration) section lists the parameters that can be con

 ## Uninstalling the Chart

-To uninstall/delete the `my-release` deployment:
+To uninstall the `podinfo` release:

 ```console
-$ helm delete --purge my-release
+$ helm uninstall podinfo
 ```

 The command removes all the Kubernetes components associated with the chart and deletes the release.
@@ -28,49 +52,96 @@ The command removes all the Kubernetes components associated with the chart and

 The following tables lists the configurable parameters of the podinfo chart and their default values.

-Parameter | Description | Default
--- | --- | ---
-`affinity` | node/pod affinities | None
-`hpa.enabled` | Enables HPA | `false`
-`hpa.cpu` | Target CPU usage per pod | None
-`hpa.memory` | Target memory usage per pod | None
-`hpa.requests` | Target requests per second per pod | None
-`hpa.maxReplicas` | Maximum pod replicas | `10`
-`ingress.hosts` | Ingress accepted hostnames | None
-`ingress.tls` | Ingress TLS configuration | None:
-`image.pullPolicy` | Image pull policy | `IfNotPresent`
-`image.repository` | Image repository | `stefanprodan/podinfo`
-`image.tag` | Image tag | `0.0.1`
-`ingress.enabled` | Enables Ingress | `false`
-`ingress.annotations` | Ingress annotations | None
-`ingress.hosts` | Ingress accepted hostnames | None
-`ingress.tls` | Ingress TLS configuration | None
-`nodeSelector` | node labels for pod assignment | `{}`
-`podAnnotations` | annotations to add to each pod | `{}`
-`replicaCount` | desired number of pods | `1`
-`resources.requests/cpu` | pod CPU request | `1m`
-`resources.requests/memory` | pod memory request | `16Mi`
-`resources.limits/cpu` | pod CPU limit | None
-`resources.limits/memory` | pod memory limit | None
-`service.externalPort` | external port for the service | `9898`
-`service.internalPort` | internal port for the service | `9898`
-`service.nodePort` | node port for the service | `31198`
-`service.type` | type of service | `ClusterIP`
-`tolerations` | List of node taints to tolerate | `[]`
+| Parameter                         | Default                        | Description                                                                                                            |
+|-----------------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------|
+| `replicaCount`                    | `1`                            | Desired number of pods                                                                                                 |
+| `logLevel`                        | `info`                         | Log level: `debug`, `info`, `warn`, `error`                                                                            |
+| `backend`                         | `None`                         | Echo backend URL                                                                                                       |
+| `backends`                        | `[]`                           | Array of echo backend URLs                                                                                             |
+| `cache`                           | `None`                         | Redis address in the format `tcp://<host>:<port>`                                                                      |
+| `redis.enabled`                   | `false`                        | Create Redis deployment for caching purposes                                                                           |
+| `redis.repository`                | `docker.io/redis`              | Redis image repository                                                                                                 |
+| `redis.tag`                       | `<VERSION>`                    | Redis image tag                                                                                                        |
+| `redis.imagePullSecrets`          | `[]`                           | Redis image pull secrets                                                                                               |
+| `ui.color`                        | `#34577c`                      | UI color                                                                                                               |
+| `ui.message`                      | `None`                         | UI greetings message                                                                                                   |
+| `ui.logo`                         | `None`                         | UI logo                                                                                                                |
+| `faults.delay`                    | `false`                        | Random HTTP response delays between 0 and 5 seconds                                                                    |
+| `faults.error`                    | `false`                        | 1/3 chances of a random HTTP response error                                                                            |
+| `faults.unhealthy`                | `false`                        | When set, the healthy state is never reached                                                                           |
+| `faults.unready`                  | `false`                        | When set, the ready state is never reached                                                                             |
+| `faults.testFail`                 | `false`                        | When set, a helm test is included which always fails                                                                   |
+| `faults.testTimeout`              | `false`                        | When set, a helm test is included which always times out                                                               |
+| `image.repository`                | `ghcr.io/stefanprodan/podinfo` | Image repository                                                                                                       |
+| `image.tag`                       | `<VERSION>`                    | Image tag                                                                                                              |
+| `image.pullPolicy`                | `IfNotPresent`                 | Image pull policy                                                                                                      |
+| `image.pullSecrets`               | `[]`                           | Image pull secrets                                                                                                     |
+| `service.enabled`                 | `true`                         | Create a Kubernetes Service, should be disabled when using [Flagger](https://flagger.app)                              |
+| `service.type`                    | `ClusterIP`                    | Type of the Kubernetes Service                                                                                         |
+| `service.metricsPort`             | `9797`                         | Prometheus metrics endpoint port                                                                                       |
+| `service.httpPort`                | `9898`                         | Container HTTP port                                                                                                    |
+| `service.externalPort`            | `9898`                         | ClusterIP HTTP port                                                                                                    |
+| `service.grpcPort`                | `9999`                         | ClusterIP gPRC port                                                                                                    |
+| `service.grpcService`             | `podinfo`                      | gPRC service name                                                                                                      |
+| `service.nodePort`                | `31198`                        | NodePort for the HTTP endpoint                                                                                         |
+| `service.trafficDistribution`     | `""`                           | Traffic distribution strategy                                                                                          |
+| `service.additionalLabels`        | `{}`                           | Additional labels to add to the service                                                                                |
+| `service.externalTrafficPolicy`   | `None`                         | External traffic policy for LoadBalance service                                                                        |
+| `h2c.enabled`                     | `false`                        | Allow upgrading to h2c (non-TLS version of HTTP/2)                                                                     |
+| `extraArgs`                       | `[]`                           | Additional command line arguments to pass to podinfo container                                                         |
+| `extraEnvs`                       | `[]`                           | Extra environment variables for the podinfo container                                                                  |
+| `config.path`                     | `""`                           | config file path                                                                                                       |
+| `config.name`                     | `""`                           | config file name                                                                                                       |
+| `hpa.enabled`                     | `false`                        | Enables the Kubernetes HPA                                                                                             |
+| `hpa.maxReplicas`                 | `10`                           | Maximum amount of pods                                                                                                 |
+| `hpa.cpu`                         | `None`                         | Target CPU usage per pod                                                                                               |
+| `hpa.memory`                      | `None`                         | Target memory usage per pod                                                                                            |
+| `hpa.requests`                    | `None`                         | Target HTTP requests per second per pod                                                                                |
+| `serviceAccount.enabled`          | `false`                        | Whether a service account should be created                                                                            |
+| `serviceAccount.name`             | `None`                         | The name of the service account to use, if not set and create is true, a name is generated using the fullname template |
+| `serviceAccount.imagePullSecrets` | `[]`                           | List of image pull secrets if pulling from private registries.                                                         |
+| `securityContext`                 | `{}`                           | The security context to be set on the podinfo container                                                                |
+| `podSecurityContext`              | `{}`                           | The security context to be set on the pod                                                                              |
+| `podAnnotations`                  | `{}`                           | Pod annotations                                                                                                        |
+| `serviceMonitor.enabled`          | `false`                        | Whether a Prometheus Operator service monitor should be created                                                        |
+| `serviceMonitor.interval`         | `15s`                          | Prometheus scraping interval                                                                                           |
+| `serviceMonitor.additionalLabels` | `{}`                           | Add additional labels to the service monitor                                                                           |
+| `ingress.enabled`                 | `false`                        | Enables Ingress                                                                                                        |
+| `ingress.className`               | `""`                           | Use ingressClassName                                                                                                   |
+| `ingress.additionalLabels`        | `{}`                           | Add additional labels to the ingress                                                                                   |
+| `ingress.annotations`             | `{}`                           | Ingress annotations                                                                                                    |
+| `ingress.hosts`                   | `[]`                           | Ingress accepted hosts                                                                                                 |
+| `ingress.tls`                     | `[]`                           | Ingress TLS configuration                                                                                              |
+| `httpRoute.enabled`               | `false`                        | Enables Gateway API HTTPRoute                                                                                          |
+| `httpRoute.additionalLabels`      | `{}`                           | Add additional labels to the HTTPRoute                                                                                 |
+| `httpRoute.annotations`           | `{}`                           | HTTPRoute annotations                                                                                                  |
+| `httpRoute.parentRefs`            | `[]`                           | Gateways that this route is attached to                                                                                |
+| `httpRoute.hostnames`             | `["podinfo.local"]`            | Hostnames matching HTTP header                                                                                         |
+| `httpRoute.rules`                 | `[]`                           | List of rules and filters applied                                                                                      |
+| `resources.requests.cpu`          | `1m`                           | Pod CPU request                                                                                                        |
+| `resources.requests.memory`       | `16Mi`                         | Pod memory request                                                                                                     |
+| `resources.limits.cpu`            | `None`                         | Pod CPU limit                                                                                                          |
+| `resources.limits.memory`         | `None`                         | Pod memory limit                                                                                                       |
+| `nodeSelector`                    | `{}`                           | Node labels for pod assignment                                                                                         |
+| `tolerations`                     | `[]`                           | List of node taints to tolerate                                                                                        |
+| `affinity`                        | `None`                         | Node/pod affinities                                                                                                    |

-Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+Specify each parameter using the `--set key=value[,key=value]` argument:

 ```console
-$ helm install stable/podinfo --name my-release \
-  --set=image.tag=0.0.2,service.type=NodePort
+$ helm upgrade -i podinfo oci://ghcr.io/stefanprodan/charts/podinfo \
+  --set=serviceMonitor.enabled=true,serviceMonitor.interval=5s
 ```

-Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+To add custom annotations you need to escape the annotation key string:

 ```console
-$ helm install stable/podinfo --name my-release -f values.yaml
+$ helm upgrade -i podinfo oci://ghcr.io/stefanprodan/charts/podinfo \
+--set podAnnotations."toolkit\.fluxcd\.io\/tenant"=dev-team
 ```

-> **Tip**: You can use the default [values.yaml](values.yaml)
-```
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart:

+```console
+$ helm upgrade -i my-release oci://ghcr.io/stefanprodan/charts/podinfo -f values.yaml
+```
--- a/charts/podinfo/templates/NOTES.txt
+++ b/charts/podinfo/templates/NOTES.txt
@@ -1,19 +1,20 @@
 1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
-{{- range .Values.ingress.hosts }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
 {{- end }}
 {{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "podinfo.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  export NODE_PORT=$(kubectl get --namespace {{ include "podinfo.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "podinfo.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ include "podinfo.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
  echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
           You can watch the status of by running 'kubectl get svc -w {{ template "podinfo.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "podinfo.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
+  export SERVICE_IP=$(kubectl get svc --namespace {{ include "podinfo.namespace" . }} {{ template "podinfo.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.service.externalPort }}
 {{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "podinfo.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward $POD_NAME 8080:{{ .Values.service.externalPort }}
+  kubectl -n {{ include "podinfo.namespace" . }} port-forward deploy/{{ template "podinfo.fullname" . }} 8080:{{ .Values.service.externalPort }}
 {{- end }}
--- a/charts/podinfo/templates/_helpers.tpl
+++ b/charts/podinfo/templates/_helpers.tpl
@@ -1,10 +1,9 @@
-{{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "podinfo.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}

 {{/*
 Create a default fully qualified app name.
@@ -12,21 +11,66 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "podinfo.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts.
+*/}}
+{{- define "podinfo.namespace" -}}
+{{- default .Release.Namespace .Values.namespaceOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}

 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "podinfo.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "podinfo.labels" -}}
+helm.sh/chart: {{ include "podinfo.chart" . }}
+{{ include "podinfo.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "podinfo.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "podinfo.fullname" . }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "podinfo.serviceAccountName" -}}
+{{- if .Values.serviceAccount.enabled }}
+{{- default (include "podinfo.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the name of the tls secret for secure port
+*/}}
+{{- define "podinfo.tlsSecretName" -}}
+{{- $fullname := include "podinfo.fullname" . -}}
+{{- default (printf "%s-tls" $fullname) .Values.tls.secretName }}
+{{- end }}
--- a/charts/podinfo/templates/certificate.yaml
+++ b/charts/podinfo/templates/certificate.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.certificate.create -}}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ template "podinfo.fullname" . }}
+  namespace: {{ include "podinfo.namespace" . }}
+  labels:
+    {{- include "podinfo.labels" . | nindent 4 }}
+spec:
+  dnsNames:
+  {{- range .Values.certificate.dnsNames }}
+    - {{ . | quote }}
+  {{- end }}
+  secretName: {{ template "podinfo.tlsSecretName" . }}
+  issuerRef:
+  {{- .Values.certificate.issuerRef | toYaml | trimSuffix "\n" | nindent 4 }}
+{{- end }}
--- a/charts/podinfo/templates/deployment.yaml
+++ b/charts/podinfo/templates/deployment.yaml
@@ -1,56 +1,208 @@
-apiVersion: apps/v1beta2
+apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ template "podinfo.fullname" . }}
+  namespace: {{ include "podinfo.namespace" . }}
  labels:
-    app: {{ template "podinfo.name" . }}
-    chart: {{ template "podinfo.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
+    {{- include "podinfo.labels" . | nindent 4 }}
 spec:
+  {{- if not .Values.hpa.enabled }}
  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
  selector:
    matchLabels:
-      app: {{ template "podinfo.name" . }}
-      release: {{ .Release.Name }}
+      {{- include "podinfo.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
-        app: {{ template "podinfo.name" . }}
-        release: {{ .Release.Name }}
+        {{- include "podinfo.selectorLabels" . | nindent 8 }}
      annotations:
-        prometheus.io/scrape: 'true'
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "{{ .Values.service.httpPort }}"
+        {{- range $key, $value := .Values.podAnnotations }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
    spec:
+      terminationGracePeriodSeconds: 30
+      {{- if .Values.serviceAccount.enabled }}
+      serviceAccountName: {{ template "podinfo.serviceAccountName" . }}
+      {{- end }}
+      {{- if .Values.image.pullSecrets }}
+      imagePullSecrets: {{ toYaml .Values.image.pullSecrets | nindent 8 }}
+      {{- end }}
      containers:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.securityContext }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          {{- else if (or .Values.service.hostPort .Values.tls.hostPort) }}
+          securityContext:
+            allowPrivilegeEscalation: true
+            capabilities:
+              drop:
+                - ALL
+              add:
+                - NET_BIND_SERVICE
+          {{- end }}
          command:
            - ./podinfo
-            - -port={{ .Values.service.containerPort }}
-            {{- if .Values.logLevel }}
-            - -debug=true
+            - --port={{ .Values.service.httpPort | default 9898 }}
+            {{- if .Values.host }}
+            - --host={{ .Values.host }}
+            {{- end }}
+            {{- if .Values.tls.enabled }}
+            - --secure-port={{ .Values.tls.port }}
+            {{- end }}
+            {{- if .Values.tls.certPath }}
+            - --cert-path={{ .Values.tls.certPath }}
+            {{- end }}
+            {{- if .Values.service.metricsPort }}
+            - --port-metrics={{ .Values.service.metricsPort }}
+            {{- end }}
+            {{- if .Values.service.grpcPort }}
+            - --grpc-port={{ .Values.service.grpcPort }}
+            {{- end }}
+            {{- if .Values.service.grpcService }}
+            - --grpc-service-name={{ .Values.service.grpcService }}
+            {{- end }}
+            {{- range .Values.backends }}
+            - --backend-url={{ . }}
+            {{- end }}
+            {{- if .Values.cache }}
+            - --cache-server={{ .Values.cache }}
+            {{- else if .Values.redis.enabled }}
+            - --cache-server=tcp://{{ template "podinfo.fullname" . }}-redis:6379
+            {{- end }}
+            - --level={{ .Values.logLevel }}
+            - --random-delay={{ .Values.faults.delay }}
+            - --random-error={{ .Values.faults.error }}
+            {{- if .Values.faults.unhealthy }}
+            - --unhealthy
+            {{- end }}
+            {{- if .Values.faults.unready }}
+            - --unready
+            {{- end }}
+            {{- if .Values.h2c.enabled }}
+            - --h2c
+            {{- end }}
+            {{- with .Values.config.path }}
+            - --config-path={{ . }}
+            {{- end }}
+            {{- with .Values.config.name }}
+            - --config={{ . }}
+            {{- end }}
+            {{- with .Values.extraArgs }}
+              {{- toYaml . | nindent 12 }}
            {{- end }}
          env:
-          - name: backend_url
+          {{- if .Values.ui.message }}
+          - name: PODINFO_UI_MESSAGE
+            value: {{ quote .Values.ui.message }}
+          {{- end }}
+          {{- if .Values.ui.logo }}
+          - name: PODINFO_UI_LOGO
+            value: {{ .Values.ui.logo }}
+          {{- end }}
+          {{- if .Values.ui.color }}
+          - name: PODINFO_UI_COLOR
+            value: {{ quote .Values.ui.color }}
+          {{- end }}
+          {{- if .Values.backend }}
+          - name: PODINFO_BACKEND_URL
            value: {{ .Values.backend }}
+          {{- end }}
+          {{- if .Values.extraEnvs }}
+{{ toYaml .Values.extraEnvs | indent 10 }}
+          {{- end }}
          ports:
            - name: http
-              containerPort: {{ .Values.service.containerPort }}
+              containerPort: {{ .Values.service.httpPort | default 9898 }}
              protocol: TCP
+              {{- if .Values.service.hostPort }}
+              hostPort: {{ .Values.service.hostPort }}
+              {{- end }}
+            {{- if .Values.tls.enabled }}
+            - name: https
+              containerPort: {{ .Values.tls.port | default 9899 }}
+              protocol: TCP
+              {{- if .Values.tls.hostPort }}
+              hostPort: {{ .Values.tls.hostPort }}
+              {{- end }}
+            {{- end }}
+            {{- if .Values.service.metricsPort }}
+            - name: http-metrics
+              containerPort: {{ .Values.service.metricsPort }}
+              protocol: TCP
+            {{- end }}
+            {{- if .Values.service.grpcPort }}
+            - name: grpc
+              containerPort: {{ .Values.service.grpcPort }}
+              protocol: TCP
+            {{- end }}
+          {{- if .Values.probes.startup.enable }}
+          startupProbe:
+            exec:
+              command:
+              - podcli
+              - check
+              - http
+              - localhost:{{ .Values.service.httpPort | default 9898 }}/healthz
+            {{- with .Values.probes.startup }}
+            initialDelaySeconds: {{ .initialDelaySeconds | default 1 }}
+            timeoutSeconds: {{ .timeoutSeconds | default 5 }}
+            failureThreshold: {{ .failureThreshold | default 3 }}
+            successThreshold: {{ .successThreshold | default 1 }}
+            periodSeconds: {{ .periodSeconds | default 10 }}
+            {{- end }}
+            {{- end }}
          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: http
+            exec:
+              command:
+              - podcli
+              - check
+              - http
+              - localhost:{{ .Values.service.httpPort | default 9898 }}/healthz
+            {{- with .Values.probes.liveness }}
+            initialDelaySeconds: {{ .initialDelaySeconds | default 1 }}
+            timeoutSeconds: {{ .timeoutSeconds | default 5 }}
+            failureThreshold: {{ .failureThreshold | default 3 }}
+            successThreshold: {{ .successThreshold | default 1 }}
+            periodSeconds: {{ .periodSeconds | default 10 }}
+            {{- end }}
          readinessProbe:
-            httpGet:
-              path: /readyz
-              port: http
+            exec:
+              command:
+              - podcli
+              - check
+              - http
+              - localhost:{{ .Values.service.httpPort | default 9898 }}/readyz
+            {{- with .Values.probes.readiness }}
+            initialDelaySeconds: {{ .initialDelaySeconds | default 1 }}
+            timeoutSeconds: {{ .timeoutSeconds | default 5 }}
+            failureThreshold: {{ .failureThreshold | default 3 }}
+            successThreshold: {{ .successThreshold | default 1 }}
+            periodSeconds: {{ .periodSeconds | default 10 }}
+            {{- end }}
          volumeMounts:
          - name: data
            mountPath: /data
+          {{- if .Values.tls.enabled }}
+          - name: tls
+            mountPath: {{ .Values.tls.certPath | default "/data/cert" }}
+            readOnly: true
+          {{- end }}
          resources:
 {{ toYaml .Values.resources | indent 12 }}
+    {{- with .Values.podSecurityContext }}
+      securityContext:
+{{ toYaml . | indent 8 }}
+    {{- end }}
    {{- with .Values.nodeSelector }}
      nodeSelector:
 {{ toYaml . | indent 8 }}
@@ -66,3 +218,12 @@ spec:
      volumes:
      - name: data
        emptyDir: {}
+      {{- if .Values.tls.enabled }}
+      - name: tls
+        secret:
+          secretName: {{ template "podinfo.tlsSecretName" . }}
+      {{- end }}
+    {{- with .Values.topologySpreadConstraints }}
+      topologySpreadConstraints:
+{{- toYaml . | nindent 8 }}
+    {{- end }}
--- a/charts/podinfo/templates/hpa.yaml
+++ b/charts/podinfo/templates/hpa.yaml
@@ -1,11 +1,14 @@
 {{- if .Values.hpa.enabled -}}
-apiVersion: autoscaling/v2beta1
+apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
  name: {{ template "podinfo.fullname" . }}
+  namespace: {{ include "podinfo.namespace" . }}
+  labels:
+    {{- include "podinfo.labels" . | nindent 4 }}  
 spec:
  scaleTargetRef:
-    apiVersion: apps/v1beta2
+    apiVersion: apps/v1
    kind: Deployment
    name: {{ template "podinfo.fullname" . }}
  minReplicas: {{ .Values.replicaCount }}
@@ -15,18 +18,25 @@ spec:
  - type: Resource
    resource:
      name: cpu
-      targetAverageUtilization: {{ .Values.hpa.cpu }}
+      target:
+        type: Utilization
+        averageUtilization: {{ .Values.hpa.cpu }}
  {{- end }}
  {{- if .Values.hpa.memory }}
  - type: Resource
    resource:
      name: memory
-      targetAverageValue: {{ .Values.hpa.memory }}
+      target:
+        type: AverageValue
+        averageValue: {{ .Values.hpa.memory }}
  {{- end }}
  {{- if .Values.hpa.requests }}
-  - type: Pod
-      pods:
-        metricName: http_requests
-        targetAverageValue: {{ .Values.hpa.requests }}
+  - type: Pods
+    pods:
+      metric:
+        name: http_requests
+      target:
+        type: AverageValue
+        averageValue: {{ .Values.hpa.requests }}
  {{- end }}
 {{- end }}
--- a/charts/podinfo/templates/httproute.yaml
+++ b/charts/podinfo/templates/httproute.yaml
@@ -0,0 +1,42 @@
+{{- if .Values.httpRoute.enabled -}}
+{{- $fullName := include "podinfo.fullname" . -}}
+{{- $svcPort := .Values.service.externalPort -}}
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: {{ $fullName }}
+  namespace: {{ include "podinfo.namespace" . }}
+  labels:
+    {{- include "podinfo.labels" . | nindent 4 }}
+    {{- with .Values.httpRoute.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.httpRoute.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  parentRefs:
+    {{- with .Values.httpRoute.parentRefs }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.httpRoute.hostnames }}
+  hostnames:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  rules:
+    {{- range .Values.httpRoute.rules }}
+    {{- with .matches }}
+    - matches:
+      {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .filters }}
+      filters:
+      {{- toYaml . | nindent 8 }}
+    {{- end }}
+      backendRefs:
+        - name: {{ $fullName }}
+          port: {{ $svcPort }}
+          weight: 1
+    {{- end }}
+{{- end }}
--- a/charts/podinfo/templates/ingress.yaml
+++ b/charts/podinfo/templates/ingress.yaml
@@ -1,39 +1,45 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "podinfo.fullname" . -}}
-{{- $servicePort := .Values.service.port -}}
-{{- $ingressPath := .Values.ingress.path -}}
-apiVersion: extensions/v1beta1
+{{- $svcPort := .Values.service.externalPort -}}
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: {{ $fullName }}
+  namespace: {{ include "podinfo.namespace" . }}
  labels:
-    app: {{ template "podinfo.name" . }}
-    chart: {{ template "podinfo.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-{{- with .Values.ingress.annotations }}
+    {{- include "podinfo.labels" . | nindent 4 }}
+    {{- with .Values.ingress.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.ingress.annotations }}
  annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-spec:
-{{- if .Values.ingress.tls }}
-  tls:
-  {{- range .Values.ingress.tls }}
-    - hosts:
-      {{- range .hosts }}
-        - {{ . }}
-      {{- end }}
-      secretName: {{ .secretName }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
  {{- end }}
-{{- end }}
  rules:
-  {{- range .Values.ingress.hosts }}
-    - host: {{ . }}
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
      http:
        paths:
-          - path: {{ $ingressPath }}
+          {{- range .paths }}
+          - path: {{ .path }}
+            pathType: {{ .pathType }}
            backend:
-              serviceName: {{ $fullName }}
-              servicePort: http
-  {{- end }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+          {{- end }}
+    {{- end }}
 {{- end }}
--- a/charts/podinfo/templates/pdb.yaml
+++ b/charts/podinfo/templates/pdb.yaml
@@ -0,0 +1,14 @@
+{{- if and .Values.podDisruptionBudget (gt (int .Values.replicaCount) 1) }}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "podinfo.fullname" . }}
+  namespace: {{ include "podinfo.namespace" . }}
+  labels:
+    {{- include "podinfo.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      {{- include "podinfo.selectorLabels" . | nindent 6 }}
+  {{- toYaml .Values.podDisruptionBudget | nindent 2 }}
+{{- end }}
--- a/charts/podinfo/templates/redis/config.yaml
+++ b/charts/podinfo/templates/redis/config.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.redis.enabled -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "podinfo.fullname" . }}-redis
+data:
+  redis.conf: |
+    maxmemory 64mb
+    maxmemory-policy allkeys-lru
+    save ""
+    appendonly no
+{{- end }}
--- a/charts/podinfo/templates/redis/deployment.yaml
+++ b/charts/podinfo/templates/redis/deployment.yaml
@@ -0,0 +1,71 @@
+{{- if .Values.redis.enabled -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "podinfo.fullname" . }}-redis
+  labels:
+    app: {{ template "podinfo.fullname" . }}-redis
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: {{ template "podinfo.fullname" . }}-redis
+  template:
+    metadata:
+      labels:
+        app: {{ template "podinfo.fullname" . }}-redis
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/redis/config.yaml") . | sha256sum | quote }}
+    spec:
+      {{- if .Values.serviceAccount.enabled }}
+      serviceAccountName: {{ template "podinfo.serviceAccountName" . }}
+      {{- end }}
+      {{- if .Values.redis.imagePullSecrets }}
+      imagePullSecrets: {{ toYaml .Values.redis.imagePullSecrets | nindent 8 }}
+      {{- end }}
+      containers:
+        - name: redis
+          image: "{{ .Values.redis.repository }}:{{ .Values.redis.tag }}"
+          imagePullPolicy: IfNotPresent
+          command:
+            - redis-server
+            - "/redis-master/redis.conf"
+          ports:
+            - name: redis
+              containerPort: 6379
+              protocol: TCP
+          livenessProbe:
+            tcpSocket:
+              port: redis
+            initialDelaySeconds: 5
+            timeoutSeconds: 5
+          readinessProbe:
+            exec:
+              command:
+                - redis-cli
+                - ping
+            initialDelaySeconds: 5
+            timeoutSeconds: 5
+          resources:
+            limits:
+              cpu: 1000m
+              memory: 128Mi
+            requests:
+              cpu: 100m
+              memory: 32Mi
+          volumeMounts:
+            - mountPath: /var/lib/redis
+              name: data
+            - mountPath: /redis-master
+              name: config
+      volumes:
+        - name: data
+          emptyDir: {}
+        - name: config
+          configMap:
+            name: {{ template "podinfo.fullname" . }}-redis
+            items:
+              - key: redis.conf
+                path: redis.conf
+{{- end }}
--- a/charts/podinfo/templates/redis/service.yaml
+++ b/charts/podinfo/templates/redis/service.yaml
@@ -0,0 +1,18 @@
+{{- if .Values.redis.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "podinfo.fullname" . }}-redis
+  labels:
+    app: {{ template "podinfo.fullname" . }}-redis
+spec:
+  type: ClusterIP
+  selector:
+    app: {{ template "podinfo.fullname" . }}-redis
+  ports:
+    - name: redis
+      port: 6379
+      protocol: TCP
+      targetPort: redis
+      appProtocol: redis
+{{- end }}
--- a/charts/podinfo/templates/service.yaml
+++ b/charts/podinfo/templates/service.yaml
@@ -1,12 +1,18 @@
+{{- if .Values.service.enabled -}}
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ template "podinfo.fullname" . }}
+  namespace: {{ include "podinfo.namespace" . }}
  labels:
-    app: {{ template "podinfo.name" . }}
-    chart: {{ template "podinfo.chart" . }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
+    {{- include "podinfo.labels" . | nindent 4 }}
+    {{- with .Values.service.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+{{- with .Values.service.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
 spec:
  type: {{ .Values.service.type }}
  ports:
@@ -17,6 +23,24 @@ spec:
      {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
      nodePort: {{ .Values.service.nodePort }}
      {{- end }}
+    {{- if .Values.tls.enabled }}
+    - port: {{ .Values.tls.port | default 9899 }}
+      targetPort: https
+      protocol: TCP
+      name: https
+    {{- end }}
+    {{- if .Values.service.grpcPort }}
+    - port: {{ .Values.service.grpcPort }}
+      targetPort: grpc
+      protocol: TCP
+      name: grpc
+    {{- end }}
  selector:
-    app: {{ template "podinfo.name" . }}
-    release: {{ .Release.Name }}
+    {{- include "podinfo.selectorLabels" . | nindent 4 }}
+  {{- if .Values.service.trafficDistribution }}
+  trafficDistribution: {{ .Values.service.trafficDistribution }}
+  {{- end }}
+  {{- if ( and (.Values.service.externalTrafficPolicy) (eq .Values.service.type "LoadBalancer") ) }}
+  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
+  {{- end }}
+{{- end }}
--- a/charts/podinfo/templates/serviceaccount.yaml
+++ b/charts/podinfo/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.enabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "podinfo.serviceAccountName" . }}
+  labels:
+    {{- include "podinfo.labels" . | nindent 4 }}
+{{- with .Values.serviceAccount.imagePullSecrets }}
+imagePullSecrets:
+  {{- toYaml . | nindent 2 }}
+{{- end -}}
+{{- end -}}
--- a/charts/podinfo/templates/servicemonitor.yaml
+++ b/charts/podinfo/templates/servicemonitor.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.serviceMonitor.enabled -}}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "podinfo.fullname" . }}
+  namespace: {{ include "podinfo.namespace" . }}
+  labels:
+    {{- include "podinfo.labels" . | nindent 4 }}
+    {{- with .Values.serviceMonitor.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  endpoints:
+    - path: /metrics
+      port: http
+      interval: {{ .Values.serviceMonitor.interval }}
+  namespaceSelector:
+    matchNames:
+      - {{ include "podinfo.namespace" . }}
+  selector:
+    matchLabels:
+      {{- include "podinfo.selectorLabels" . | nindent 6 }}
+{{- end }}
--- a/charts/podinfo/templates/tests/cache.yaml
+++ b/charts/podinfo/templates/tests/cache.yaml
@@ -0,0 +1,30 @@
+{{- if .Values.cache }}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ template "podinfo.fullname" . }}-cache-test-{{ randAlphaNum 5 | lower }}
+  namespace: {{ include "podinfo.namespace" . }}
+  labels:
+    {{- include "podinfo.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    sidecar.istio.io/inject: "false"
+    linkerd.io/inject: disabled
+    appmesh.k8s.aws/sidecarInjectorWebhook: disabled
+spec:
+  containers:
+    - name: curl
+      image: curlimages/curl:7.69.0
+      command:
+        - sh
+        - -c
+        - |
+          curl -sd 'data' ${PODINFO_SVC}/cache/test &&
+          curl -s ${PODINFO_SVC}/cache/test | grep data &&
+          curl -s -XDELETE ${PODINFO_SVC}/cache/test
+      env:
+      - name: PODINFO_SVC
+        value: "{{ template "podinfo.fullname" . }}.{{ include "podinfo.namespace" . }}:{{ .Values.service.externalPort }}"
+  restartPolicy: Never
+{{- end }}
--- a/charts/podinfo/templates/tests/fail.yaml
+++ b/charts/podinfo/templates/tests/fail.yaml
@@ -0,0 +1,22 @@
+{{- if .Values.faults.testFail }}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ template "podinfo.fullname" . }}-fault-test-{{ randAlphaNum 5 | lower }}
+  namespace: {{ include "podinfo.namespace" . }}
+  labels:
+    {{- include "podinfo.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    sidecar.istio.io/inject: "false"
+    linkerd.io/inject: disabled
+    appmesh.k8s.aws/sidecarInjectorWebhook: disabled
+spec:
+  containers:
+    - name: fault
+      image: alpine:3.11
+      command: ['/bin/sh']
+      args:  ['-c', 'exit 1']
+  restartPolicy: Never
+{{- end }}
--- a/charts/podinfo/templates/tests/grpc.yaml
+++ b/charts/podinfo/templates/tests/grpc.yaml
@@ -0,0 +1,20 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ template "podinfo.fullname" . }}-grpc-test-{{ randAlphaNum 5 | lower }}
+  namespace: {{ include "podinfo.namespace" . }}
+  labels:
+    {{- include "podinfo.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    sidecar.istio.io/inject: "false"
+    linkerd.io/inject: disabled
+    appmesh.k8s.aws/sidecarInjectorWebhook: disabled
+spec:
+  containers:
+    - name: grpc-health-probe
+      image: stefanprodan/grpc_health_probe:v0.3.0
+      command: ['grpc_health_probe']
+      args:  ['-addr={{ template "podinfo.fullname" . }}.{{ include "podinfo.namespace" . }}:{{ .Values.service.grpcPort }}']
+  restartPolicy: Never
--- a/charts/podinfo/templates/tests/jwt.yaml
+++ b/charts/podinfo/templates/tests/jwt.yaml
@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ template "podinfo.fullname" . }}-jwt-test-{{ randAlphaNum 5 | lower }}
+  namespace: {{ include "podinfo.namespace" . }}
+  labels:
+    {{- include "podinfo.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    sidecar.istio.io/inject: "false"
+    linkerd.io/inject: disabled
+    appmesh.k8s.aws/sidecarInjectorWebhook: disabled
+spec:
+  containers:
+    - name: tools
+      image: giantswarm/tiny-tools
+      command:
+        - sh
+        - -c
+        - |
+          TOKEN=$(curl -sd 'test' ${PODINFO_SVC}/token | jq -r .token) &&
+          curl -sH "Authorization: Bearer ${TOKEN}" ${PODINFO_SVC}/token/validate | grep test
+      env:
+      - name: PODINFO_SVC
+        value: "{{ template "podinfo.fullname" . }}.{{ include "podinfo.namespace" . }}:{{ .Values.service.externalPort }}"
+  restartPolicy: Never
--- a/charts/podinfo/templates/tests/service.yaml
+++ b/charts/podinfo/templates/tests/service.yaml
@@ -2,17 +2,25 @@ apiVersion: v1
 kind: Pod
 metadata:
  name: {{ template "podinfo.fullname" . }}-service-test-{{ randAlphaNum 5 | lower }}
+  namespace: {{ include "podinfo.namespace" . }}
  labels:
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    app: {{ template "podinfo.name" . }}
+    {{- include "podinfo.labels" . | nindent 4 }}
  annotations:
    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    sidecar.istio.io/inject: "false"
+    linkerd.io/inject: disabled
+    appmesh.k8s.aws/sidecarInjectorWebhook: disabled
 spec:
  containers:
    - name: curl
-      image: radial/busyboxplus:curl
-      command: ['curl']
-      args:  ['{{ template "podinfo.fullname" . }}:{{ .Values.service.externalPort }}']
+      image: curlimages/curl:7.69.0
+      command:
+        - sh
+        - -c
+        - |
+          curl -s ${PODINFO_SVC}/api/info | grep version
+      env:
+        - name: PODINFO_SVC
+          value: "{{ template "podinfo.fullname" . }}.{{ include "podinfo.namespace" . }}:{{ .Values.service.externalPort }}"
  restartPolicy: Never
--- a/charts/podinfo/templates/tests/storage.yaml
+++ b/charts/podinfo/templates/tests/storage.yaml
@@ -1,41 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: {{ template "podinfo.fullname" . }}-storage-test-{{ randAlphaNum 5 | lower }}
-  labels:
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    app: {{ template "podinfo.name" . }}
-  annotations:
-    "helm.sh/hook": test-success
-spec:
-  containers:
-    - name: curl
-      image: radial/busyboxplus:curl
-      command: ["/bin/sh", "/scripts/ping.sh"]
-      env:
-      - name: PODINFO_SVC
-        value: {{ template "podinfo.fullname" . }}:{{ .Values.service.externalPort }}
-      volumeMounts:
-      - name: scripts
-        mountPath: /scripts
-  restartPolicy: Never
-  volumes:
-  - name: scripts
-    configMap:
-      name: {{ template "podinfo.fullname" . }}-storage-cfg
---
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ template "podinfo.fullname" . }}-storage-cfg
-  labels:
-    heritage: {{ .Release.Service }}
-    release: {{ .Release.Name }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    app: {{ template "podinfo.name" . }}
-data:
-  ping.sh: |
-    #!/bin/sh
-    curl -sSd "$(curl -sSd 'test' ${PODINFO_SVC}/write)" ${PODINFO_SVC}/read|grep test
--- a/charts/podinfo/templates/tests/timeout.yaml
+++ b/charts/podinfo/templates/tests/timeout.yaml
@@ -0,0 +1,22 @@
+{{- if .Values.faults.testTimeout }}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ template "podinfo.fullname" . }}-fault-test-{{ randAlphaNum 5 | lower }}
+  namespace: {{ include "podinfo.namespace" . }}
+  labels:
+    {{- include "podinfo.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    sidecar.istio.io/inject: "false"
+    linkerd.io/inject: disabled
+    appmesh.k8s.aws/sidecarInjectorWebhook: disabled
+spec:
+  containers:
+    - name: fault
+      image: alpine:3.11
+      command: ['/bin/sh']
+      args:  ['-c', 'while sleep 3600; do :; done']
+  restartPolicy: Never
+{{- end }}
--- a/charts/podinfo/templates/tests/tls.yaml
+++ b/charts/podinfo/templates/tests/tls.yaml
@@ -0,0 +1,28 @@
+{{- if .Values.tls.enabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ template "podinfo.fullname" . }}-tls-test-{{ randAlphaNum 5 | lower }}
+  namespace: {{ include "podinfo.namespace" . }}
+  labels:
+    {{- include "podinfo.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    sidecar.istio.io/inject: "false"
+    linkerd.io/inject: disabled
+    appmesh.k8s.aws/sidecarInjectorWebhook: disabled
+spec:
+  containers:
+    - name: curl
+      image: curlimages/curl:7.69.0
+      command:
+        - sh
+        - -c
+        - |
+          curl -sk ${PODINFO_SVC}/api/info | grep version
+      env:
+        - name: PODINFO_SVC
+          value: "https://{{ template "podinfo.fullname" . }}.{{ include "podinfo.namespace" . }}:{{ .Values.tls.port }}"
+  restartPolicy: Never
+{{- end }}
--- a/charts/podinfo/values-prod.yaml
+++ b/charts/podinfo/values-prod.yaml
@@ -0,0 +1,210 @@
+# Production values for podinfo.
+# Includes Redis deployment and memory limits.
+
+replicaCount: 1
+logLevel: info
+backend: #http://backend-podinfo:9898/echo
+backends: []
+
+image:
+  repository: ghcr.io/stefanprodan/podinfo
+  tag: 6.10.0
+  pullPolicy: IfNotPresent
+
+ui:
+  color: "#34577c"
+  message: ""
+  logo: ""
+
+# failure conditions
+faults:
+  delay: false
+  error: false
+  unhealthy: false
+  unready: false
+  testFail: false
+  testTimeout: false
+
+# Kubernetes Service settings
+service:
+  enabled: true
+  annotations: {}
+  additionalLabels: { }
+  type: ClusterIP
+  metricsPort: 9797
+  httpPort: 9898
+  externalPort: 9898
+  grpcPort: 9999
+  grpcService: podinfo
+  nodePort: 31198
+  trafficDistribution: ""
+  externalTrafficPolicy: ""
+
+# enable h2c protocol (non-TLS version of HTTP/2)
+h2c:
+  enabled: false
+
+# config file settings
+config:
+  # config file path
+  path: ""
+  # config file name
+  name: ""
+
+# Additional command line arguments to pass to podinfo container
+extraArgs: []
+
+# enable tls on the podinfo service
+tls:
+  enabled: false
+  # the name of the secret used to mount the certificate key pair
+  secretName:
+  # the path where the certificate key pair will be mounted
+  certPath: /data/cert
+  # the port used to host the tls endpoint on the service
+  port: 9899
+  # the port used to bind the tls port to the host
+  # NOTE: requires privileged container with NET_BIND_SERVICE capability -- this is useful for testing
+  # in local clusters such as kind without port forwarding
+  hostPort:
+
+# create a certificate manager certificate (cert-manager required)
+certificate:
+  create: false
+  # the issuer used to issue the certificate
+  issuerRef:
+    kind: ClusterIssuer
+    name: self-signed
+  # the hostname / subject alternative names for the certificate
+  dnsNames:
+    - podinfo
+
+# metrics-server add-on required
+hpa:
+  enabled: true
+  maxReplicas: 5
+  # average total CPU usage per pod (1-100)
+  cpu: 99
+  # average memory usage per pod (100Mi-1Gi)
+  memory:
+  # average http requests per second per pod (k8s-prometheus-adapter)
+  requests:
+
+# Redis address in the format tcp://<host>:<port>
+cache: ""
+# Redis deployment
+redis:
+  enabled: true
+  repository: redis
+  tag: 8.4.0
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  enabled: false
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name:
+  # List of image pull secrets if pulling from private registries
+  imagePullSecrets: []
+
+# set container security context
+securityContext: {}
+
+# set pod security context
+podSecurityContext: {}
+
+# -- Expose the service via Kubernetes Ingress
+# Requires an Ingress controller
+# Docs https://kubernetes.io/docs/concepts/services-networking/ingress/
+ingress:
+  enabled: false
+  className: ""
+  additionalLabels: {}
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+  # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: podinfo.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+# -- Expose the service via Gateway HTTPRoute
+# Requires a Gateway controller
+# Docs https://gateway-api.sigs.k8s.io/guides/
+httpRoute:
+  # HTTPRoute enabled.
+  enabled: false
+  # Add additional labels to the HTTPRoute.
+  additionalLabels: {}
+  # HTTPRoute annotations.
+  annotations: {}
+  # Which Gateways this Route is attached to.
+  parentRefs:
+    - name: gateway
+      sectionName: http
+      # namespace: default
+  # Hostnames matching HTTP header.
+  hostnames:
+    - podinfo.local
+  # List of rules and filters applied.
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+
+# create Prometheus Operator monitor
+serviceMonitor:
+  enabled: false
+  interval: 15s
+  additionalLabels: {}
+
+resources:
+  limits:
+    memory: 256Mi
+  requests:
+    cpu: 100m
+    memory: 64Mi
+
+# Extra environment variables for the podinfo container
+extraEnvs: []
+# Example on how to configure extraEnvs
+#  - name: OTEL_EXPORTER_OTLP_TRACES_ENDPOINT
+#    value: "http://otel:4317"
+#  - name: MULTIPLE_VALUES
+#    value: TEST
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+podAnnotations: {}
+
+# https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+probes:
+  readiness:
+    initialDelaySeconds: 1
+    timeoutSeconds: 5
+    failureThreshold: 3
+    successThreshold: 1
+    periodSeconds: 10
+  liveness:
+    initialDelaySeconds: 1
+    timeoutSeconds: 5
+    failureThreshold: 3
+    successThreshold: 1
+    periodSeconds: 10
+  startup:
+    enable: false
+    initialDelaySeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 20
+    successThreshold: 1
+    periodSeconds: 10
--- a/charts/podinfo/values.yaml
+++ b/charts/podinfo/values.yaml
@@ -1,20 +1,99 @@
 # Default values for podinfo.

 replicaCount: 1
-backend: http://backend-podinfo:9898/echo
+logLevel: info
+host: #0.0.0.0
+backend: #http://backend-podinfo:9898/echo
+backends: []

 image:
-  repository: stefanprodan/podinfo
-  tag: 0.2.1
+  repository: ghcr.io/stefanprodan/podinfo
+  tag: 6.10.0
  pullPolicy: IfNotPresent
+  pullSecrets: []

+ui:
+  color: "#34577c"
+  message: ""
+  logo: ""
+
+# failure conditions
+faults:
+  delay: false
+  error: false
+  unhealthy: false
+  unready: false
+  testFail: false
+  testTimeout: false
+
+# Kubernetes Service settings
 service:
+  enabled: true
+  annotations: {}
+  additionalLabels: { }
  type: ClusterIP
+  metricsPort: 9797
+  httpPort: 9898
  externalPort: 9898
-  containerPort: 9898
+  grpcPort: 9999
+  grpcService: podinfo
  nodePort: 31198
+  # the port used to bind the http port to the host
+  # NOTE: requires privileged container with NET_BIND_SERVICE capability -- this is useful for testing
+  # in local clusters such as kind without port forwarding
+  hostPort:
+  # Stable from Kubernetes v1.33+ with a value of PreferClose. Additional values are PreferSameZone and PreferSameNode from v1.34+. Empty string means it's disabled.
+  trafficDistribution: ""
+  externalTrafficPolicy: ""

-# Heapster or metrics-server add-on required
+# enable h2c protocol (non-TLS version of HTTP/2)
+h2c:
+  enabled: false
+
+# config file settings
+config:
+  # config file path
+  path: ""
+  # config file name
+  name: ""
+
+# Additional command line arguments to pass to podinfo container
+extraArgs: []
+
+# Extra environment variables for the podinfo container
+extraEnvs: []
+# Example on how to configure extraEnvs
+#  - name: OTEL_EXPORTER_OTLP_TRACES_ENDPOINT
+#    value: "http://otel:4317"
+#  - name: MULTIPLE_VALUES
+#    value: TEST
+
+# enable tls on the podinfo service
+tls:
+  enabled: false
+  # the name of the secret used to mount the certificate key pair
+  secretName:
+  # the path where the certificate key pair will be mounted
+  certPath: /data/cert
+  # the port used to host the tls endpoint on the service
+  port: 9899
+  # the port used to bind the tls port to the host
+  # NOTE: requires privileged container with NET_BIND_SERVICE capability -- this is useful for testing
+  # in local clusters such as kind without port forwarding
+  hostPort:
+
+# create a certificate manager certificate (cert-manager required)
+certificate:
+  create: false
+  # the issuer used to issue the certificate
+  issuerRef:
+    kind: ClusterIssuer
+    name: self-signed
+  # the hostname / subject alternative names for the certificate
+  dnsNames:
+    - podinfo
+
+# metrics-server add-on required
 hpa:
  enabled: false
  maxReplicas: 10
@@ -25,19 +104,81 @@ hpa:
  # average http requests per second per pod (k8s-prometheus-adapter)
  requests:

+# Redis address in the format tcp://<host>:<port>
+cache: ""
+# Redis deployment
+redis:
+  enabled: false
+  repository: docker.io/redis
+  tag: 8.4.0
+  imagePullSecrets: []
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  enabled: false
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name:
+  # List of image pull secrets if pulling from private registries
+  imagePullSecrets: []
+
+# set container security context
+securityContext: {}
+
+# set pod security context
+podSecurityContext: {}
+
+# -- Expose the service via Kubernetes Ingress
+# Requires an Ingress controller
+# Docs https://kubernetes.io/docs/concepts/services-networking/ingress/
 ingress:
  enabled: false
+  className: ""
+  additionalLabels: {}
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
-  path: /
  hosts:
-    - podinfo.local
+    - host: podinfo.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local

+# -- Expose the service via Gateway HTTPRoute
+# Requires a Gateway controller
+# Docs https://gateway-api.sigs.k8s.io/guides/
+httpRoute:
+  # HTTPRoute enabled.
+  enabled: false
+  # Add additional labels to the HTTPRoute.
+  additionalLabels: {}
+  # HTTPRoute annotations.
+  annotations: {}
+  # Which Gateways this Route is attached to.
+  parentRefs:
+    - name: gateway
+      sectionName: http
+      # namespace: default
+  # Hostnames matching HTTP header.
+  hostnames:
+    - podinfo.local
+  # List of rules and filters applied.
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+
+# create Prometheus Operator monitor
+serviceMonitor:
+  enabled: false
+  interval: 15s
+  additionalLabels: {}
+
 resources:
  limits:
  requests:
@@ -50,4 +191,33 @@ tolerations: []

 affinity: {}

-logLevel: debug
+podAnnotations: {}
+
+# https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+topologySpreadConstraints: []
+
+# Disruption budget will be configured only when the replicaCount is greater than 1
+podDisruptionBudget: {}
+#  maxUnavailable: 1
+
+# https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes
+probes:
+  readiness:
+    initialDelaySeconds: 1
+    timeoutSeconds: 5
+    failureThreshold: 3
+    successThreshold: 1
+    periodSeconds: 10
+  liveness:
+    initialDelaySeconds: 1
+    timeoutSeconds: 5
+    failureThreshold: 3
+    successThreshold: 1
+    periodSeconds: 10
+  startup:
+    enable: false
+    initialDelaySeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 20
+    successThreshold: 1
+    periodSeconds: 10
--- a/cloudbuild.yaml
+++ b/cloudbuild.yaml
@@ -1,4 +1,4 @@
 steps:
 - name: 'gcr.io/cloud-builders/docker'
-  args: ['build','-f' , 'Dockerfile.ci', '-t', 'gcr.io/$PROJECT_ID/podinfo:$BRANCH_NAME-$SHORT_SHA', '.']
+  args: ['build','-f' , 'Dockerfile', '-t', 'gcr.io/$PROJECT_ID/podinfo:$BRANCH_NAME-$SHORT_SHA', '.']
 images: ['gcr.io/$PROJECT_ID/podinfo:$BRANCH_NAME-$SHORT_SHA']
--- a/cmd/podcli/check.go
+++ b/cmd/podcli/check.go
@@ -0,0 +1,313 @@
+package main
+
+import (
+	"bytes"
+	"context"
+	"crypto/tls"
+	"fmt"
+	"net"
+	"net/http"
+	"net/url"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/spf13/cobra"
+	"go.uber.org/zap"
+	"google.golang.org/grpc"
+	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/health/grpc_health_v1"
+	"google.golang.org/grpc/status"
+)
+
+var (
+	retryCount      int
+	retryDelay      time.Duration
+	method          string
+	body            string
+	timeout         time.Duration
+	grpcServiceName string
+)
+
+var checkCmd = &cobra.Command{
+	Use:   `check`,
+	Short: "Health check commands",
+	Long:  "Commands for running health checks",
+}
+
+var checkUrlCmd = &cobra.Command{
+	Use:     `http [address]`,
+	Short:   "HTTP(S) health check",
+	Example: `  check http https://httpbin.org/anything --method=POST --retry=2 --delay=2s --timeout=3s --body='{"test"=1}'`,
+	RunE:    runCheck,
+}
+
+var checkTcpCmd = &cobra.Command{
+	Use:     `tcp [address]`,
+	Short:   "TCP health check",
+	Example: `  check tcp httpbin.org:443 --retry=1 --delay=2s --timeout=2s`,
+	RunE:    runCheckTCP,
+}
+
+var checkCertCmd = &cobra.Command{
+	Use:     `cert [address]`,
+	Short:   "SSL/TLS certificate validity check",
+	Example: `  check cert httpbin.org`,
+	RunE:    runCheckCert,
+}
+
+var checkgRPCCmd = &cobra.Command{
+	Use:     `grpc [address]`,
+	Short:   "gRPC health check",
+	Example: `  check grpc localhost:8080 --service=podinfo --retry=1 --delay=2s --timeout=2s`,
+	RunE:    runCheckgPRC,
+}
+
+func init() {
+	checkUrlCmd.Flags().StringVar(&method, "method", "GET", "HTTP method")
+	checkUrlCmd.Flags().StringVar(&body, "body", "", "HTTP POST/PUT content")
+	checkUrlCmd.Flags().IntVar(&retryCount, "retry", 0, "times to retry the HTTP call")
+	checkUrlCmd.Flags().DurationVar(&retryDelay, "delay", 1*time.Second, "wait duration between retries")
+	checkUrlCmd.Flags().DurationVar(&timeout, "timeout", 5*time.Second, "timeout")
+	checkCmd.AddCommand(checkUrlCmd)
+
+	checkTcpCmd.Flags().IntVar(&retryCount, "retry", 0, "times to retry the TCP check")
+	checkTcpCmd.Flags().DurationVar(&retryDelay, "delay", 1*time.Second, "wait duration between retries")
+	checkTcpCmd.Flags().DurationVar(&timeout, "timeout", 5*time.Second, "timeout")
+	checkCmd.AddCommand(checkTcpCmd)
+
+	checkgRPCCmd.Flags().IntVar(&retryCount, "retry", 0, "times to retry the TCP check")
+	checkgRPCCmd.Flags().DurationVar(&retryDelay, "delay", 1*time.Second, "wait duration between retries")
+	checkgRPCCmd.Flags().DurationVar(&timeout, "timeout", 5*time.Second, "timeout")
+	checkgRPCCmd.Flags().StringVar(&grpcServiceName, "service", "", "gRPC service name")
+	checkCmd.AddCommand(checkgRPCCmd)
+
+	checkCmd.AddCommand(checkCertCmd)
+
+	rootCmd.AddCommand(checkCmd)
+}
+
+func runCheck(cmd *cobra.Command, args []string) error {
+	if retryCount < 0 {
+		return fmt.Errorf("--retry is required")
+	}
+	if len(args) < 1 {
+		return fmt.Errorf("address is required! example: check http https://httpbin.org")
+	}
+
+	address := args[0]
+	if !strings.HasPrefix(address, "http://") && !strings.HasPrefix(address, "https://") {
+		address = fmt.Sprintf("http://%s", address)
+	}
+
+	for n := 0; n <= retryCount; n++ {
+		if n != 1 {
+			time.Sleep(retryDelay)
+		}
+
+		req, err := http.NewRequest(method, address, bytes.NewBuffer([]byte(body)))
+		if err != nil {
+			logger.Info("check failed",
+				zap.String("address", address),
+				zap.Error(err))
+			os.Exit(1)
+		}
+
+		ctx, cancel := context.WithTimeout(req.Context(), timeout)
+		resp, err := http.DefaultClient.Do(req.WithContext(ctx))
+		cancel()
+		if err != nil {
+			logger.Info("check failed",
+				zap.String("address", address),
+				zap.Error(err))
+			continue
+		}
+
+		if resp.Body != nil {
+			resp.Body.Close()
+		}
+
+		if resp.StatusCode >= 200 && resp.StatusCode < 400 {
+			logger.Info("check succeed",
+				zap.String("address", address),
+				zap.Int("status code", resp.StatusCode),
+				zap.String("response size", fmtContentLength(resp.ContentLength)))
+			os.Exit(0)
+		} else {
+			logger.Info("check failed",
+				zap.String("address", address),
+				zap.Int("status code", resp.StatusCode))
+			continue
+		}
+	}
+
+	os.Exit(1)
+	return nil
+}
+
+func runCheckTCP(cmd *cobra.Command, args []string) error {
+	if retryCount < 0 {
+		return fmt.Errorf("--retry is required")
+	}
+	if len(args) < 1 {
+		return fmt.Errorf("address is required! example: check tcp httpbin.org:80")
+	}
+	address := args[0]
+
+	for n := 0; n <= retryCount; n++ {
+		if n != 1 {
+			time.Sleep(retryDelay)
+		}
+
+		conn, err := net.DialTimeout("tcp", address, timeout)
+
+		if err != nil {
+			logger.Info("check failed",
+				zap.String("address", address),
+				zap.Error(err))
+			continue
+		}
+
+		conn.Close()
+		logger.Info("check succeed", zap.String("address", address))
+		os.Exit(0)
+
+	}
+
+	os.Exit(1)
+	return nil
+}
+
+func runCheckCert(cmd *cobra.Command, args []string) error {
+	if len(args) < 1 {
+		return fmt.Errorf("address is required! example: check cert httpbin.org")
+	}
+	host := args[0]
+	if !strings.HasPrefix(host, "https://") {
+		host = "https://" + host
+	}
+
+	u, err := url.Parse(host)
+	if err != nil {
+		logger.Info("check failed",
+			zap.String("address", host),
+			zap.Error(err))
+		os.Exit(1)
+	}
+
+	address := u.Hostname() + ":443"
+	ipConn, err := net.DialTimeout("tcp", address, 5*time.Second)
+	if err != nil {
+		logger.Info("check failed",
+			zap.String("address", address),
+			zap.Error(err))
+		os.Exit(1)
+
+	}
+
+	defer ipConn.Close()
+	conn := tls.Client(ipConn, &tls.Config{
+		InsecureSkipVerify: true,
+		ServerName:         u.Hostname(),
+	})
+	if err = conn.Handshake(); err != nil {
+		logger.Info("check failed",
+			zap.String("address", address),
+			zap.Error(err))
+		os.Exit(1)
+	}
+
+	defer conn.Close()
+	addr := conn.RemoteAddr()
+	_, _, err = net.SplitHostPort(addr.String())
+	if err != nil {
+		logger.Info("check failed",
+			zap.String("address", address),
+			zap.Error(err))
+		os.Exit(1)
+	}
+
+	cert := conn.ConnectionState().PeerCertificates[0]
+
+	timeNow := time.Now()
+	if timeNow.After(cert.NotAfter) {
+		logger.Info("check failed",
+			zap.String("address", address),
+			zap.String("issuer", cert.Issuer.CommonName),
+			zap.String("subject", cert.Subject.CommonName),
+			zap.Time("expired", cert.NotAfter))
+		os.Exit(1)
+	}
+
+	logger.Info("check succeed",
+		zap.String("address", address),
+		zap.String("issuer", cert.Issuer.CommonName),
+		zap.String("subject", cert.Subject.CommonName),
+		zap.Time("notAfter", cert.NotAfter),
+		zap.Time("notBefore", cert.NotBefore))
+
+	return nil
+}
+
+func fmtContentLength(b int64) string {
+	const unit = 1000
+	if b < unit {
+		return fmt.Sprintf("%d B", b)
+	}
+	div, exp := int64(unit), 0
+	for n := b / unit; n >= unit; n /= unit {
+		div *= unit
+		exp++
+	}
+	return fmt.Sprintf("%.1f %cB", float64(b)/float64(div), "kMGTPE"[exp])
+}
+
+func runCheckgPRC(cmd *cobra.Command, args []string) error {
+	if retryCount < 0 {
+		return fmt.Errorf("--retry is required")
+	}
+	if len(args) < 1 {
+		return fmt.Errorf("address is required! example: check grpc localhost:8080")
+	}
+	address := args[0]
+
+	for n := 0; n <= retryCount; n++ {
+		if n != 1 {
+			time.Sleep(retryDelay)
+		}
+
+		conn, err := grpc.Dial(address, grpc.WithInsecure())
+		if err != nil {
+			logger.Info("check failed",
+				zap.String("address", address),
+				zap.Error(err))
+			continue
+		}
+		ctx, cancel := context.WithTimeout(context.Background(), timeout)
+		resp, err := grpc_health_v1.NewHealthClient(conn).Check(ctx, &grpc_health_v1.HealthCheckRequest{
+			Service: grpcServiceName,
+		})
+		cancel()
+
+		if err != nil {
+			if stat, ok := status.FromError(err); ok && stat.Code() == codes.Unimplemented {
+				logger.Info("gPRC health protocol not implemented")
+				os.Exit(1)
+			} else {
+				logger.Info("check failed",
+					zap.String("address", address),
+					zap.Error(err))
+			}
+			continue
+		}
+
+		conn.Close()
+		logger.Info("check succeed",
+			zap.String("status", resp.GetStatus().String()))
+		os.Exit(0)
+
+	}
+
+	os.Exit(1)
+	return nil
+}
--- a/cmd/podcli/main.go
+++ b/cmd/podcli/main.go
@@ -0,0 +1,39 @@
+package main
+
+import (
+	"fmt"
+	"log"
+	"os"
+	"strings"
+
+	"github.com/spf13/cobra"
+	"go.uber.org/zap"
+)
+
+var rootCmd = &cobra.Command{
+	Use:   "podcli",
+	Short: "podinfo command line",
+	Long: `
+podinfo command line utilities`,
+}
+
+var (
+	logger *zap.Logger
+)
+
+func main() {
+
+	var err error
+	logger, err = zap.NewDevelopment()
+	if err != nil {
+		log.Fatalf("can't initialize zap logger: %v", err)
+	}
+	defer logger.Sync()
+
+	rootCmd.SetArgs(os.Args[1:])
+	if err := rootCmd.Execute(); err != nil {
+		e := err.Error()
+		fmt.Println(strings.ToUpper(e[:1]) + e[1:])
+		os.Exit(1)
+	}
+}
--- a/cmd/podcli/version.go
+++ b/cmd/podcli/version.go
@@ -0,0 +1,21 @@
+package main
+
+import (
+	"fmt"
+
+	"github.com/spf13/cobra"
+	"github.com/stefanprodan/podinfo/pkg/version"
+)
+
+func init() {
+	rootCmd.AddCommand(versionCmd)
+}
+
+var versionCmd = &cobra.Command{
+	Use:   `version`,
+	Short: "Prints podcli version",
+	RunE: func(cmd *cobra.Command, args []string) error {
+		fmt.Println(version.VERSION)
+		return nil
+	},
+}
--- a/cmd/podcli/ws.go
+++ b/cmd/podcli/ws.go
@@ -0,0 +1,143 @@
+package main
+
+import (
+	"encoding/hex"
+	"fmt"
+	"net/http"
+	"net/url"
+	"os"
+	"regexp"
+	"strings"
+
+	"github.com/chzyer/readline"
+	"github.com/fatih/color"
+	"github.com/gorilla/websocket"
+	"github.com/spf13/cobra"
+	"go.uber.org/zap"
+)
+
+var origin string
+
+func init() {
+	wsCmd.Flags().StringVarP(&origin, "origin", "o", "", "websocket origin")
+	rootCmd.AddCommand(wsCmd)
+}
+
+var wsCmd = &cobra.Command{
+	Use:     `ws [address]`,
+	Short:   "Websocket client",
+	Example: `  ws localhost:9898/ws/echo`,
+	RunE: func(cmd *cobra.Command, args []string) error {
+		if len(args) < 1 {
+			return fmt.Errorf("address is required")
+		}
+
+		address := args[0]
+		if !strings.HasPrefix(address, "ws://") && !strings.HasPrefix(address, "wss://") {
+			address = fmt.Sprintf("ws://%s", address)
+		}
+
+		dest, err := url.Parse(address)
+		if err != nil {
+			return err
+		}
+		if origin != "" {
+		} else {
+			originURL := *dest
+			if dest.Scheme == "wss" {
+				originURL.Scheme = "https"
+			} else {
+				originURL.Scheme = "http"
+			}
+			origin = originURL.String()
+		}
+
+		err = connect(dest.String(), origin, &readline.Config{
+			Prompt: "> ",
+		})
+		if err != nil {
+			logger.Info("websocket closed", zap.Error(err))
+		}
+		return nil
+	},
+}
+
+type session struct {
+	ws      *websocket.Conn
+	rl      *readline.Instance
+	errChan chan error
+}
+
+func connect(url, origin string, rlConf *readline.Config) error {
+	headers := make(http.Header)
+	headers.Add("Origin", origin)
+
+	ws, _, err := websocket.DefaultDialer.Dial(url, headers)
+	if err != nil {
+		return err
+	}
+
+	rl, err := readline.NewEx(rlConf)
+	if err != nil {
+		return err
+	}
+	defer rl.Close()
+
+	sess := &session{
+		ws:      ws,
+		rl:      rl,
+		errChan: make(chan error),
+	}
+
+	go sess.readConsole()
+	go sess.readWebsocket()
+
+	return <-sess.errChan
+}
+
+func (s *session) readConsole() {
+	for {
+		line, err := s.rl.Readline()
+		if err != nil {
+			s.errChan <- err
+			return
+		}
+
+		err = s.ws.WriteMessage(websocket.TextMessage, []byte(line))
+		if err != nil {
+			s.errChan <- err
+			return
+		}
+	}
+}
+
+func bytesToFormattedHex(bytes []byte) string {
+	text := hex.EncodeToString(bytes)
+	return regexp.MustCompile("(..)").ReplaceAllString(text, "$1 ")
+}
+
+func (s *session) readWebsocket() {
+	rxSprintf := color.New(color.FgGreen).SprintfFunc()
+
+	for {
+		msgType, buf, err := s.ws.ReadMessage()
+		if err != nil {
+			fmt.Fprint(s.rl.Stdout(), rxSprintf("< %s\n", err.Error()))
+			os.Exit(1)
+			return
+		}
+
+		var text string
+		switch msgType {
+		case websocket.TextMessage:
+			text = string(buf)
+		case websocket.BinaryMessage:
+			text = bytesToFormattedHex(buf)
+		default:
+			s.errChan <- fmt.Errorf("unknown websocket frame type: %d", msgType)
+			return
+		}
+
+		fmt.Fprint(s.rl.Stdout(), rxSprintf("< %s\n", text))
+	}
+}
--- a/cmd/podinfo/main.go
+++ b/cmd/podinfo/main.go
@@ -1,37 +1,256 @@
 package main

 import (
-	"flag"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
 	"time"

-	"github.com/rs/zerolog"
-	"github.com/rs/zerolog/log"
-	"github.com/stefanprodan/k8s-podinfo/pkg/server"
-	"github.com/stefanprodan/k8s-podinfo/pkg/signals"
-	"github.com/stefanprodan/k8s-podinfo/pkg/version"
-)
+	"github.com/spf13/pflag"
+	"github.com/spf13/viper"
+	"go.uber.org/zap"
+	"go.uber.org/zap/zapcore"

-var (
-	port  string
-	debug bool
+	"github.com/stefanprodan/podinfo/pkg/api/grpc"
+	"github.com/stefanprodan/podinfo/pkg/api/http"
+	"github.com/stefanprodan/podinfo/pkg/signals"
+	"github.com/stefanprodan/podinfo/pkg/version"
+	go_grpc "google.golang.org/grpc"
 )

-func init() {
-	flag.StringVar(&port, "port", "8989", "Port to listen on.")
-	flag.BoolVar(&debug, "debug", false, "sets log level to debug")
-}
-
 func main() {
-	flag.Parse()
+	// flags definition
+	fs := pflag.NewFlagSet("default", pflag.ContinueOnError)
+	fs.String("host", "", "Host to bind service to")
+	fs.Int("port", 9898, "HTTP port to bind service to")
+	fs.Int("secure-port", 0, "HTTPS port")
+	fs.Int("port-metrics", 0, "metrics port")
+	fs.Int("grpc-port", 0, "gRPC port")
+	fs.String("grpc-service-name", "podinfo", "gPRC service name")
+	fs.String("level", "info", "log level debug, info, warn, error, fatal or panic")
+	fs.StringSlice("backend-url", []string{}, "backend service URL")
+	fs.Duration("http-client-timeout", 2*time.Minute, "client timeout duration")
+	fs.Duration("http-server-timeout", 30*time.Second, "server read and write timeout duration")
+	fs.Duration("server-shutdown-timeout", 5*time.Second, "server graceful shutdown timeout duration")
+	fs.String("data-path", "/data", "data local path")
+	fs.String("config-path", "", "config dir path")
+	fs.String("cert-path", "/data/cert", "certificate path for HTTPS port")
+	fs.String("config", "config.yaml", "config file name")
+	fs.String("ui-path", "./ui", "UI local path")
+	fs.String("ui-logo", "", "UI logo")
+	fs.String("ui-color", "#34577c", "UI color")
+	fs.String("ui-message", fmt.Sprintf("greetings from podinfo v%v", version.VERSION), "UI message")
+	fs.Bool("h2c", false, "allow upgrading to H2C")
+	fs.Bool("random-delay", false, "between 0 and 5 seconds random delay by default")
+	fs.String("random-delay-unit", "s", "either s(seconds) or ms(milliseconds")
+	fs.Int("random-delay-min", 0, "min for random delay: 0 by default")
+	fs.Int("random-delay-max", 5, "max for random delay: 5 by default")
+	fs.Bool("random-error", false, "1/3 chances of a random response error")
+	fs.Bool("unhealthy", false, "when set, healthy state is never reached")
+	fs.Bool("unready", false, "when set, ready state is never reached")
+	fs.Int("stress-cpu", 0, "number of CPU cores with 100 load")
+	fs.Int("stress-memory", 0, "MB of data to load into memory")
+	fs.String("cache-server", "", "Redis address in the format 'tcp://<host>:<port>'")
+	fs.String("otel-service-name", "", "service name for reporting to open telemetry address, when not set tracing is disabled")

-	zerolog.SetGlobalLevel(zerolog.InfoLevel)
-	if debug {
-		zerolog.SetGlobalLevel(zerolog.DebugLevel)
+	versionFlag := fs.BoolP("version", "v", false, "get version number")
+
+	// parse flags
+	err := fs.Parse(os.Args[1:])
+	switch {
+	case err == pflag.ErrHelp:
+		os.Exit(0)
+	case err != nil:
+		fmt.Fprintf(os.Stderr, "Error: %s\n\n", err.Error())
+		fs.PrintDefaults()
+		os.Exit(2)
+	case *versionFlag:
+		fmt.Println(version.VERSION)
+		os.Exit(0)
 	}

-	log.Info().Msgf("Starting podinfo version %s commit %s", version.VERSION, version.GITCOMMIT)
-	log.Debug().Msgf("Starting HTTP server on port %v", port)
+	// bind flags and environment variables
+	viper.BindPFlags(fs)
+	viper.RegisterAlias("backendUrl", "backend-url")
+	hostname, _ := os.Hostname()
+	viper.SetDefault("jwt-secret", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9")
+	viper.SetDefault("ui-logo", "https://raw.githubusercontent.com/stefanprodan/podinfo/gh-pages/cuddle_clap.gif")
+	viper.Set("hostname", hostname)
+	viper.Set("version", version.VERSION)
+	viper.Set("revision", version.REVISION)
+	viper.SetEnvPrefix("PODINFO")
+	viper.SetEnvKeyReplacer(strings.NewReplacer("-", "_"))
+	viper.AutomaticEnv()

+	// load config from file
+	if _, fileErr := os.Stat(filepath.Join(viper.GetString("config-path"), viper.GetString("config"))); fileErr == nil {
+		viper.SetConfigName(strings.Split(viper.GetString("config"), ".")[0])
+		viper.AddConfigPath(viper.GetString("config-path"))
+		if readErr := viper.ReadInConfig(); readErr != nil {
+			fmt.Printf("Error reading config file, %v\n", readErr)
+		}
+	}
+
+	// configure logging
+	logger, _ := initZap(viper.GetString("level"))
+	defer logger.Sync()
+	stdLog := zap.RedirectStdLog(logger)
+	defer stdLog()
+
+	// start stress tests if any
+	beginStressTest(viper.GetInt("stress-cpu"), viper.GetInt("stress-memory"), logger)
+
+	// validate port
+	if _, err := strconv.Atoi(viper.GetString("port")); err != nil {
+		port, _ := fs.GetInt("port")
+		viper.Set("port", strconv.Itoa(port))
+	}
+
+	// validate secure port
+	if _, err := strconv.Atoi(viper.GetString("secure-port")); err != nil {
+		securePort, _ := fs.GetInt("secure-port")
+		viper.Set("secure-port", strconv.Itoa(securePort))
+	}
+
+	// validate random delay options
+	if viper.GetInt("random-delay-max") < viper.GetInt("random-delay-min") {
+		logger.Panic("`--random-delay-max` should be greater than `--random-delay-min`")
+	}
+
+	switch delayUnit := viper.GetString("random-delay-unit"); delayUnit {
+	case
+		"s",
+		"ms":
+		break
+	default:
+		logger.Panic("`random-delay-unit` accepted values are: s|ms")
+	}
+
+	// load gRPC server config
+	var grpcCfg grpc.Config
+	if err := viper.Unmarshal(&grpcCfg); err != nil {
+		logger.Panic("config unmarshal failed", zap.Error(err))
+	}
+
+	// start gRPC server
+	var grpcServer *go_grpc.Server
+	if grpcCfg.Port > 0 {
+		grpcSrv, _ := grpc.NewServer(&grpcCfg, logger)
+		//grpcinfoSrv, _ := grpc.NewInfoServer(&grpcCfg)
+
+		grpcServer = grpcSrv.ListenAndServe()
+	}
+
+	// load HTTP server config
+	var srvCfg http.Config
+	if err := viper.Unmarshal(&srvCfg); err != nil {
+		logger.Panic("config unmarshal failed", zap.Error(err))
+	}
+
+	// log version and port
+	logger.Info("Starting podinfo",
+		zap.String("version", viper.GetString("version")),
+		zap.String("revision", viper.GetString("revision")),
+		zap.String("port", srvCfg.Port),
+	)
+
+	// start HTTP server
+	srv, _ := http.NewServer(&srvCfg, logger)
+	httpServer, httpsServer, healthy, ready := srv.ListenAndServe()
+
+	// graceful shutdown
 	stopCh := signals.SetupSignalHandler()
-	server.ListenAndServe(port, 5*time.Second, stopCh)
+	sd, _ := signals.NewShutdown(srvCfg.ServerShutdownTimeout, logger)
+	sd.Graceful(stopCh, httpServer, httpsServer, grpcServer, healthy, ready)
+}
+
+func initZap(logLevel string) (*zap.Logger, error) {
+	level := zap.NewAtomicLevelAt(zapcore.InfoLevel)
+	switch logLevel {
+	case "debug":
+		level = zap.NewAtomicLevelAt(zapcore.DebugLevel)
+	case "info":
+		level = zap.NewAtomicLevelAt(zapcore.InfoLevel)
+	case "warn":
+		level = zap.NewAtomicLevelAt(zapcore.WarnLevel)
+	case "error":
+		level = zap.NewAtomicLevelAt(zapcore.ErrorLevel)
+	case "fatal":
+		level = zap.NewAtomicLevelAt(zapcore.FatalLevel)
+	case "panic":
+		level = zap.NewAtomicLevelAt(zapcore.PanicLevel)
+	}
+
+	zapEncoderConfig := zapcore.EncoderConfig{
+		TimeKey:        "ts",
+		LevelKey:       "level",
+		NameKey:        "logger",
+		CallerKey:      "caller",
+		MessageKey:     "msg",
+		StacktraceKey:  "stacktrace",
+		LineEnding:     zapcore.DefaultLineEnding,
+		EncodeLevel:    zapcore.LowercaseLevelEncoder,
+		EncodeTime:     zapcore.ISO8601TimeEncoder,
+		EncodeDuration: zapcore.SecondsDurationEncoder,
+		EncodeCaller:   zapcore.ShortCallerEncoder,
+	}
+
+	zapConfig := zap.Config{
+		Level:       level,
+		Development: false,
+		Sampling: &zap.SamplingConfig{
+			Initial:    100,
+			Thereafter: 100,
+		},
+		Encoding:         "json",
+		EncoderConfig:    zapEncoderConfig,
+		OutputPaths:      []string{"stderr"},
+		ErrorOutputPaths: []string{"stderr"},
+	}
+
+	return zapConfig.Build()
+}
+
+var stressMemoryPayload []byte
+
+func beginStressTest(cpus int, mem int, logger *zap.Logger) {
+	done := make(chan int)
+	if cpus > 0 {
+		logger.Info("starting CPU stress", zap.Int("cores", cpus))
+		for i := 0; i < cpus; i++ {
+			go func() {
+				for {
+					select {
+					case <-done:
+						return
+					default:
+
+					}
+				}
+			}()
+		}
+	}
+
+	if mem > 0 {
+		path := "/tmp/podinfo.data"
+		f, err := os.Create(path)
+
+		if err != nil {
+			logger.Error("memory stress failed", zap.Error(err))
+		}
+
+		if err := f.Truncate(1000000 * int64(mem)); err != nil {
+			logger.Error("memory stress failed", zap.Error(err))
+		}
+
+		stressMemoryPayload, err = os.ReadFile(path)
+		f.Close()
+		os.Remove(path)
+		if err != nil {
+			logger.Error("memory stress failed", zap.Error(err))
+		}
+		logger.Info("starting MEMORY stress", zap.Int("memory", len(stressMemoryPayload)))
+	}
 }
--- a/deploy/README.md
+++ b/deploy/README.md
@@ -0,0 +1,45 @@
+# Deploy demo webapp
+
+Demo webapp manifests:
+
+- [common](webapp/common)
+- [frontend](webapp/frontend)
+- [backend](webapp/backend)
+
+Deploy the demo in `webapp` namespace:
+
+```bash
+kubectl apply -f ./webapp/common
+kubectl apply -f ./webapp/backend
+kubectl apply -f ./webapp/frontend
+```
+
+Deploy the demo in the `dev` namespace:
+
+```bash
+kustomize build ./overlays/dev | kubectl apply -f-
+```
+
+Deploy the demo in the `staging` namespace:
+
+```bash
+kustomize build ./overlays/staging | kubectl apply -f-
+```
+
+Deploy the demo in the `production` namespace:
+
+```bash
+kustomize build ./overlays/production | kubectl apply -f-
+```
+
+## Testing Locally Using Kind
+
+> NOTE: You can install [kind from here](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)
+
+The following will create a new cluster called "podinfo" and configure host ports on 80 and 443. You can access the
+endpoints on localhost. The example also deploys cert-manager within the cluster along with a self-signed cluster issuer
+used to generate the certificate to validate the secure port.
+
+```sh
+./kind.sh
+```
--- a/deploy/ambassador-backends/blue-dep.yaml
+++ b/deploy/ambassador-backends/blue-dep.yaml
@@ -1,52 +0,0 @@
---
-apiVersion: apps/v1beta2
-kind: Deployment
-metadata:
-  name: blue
-  labels:
-    app: blue
-spec:
-  replicas: 2
-  selector:
-    matchLabels:
-     app: blue
-  template:
-    metadata:
-      labels:
-        app: blue
-      annotations:
-        prometheus.io/scrape: 'true'
-    spec:
-      containers:
-      - name: podinfod
-        image: stefanprodan/podinfo:0.0.9
-        imagePullPolicy: Always
-        command:
-          - ./podinfo
-          - -port=9898
-          - -logtostderr=true
-          - -v=2
-        ports:
-        - containerPort: 9898
-          protocol: TCP
-        readinessProbe:
-          httpGet:
-            path: /readyz
-            port: 9898
-          initialDelaySeconds: 1
-          periodSeconds: 2
-          failureThreshold: 1
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: 9898
-          initialDelaySeconds: 1
-          periodSeconds: 3
-          failureThreshold: 2
-        resources:
-          requests:
-            memory: "32Mi"
-            cpu: "10m"
-          limits:
-            memory: "256Mi"
-            cpu: "100m"
--- a/deploy/ambassador-backends/blue-svc.yaml
+++ b/deploy/ambassador-backends/blue-svc.yaml
@@ -1,22 +0,0 @@
---
-apiVersion: v1
-kind: Service
-metadata:
-  name: blue
-  annotations:
-    getambassador.io/config: |
-      ---
-      apiVersion: ambassador/v0
-      kind: Mapping
-      name: blue
-      prefix: /
-      host: podinfo.test
-      service: blue.default:9898
-spec:
-  type: ClusterIP
-  ports:
-    - port: 9898
-      targetPort: 9898
-      protocol: TCP
-  selector:
-    app: blue
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				`timoni/podinfo/cue.mod/** linguist-vendored`