Release v3.1.4

feat: Add H2C support

.github/policy/kubernetes.rego

@@ -0,0 +1,51 @@
+package kubernetes
+
+name = input.metadata.name
+
+kind = input.kind
+
+is_service {
+	input.kind = "Service"
+}
+
+is_deployment {
+	input.kind = "Deployment"
+}
+
+is_pod {
+	input.kind = "Pod"
+}
+
+split_image(image) = [image, "latest"] {
+	not contains(image, ":")
+}
+
+split_image(image) = [image_name, tag] {
+	[image_name, tag] = split(image, ":")
+}
+
+pod_containers(pod) = all_containers {
+	keys = {"containers", "initContainers"}
+	all_containers = [c | keys[k]; c = pod.spec[k][_]]
+}
+
+containers[container] {
+	pods[pod]
+	all_containers = pod_containers(pod)
+	container = all_containers[_]
+}
+
+containers[container] {
+	all_containers = pod_containers(input)
+	container = all_containers[_]
+}
+
+pods[pod] {
+	is_deployment
+	pod = input.spec.template
+}
+
+pods[pod] {
+	is_pod
+	pod = input
+}

.github/policy/rules.rego

@@ -0,0 +1,43 @@
+package main
+
+import data.kubernetes
+
+name = input.metadata.name
+
+# Deny containers with latest image tag
+deny[msg] {
+	kubernetes.containers[container]
+	[image_name, "latest"] = kubernetes.split_image(container.image)
+	msg = sprintf("%s in the %s %s has an image %s, using the latest tag", [container.name, kubernetes.kind, kubernetes.name, image_name])
+}
+
+# Deny services without app label selector
+service_labels {
+  input.spec.selector["app"]
+}
+deny[msg] {
+  kubernetes.is_service
+  not service_labels
+  msg = sprintf("Service %s should set app label selector", [name])
+}
+
+# Deny deployments without app label selector
+match_labels {
+  input.spec.selector.matchLabels["app"]
+}
+deny[msg] {
+  kubernetes.is_deployment
+  not match_labels
+  msg = sprintf("Service %s should set app label selector", [name])
+}
+
+# Warn if deployments have no prometheus pod annotations
+annotations {
+  input.spec.template.metadata.annotations["prometheus.io/scrape"]
+  input.spec.template.metadata.annotations["prometheus.io/port"]
+}
+warn[msg] {
+  kubernetes.is_deployment
+  not annotations
+  msg = sprintf("Deployment %s should set prometheus.io/scrape and prometheus.io/port pod annotations", [name])
+}

.github/workflows/test.yml

@@ -0,0 +1,17 @@
+on: [push, pull_request]
+name: kustomize
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: kubeval
+        uses: stefanprodan/kube-tools@v1
+        with:
+          command: |
+            kustomize build ./kustomize | kubeval --strict
+      - name: conftest
+        uses: stefanprodan/kube-tools@v1
+        with:
+          command: |
+            kustomize build ./kustomize | conftest test -p .github/policy -

README.md

@@ -1,10 +1,11 @@
 # podinfo
 
 [![CircleCI](https://circleci.com/gh/stefanprodan/podinfo.svg?style=svg)](https://circleci.com/gh/stefanprodan/podinfo)
+[![conftest](https://github.com/stefanprodan/podinfo/workflows/test/badge.svg)](https://github.com/stefanprodan/podinfo/blob/master/.github/workflows/test.yml)
+[![Go Report Card](https://goreportcard.com/badge/github.com/stefanprodan/podinfo)](https://goreportcard.com/report/github.com/stefanprodan/podinfo)
 [![Docker Pulls](https://img.shields.io/docker/pulls/stefanprodan/podinfo)](https://hub.docker.com/r/stefanprodan/podinfo)
 
-Podinfo is a tiny web application made with Go 
-that showcases best practices of running microservices in Kubernetes.
+Podinfo is a tiny web application made with Go that showcases best practices of running microservices in Kubernetes.
 
 Specifications:
 
@@ -13,12 +14,14 @@ Specifications:
 * File watcher for secrets and configmaps
 * Instrumented with Prometheus
 * Tracing with Istio and Jaeger
+* Linkerd service profile
 * Structured logging with zap 
 * 12-factor app with viper
 * Fault injection (random errors and latency)
 * Swagger docs
 * Helm and Kustomize installers
 * End-to-End testing with Kubernetes Kind and Helm
+* Kustomize testing with GitHub Actions and Open Policy Agent
 
 Web API:
 
@@ -66,20 +69,20 @@ To access the Swagger UI open `<podinfo-host>/swagger/index.html` in a browser.
 Helm:
 
 ```bash
-helm repo add sp https://stefanprodan.github.io/podinfo
+helm repo add podinfo https://stefanprodan.github.io/podinfo
 
 helm upgrade --install --wait frontend \
 --namespace test \
 --set replicaCount=2 \
 --set backend=http://backend-podinfo:9898/echo \
-sp/podinfo
+podinfo/podinfo
 
 helm test frontend --cleanup
 
 helm upgrade --install --wait backend \
 --namespace test \
 --set hpa.enabled=true \
-sp/podinfo
+podinfo/podinfo
 ```
 
 Kustomize:

charts/podinfo/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
-version: 3.1.2
-appVersion: 3.1.2
+version: 3.1.4
+appVersion: 3.1.4
 name: podinfo
 engine: gotpl
 description: Podinfo Helm chart for Kubernetes

charts/podinfo/README.md

@@ -66,6 +66,7 @@ Parameter | Description | Default
 `tolerations` | list of node taints to tolerate | `[]`
 `serviceAccount.enabled` | specifies whether a service account should be created | `false`
 `serviceAccount.name` | the name of the service account to use, if not set and create is true, a name is generated using the fullname template | None
+`linkerd.profile.enabled` | create Linkerd service profile | `false`
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 

charts/podinfo/templates/deployment.yaml

@@ -54,6 +54,9 @@ spec:
             - --level={{ .Values.logLevel }}
             - --random-delay={{ .Values.faults.delay }}
             - --random-error={{ .Values.faults.error }}
+            {{- if .Values.h2c.enabled }}
+            - --h2c
+            {{- end }}
           env:
           {{- if .Values.ui.message }}
           - name: PODINFO_UI_MESSAGE

charts/podinfo/templates/linkerd.yaml

@@ -0,0 +1,88 @@
+{{- if .Values.linkerd.profile.enabled -}}
+apiVersion: linkerd.io/v1alpha2
+kind: ServiceProfile
+metadata:
+  name: {{ template "podinfo.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
+spec:
+  routes:
+    - condition:
+        method: GET
+        pathRegex: /
+      name: GET /
+    - condition:
+        method: POST
+        pathRegex: /api/echo
+      name: POST /api/echo
+    - condition:
+        method: GET
+        pathRegex: /api/info
+      name: GET /api/info
+    - condition:
+        method: GET
+        pathRegex: /chunked/[^/]*
+      name: GET /chunked/{seconds}
+    - condition:
+        method: GET
+        pathRegex: /delay/[^/]*
+      name: GET /delay/{seconds}
+    - condition:
+        method: GET
+        pathRegex: /env
+      name: GET /env
+    - condition:
+        method: GET
+        pathRegex: /headers
+      name: GET /headers
+    - condition:
+        method: GET
+        pathRegex: /healthz
+      name: GET /healthz
+    - condition:
+        method: GET
+        pathRegex: /metrics
+      name: GET /metrics
+    - condition:
+        method: GET
+        pathRegex: /panic
+      name: GET /panic
+    - condition:
+        method: GET
+        pathRegex: /readyz
+      name: GET /readyz
+    - condition:
+        method: POST
+        pathRegex: /readyz/disable
+      name: POST /readyz/disable
+    - condition:
+        method: POST
+        pathRegex: /readyz/enable
+      name: POST /readyz/enable
+    - condition:
+        method: GET
+        pathRegex: /status/[^/]*
+      name: GET /status/{code}
+    - condition:
+        method: POST
+        pathRegex: /store
+      name: POST /store
+    - condition:
+        method: GET
+        pathRegex: /store/[^/]*
+      name: GET /store/{hash}
+    - condition:
+        method: POST
+        pathRegex: /token
+      name: POST /token
+    - condition:
+        method: POST
+        pathRegex: /token/validate
+      name: POST /token/validate
+    - condition:
+        method: GET
+        pathRegex: /version
+      name: GET /version
+    - condition:
+        method: POST
+        pathRegex: /ws/echo
+      name: POST /ws/echo
+{{- end }}

charts/podinfo/values.yaml

@@ -14,9 +14,12 @@ faults:
   delay: false
   error: false
 
+h2c:
+  enabled: false
+
 image:
   repository: stefanprodan/podinfo
-  tag: 3.1.2
+  tag: 3.1.4
   pullPolicy: IfNotPresent
 
 service:
@@ -47,6 +50,10 @@ serviceAccount:
   # If not set and create is true, a name is generated using the fullname template
   name:
 
+linkerd:
+  profile:
+    enabled: false
+
 ingress:
   enabled: false
   annotations: {}

cmd/podinfo/main.go

@@ -39,6 +39,7 @@ func main() {
 	fs.String("ui-logo", "", "UI logo")
 	fs.String("ui-color", "cyan", "UI color")
 	fs.String("ui-message", fmt.Sprintf("greetings from podinfo v%v", version.VERSION), "UI message")
+	fs.Bool("h2c", false, "Allow upgrading to H2C")
 	fs.Bool("random-delay", false, "between 0 and 5 seconds random delay")
 	fs.Bool("random-error", false, "1/3 chances of a random response error")
 	fs.Int("stress-cpu", 0, "Number of CPU cores with 100 load")

go.mod

@@ -47,6 +47,6 @@ require (
 	go.uber.org/atomic v1.3.2 // indirect
 	go.uber.org/multierr v1.1.0 // indirect
 	go.uber.org/zap v1.9.1
-	golang.org/x/net v0.0.0-20190724013045-ca1201d0de80 // indirect
+	golang.org/x/net v0.0.0-20190724013045-ca1201d0de80
 	google.golang.org/grpc v1.23.0
 )

kustomize/deployment.yaml

@@ -25,7 +25,7 @@ spec:
     spec:
       containers:
       - name: podinfod
-        image: stefanprodan/podinfo:3.1.2
+        image: stefanprodan/podinfo:3.1.4
         imagePullPolicy: IfNotPresent
         ports:
         - name: http

pkg/api/server.go

@@ -4,6 +4,9 @@ import (
 	"context"
 	"fmt"
 	"github.com/swaggo/swag"
+	"golang.org/x/net/http2"
+	"golang.org/x/net/http2/h2c"
+
 	"net/http"
 	_ "net/http/pprof"
 	"os"
@@ -59,6 +62,7 @@ type Config struct {
 	Port                      string        `mapstructure:"port"`
 	PortMetrics               int           `mapstructure:"port-metrics"`
 	Hostname                  string        `mapstructure:"hostname"`
+	H2C                       bool          `mapstructure:"h2c"`
 	RandomDelay               bool          `mapstructure:"random-delay"`
 	RandomError               bool          `mapstructure:"random-error"`
 	JWTSecret                 string        `mapstructure:"jwt-secret"`
@@ -141,12 +145,19 @@ func (s *Server) ListenAndServe(stopCh <-chan struct{}) {
 	s.registerHandlers()
 	s.registerMiddlewares()
 
+	var handler http.Handler
+	if s.config.H2C {
+		handler = h2c.NewHandler(s.router, &http2.Server{})
+	} else {
+		handler = s.router
+	}
+
 	srv := &http.Server{
 		Addr:         ":" + s.config.Port,
 		WriteTimeout: s.config.HttpServerTimeout,
 		ReadTimeout:  s.config.HttpServerTimeout,
 		IdleTimeout:  2 * s.config.HttpServerTimeout,
-		Handler:      s.router,
+		Handler:      handler,
 	}
 
 	//s.printRoutes()

pkg/version/version.go

@@ -1,4 +1,4 @@
 package version
 
-var VERSION = "3.1.2"
+var VERSION = "3.1.4"
 var REVISION = "unknown"

ui/vue.html

@@ -19,7 +19,7 @@
    <v-app dark>
     <v-content>
       <section>
-        <v-parallax id="parallax-hero" src="#" :class="info.color">
+        <v-parallax id="parallax-hero" src="https://upload.wikimedia.org/wikipedia/commons/c/ca/1x1.png" :class="info.color">
           <v-layout
             column
             align-center