Merge pull request #89 from stefanprodan/release-4.0.6

Release v4.0.6

.github/workflows/cve-scan.yml

@@ -0,0 +1,23 @@
+name: cve-scan
+
+on:
+  push:
+    branches:
+      - 'master'
+
+jobs:
+  trivy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Build image
+        id: build
+        run: |
+          IMAGE=test/podinfo:${GITHUB_SHA}
+          docker build -t ${IMAGE} .
+          echo "::set-output name=image::$IMAGE"
+      - name: Scan image
+        uses: docker://docker.io/aquasec/trivy:latest
+        with:
+          args: --cache-dir /var/lib/trivy --no-progress --exit-code 1 --severity MEDIUM,HIGH,CRITICAL ${{ steps.build.outputs.image }}

Dockerfile

@@ -18,7 +18,7 @@ RUN CGO_ENABLED=0 go build -ldflags "-s -w \
     -X github.com/stefanprodan/podinfo/pkg/version.REVISION=${REVISION}" \
     -a -o bin/podcli cmd/podcli/*
 
-FROM alpine:3.11
+FROM alpine:3.12
 
 ARG BUILD_DATE
 ARG VERSION
@@ -38,7 +38,7 @@ LABEL maintainer="stefanprodan" \
 RUN addgroup -S app \
     && adduser -S -g app app \
     && apk --no-cache add \
-    curl openssl netcat-openbsd
+    ca-certificates curl netcat-openbsd
 
 WORKDIR /home/app
 

README.md

@@ -2,7 +2,7 @@
 
 [![e2e](https://github.com/stefanprodan/podinfo/workflows/e2e/badge.svg)](https://github.com/stefanprodan/podinfo/blob/master/.github/workflows/e2e.yml)
 [![test](https://github.com/stefanprodan/podinfo/workflows/test/badge.svg)](https://github.com/stefanprodan/podinfo/blob/master/.github/workflows/test.yml)
-[![release](https://github.com/stefanprodan/podinfo/workflows/release/badge.svg)](https://github.com/stefanprodan/podinfo/blob/master/.github/workflows/release.yml)
+[![cve-scan](https://github.com/stefanprodan/podinfo/workflows/cve-scan/badge.svg)](https://github.com/stefanprodan/podinfo/blob/master/.github/workflows/cve-scan.yml)
 [![Go Report Card](https://goreportcard.com/badge/github.com/stefanprodan/podinfo)](https://goreportcard.com/report/github.com/stefanprodan/podinfo)
 [![Docker Pulls](https://img.shields.io/docker/pulls/stefanprodan/podinfo)](https://hub.docker.com/r/stefanprodan/podinfo)
 
@@ -24,6 +24,7 @@ Specifications:
 * End-to-End testing with Kubernetes Kind and Helm
 * Kustomize testing with GitHub Actions and Open Policy Agent
 * Multi-arch container image with Docker buildx and Github Actions
+* CVE scanning with trivy
 
 Web API:
 

charts/podinfo/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
-version: 4.0.1
-appVersion: 4.0.1
+version: 4.0.6
+appVersion: 4.0.6
 name: podinfo
 engine: gotpl
 description: Podinfo Helm chart for Kubernetes

charts/podinfo/README.md

@@ -37,6 +37,7 @@ Parameter | Default | Description
 `backend` | `None` | Echo backend URL
 `backends` | `[]` | Array of echo backend URLs
 `cache` | `None` | Redis address in the format `<host>:<port>`
+`redis.enabled` | `false` | Create Redis deployment for caching purposes
 `ui.color` | `#34577c` |  UI color
 `ui.message` | `None` |  UI greetings message
 `ui.logo` | `None` |  UI logo
@@ -80,6 +81,7 @@ Parameter | Default | Description
 `nodeSelector` | `{}` | Node labels for pod assignment
 `tolerations` | `[]` | List of node taints to tolerate
 `affinity` | `None` | Node/pod affinities
+`podAnnotations` | `{}` | Pod annotations
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 
@@ -88,6 +90,13 @@ $ helm install my-release podinfo/podinfo \
   --set=serviceMonitor.enabled=true,serviceMonitor.interval=5s
 ```
 
+To add custom annotations you need to escape the annotation key string:
+
+```console
+$ helm upgrade -i my-release podinfo/podinfo \
+--set podAnnotations."appmesh\.k8s\.aws\/preview"=enabled
+```
+
 Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
 
 ```console

charts/podinfo/templates/deployment.yaml

@@ -25,6 +25,9 @@ spec:
       annotations:
         prometheus.io/scrape: "true"
         prometheus.io/port: "{{ .Values.service.httpPort }}"
+        {{- range $key, $value := .Values.podAnnotations }}
+        {{ $key }}: {{ $value | quote }}
+        {{- end }}
     spec:
       terminationGracePeriodSeconds: 30
       {{- if .Values.serviceAccount.enabled }}
@@ -51,6 +54,8 @@ spec:
             {{- end }}
             {{- if .Values.cache }}
             - --cache-server={{ .Values.cache }}
+            {{- else if .Values.redis.enabled }}
+            - --cache-server={{ template "podinfo.fullname" . }}:6379
             {{- end }}
             - --level={{ .Values.logLevel }}
             - --random-delay={{ .Values.faults.delay }}

charts/podinfo/templates/redis/config.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.redis.enabled -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "podinfo.fullname" . }}-redis
+data:
+  redis.conf: |
+    maxmemory 64mb
+    maxmemory-policy allkeys-lru
+    save ""
+    appendonly no
+{{- end }}

charts/podinfo/templates/redis/deployment.yaml

@@ -0,0 +1,68 @@
+{{- if .Values.redis.enabled -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "podinfo.fullname" . }}-redis
+  labels:
+    app: {{ template "podinfo.fullname" . }}-redis
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: {{ template "podinfo.fullname" . }}-redis
+  template:
+    metadata:
+      labels:
+        app: {{ template "podinfo.fullname" . }}-redis
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/redis/config.yaml") . | sha256sum | quote }}
+    spec:
+      {{- if .Values.serviceAccount.enabled }}
+      serviceAccountName: {{ template "podinfo.serviceAccountName" . }}
+      {{- end }}
+      containers:
+        - name: redis
+          image: "{{ .Values.redis.repository }}:{{ .Values.redis.tag }}"
+          imagePullPolicy: IfNotPresent
+          command:
+            - redis-server
+            - "/redis-master/redis.conf"
+          ports:
+            - name: redis
+              containerPort: 6379
+              protocol: TCP
+          livenessProbe:
+            tcpSocket:
+              port: redis
+            initialDelaySeconds: 5
+            timeoutSeconds: 5
+          readinessProbe:
+            exec:
+              command:
+                - redis-cli
+                - ping
+            initialDelaySeconds: 5
+            timeoutSeconds: 5
+          resources:
+            limits:
+              cpu: 1000m
+              memory: 128Mi
+            requests:
+              cpu: 100m
+              memory: 32Mi
+          volumeMounts:
+            - mountPath: /var/lib/redis
+              name: data
+            - mountPath: /redis-master
+              name: config
+      volumes:
+        - name: data
+          emptyDir: {}
+        - name: config
+          configMap:
+            name: {{ template "podinfo.fullname" . }}-redis
+            items:
+              - key: redis.conf
+                path: redis.conf
+{{- end }}

charts/podinfo/templates/redis/service.yaml

@@ -0,0 +1,17 @@
+{{- if .Values.redis.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "podinfo.fullname" . }}-redis
+  labels:
+    app: {{ template "podinfo.fullname" . }}-redis
+spec:
+  type: ClusterIP
+  selector:
+    app: {{ template "podinfo.fullname" . }}-redis
+  ports:
+    - name: redis
+      port: 6379
+      protocol: TCP
+      targetPort: redis
+{{- end }}

charts/podinfo/values.yaml

@@ -4,7 +4,6 @@ replicaCount: 1
 logLevel: info
 backend: #http://backend-podinfo:9898/echo
 backends: []
-cache: ""
 
 ui:
   color: "#34577c"
@@ -24,7 +23,7 @@ h2c:
 
 image:
   repository: stefanprodan/podinfo
-  tag: 4.0.1
+  tag: 4.0.6
   pullPolicy: IfNotPresent
 
 service:
@@ -48,6 +47,14 @@ hpa:
   # average http requests per second per pod (k8s-prometheus-adapter)
   requests:
 
+# Redis address in the format <host>:<port>
+cache: ""
+# Redis deployment
+redis:
+  enabled: false
+  repository: redis
+  tag: 6.0.1
+
 serviceAccount:
   # Specifies whether a service account should be created
   enabled: false
@@ -88,3 +95,4 @@ tolerations: []
 
 affinity: {}
 
+podAnnotations: {}

cmd/podinfo/main.go

@@ -40,7 +40,10 @@ func main() {
 	fs.String("ui-color", "#34577c", "UI color")
 	fs.String("ui-message", fmt.Sprintf("greetings from podinfo v%v", version.VERSION), "UI message")
 	fs.Bool("h2c", false, "allow upgrading to H2C")
-	fs.Bool("random-delay", false, "between 0 and 5 seconds random delay")
+	fs.Bool("random-delay", false, "between 0 and 5 seconds random delay by default")
+	fs.String("random-delay-unit", "s", "either s(seconds) or ms(milliseconds")
+	fs.Int("random-delay-min", 0, "min for random delay: 0 by default")
+	fs.Int("random-delay-max", 5, "max for random delay: 5 by default")
 	fs.Bool("random-error", false, "1/3 chances of a random response error")
 	fs.Bool("unhealthy", false, "when set, healthy state is never reached")
 	fs.Bool("unready", false, "when set, ready state is never reached")
@@ -101,6 +104,20 @@ func main() {
 		viper.Set("port", strconv.Itoa(port))
 	}
 
+	// validate random delay options
+	if viper.GetInt("random-delay-max") < viper.GetInt("random-delay-min") {
+		logger.Panic("`--random-delay-max` should be greater than `--random-delay-min`")
+	}
+
+	switch delayUnit := viper.GetString("random-delay-unit"); delayUnit {
+	case
+		"s",
+		"ms":
+		break
+	default:
+		logger.Panic("`random-delay-unit` accepted values are: s|ms")
+	}
+
 	// load gRPC server config
 	var grpcCfg grpc.Config
 	if err := viper.Unmarshal(&grpcCfg); err != nil {

deploy/bases/backend/deployment.yaml

@@ -23,7 +23,7 @@ spec:
     spec:
       containers:
       - name: backend
-        image: stefanprodan/podinfo:4.0.1
+        image: stefanprodan/podinfo:4.0.6
         imagePullPolicy: IfNotPresent
         ports:
         - name: http

deploy/bases/frontend/deployment.yaml

@@ -23,7 +23,7 @@ spec:
     spec:
       containers:
       - name: frontend
-        image: stefanprodan/podinfo:4.0.1
+        image: stefanprodan/podinfo:4.0.6
         imagePullPolicy: IfNotPresent
         ports:
         - name: http

deploy/webapp/backend/deployment.yaml

@@ -25,7 +25,7 @@ spec:
       serviceAccountName: webapp
       containers:
       - name: backend
-        image: stefanprodan/podinfo:4.0.1
+        image: stefanprodan/podinfo:4.0.6
         imagePullPolicy: IfNotPresent
         ports:
         - name: http

deploy/webapp/frontend/deployment.yaml

@@ -25,7 +25,7 @@ spec:
       serviceAccountName: webapp
       containers:
       - name: frontend
-        image: stefanprodan/podinfo:4.0.1
+        image: stefanprodan/podinfo:4.0.6
         imagePullPolicy: IfNotPresent
         ports:
         - name: http

go.sum

@@ -23,6 +23,7 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 h1:JYp7IbQjafoB+tBA3gMyHYHrpOtNuDiK/uB5uXxq5wM=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4 h1:Hs82Z41s6SdL1CELW+XaDYmOH4hkBN4/N9og/AsOv7E=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/aws/aws-sdk-go v1.15.78 h1:LaXy6lWR0YK7LKyuU0QWy2ws/LWTPfYV/UgfiBu4tvY=
@@ -244,6 +245,7 @@ github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdh
 github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
@@ -441,6 +443,7 @@ google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ij
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.23.0 h1:AzbTB6ux+okLTzP8Ru1Xs41C303zdcfEht7MQnYJt5A=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

kustomize/deployment.yaml

@@ -23,7 +23,7 @@ spec:
     spec:
       containers:
       - name: podinfod
-        image: stefanprodan/podinfo:4.0.1
+        image: stefanprodan/podinfo:4.0.6
         imagePullPolicy: IfNotPresent
         ports:
         - name: http

pkg/api/delay.go

@@ -1,6 +1,7 @@
 package api
 
 import (
+	"math/rand"
 	"net/http"
 
 	"strconv"
@@ -9,6 +10,39 @@ import (
 	"github.com/gorilla/mux"
 )
 
+type RandomDelayMiddleware struct {
+	min  int
+	max  int
+	unit string
+}
+
+func NewRandomDelayMiddleware(minDelay, maxDelay int, delayUnit string) *RandomDelayMiddleware {
+	return &RandomDelayMiddleware{
+		min:  minDelay,
+		max:  maxDelay,
+		unit: delayUnit,
+	}
+}
+
+func (m *RandomDelayMiddleware) Handler(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		var unit time.Duration
+		rand.Seed(time.Now().Unix())
+		switch m.unit {
+		case "s":
+			unit = time.Second
+		case "ms":
+			unit = time.Millisecond
+		default:
+			unit = time.Second
+		}
+
+		delay := rand.Intn(m.max-m.min) + m.min
+		time.Sleep(time.Duration(delay) * unit)
+		next.ServeHTTP(w, r)
+	})
+}
+
 // Delay godoc
 // @Summary Delay
 // @Description waits for the specified period

pkg/api/http.go

@@ -11,17 +11,6 @@ import (
 	"go.uber.org/zap"
 )
 
-func randomDelayMiddleware(next http.Handler) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		min := 0
-		max := 5
-		rand.Seed(time.Now().Unix())
-		delay := rand.Intn(max-min) + min
-		time.Sleep(time.Duration(delay) * time.Second)
-		next.ServeHTTP(w, r)
-	})
-}
-
 func randomErrorMiddleware(next http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		rand.Seed(time.Now().Unix())

pkg/api/server.go

@@ -59,6 +59,9 @@ type Config struct {
 	Hostname                  string        `mapstructure:"hostname"`
 	H2C                       bool          `mapstructure:"h2c"`
 	RandomDelay               bool          `mapstructure:"random-delay"`
+	RandomDelayUnit           string        `mapstructure:"random-delay-unit"`
+	RandomDelayMin            int           `mapstructure:"random-delay-min"`
+	RandomDelayMax            int           `mapstructure:"random-delay-max"`
 	RandomError               bool          `mapstructure:"random-error"`
 	Unhealthy                 bool          `mapstructure:"unhealthy"`
 	Unready                   bool          `mapstructure:"unready"`
@@ -134,7 +137,8 @@ func (s *Server) registerMiddlewares() {
 	s.router.Use(httpLogger.Handler)
 	s.router.Use(versionMiddleware)
 	if s.config.RandomDelay {
-		s.router.Use(randomDelayMiddleware)
+		randomDelayer := NewRandomDelayMiddleware(s.config.RandomDelayMin, s.config.RandomDelayMax, s.config.RandomDelayUnit)
+		s.router.Use(randomDelayer.Handler)
 	}
 	if s.config.RandomError {
 		s.router.Use(randomErrorMiddleware)

pkg/grpc/server.go

@@ -8,6 +8,7 @@ import (
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/health"
 	"google.golang.org/grpc/health/grpc_health_v1"
+	"google.golang.org/grpc/reflection"
 )
 
 type Server struct {
@@ -37,6 +38,7 @@ func (s *Server) ListenAndServe() {
 
 	srv := grpc.NewServer()
 	server := health.NewServer()
+	reflection.Register(srv)
 	grpc_health_v1.RegisterHealthServer(srv, server)
 	server.SetServingStatus(s.config.ServiceName, grpc_health_v1.HealthCheckResponse_SERVING)
 

pkg/version/version.go

@@ -1,4 +1,4 @@
 package version
 
-var VERSION = "4.0.1"
+var VERSION = "4.0.6"
 var REVISION = "unknown"