Merge pull request #140 from stefanprodan/release-6.0.0

Release v6.0.0
2026-04-07 11:36:50 +00:00 · 2021-06-16 15:30:23 +03:00 · 2021-06-16 15:24:35 +03:00 · 2021-06-16 15:21:02 +03:00 · 2021-06-16 15:16:43 +03:00 · 2021-06-16 14:54:25 +03:00
53 changed files with 1384 additions and 472 deletions
--- a/.github/actions/helm/Dockerfile
+++ b/.github/actions/helm/Dockerfile
@@ -1,6 +0,0 @@
-FROM stefanprodan/alpine-base:latest
-
-COPY entrypoint.sh /entrypoint.sh
-RUN chmod +x /entrypoint.sh
-
-ENTRYPOINT ["/entrypoint.sh"]
--- a/.github/actions/helm/action.yml
+++ b/.github/actions/helm/action.yml
@@ -1,15 +1,33 @@
-name: 'helm'
-description: 'A GitHub Action to run helm commands'
-author: 'Stefan Prodan'
+name: Setup Helm CLI
+description: A GitHub Action for running Helm commands
+author: Stefan Prodan
 branding:
-  icon: 'command'
-  color: 'blue'
+  color: blue
+  icon: command
 inputs:
-  helm-version:
-    description: Helm version to use
+  version:
+    description: "Helm version"
    required: true
 runs:
-  using: 'docker'
-  image: 'Dockerfile'
-  args:
-    - ${{ inputs.helm-version }}
+  using: composite
+  steps:
+    - name: "Download helm binary to tmp"
+      shell: bash
+      run: |
+        VERSION=${{ inputs.version }}
+        BIN_URL="https://get.helm.sh/helm-v${VERSION}-linux-amd64.tar.gz"
+        curl -sL ${BIN_URL} -o /tmp/helm.tar.gz
+        mkdir -p /tmp/helm
+        tar -C /tmp/helm/ -zxvf /tmp/helm.tar.gz
+    - name: "Add helm binary to /usr/local/bin"
+      shell: bash
+      run: |
+        sudo cp /tmp/helm/linux-amd64/helm /usr/local/bin
+    - name: "Cleanup tmp"
+      shell: bash
+      run: |
+        rm -rf /tmp/helm/ /tmp/helm.tar.gz
+    - name: "Verify correct installation of binary"
+      shell: bash
+      run: |
+        helm version
--- a/.github/actions/helm/entrypoint.sh
+++ b/.github/actions/helm/entrypoint.sh
@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-
-set -o errexit
-set -o pipefail
-
-HELM_VERSION=$1
-BIN_DIR="$GITHUB_WORKSPACE/bin"
-
-main() {
-  mkdir -p ${BIN_DIR}
-  tmpDir=$(mktemp -d)
-
-  pushd $tmpDir >& /dev/null
-
-  curl -sSL https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz | tar xz
-  cp linux-amd64/helm ${BIN_DIR}/helm
-
-  popd >& /dev/null
-  rm -rf $tmpDir
-}
-
-main
-echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
-echo "$RUNNER_WORKSPACE/$(basename $GITHUB_REPOSITORY)/bin" >> $GITHUB_PATH
--- a/.github/actions/release-notes/entrypoint.sh
+++ b/.github/actions/release-notes/entrypoint.sh
@@ -20,5 +20,6 @@ main() {
 }

 main
-echo "::add-path::$BIN_DIR"
-echo "::add-path::$RUNNER_WORKSPACE/$(basename $GITHUB_REPOSITORY)/bin"
+
+echo "$BIN_DIR" >> $GITHUB_PATH
+echo "$RUNNER_WORKSPACE/$(basename $GITHUB_REPOSITORY)/bin" >> $GITHUB_PATH
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -11,39 +11,27 @@ jobs:
    strategy:
      matrix:
        helm-version:
-          - 2.16.12
-          - 3.3.4
+          - 3.6.0
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Setup Kubernetes
-        uses: engineerd/setup-kind@v0.4.0
+        uses: engineerd/setup-kind@v0.5.0
+        with:
+          image: kindest/node:v1.19.11
      - name: Build container image
        run: |
-          GIT_COMMIT=$(git rev-list -1 HEAD) && \
-          docker build -t test/podinfo:latest --build-arg "REVISION=${GIT_COMMIT}" .
+          ./test/build.sh
          kind load docker-image test/podinfo:latest
      - name: Setup Helm
        uses: ./.github/actions/helm
        with:
-          helm-version: ${{ matrix.helm-version }}
-      - name: Install Tiller
-        if: ${{ startsWith(matrix.helm-version, '2') }}
-        run: |
-          kubectl --namespace kube-system create sa tiller
-          kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
-          helm init --service-account tiller --upgrade --wait
+          version: ${{ matrix.helm-version }}
      - name: Deploy
-        run: |
-          helm upgrade -i podinfo ./charts/podinfo \
-          --set image.repository=test/podinfo \
-          --set image.tag=latest \
-          --namespace=default
+        run: ./test/deploy.sh
      - name: Run integration tests
-        run: |
-          kubectl rollout status deployment/podinfo --timeout=1m
-          helm test podinfo
+        run: ./test/test.sh
      - name: Debug failure
        if: failure()
        run: |
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -21,7 +21,7 @@ jobs:
      - name: Setup Go
        uses: actions/setup-go@v2
        with:
-          go-version: 1.15.x
+          go-version: 1.16.x
      - name: Run unit tests
        run: make test
      - name: Check if working tree is dirty
@@ -33,11 +33,15 @@ jobs:
      - name: Validate Helm chart
        uses: stefanprodan/kube-tools@v1
        with:
+          kubectl: 1.19.11
+          helm: 2.17.0
+          helmv3: 3.6.0
          command: |
-            helmv3 template ./charts/podinfo | kubeval --strict
+            helmv3 template ./charts/podinfo | kubeval --strict --kubernetes-version 1.19.11 --schema-location https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master
      - name: Validate kustomization
        uses: stefanprodan/kube-tools@v1
        with:
+          kubectl: 1.19.11
          command: |
-            kustomize build ./kustomize | kubeval --strict
+            kustomize build ./kustomize | kubeval --strict --kubernetes-version 1.19.11 --schema-location https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master
            kustomize build ./kustomize | conftest test -p .github/policy -
--- a/6
+++ b/6
@@ -1,4 +1,4 @@
-FROM golang:1.15-alpine as builder
+FROM golang:1.16-alpine as builder

 ARG REVISION

@@ -18,7 +18,7 @@ RUN CGO_ENABLED=0 go build -ldflags "-s -w \
    -X github.com/stefanprodan/podinfo/pkg/version.REVISION=${REVISION}" \
    -a -o bin/podcli cmd/podcli/*

-FROM alpine:3.12
+FROM alpine:3.14

 ARG BUILD_DATE
 ARG VERSION
@@ -27,7 +27,7 @@ ARG REVISION
 LABEL maintainer="stefanprodan"

 RUN addgroup -S app \
-    && adduser -S -g app app \
+    && adduser -S -G app app \
    && apk --no-cache add \
    ca-certificates curl netcat-openbsd

--- a/Dockerfile.base
+++ b/Dockerfile.base
@@ -1,4 +1,4 @@
-FROM golang:1.15
+FROM golang:1.16

 WORKDIR /workspace

--- a/5
+++ b/5
@@ -15,8 +15,9 @@ run:
 	--level=debug --grpc-port=9999 --backend-url=https://httpbin.org/status/401 --backend-url=https://httpbin.org/status/500 \
 	--ui-logo=https://raw.githubusercontent.com/stefanprodan/podinfo/gh-pages/cuddle_clap.gif $(EXTRA_RUN_ARGS)

+.PHONY: test
 test:
-	go test -v -race ./...
+	go test ./... -coverprofile cover.out

 build:
 	GIT_COMMIT=$$(git rev-list -1 HEAD) && CGO_ENABLED=0 go build  -ldflags "-s -w -X github.com/stefanprodan/podinfo/pkg/version.REVISION=$(GIT_COMMIT)" -a -o ./bin/podinfo ./cmd/podinfo/*
@@ -76,4 +77,4 @@ release:

 swagger:
 	go get github.com/swaggo/swag/cmd/swag
-	cd pkg/api && $$(go env GOPATH)/bin/swag init -g server.go
+	cd pkg/api && $$(go env GOPATH)/bin/swag init -g server.go
--- a/README.md
+++ b/README.md
@@ -7,6 +7,8 @@
 [![Docker Pulls](https://img.shields.io/docker/pulls/stefanprodan/podinfo)](https://hub.docker.com/r/stefanprodan/podinfo)

 Podinfo is a tiny web application made with Go that showcases best practices of running microservices in Kubernetes.
+Podinfo is used by CNCF projects like [Flux](https://github.com/fluxcd/flux2) and [Flagger](https://github.com/fluxcd/flagger)
+for end-to-end testing and workshops.

 Specifications:

@@ -86,12 +88,11 @@ helm upgrade --install --wait frontend \
 --set backend=http://backend-podinfo:9898/echo \
 podinfo/podinfo

-# Test pods have hook-delete-policy: hook-succeeded
 helm test frontend

 helm upgrade --install --wait backend \
 --namespace test \
--set hpa.enabled=true \
+--set redis.enabled=true \
 podinfo/podinfo
 ```

@@ -105,4 +106,82 @@ Docker:

 ```bash
 docker run -dp 9898:9898 stefanprodan/podinfo
-```
+```
+
+### Continuous Delivery
+
+In order to install podinfo on a Kubernetes cluster and keep it up to date with the latest
+release in an automated manner, you can use [Flux](https://fluxcd.io).
+
+Install the Flux CLI on MacOS and Linux using Homebrew:
+
+```sh
+brew install fluxcd/tap/flux
+```
+
+Install the Flux controllers needed for Helm operations:
+
+```sh
+flux install \
+--namespace=flux-system \
+--network-policy=false \
+--components=source-controller,helm-controller
+```
+
+Add podinfo's Helm repository to your cluster and
+configure Flux to check for new chart releases every ten minutes:
+
+```sh
+flux create source helm podinfo \
+--namespace=default \
+--url=https://stefanprodan.github.io/podinfo \
+--interval=10m
+```
+
+Create a `podinfo-values.yaml` file locally:
+
+```sh
+cat > podinfo-values.yaml <<EOL
+replicaCount: 2
+resources:
+  limits:
+    memory: 256Mi
+  requests:
+    cpu: 100m
+    memory: 64Mi
+EOL
+```
+
+Create a Helm release for deploying podinfo in the default namespace:
+
+```sh
+flux create helmrelease podinfo \
+--namespace=default \
+--source=HelmRepository/podinfo \
+--release-name=podinfo \
+--chart=podinfo \
+--chart-version=">5.0.0" \
+--values=podinfo-values.yaml
+```
+
+Based on the above definition, Flux will upgrade the release automatically
+when a new version of podinfo is released. If the upgrade fails, Flux
+can [rollback](https://toolkit.fluxcd.io/components/helm/helmreleases/#configuring-failure-remediation)
+to the previous working version.
+
+You can check what version is currently deployed with:
+
+```sh
+flux get helmreleases -n default
+```
+
+To delete podinfo's Helm repository and release from your cluster run:
+
+```sh
+flux -n default delete source helm podinfo
+flux -n default delete helmrelease podinfo
+```
+
+If you wish to manage the lifecycle of your applications in a **GitOps** manner, check out
+this [workflow example](https://github.com/fluxcd/flux2-kustomize-helm-example)
+for multi-env deployments with Flux, Kustomize and Helm.
--- a/charts/podinfo/Chart.yaml
+++ b/charts/podinfo/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
-version: 5.0.3
-appVersion: 5.0.3
+version: 6.0.0
+appVersion: 6.0.0
 name: podinfo
 engine: gotpl
 description: Podinfo Helm chart for Kubernetes
@@ -10,3 +10,4 @@ maintainers:
  name: stefanprodan
 sources:
 - https://github.com/stefanprodan/podinfo
+kubeVersion: ">=1.19.0-0"
--- a/charts/podinfo/README.md
+++ b/charts/podinfo/README.md
@@ -1,8 +1,12 @@
 # Podinfo

-Podinfo is a tiny web application made with Go 
+Podinfo is a tiny web application made with Go
 that showcases best practices of running microservices in Kubernetes.

+Podinfo is used by CNCF projects like [Flux](https://github.com/fluxcd/flux2)
+and [Flagger](https://github.com/fluxcd/flagger)
+for end-to-end testing and workshops.
+
 ## Installing the Chart

 To install the chart with the release name `my-release`:
@@ -10,7 +14,7 @@ To install the chart with the release name `my-release`:
 ```console
 $ helm repo add podinfo https://stefanprodan.github.io/podinfo

-$ helm upgrade -i my-release podinfo/podinfo 
+$ helm upgrade -i my-release podinfo/podinfo
 ```

 The command deploys podinfo on the Kubernetes cluster in the default namespace.
@@ -33,7 +37,7 @@ The following tables lists the configurable parameters of the podinfo chart and
 Parameter | Default | Description
 --- | --- | ---
 `replicaCount` | `1` | Desired number of pods
-`logLevel` | `info` | Log level: `debug`, `info`, `warn`, `error`, `flat` or `panic`
+`logLevel` | `info` | Log level: `debug`, `info`, `warn`, `error`
 `backend` | `None` | Echo backend URL
 `backends` | `[]` | Array of echo backend URLs
 `cache` | `None` | Redis address in the format `<host>:<port>`
@@ -47,7 +51,6 @@ Parameter | Default | Description
 `faults.unready` | `false` | When set, the ready state is never reached
 `faults.testFail` | `false` | When set, a helm test is included which always fails
 `faults.testTimeout` | `false` | When set, a helm test is included which always times out
-`h2c.enabled` | `false` | Allow upgrading to h2c
 `image.repository` | `stefanprodan/podinfo` | Image repository
 `image.tag` | `<VERSION>` | Image tag
 `image.pullPolicy` | `IfNotPresent` | Image pull policy
@@ -59,6 +62,7 @@ Parameter | Default | Description
 `service.grpcPort` | `9999` | ClusterIP gPRC port
 `service.grpcService` | `podinfo` | gPRC service name
 `service.nodePort` | `31198` | NodePort for the HTTP endpoint
+`h2c.enabled` | `false` | Allow upgrading to h2c (non-TLS version of HTTP/2)
 `hpa.enabled` | `false` | Enables the Kubernetes HPA
 `hpa.maxReplicas` | `10` | Maximum amount of pods
 `hpa.cpu` | `None` | Target CPU usage per pod
@@ -66,12 +70,14 @@ Parameter | Default | Description
 `hpa.requests` | `None` | Target HTTP requests per second per pod
 `serviceAccount.enabled` | `false` | Whether a service account should be created
 `serviceAccount.name` | `None` | The name of the service account to use, if not set and create is true, a name is generated using the fullname template
+`securityContext` | `{}` | The security context to be set on the podinfo container
 `linkerd.profile.enabled` | `false` | Create Linkerd service profile
 `serviceMonitor.enabled` | `false` | Whether a Prometheus Operator service monitor should be created
 `serviceMonitor.interval` | `15s` | Prometheus scraping interval
+`serviceMonitor.additionalLabels` | `{}` | Add additional labels to the service monitor |
 `ingress.enabled` | `false` | Enables Ingress
+`ingress.className ` | `""` | Use ingressClassName
 `ingress.annotations` | `{}` | Ingress annotations
-`ingress.path` | `/*` | Ingress path
 `ingress.hosts` | `[]` | Ingress accepted hosts
 `ingress.tls` | `[]` | Ingress TLS configuration
 `resources.requests.cpu` | `1m` | Pod CPU request
--- a/charts/podinfo/templates/_helpers.tpl
+++ b/charts/podinfo/templates/_helpers.tpl
@@ -59,3 +59,11 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+Create the name of the tls secret for secure port
+*/}}
+{{- define "podinfo.tlsSecretName" -}}
+{{- $fullname := include "podinfo.fullname" . -}}
+{{- default (printf "%s-tls" $fullname) .Values.tls.secretName }}
+{{- end }}
--- a/charts/podinfo/templates/certificate.yaml
+++ b/charts/podinfo/templates/certificate.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.certificate.create -}}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ template "podinfo.fullname" . }}
+  labels:
+    {{- include "podinfo.labels" . | nindent 4 }}
+spec:
+  dnsNames:
+  {{- range .Values.certificate.dnsNames }}
+    - {{ . | quote }}
+  {{- end }}
+  secretName: {{ template "podinfo.tlsSecretName" . }}
+  issuerRef:
+  {{- .Values.certificate.issuerRef | toYaml | trimSuffix "\n" | nindent 4 }}
+{{- end }}
--- a/charts/podinfo/templates/deployment.yaml
+++ b/charts/podinfo/templates/deployment.yaml
@@ -34,9 +34,30 @@ spec:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.securityContext }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          {{- else if (or .Values.service.hostPort .Values.tls.hostPort) }}
+          securityContext:
+            allowPrivilegeEscalation: true
+            capabilities:
+              drop:
+                - ALL
+              add:
+                - NET_BIND_SERVICE
+          {{- end }}
          command:
            - ./podinfo
            - --port={{ .Values.service.httpPort | default 9898 }}
+            {{- if .Values.host }}
+            - --host={{ .Values.host }}
+            {{- end }}
+            {{- if .Values.tls.enabled }}
+            - --secure-port={{ .Values.tls.port }}
+            {{- end }}
+            {{- if .Values.tls.certPath }}
+            - --cert-path={{ .Values.tls.certPath }}
+            {{- end }}
            {{- if .Values.service.metricsPort }}
            - --port-metrics={{ .Values.service.metricsPort }}
            {{- end }}
@@ -52,7 +73,7 @@ spec:
            {{- if .Values.cache }}
            - --cache-server={{ .Values.cache }}
            {{- else if .Values.redis.enabled }}
-            - --cache-server={{ template "podinfo.fullname" . }}:6379
+            - --cache-server={{ template "podinfo.fullname" . }}-redis:6379
            {{- end }}
            - --level={{ .Values.logLevel }}
            - --random-delay={{ .Values.faults.delay }}
@@ -87,6 +108,17 @@ spec:
            - name: http
              containerPort: {{ .Values.service.httpPort | default 9898 }}
              protocol: TCP
+              {{- if .Values.service.hostPort }}
+              hostPort: {{ .Values.service.hostPort }}
+              {{- end }}
+            {{- if .Values.tls.enabled }}
+            - name: https
+              containerPort: {{ .Values.tls.port | default 9899 }}
+              protocol: TCP
+              {{- if .Values.tls.hostPort }}
+              hostPort: {{ .Values.tls.hostPort }}
+              {{- end }}
+            {{- end }}
            {{- if .Values.service.metricsPort }}
            - name: http-metrics
              containerPort: {{ .Values.service.metricsPort }}
@@ -118,6 +150,11 @@ spec:
          volumeMounts:
          - name: data
            mountPath: /data
+          {{- if .Values.tls.enabled }}
+          - name: tls
+            mountPath: {{ .Values.tls.certPath | default "/data/cert" }}
+            readOnly: true
+          {{- end }}
          resources:
 {{ toYaml .Values.resources | indent 12 }}
    {{- with .Values.nodeSelector }}
@@ -135,3 +172,8 @@ spec:
      volumes:
      - name: data
        emptyDir: {}
+      {{- if .Values.tls.enabled }}
+      - name: tls
+        secret:
+          secretName: {{ template "podinfo.tlsSecretName" . }}
+      {{- end }}
--- a/charts/podinfo/templates/ingress.yaml
+++ b/charts/podinfo/templates/ingress.yaml
@@ -1,43 +1,41 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "podinfo.fullname" . -}}
-{{- $ingressPath := .Values.ingress.path -}}
-apiVersion: networking.k8s.io/v1beta1
+{{- $svcPort := .Values.service.externalPort -}}
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: {{ $fullName }}
  labels:
    {{- include "podinfo.labels" . | nindent 4 }}
-{{- with .Values.ingress.annotations }}
+  {{- with .Values.ingress.annotations }}
  annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-spec:
-{{- if .Values.ingress.tls }}
-  tls:
-  {{- range .Values.ingress.tls }}
-    - hosts:
-      {{- range .hosts }}
-        - {{ . }}
-      {{- end }}
-      secretName: {{ .secretName }}
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  ingressClassName: {{ .Values.ingress.className }}
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
  {{- end }}
-{{- end }}
  rules:
-  {{- range .Values.ingress.hosts }}
-    - host: {{ . }}
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
      http:
        paths:
-          - path: {{ $ingressPath }}
+          {{- range .paths }}
+          - path: {{ .path }}
+            pathType: {{ .pathType }}
            backend:
-              serviceName: {{ $fullName }}
-              servicePort: http
-  {{- end }}
-  {{- if not .Values.ingress.hosts }}
-    - http:
-        paths:
-          - path: {{ $ingressPath }}
-            backend:
-              serviceName: {{ $fullName }}
-              servicePort: http
-  {{- end }}
+              service:
+                name: {{ $fullName }}
+                port:
+                  number: {{ $svcPort }}
+          {{- end }}
+    {{- end }}
 {{- end }}
--- a/charts/podinfo/templates/service.yaml
+++ b/charts/podinfo/templates/service.yaml
@@ -5,6 +5,10 @@ metadata:
  name: {{ template "podinfo.fullname" . }}
  labels:
    {{- include "podinfo.labels" . | nindent 4 }}
+{{- with .Values.service.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
 spec:
  type: {{ .Values.service.type }}
  ports:
@@ -15,6 +19,12 @@ spec:
      {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }}
      nodePort: {{ .Values.service.nodePort }}
      {{- end }}
+    {{- if .Values.tls.enabled }}
+    - port: {{ .Values.tls.port | default 9899 }}
+      targetPort: https
+      protocol: TCP
+      name: https
+    {{- end }}
    {{- if .Values.service.grpcPort }}
    - port: {{ .Values.service.grpcPort }}
      targetPort: grpc
--- a/charts/podinfo/templates/servicemonitor.yaml
+++ b/charts/podinfo/templates/servicemonitor.yaml
@@ -5,12 +5,18 @@ metadata:
  name: {{ template "podinfo.fullname" . }}
  labels:
    {{- include "podinfo.labels" . | nindent 4 }}
+    {{- with .Values.serviceMonitor.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
 spec:
  endpoints:
    - path: /metrics
      port: http
      interval: {{ .Values.serviceMonitor.interval }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
  selector:
    matchLabels:
-      app: {{ template "podinfo.fullname" . }}
+      {{- include "podinfo.selectorLabels" . | nindent 6 }}
 {{- end }}
--- a/charts/podinfo/templates/tests/tls.yaml
+++ b/charts/podinfo/templates/tests/tls.yaml
@@ -0,0 +1,27 @@
+{{- if .Values.tls.enabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ template "podinfo.fullname" . }}-tls-test-{{ randAlphaNum 5 | lower }}
+  labels:
+    {{- include "podinfo.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test-success
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    sidecar.istio.io/inject: "false"
+    linkerd.io/inject: disabled
+    appmesh.k8s.aws/sidecarInjectorWebhook: disabled
+spec:
+  containers:
+    - name: curl
+      image: curlimages/curl:7.69.0
+      command:
+        - sh
+        - -c
+        - |
+          curl -sk ${PODINFO_SVC}/api/info | grep version
+      env:
+        - name: PODINFO_SVC
+          value: "https://{{ template "podinfo.fullname" . }}.{{ .Release.Namespace }}:{{ .Values.tls.port }}"
+  restartPolicy: Never
+{{- end }}
--- a/charts/podinfo/values-prod.yaml
+++ b/charts/podinfo/values-prod.yaml
@@ -1,15 +1,22 @@
-# Prod values for podinfo.
+# Production values for podinfo.
+# Includes Redis deployment and memory limits.

 replicaCount: 1
 logLevel: info
 backend: #http://backend-podinfo:9898/echo
 backends: []

+image:
+  repository: ghcr.io/stefanprodan/podinfo
+  tag: 6.0.0
+  pullPolicy: IfNotPresent
+
 ui:
  color: "#34577c"
  message: ""
  logo: ""

+# failure conditions
 faults:
  delay: false
  error: false
@@ -18,16 +25,10 @@ faults:
  testFail: false
  testTimeout: false

-h2c:
-  enabled: false
-
-image:
-  repository: ghcr.io/stefanprodan/podinfo
-  tag: 5.0.3
-  pullPolicy: IfNotPresent
-
+# Kubernetes Service settings
 service:
  enabled: true
+  annotations: {}
  type: ClusterIP
  metricsPort: 9797
  httpPort: 9898
@@ -36,6 +37,35 @@ service:
  grpcService: podinfo
  nodePort: 31198

+# enable h2c protocol (non-TLS version of HTTP/2)
+h2c:
+  enabled: false
+
+# enable tls on the podinfo service
+tls:
+  enabled: false
+  # the name of the secret used to mount the certificate key pair
+  secretName:
+  # the path where the certificate key pair will be mounted
+  certPath: /data/cert
+  # the port used to host the tls endpoint on the service
+  port: 9899
+  # the port used to bind the tls port to the host
+  # NOTE: requires privileged container with NET_BIND_SERVICE capability -- this is useful for testing
+  # in local clusters such as kind without port forwarding
+  hostPort:
+
+# create a certificate manager certificate (cert-manager required)
+certificate:
+  create: false
+  # the issuer used to issue the certificate
+  issuerRef:
+    kind: ClusterIssuer
+    name: self-signed
+  # the hostname / subject alternative names for the certificate
+  dnsNames:
+    - podinfo
+
 # metrics-server add-on required
 hpa:
  enabled: true
@@ -62,27 +92,35 @@ serviceAccount:
  # If not set and create is true, a name is generated using the fullname template
  name:

-linkerd:
-  profile:
-    enabled: false
-
-serviceMonitor:
-  enabled: false
-  interval: 15s
+# set container security context
+securityContext: {}

 ingress:
  enabled: false
+  className: ""
  annotations: {}
    # kubernetes.io/ingress.class: nginx
-  # kubernetes.io/tls-acme: "true"
-  path: /*
-  hosts: []
-  #    - podinfo.local
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: podinfo.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local

+linkerd:
+  profile:
+    enabled: false
+
+# create Prometheus Operator monitor
+serviceMonitor:
+  enabled: false
+  interval: 15s
+  additionalLabels: {}
+
 resources:
  limits:
    memory: 256Mi
--- a/charts/podinfo/values.yaml
+++ b/charts/podinfo/values.yaml
@@ -2,14 +2,21 @@

 replicaCount: 1
 logLevel: info
+host: #0.0.0.0
 backend: #http://backend-podinfo:9898/echo
 backends: []

+image:
+  repository: ghcr.io/stefanprodan/podinfo
+  tag: 6.0.0
+  pullPolicy: IfNotPresent
+
 ui:
  color: "#34577c"
  message: ""
  logo: ""

+# failure conditions
 faults:
  delay: false
  error: false
@@ -18,16 +25,10 @@ faults:
  testFail: false
  testTimeout: false

-h2c:
-  enabled: false
-
-image:
-  repository: ghcr.io/stefanprodan/podinfo
-  tag: 5.0.3
-  pullPolicy: IfNotPresent
-
+# Kubernetes Service settings
 service:
  enabled: true
+  annotations: {}
  type: ClusterIP
  metricsPort: 9797
  httpPort: 9898
@@ -35,6 +36,39 @@ service:
  grpcPort: 9999
  grpcService: podinfo
  nodePort: 31198
+  # the port used to bind the http port to the host
+  # NOTE: requires privileged container with NET_BIND_SERVICE capability -- this is useful for testing
+  # in local clusters such as kind without port forwarding
+  hostPort:
+
+# enable h2c protocol (non-TLS version of HTTP/2)
+h2c:
+  enabled: false
+
+# enable tls on the podinfo service
+tls:
+  enabled: false
+  # the name of the secret used to mount the certificate key pair
+  secretName:
+  # the path where the certificate key pair will be mounted
+  certPath: /data/cert
+  # the port used to host the tls endpoint on the service
+  port: 9899
+  # the port used to bind the tls port to the host
+  # NOTE: requires privileged container with NET_BIND_SERVICE capability -- this is useful for testing
+  # in local clusters such as kind without port forwarding
+  hostPort:
+
+# create a certificate manager certificate (cert-manager required)
+certificate:
+  create: false
+  # the issuer used to issue the certificate
+  issuerRef:
+    kind: ClusterIssuer
+    name: self-signed
+  # the hostname / subject alternative names for the certificate
+  dnsNames:
+    - podinfo

 # metrics-server add-on required
 hpa:
@@ -62,27 +96,35 @@ serviceAccount:
  # If not set and create is true, a name is generated using the fullname template
  name:

-linkerd:
-  profile:
-    enabled: false
-
-serviceMonitor:
-  enabled: false
-  interval: 15s
+# set container security context
+securityContext: {}

 ingress:
  enabled: false
+  className: ""
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
-  path: /*
-  hosts: []
-#    - podinfo.local
+  hosts:
+    - host: podinfo.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
  tls: []
  #  - secretName: chart-example-tls
  #    hosts:
  #      - chart-example.local

+linkerd:
+  profile:
+    enabled: false
+
+# create Prometheus Operator monitor
+serviceMonitor:
+  enabled: false
+  interval: 15s
+  additionalLabels: {}
+
 resources:
  limits:
  requests:
--- a/cmd/podinfo/main.go
+++ b/cmd/podinfo/main.go
@@ -23,7 +23,9 @@ import (
 func main() {
 	// flags definition
 	fs := pflag.NewFlagSet("default", pflag.ContinueOnError)
-	fs.Int("port", 9898, "HTTP port")
+	fs.String("host", "", "Host to bind service to")
+	fs.Int("port", 9898, "HTTP port to bind service to")
+	fs.Int("secure-port", 0, "HTTPS port")
 	fs.Int("port-metrics", 0, "metrics port")
 	fs.Int("grpc-port", 0, "gRPC port")
 	fs.String("grpc-service-name", "podinfo", "gPRC service name")
@@ -34,6 +36,7 @@ func main() {
 	fs.Duration("http-server-shutdown-timeout", 5*time.Second, "server graceful shutdown timeout duration")
 	fs.String("data-path", "/data", "data local path")
 	fs.String("config-path", "", "config dir path")
+	fs.String("cert-path", "/data/cert", "certificate path for HTTPS port")
 	fs.String("config", "config.yaml", "config file name")
 	fs.String("ui-path", "./ui", "UI local path")
 	fs.String("ui-logo", "", "UI logo")
@@ -81,12 +84,14 @@ func main() {
 	viper.AutomaticEnv()

 	// load config from file
-	if _, err := os.Stat(filepath.Join(viper.GetString("config-path"), viper.GetString("config"))); err == nil {
+	if _, fileErr := os.Stat(filepath.Join(viper.GetString("config-path"), viper.GetString("config"))); fileErr == nil {
 		viper.SetConfigName(strings.Split(viper.GetString("config"), ".")[0])
 		viper.AddConfigPath(viper.GetString("config-path"))
-		if err := viper.ReadInConfig(); err != nil {
-			fmt.Printf("Error reading config file, %v\n", err)
+		if readErr := viper.ReadInConfig(); readErr != nil {
+			fmt.Printf("Error reading config file, %v\n", readErr)
 		}
+	} else {
+		fmt.Printf("Error to open config file, %v\n", fileErr)
 	}

 	// configure logging
@@ -104,6 +109,12 @@ func main() {
 		viper.Set("port", strconv.Itoa(port))
 	}

+	// validate secure port
+	if _, err := strconv.Atoi(viper.GetString("secure-port")); err != nil {
+		securePort, _ := fs.GetInt("secure-port")
+		viper.Set("secure-port", strconv.Itoa(securePort))
+	}
+
 	// validate random delay options
 	if viper.GetInt("random-delay-max") < viper.GetInt("random-delay-min") {
 		logger.Panic("`--random-delay-max` should be greater than `--random-delay-min`")
--- a/deploy/README.md
+++ b/deploy/README.md
@@ -1,6 +1,7 @@
-# Deploy demo webapp 
+# Deploy demo webapp

 Demo webapp manifests:
+
 - [common](webapp/common)
 - [frontend](webapp/frontend)
 - [backend](webapp/backend)
@@ -30,3 +31,15 @@ Deploy the demo in the `production` namespace:
 ```bash
 kustomize build ./overlays/production | kubectl apply -f-
 ```
+
+## Testing Locally Using Kind
+
+> NOTE: You can install [kind from here](https://kind.sigs.k8s.io/docs/user/quick-start/#installation)
+
+The following will create a new cluster called "podinfo" and configure host ports on 80 and 443. You can access the
+endpoints on localhost. The example also deploys cert-manager within the cluster along with a self-signed cluster issuer
+used to generate the certificate to validate the secure port.
+
+```sh
+./kind.sh
+```
--- a/deploy/bases/backend/deployment.yaml
+++ b/deploy/bases/backend/deployment.yaml
@@ -23,7 +23,7 @@ spec:
    spec:
      containers:
      - name: backend
-        image: ghcr.io/stefanprodan/podinfo:5.0.3
+        image: ghcr.io/stefanprodan/podinfo:6.0.0
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
--- a/deploy/bases/frontend/deployment.yaml
+++ b/deploy/bases/frontend/deployment.yaml
@@ -23,7 +23,7 @@ spec:
    spec:
      containers:
      - name: frontend
-        image: ghcr.io/stefanprodan/podinfo:5.0.3
+        image: ghcr.io/stefanprodan/podinfo:6.0.0
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
--- a/deploy/kind.sh
+++ b/deploy/kind.sh
@@ -0,0 +1,48 @@
+#! /usr/bin/env sh
+
+mkdir -p bin
+cat > ./bin/kind.yaml <<EOF
+apiVersion: kind.x-k8s.io/v1alpha4
+kind: Cluster
+nodes:
+- role: control-plane
+  extraPortMappings:
+  - containerPort: 80
+    hostPort: 80
+    protocol: TCP
+  - containerPort: 443
+    hostPort: 443
+    protocol: TCP
+EOF
+
+# create the kind cluster
+kind create cluster --config=kind.yaml
+
+# add certificate manager
+kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.0.4/cert-manager.yaml
+
+# wait for cert manager
+kubectl rollout status --namespace cert-manager deployment/cert-manager --timeout=2m
+kubectl rollout status --namespace cert-manager deployment/cert-manager-webhook --timeout=2m
+kubectl rollout status --namespace cert-manager deployment/cert-manager-cainjector --timeout=2m
+
+# # apply the secure webapp
+kubectl apply -f ./secure/common
+kubectl apply -f ./secure/backend
+kubectl apply -f ./secure/frontend
+
+# # wait for the podinfo frontend to come up
+kubectl rollout status --namespace secure deployment/frontend --timeout=1m
+
+# curl the endpoints (responds with info due to header regexp on route handler)
+echo
+echo "http enpdoint:"
+echo "curl http://localhost"
+echo
+curl http://localhost
+
+echo
+echo "https (secure) enpdoint:"
+echo "curl --insecure https://localhost"
+echo
+curl --insecure https://localhost
--- a/deploy/secure/backend/deployment.yaml
+++ b/deploy/secure/backend/deployment.yaml
@@ -0,0 +1,74 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: backend
+  namespace: secure
+spec:
+  minReadySeconds: 3
+  revisionHistoryLimit: 5
+  progressDeadlineSeconds: 60
+  strategy:
+    rollingUpdate:
+      maxUnavailable: 0
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: backend
+  template:
+    metadata:
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "9797"
+      labels:
+        app: backend
+    spec:
+      serviceAccountName: secure
+      containers:
+      - name: backend
+        image: ghcr.io/stefanprodan/podinfo:5.0.3
+        imagePullPolicy: IfNotPresent
+        ports:
+        - name: http
+          containerPort: 9898
+          protocol: TCP
+        - name: http-metrics
+          containerPort: 9797
+          protocol: TCP
+        - name: grpc
+          containerPort: 9999
+          protocol: TCP
+        command:
+        - ./podinfo
+        - --port=9898
+        - --port-metrics=9797
+        - --grpc-port=9999
+        - --grpc-service-name=backend
+        - --level=info
+        env:
+        - name: PODINFO_UI_COLOR
+          value: "#34577c"
+        livenessProbe:
+          exec:
+            command:
+            - podcli
+            - check
+            - http
+            - localhost:9898/healthz
+          initialDelaySeconds: 5
+          timeoutSeconds: 5
+        readinessProbe:
+          exec:
+            command:
+            - podcli
+            - check
+            - http
+            - localhost:9898/readyz
+          initialDelaySeconds: 5
+          timeoutSeconds: 5
+        resources:
+          limits:
+            cpu: 2000m
+            memory: 512Mi
+          requests:
+            cpu: 100m
+            memory: 32Mi
--- a/deploy/secure/backend/hpa.yaml
+++ b/deploy/secure/backend/hpa.yaml
@@ -0,0 +1,19 @@
+apiVersion: autoscaling/v2beta2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: backend
+  namespace: secure
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: backend
+  minReplicas: 1
+  maxReplicas: 2
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 99
--- a/deploy/secure/backend/service.yaml
+++ b/deploy/secure/backend/service.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: backend
+  namespace: secure
+spec:
+  type: ClusterIP
+  selector:
+    app: backend
+  ports:
+    - name: http
+      port: 9898
+      protocol: TCP
+      targetPort: http
+    - port: 9999
+      targetPort: grpc
+      protocol: TCP
+      name: grpc
--- a/deploy/secure/common/cluster-issuer.yaml
+++ b/deploy/secure/common/cluster-issuer.yaml
@@ -0,0 +1,6 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: self-signed
+spec:
+  selfSigned: {}
--- a/deploy/secure/common/namespace.yaml
+++ b/deploy/secure/common/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: secure
--- a/deploy/secure/common/reconciler-rbac.yaml
+++ b/deploy/secure/common/reconciler-rbac.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: reconciler
+  namespace: secure
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: reconciler
+  namespace: secure
+rules:
+  - apiGroups: ['*']
+    resources: ['*']
+    verbs: ['*']
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: reconciler
+  namespace: secure
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: reconciler
+subjects:
+  - kind: ServiceAccount
+    name: reconciler
+    namespace: secure
--- a/deploy/secure/common/service-account.yaml
+++ b/deploy/secure/common/service-account.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: secure
+  namespace: secure
--- a/deploy/secure/frontend/certificate.yaml
+++ b/deploy/secure/frontend/certificate.yaml
@@ -0,0 +1,15 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: podinfo-frontend
+  namespace: secure
+spec:
+  dnsNames:
+    - frontend
+    - frontend.secure
+    - frontend.secure.cluster.local
+    - localhost
+  secretName: podinfo-frontend-tls
+  issuerRef:
+    name: self-signed
+    kind: ClusterIssuer
--- a/deploy/secure/frontend/deployment.yaml
+++ b/deploy/secure/frontend/deployment.yaml
@@ -0,0 +1,95 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: frontend
+  namespace: secure
+spec:
+  minReadySeconds: 3
+  revisionHistoryLimit: 5
+  progressDeadlineSeconds: 60
+  strategy:
+    rollingUpdate:
+      maxUnavailable: 0
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: frontend
+  template:
+    metadata:
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "9797"
+      labels:
+        app: frontend
+    spec:
+      serviceAccountName: secure
+      volumes:
+      - name: tls
+        secret:
+          secretName: podinfo-frontend-tls
+      containers:
+      - name: frontend
+        image: deavon/podinfo:secure-port
+        imagePullPolicy: IfNotPresent
+        securityContext:
+          capabilities:
+            drop:
+              - ALL
+            add:
+              - NET_BIND_SERVICE
+          allowPrivilegeEscalation: true
+        ports:
+        - name: http
+          containerPort: 9898
+          protocol: TCP
+          hostPort: 80
+        - name: https
+          containerPort: 9899
+          protocol: TCP
+          hostPort: 443
+        - name: http-metrics
+          containerPort: 9797
+          protocol: TCP
+        - name: grpc
+          containerPort: 9999
+          protocol: TCP
+        volumeMounts:
+        - name: tls
+          mountPath: /data/cert
+          readOnly: true
+        command:
+        - ./podinfo
+        - --port=9898
+        - --secure-port=9899
+        - --port-metrics=9797
+        - --level=info
+        - --cert-path=/data/cert
+        - --backend-url=http://backend:9898/echo
+        env:
+        - name: PODINFO_UI_COLOR
+          value: "#34577c"
+        livenessProbe:
+          exec:
+            command:
+            - podcli
+            - check
+            - http
+            - localhost:9898/healthz
+          initialDelaySeconds: 5
+          timeoutSeconds: 5
+        readinessProbe:
+          exec:
+            command:
+            - podcli
+            - check
+            - http
+            - localhost:9898/readyz
+          initialDelaySeconds: 5
+          timeoutSeconds: 5
+        resources:
+          limits:
+            cpu: 1000m
+            memory: 128Mi
+          requests:
+            cpu: 100m
+            memory: 32Mi
--- a/deploy/secure/frontend/hpa.yaml
+++ b/deploy/secure/frontend/hpa.yaml
@@ -0,0 +1,19 @@
+apiVersion: autoscaling/v2beta2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: frontend
+  namespace: secure
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: frontend
+  minReplicas: 1
+  maxReplicas: 4
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 99
--- a/deploy/secure/frontend/service.yaml
+++ b/deploy/secure/frontend/service.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: frontend
+  namespace: secure
+spec:
+  type: ClusterIP
+  selector:
+    app: frontend
+  ports:
+    - name: http
+      port: 80
+      protocol: TCP
+      targetPort: http
+    - name: https
+      port: 443
+      protocol: TCP
+      targetPort: https
--- a/deploy/webapp/backend/deployment.yaml
+++ b/deploy/webapp/backend/deployment.yaml
@@ -25,7 +25,7 @@ spec:
      serviceAccountName: webapp
      containers:
      - name: backend
-        image: ghcr.io/stefanprodan/podinfo:5.0.3
+        image: ghcr.io/stefanprodan/podinfo:6.0.0
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
--- a/deploy/webapp/frontend/deployment.yaml
+++ b/deploy/webapp/frontend/deployment.yaml
@@ -25,7 +25,7 @@ spec:
      serviceAccountName: webapp
      containers:
      - name: frontend
-        image: ghcr.io/stefanprodan/podinfo:5.0.3
+        image: ghcr.io/stefanprodan/podinfo:6.0.0
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
--- a/go.mod
+++ b/go.mod
@@ -1,25 +1,24 @@
 module github.com/stefanprodan/podinfo

-go 1.15
+go 1.16

 require (
 	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751
-	github.com/chzyer/logex v1.1.10 // indirect
 	github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e
-	github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 // indirect
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
+	github.com/dgrijalva/jwt-go/v4 v4.0.0-preview1
 	github.com/fatih/color v1.9.0
 	github.com/fsnotify/fsnotify v1.4.9
-	github.com/gomodule/redigo v1.8.2
+	github.com/gomodule/redigo v1.8.4
 	github.com/gorilla/mux v1.8.0
 	github.com/gorilla/websocket v1.4.2
-	github.com/prometheus/client_golang v1.8.0
-	github.com/spf13/cobra v1.1.1
+	github.com/mattn/go-isatty v0.0.12 // indirect
+	github.com/prometheus/client_golang v1.11.0
+	github.com/spf13/cobra v1.1.3
 	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.7.1
-	github.com/swaggo/http-swagger v0.0.0-20200308142732-58ac5e232fba
-	github.com/swaggo/swag v1.6.9
-	go.uber.org/zap v1.16.0
-	golang.org/x/net v0.0.0-20201027133719-8eef5233e2a1
-	google.golang.org/grpc v1.33.1
+	github.com/spf13/viper v1.8.0
+	github.com/swaggo/http-swagger v1.0.0
+	github.com/swaggo/swag v1.7.0
+	go.uber.org/zap v1.17.0
+	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4
+	google.golang.org/grpc v1.38.0
 )
--- a/go.sum
+++ b/go.sum
--- a/kustomize/deployment.yaml
+++ b/kustomize/deployment.yaml
@@ -23,7 +23,7 @@ spec:
    spec:
      containers:
      - name: podinfod
-        image: ghcr.io/stefanprodan/podinfo:5.0.3
+        image: ghcr.io/stefanprodan/podinfo:6.0.0
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
--- a/pkg/api/docs/docs.go
+++ b/pkg/api/docs/docs.go
@@ -132,7 +132,9 @@ var doc = `{
                ],
                "summary": "Save payload in cache",
                "responses": {
-                    "202": {}
+                    "202": {
+                        "description": ""
+                    }
                }
            },
            "delete": {
@@ -148,7 +150,9 @@ var doc = `{
                ],
                "summary": "Delete payload from cache",
                "responses": {
-                    "202": {}
+                    "202": {
+                        "description": ""
+                    }
                }
            }
        },
--- a/pkg/api/docs/swagger.json
+++ b/pkg/api/docs/swagger.json
@@ -121,7 +121,9 @@
                ],
                "summary": "Save payload in cache",
                "responses": {
-                    "202": {}
+                    "202": {
+                        "description": ""
+                    }
                }
            },
            "delete": {
@@ -137,7 +139,9 @@
                ],
                "summary": "Delete payload from cache",
                "responses": {
-                    "202": {}
+                    "202": {
+                        "description": ""
+                    }
                }
            }
        },
--- a/pkg/api/docs/swagger.yaml
+++ b/pkg/api/docs/swagger.yaml
@@ -106,7 +106,8 @@ paths:
      produces:
      - application/json
      responses:
-        "202": {}
+        "202":
+          description: ""
      summary: Delete payload from cache
      tags:
      - HTTP API
@@ -131,7 +132,8 @@ paths:
      produces:
      - application/json
      responses:
-        "202": {}
+        "202":
+          description: ""
      summary: Save payload in cache
      tags:
      - HTTP API
--- a/pkg/api/server.go
+++ b/pkg/api/server.go
@@ -6,6 +6,7 @@ import (
 	"net/http"
 	_ "net/http/pprof"
 	"os"
+	"path"
 	"strings"
 	"sync/atomic"
 	"time"
@@ -54,7 +55,10 @@ type Config struct {
 	UIPath                    string        `mapstructure:"ui-path"`
 	DataPath                  string        `mapstructure:"data-path"`
 	ConfigPath                string        `mapstructure:"config-path"`
+	CertPath                  string        `mapstructure:"cert-path"`
+	Host                      string        `mapstructure:"host"`
 	Port                      string        `mapstructure:"port"`
+	SecurePort                string        `mapstructure:"secure-port"`
 	PortMetrics               int           `mapstructure:"port-metrics"`
 	Hostname                  string        `mapstructure:"hostname"`
 	H2C                       bool          `mapstructure:"h2c"`
@@ -70,10 +74,11 @@ type Config struct {
 }

 type Server struct {
-	router *mux.Router
-	logger *zap.Logger
-	config *Config
-	pool   *redis.Pool
+	router  *mux.Router
+	logger  *zap.Logger
+	config  *Config
+	pool    *redis.Pool
+	handler http.Handler
 }

 func NewServer(config *Config, logger *zap.Logger) (*Server, error) {
@@ -151,19 +156,10 @@ func (s *Server) ListenAndServe(stopCh <-chan struct{}) {
 	s.registerHandlers()
 	s.registerMiddlewares()

-	var handler http.Handler
 	if s.config.H2C {
-		handler = h2c.NewHandler(s.router, &http2.Server{})
+		s.handler = h2c.NewHandler(s.router, &http2.Server{})
 	} else {
-		handler = s.router
-	}
-
-	srv := &http.Server{
-		Addr:         ":" + s.config.Port,
-		WriteTimeout: s.config.HttpServerTimeout,
-		ReadTimeout:  s.config.HttpServerTimeout,
-		IdleTimeout:  2 * s.config.HttpServerTimeout,
-		Handler:      handler,
+		s.handler = s.router
 	}

 	//s.printRoutes()
@@ -183,12 +179,11 @@ func (s *Server) ListenAndServe(stopCh <-chan struct{}) {
 	ticker := time.NewTicker(30 * time.Second)
 	s.startCachePool(ticker, stopCh)

-	// run server in background
-	go func() {
-		if err := srv.ListenAndServe(); err != http.ErrServerClosed {
-			s.logger.Fatal("HTTP server crashed", zap.Error(err))
-		}
-	}()
+	// create the http server
+	srv := s.startServer()
+
+	// create the secure server
+	secureSrv := s.startSecureServer()

 	// signal Kubernetes the server is ready to receive traffic
 	if !s.config.Unhealthy {
@@ -212,7 +207,7 @@ func (s *Server) ListenAndServe(stopCh <-chan struct{}) {
 		_ = s.pool.Close()
 	}

-	s.logger.Info("Shutting down HTTP server", zap.Duration("timeout", s.config.HttpServerShutdownTimeout))
+	s.logger.Info("Shutting down HTTP/HTTPS server", zap.Duration("timeout", s.config.HttpServerShutdownTimeout))

 	// wait for Kubernetes readiness probe to remove this instance from the load balancer
 	// the readiness check interval must be lower than the timeout
@@ -220,12 +215,80 @@ func (s *Server) ListenAndServe(stopCh <-chan struct{}) {
 		time.Sleep(3 * time.Second)
 	}

-	// attempt graceful shutdown
-	if err := srv.Shutdown(ctx); err != nil {
-		s.logger.Warn("HTTP server graceful shutdown failed", zap.Error(err))
-	} else {
-		s.logger.Info("HTTP server stopped")
+	// determine if the http server was started
+	if srv != nil {
+		if err := srv.Shutdown(ctx); err != nil {
+			s.logger.Warn("HTTP server graceful shutdown failed", zap.Error(err))
+		}
 	}
+
+	// determine if the secure server was started
+	if secureSrv != nil {
+		if err := secureSrv.Shutdown(ctx); err != nil {
+			s.logger.Warn("HTTPS server graceful shutdown failed", zap.Error(err))
+		}
+	}
+}
+
+func (s *Server) startServer() *http.Server {
+
+	// determine if the port is specified
+	if s.config.Port == "0" {
+
+		// move on immediately
+		return nil
+	}
+
+	srv := &http.Server{
+		Addr:         s.config.Host + ":" + s.config.Port,
+		WriteTimeout: s.config.HttpServerTimeout,
+		ReadTimeout:  s.config.HttpServerTimeout,
+		IdleTimeout:  2 * s.config.HttpServerTimeout,
+		Handler:      s.handler,
+	}
+
+	// start the server in the background
+	go func() {
+		s.logger.Info("Starting HTTP Server.", zap.String("addr", srv.Addr))
+		if err := srv.ListenAndServe(); err != http.ErrServerClosed {
+			s.logger.Fatal("HTTP server crashed", zap.Error(err))
+		}
+	}()
+
+	// return the server and routine
+	return srv
+}
+
+func (s *Server) startSecureServer() *http.Server {
+
+	// determine if the port is specified
+	if s.config.SecurePort == "0" {
+
+		// move on immediately
+		return nil
+	}
+
+	srv := &http.Server{
+		Addr:         s.config.Host + ":" + s.config.SecurePort,
+		WriteTimeout: s.config.HttpServerTimeout,
+		ReadTimeout:  s.config.HttpServerTimeout,
+		IdleTimeout:  2 * s.config.HttpServerTimeout,
+		Handler:      s.handler,
+	}
+
+	cert := path.Join(s.config.CertPath, "tls.crt")
+	key := path.Join(s.config.CertPath, "tls.key")
+
+	// start the server in the background
+	go func() {
+		s.logger.Info("Starting HTTPS Server.", zap.String("addr", srv.Addr))
+		if err := srv.ListenAndServeTLS(cert, key); err != http.ErrServerClosed {
+			s.logger.Fatal("HTTPS server crashed", zap.Error(err))
+		}
+	}()
+
+	// return the server
+	return srv
 }

 func (s *Server) startMetricsServer() {
--- a/pkg/api/token.go
+++ b/pkg/api/token.go
@@ -8,7 +8,7 @@ import (

 	"io/ioutil"

-	"github.com/dgrijalva/jwt-go"
+	"github.com/dgrijalva/jwt-go/v4"
 	"go.uber.org/zap"
 )

@@ -39,11 +39,12 @@ func (s *Server) tokenGenerateHandler(w http.ResponseWriter, r *http.Request) {
 		user = string(body)
 	}

+	expiresAt := time.Now().Add(time.Minute * 1)
 	claims := &jwtCustomClaims{
 		user,
 		jwt.StandardClaims{
 			Issuer:    "podinfo",
-			ExpiresAt: time.Now().Add(time.Minute * 1).Unix(),
+			ExpiresAt: jwt.At(expiresAt),
 		},
 	}

@@ -56,7 +57,7 @@ func (s *Server) tokenGenerateHandler(w http.ResponseWriter, r *http.Request) {

 	var result = TokenResponse{
 		Token:     t,
-		ExpiresAt: time.Unix(claims.StandardClaims.ExpiresAt, 0),
+		ExpiresAt: time.Unix(claims.StandardClaims.ExpiresAt.Unix(), 0),
 	}

 	s.JSONResponse(w, r, result)
@@ -103,7 +104,7 @@ func (s *Server) tokenValidateHandler(w http.ResponseWriter, r *http.Request) {
 		} else {
 			var result = TokenValidationResponse{
 				TokenName: claims.Name,
-				ExpiresAt: time.Unix(claims.StandardClaims.ExpiresAt, 0),
+				ExpiresAt: time.Unix(claims.StandardClaims.ExpiresAt.Unix(), 0),
 			}
 			s.JSONResponse(w, r, result)
 		}
--- a/pkg/api/token_test.go
+++ b/pkg/api/token_test.go
@@ -0,0 +1,36 @@
+package api
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+)
+
+func TestTokenHandler(t *testing.T) {
+	req, err := http.NewRequest("POST", "/token", strings.NewReader("test-user"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	rr := httptest.NewRecorder()
+	srv := NewMockServer()
+	handler := http.HandlerFunc(srv.tokenGenerateHandler)
+
+	handler.ServeHTTP(rr, req)
+
+	// Check the status code is what we expect.
+	if status := rr.Code; status != http.StatusOK {
+		t.Errorf("handler returned wrong status code: got %v want %v",
+			status, http.StatusOK)
+	}
+
+	var token TokenResponse
+	if err := json.Unmarshal(rr.Body.Bytes(), &token); err != nil {
+		t.Fatal(err)
+	}
+	if token.Token == "" {
+		t.Error("handler returned no token")
+	}
+}
--- a/pkg/version/version.go
+++ b/pkg/version/version.go
@@ -1,4 +1,4 @@
 package version

-var VERSION = "5.0.3"
+var VERSION = "6.0.0"
 var REVISION = "unknown"
--- a/test/build.sh
+++ b/test/build.sh
@@ -0,0 +1,7 @@
+#! /usr/bin/env sh
+
+set -e
+
+# build the docker file
+GIT_COMMIT=$(git rev-list -1 HEAD) && \
+DOCKER_BUILDKIT=1 docker build --tag test/podinfo --build-arg "REVISION=${GIT_COMMIT}" .
--- a/test/deploy.sh
+++ b/test/deploy.sh
@@ -0,0 +1,32 @@
+#! /usr/bin/env sh
+
+# add jetstack repository
+helm repo add jetstack https://charts.jetstack.io || true
+
+# install cert-manager
+helm upgrade --install cert-manager jetstack/cert-manager \
+    --set installCRDs=true \
+    --namespace default
+
+# wait for cert manager
+kubectl rollout status deployment/cert-manager --timeout=2m
+kubectl rollout status deployment/cert-manager-webhook --timeout=2m
+kubectl rollout status deployment/cert-manager-cainjector --timeout=2m
+
+# install self-signed certificate
+cat << 'EOF' | kubectl apply -f -
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: self-signed
+spec:
+  selfSigned: {}
+EOF
+
+# install podinfo with tls enabled
+helm upgrade --install podinfo ./charts/podinfo \
+    --set image.repository=test/podinfo \
+    --set image.tag=latest \
+    --set tls.enabled=true \
+    --set certificate.create=true \
+    --namespace=default
--- a/test/e2e.sh
+++ b/test/e2e.sh
@@ -0,0 +1,20 @@
+#! /usr/bin/env sh
+
+set -e
+
+SCRIPT_DIR=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd -P)
+
+# run the build
+$SCRIPT_DIR/build.sh
+
+# create the kind cluster
+kind create cluster || true
+
+# load the docker image
+kind load docker-image test/podinfo:latest
+
+# run the deploy
+$SCRIPT_DIR/deploy.sh
+
+# run the tests
+$SCRIPT_DIR/test.sh
--- a/test/test.sh
+++ b/test/test.sh
@@ -0,0 +1,9 @@
+#1 /usr/bin/env sh
+
+set -e
+
+# wait for podinfo
+kubectl rollout status deployment/podinfo --timeout=3m
+
+# test podinfo
+helm test podinfo
Author	SHA1	Message	Date
Stefan Prodan	627d5c4bb6	Merge pull request #140 from stefanprodan/release-6.0.0 Release v6.0.0	2021-06-16 15:30:23 +03:00
Stefan Prodan	29f3e7f430	Release v6.0.0 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-06-16 15:24:35 +03:00
Stefan Prodan	8a7d5689e5	Merge pull request #139 from stefanprodan/alpine-3.14 Update Alpine to v3.14	2021-06-16 15:21:02 +03:00
Stefan Prodan	70ab46cd6e	Update Alpine to v3.14 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-06-16 15:16:43 +03:00
Stefan Prodan	d8effad747	Merge pull request #138 from stefanprodan/deps-update Update dependencies	2021-06-16 14:54:25 +03:00
Stefan Prodan	dc97765557	Update dependencies Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-06-16 14:37:41 +03:00
Stefan Prodan	685371108d	Merge pull request #136 from monotek/ingressClassName chart: Upgrade Ingress to networking.k8s.io/v1 and add ingressClassName	2021-06-08 19:08:16 +03:00
André Bauer	b6f1555176	added ingressClassName Signed-off-by: André Bauer <monotek23@gmail.com>	2021-06-04 15:51:59 +02:00
Stefan Prodan	deadf87be8	Merge pull request #134 from stefanprodan/release-v5.2.1 Release v5.2.1	2021-05-13 15:33:46 +03:00
Stefan Prodan	1d75661e45	Release v5.2.1 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-05-13 15:33:21 +03:00
Stefan Prodan	6a78560d28	Update dgrijalva/jwt-go to v4 (#133 ) Fix for CVE-2020-26160 https://avd.aquasec.com/nvd/cve-2020-26160/ Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-05-13 15:30:43 +03:00
Hendrik Ferber	9c4df129c6	added additional labels to servicemonitor template (#132 ) chart: Add additional labels to servicemonitor template Co-authored-by: Hendrik Ferber <HFerber@anexia-it.com>	2021-05-06 16:39:41 +03:00
Stefan Prodan	21c8dfbb69	Merge pull request #130 from onematchfox/master Add option to bind service to specific host	2021-04-21 14:45:36 +03:00
Brian Fox	8c93f05fa9	feat: add option to bind service to specific host	2021-04-16 08:07:56 +02:00
Stefan Prodan	ef98a040c8	Merge pull request #129 from stefanprodan/release-v5.2.0 Release v5.2.0	2021-03-22 11:45:01 +02:00
Stefan Prodan	bcd8e65416	Release v5.2.0 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-03-22 11:40:18 +02:00
Stefan Prodan	79ab71bcf9	Merge pull request #128 from stefanprodan/cd-docs Add Continuous Delivery section to readme	2021-03-21 20:31:49 +02:00
Stefan Prodan	a67c482a87	Add Continuous Delivery section to readme Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-03-21 19:27:27 +02:00
Stefan Prodan	7d89cbfd07	Merge pull request #127 from stefanprodan/chart-improvements Helm chart improvements	2021-03-21 18:09:39 +02:00
Stefan Prodan	0b73f44190	chart: Add container security context Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-03-21 15:58:29 +02:00
Stefan Prodan	5751990e1a	chart: Rearrange values Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-03-21 15:35:32 +02:00
Stefan Prodan	6d1d8c1271	chart: Add service annotations Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-03-21 15:21:37 +02:00
Stefan Prodan	81a311281e	Merge pull request #126 from stefanprodan/helm-action Refactor Helm GitHub Action	2021-03-21 14:51:32 +02:00
Stefan Prodan	71647cee9a	Refactor Helm GitHub Action Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-03-21 13:49:32 +02:00
Stefan Prodan	2487019631	Merge pull request #125 from stefanprodan/go-1.16 Update Go to v1.16	2021-03-21 13:42:36 +02:00
Stefan Prodan	885a35eebf	Update Go to v1.16 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-03-21 13:37:26 +02:00
Stefan Prodan	d36c523e67	Merge pull request #124 from runyontr/redis-connection-fix chart: Fix Redis backend url	2021-03-05 16:45:20 +02:00
Thomas Runyon	43b05fb948	Update redis backend url The connection information for redis does not match the service entry.	2021-03-05 08:56:23 -05:00
Stefan Prodan	6856337c57	Merge pull request #123 from mhulscher/servicemonitor-should-select-own-namespace-only fix(chart): ensure that the servicemonitor only selects its own namespace	2021-03-01 16:51:08 +02:00
Mitch Hulscher	2b603bedcd	fix(chart): ensure that the servicemonitor only selects its own namespace	2021-03-01 14:59:19 +01:00
Stefan Prodan	e43ebfa5bf	Merge pull request #121 from stefanprodan/release-5.1.4 Release v5.1.4	2021-02-02 16:26:20 +02:00
Stefan Prodan	c914acb34d	Release v5.1.4 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-02-02 16:20:22 +02:00
Stefan Prodan	982713606e	Merge pull request #120 from 181192/service-monitor-selector chart: Fix ServiceMonitor matchLabels for service	2021-02-02 10:03:57 +02:00
181192	63c0d0afe5	Fix servicemonitor matchLabels for service Signed-off-by: 181192 <k@kalli.no>	2021-02-01 18:47:54 +01:00
Stefan Prodan	4407939ea3	Merge pull request #119 from stefanprodan/release-5.1.3 Release v5.1.3	2021-01-31 12:41:08 +02:00
Stefan Prodan	ee6df13f57	Release v5.1.3 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-01-31 12:36:06 +02:00
Stefan Prodan	97f9aca039	Merge pull request #118 from stefanprodan/remove-helmv2-tests Refactor e2e tests	2021-01-28 16:11:27 +02:00
Stefan Prodan	f30e3f89ed	Refactor e2e tests - remove Helm v2 and Tiller - update Helm v3 to 3.5.0 - rename scripts dir to test Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2021-01-28 13:05:34 +02:00
Stefan Prodan	f220644263	Merge pull request #117 from a-vorobiev/fix/use-group Fix adduser param to actually use 'app' group	2021-01-26 10:57:35 +02:00
Anton Vorobiev	9e066ebc7b	Fix adduser param to actually use 'app' group	2021-01-23 21:58:49 +01:00
Stefan Prodan	855f7724be	Merge pull request #113 from stefanprodan/release-5.1.2 Release v5.1.2	2020-12-14 13:22:23 +02:00
Stefan Prodan	33d1e950a9	Release v5.1.2 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2020-12-14 13:13:47 +02:00
Stefan Prodan	ec57c11356	Merge pull request #112 from ErezArbell/patch-1 Add quoting support in ingress to allow wildcard domain	2020-12-14 10:18:00 +02:00
ErezArbell	f0d7f0adca	Add quoting support in ingress to allow wildcard domain YAML requires asterisk to be quoted. If we want to use wildcard host in the ingress so we put in values.yaml something like ``` ingress: tls: - secretName: my-secret-tls hosts: - '*.example.com' ``` then Helm removes the quote mark before putting the hosts value in the ingress, so the ingress will have this unquoted and will give error: ``` Error: YAML parse error on podinfo/templates/ingress.yaml: error converting YAML to JSON: yaml: line 21: did not find expected alphabetic or numeric character ``` See same issue : <https://github.com/helm/helm/issues/3936>. and this PR that fixes it in Helm code: <https://github.com/helm/helm/pull/3956>. This fix applies the same to podinfo.	2020-12-14 09:44:50 +02:00
Stefan Prodan	9f4d31a8c4	Merge pull request #111 from stefanprodan/release-v5.1.1 Release v5.1.1	2020-12-09 11:11:53 +02:00
Stefan Prodan	95eafd32f9	Release v5.1.1 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2020-12-09 10:25:36 +02:00
Stefan Prodan	86dbbf7254	Merge pull request #109 from ut8ia/patch-1 Issue : silence on config file missing error	2020-12-08 18:05:26 +02:00
Stefan Prodan	b13ec2ddb4	Merge pull request #110 from stefanprodan/release-v5.1.0 Release v5.1.0	2020-12-08 17:43:37 +02:00
Stefan Prodan	0f7a876dae	Release v5.1.0 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2020-12-08 17:36:23 +02:00
Eugene Anufriev	837ff33ee0	Issue : silence on config file missing error Any information in case when config file not exist or path\filename configured incorrectly. It is not clear now. Propose: handle such situation and inform about that.	2020-12-02 17:46:56 +02:00
Stefan Prodan	4735f54368	Merge pull request #108 from dmccaffery/feat/secure-port-chart feat(charts): add tls support to helm chart	2020-11-20 15:43:54 +02:00
Deavon M. McCaffery	35c9128bca	fix(charts): fix default tls port in deployment	2020-11-19 15:41:06 +00:00
Deavon M. McCaffery	411bce81c0	build: update e2e tests to validate secure-port * pull out script blocks into `hack` path * update e2e workflow to use scripts in `hack` * install cert manager and self-signed cluster issuer in e2e * deploy podinfo with secure port and certificate enabled * add `hack/e2e.sh` script, which can be used to execute the github workflow locally	2020-11-19 03:04:36 +00:00
Deavon M. McCaffery	1ac286c3b0	feat(charts): add tls support to helm chart * add tls variable block to configure service and pod with secure-port * add ability to create cert-manager certificate * add support for host ports (both http and https) * add helm test for tls port * add example values for secure-port deployment - this assumes certificate manager is deployed to the cluster	2020-11-19 02:46:25 +00:00
Stefan Prodan	b496853d32	Merge pull request #106 from dmccaffery/feat/secure-port feat(podinfo): add secure port for end-to-end tls	2020-11-18 15:16:19 +02:00
Deavon M. McCaffery	9ca49aa442	build: replace add-path with environment files	2020-11-18 12:44:58 +00:00
Deavon M. McCaffery	bc809cd763	docs(deploy): add script to test podinfo using kind	2020-11-17 23:04:55 +00:00
Deavon M. McCaffery	046ac8a4a5	docs(deploy): add kube manifests for secure-port example	2020-11-17 23:04:35 +00:00
Deavon M. McCaffery	c38f357872	feat(podinfo): add secure port for end-to-end tls * add `secure-port` argument to podinfo * add `cert-path` argument to podinfo * add http server for secure port * normalise http/https server start	2020-11-17 23:01:41 +00:00