Merge pull request #175 from stefanprodan/go-1.17

Update Go to v1.17

.cosign/README.md

@@ -0,0 +1,39 @@
+# Podinfo signed releases
+
+Podinfo deployment manifests are published to GitHub Container Registry as OCI artifacts
+and are signed using [cosign](https://github.com/sigstore/cosign).
+
+## Verify the artifacts with cosign
+
+Install the [cosign](https://github.com/sigstore/cosign) CLI:
+
+```sh
+brew install sigstore/tap/cosign
+```
+
+Verify a podinfo release with cosign CLI:
+
+```sh
+cosign verify -key https://raw.githubusercontent.com/stefanprodan/podinfo/master/cosign/cosign.pub \
+ghcr.io/stefanprodan/podinfo-deploy:latest
+```
+
+## Download the artifacts with crane
+
+Install the [crane](https://github.com/google/go-containerregistry/tree/main/cmd/crane) CLI:
+
+```sh
+brew install crane
+```
+
+Download the podinfo deployment manifests with crane CLI:
+
+```console
+$ crane export ghcr.io/stefanprodan/podinfo-deploy:latest -| tar -xf - 
+
+$ ls -1
+deployment.yaml
+hpa.yaml
+kustomization.yaml
+service.yaml
+```

.cosign/cosign.pub

@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEST+BqQ1XZhhVYx0YWQjdUJYIG5Lt
+iz2+UxRIqmKBqNmce2T+l45qyqOs99qfD7gLNGmkVZ4vtJ9bM7FxChFczg==
+-----END PUBLIC KEY-----

.github/actions/helm/Dockerfile

@@ -1,6 +0,0 @@
-FROM stefanprodan/alpine-base:latest
-
-COPY entrypoint.sh /entrypoint.sh
-RUN chmod +x /entrypoint.sh
-
-ENTRYPOINT ["/entrypoint.sh"]

.github/actions/helm/action.yml

@@ -1,15 +1,33 @@
-name: 'helm'
+name: Setup Helm CLI
-description: 'A GitHub Action to run helm commands'
+description: A GitHub Action for running Helm commands
-author: 'Stefan Prodan'
+author: Stefan Prodan
 branding:
-  icon: 'command'
+  color: blue
-  color: 'blue'
+  icon: command
 inputs:
-  helm-version:
+  version:
-    description: Helm version to use
+    description: "Helm version"
     required: true
 runs:
-  using: 'docker'
+  using: composite
-  image: 'Dockerfile'
+  steps:
-  args:
+    - name: "Download helm binary to tmp"
-    - ${{ inputs.helm-version }}
+      shell: bash
+      run: |
+        VERSION=${{ inputs.version }}
+        BIN_URL="https://get.helm.sh/helm-v${VERSION}-linux-amd64.tar.gz"
+        curl -sL ${BIN_URL} -o /tmp/helm.tar.gz
+        mkdir -p /tmp/helm
+        tar -C /tmp/helm/ -zxvf /tmp/helm.tar.gz
+    - name: "Add helm binary to /usr/local/bin"
+      shell: bash
+      run: |
+        sudo cp /tmp/helm/linux-amd64/helm /usr/local/bin
+    - name: "Cleanup tmp"
+      shell: bash
+      run: |
+        rm -rf /tmp/helm/ /tmp/helm.tar.gz
+    - name: "Verify correct installation of binary"
+      shell: bash
+      run: |
+        helm version

.github/actions/helm/entrypoint.sh

@@ -1,24 +0,0 @@
-#!/usr/bin/env bash
-
-set -o errexit
-set -o pipefail
-
-HELM_VERSION=$1
-BIN_DIR="$GITHUB_WORKSPACE/bin"
-
-main() {
-  mkdir -p ${BIN_DIR}
-  tmpDir=$(mktemp -d)
-
-  pushd $tmpDir >& /dev/null
-
-  curl -sSL https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz | tar xz
-  cp linux-amd64/helm ${BIN_DIR}/helm
-
-  popd >& /dev/null
-  rm -rf $tmpDir
-}
-
-main
-echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH
-echo "$RUNNER_WORKSPACE/$(basename $GITHUB_REPOSITORY)/bin" >> $GITHUB_PATH

.github/workflows/e2e.yml

@@ -11,13 +11,15 @@ jobs:
     strategy:
       matrix:
         helm-version:
-          - 3.5.0
+          - 3.6.0
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v2
       - name: Setup Kubernetes
         uses: engineerd/setup-kind@v0.5.0
+        with:
+          version: v0.11.1
       - name: Build container image
         run: |
           ./test/build.sh
@@ -25,7 +27,7 @@ jobs:
       - name: Setup Helm
         uses: ./.github/actions/helm
         with:
-          helm-version: ${{ matrix.helm-version }}
+          version: ${{ matrix.helm-version }}
       - name: Deploy
         run: ./test/deploy.sh
       - name: Run integration tests

.github/workflows/release.yml

@@ -9,6 +9,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
+      - uses: imjasonh/setup-crane@v0.1
+      - uses: sigstore/cosign-installer@main
       - name: Setup QEMU
         uses: docker/setup-qemu-action@v1
         with:
@@ -44,7 +46,7 @@ jobs:
           push: true
           builder: ${{ steps.buildx.outputs.name }}
           context: .
-          file: ./Dockerfile
+          file: ./Dockerfile.xx
           platforms: linux/amd64,linux/arm/v7,linux/arm64
           tags: |
             docker.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }}
@@ -71,6 +73,21 @@ jobs:
         uses: stefanprodan/helm-gh-pages@master
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Publish config artifact
+        run: |
+          cd kustomize
+          tar -cf config.tar * --numeric-owner --owner=0 --group=0
+          crane append -f config.tar -t ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }}
+          crane tag ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }} latest
+          rm config.tar
+      - name: Sign config artifact
+        run: |
+          echo "$COSIGN_KEY" > /tmp/cosign.key
+          cosign sign -key /tmp/cosign.key ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }}
+          cosign sign -key /tmp/cosign.key ghcr.io/stefanprodan/podinfo-deploy:latest
+        env:
+          COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
+          COSIGN_KEY: ${{secrets.COSIGN_KEY}}
       - uses: ./.github/actions/release-notes
       - name: Generate release notes
         run: |

.github/workflows/test.yml

@@ -21,7 +21,7 @@ jobs:
       - name: Setup Go
         uses: actions/setup-go@v2
         with:
-          go-version: 1.15.x
+          go-version: 1.17.x
       - name: Run unit tests
         run: make test
       - name: Check if working tree is dirty
@@ -33,11 +33,15 @@ jobs:
       - name: Validate Helm chart
         uses: stefanprodan/kube-tools@v1
         with:
+          kubectl: 1.19.11
+          helm: 2.17.0
+          helmv3: 3.6.0
           command: |
-            helmv3 template ./charts/podinfo | kubeval --strict
+            helmv3 template ./charts/podinfo | kubeval --strict --kubernetes-version 1.19.11 --schema-location https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master
       - name: Validate kustomization
         uses: stefanprodan/kube-tools@v1
         with:
+          kubectl: 1.19.11
           command: |
-            kustomize build ./kustomize | kubeval --strict
+            kustomize build ./kustomize | kubeval --strict --kubernetes-version 1.19.11 --schema-location https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master
             kustomize build ./kustomize | conftest test -p .github/policy -

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.15-alpine as builder
+FROM golang:1.17-alpine as builder
 
 ARG REVISION
 
@@ -18,7 +18,7 @@ RUN CGO_ENABLED=0 go build -ldflags "-s -w \
     -X github.com/stefanprodan/podinfo/pkg/version.REVISION=${REVISION}" \
     -a -o bin/podcli cmd/podcli/*
 
-FROM alpine:3.12
+FROM alpine:3.15
 
 ARG BUILD_DATE
 ARG VERSION

Dockerfile.base

@@ -1,4 +1,4 @@
-FROM golang:1.15
+FROM golang:1.17
 
 WORKDIR /workspace
 

Dockerfile.xx

@@ -0,0 +1,53 @@
+ARG GO_VERSION=1.17
+ARG XX_VERSION=1.1.0
+
+FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
+
+FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine as builder
+
+# Copy the build utilities.
+COPY --from=xx / /
+
+ARG TARGETPLATFORM
+ARG REVISION
+
+RUN mkdir -p /podinfo/
+
+WORKDIR /podinfo
+
+COPY . .
+
+RUN go mod download
+
+ENV CGO_ENABLED=0
+RUN xx-go build -ldflags "-s -w \
+    -X github.com/stefanprodan/podinfo/pkg/version.REVISION=${REVISION}" \
+    -a -o bin/podinfo cmd/podinfo/*
+
+RUN xx-go build -ldflags "-s -w \
+    -X github.com/stefanprodan/podinfo/pkg/version.REVISION=${REVISION}" \
+    -a -o bin/podcli cmd/podcli/*
+
+FROM alpine:3.15
+
+ARG BUILD_DATE
+ARG VERSION
+ARG REVISION
+
+LABEL maintainer="stefanprodan"
+
+RUN addgroup -S app \
+    && adduser -S -G app app \
+    && apk --no-cache add \
+    ca-certificates curl netcat-openbsd
+
+WORKDIR /home/app
+
+COPY --from=builder /podinfo/bin/podinfo .
+COPY --from=builder /podinfo/bin/podcli /usr/local/bin/podcli
+COPY ./ui ./ui
+RUN chown -R app:app ./
+
+USER app
+
+CMD ["./podinfo"]

Makefile

@@ -15,13 +15,17 @@ run:
 	--level=debug --grpc-port=9999 --backend-url=https://httpbin.org/status/401 --backend-url=https://httpbin.org/status/500 \
 	--ui-logo=https://raw.githubusercontent.com/stefanprodan/podinfo/gh-pages/cuddle_clap.gif $(EXTRA_RUN_ARGS)
 
+.PHONY: test
 test:
-	go test -v -race ./...
+	go test ./... -coverprofile cover.out
 
 build:
 	GIT_COMMIT=$$(git rev-list -1 HEAD) && CGO_ENABLED=0 go build  -ldflags "-s -w -X github.com/stefanprodan/podinfo/pkg/version.REVISION=$(GIT_COMMIT)" -a -o ./bin/podinfo ./cmd/podinfo/*
 	GIT_COMMIT=$$(git rev-list -1 HEAD) && CGO_ENABLED=0 go build  -ldflags "-s -w -X github.com/stefanprodan/podinfo/pkg/version.REVISION=$(GIT_COMMIT)" -a -o ./bin/podcli ./cmd/podcli/*
 
+tidy:
+	rm -f go.sum; go mod tidy -compat=1.17
+
 fmt:
 	gofmt -l -s -w ./
 	goimports -l -w ./
@@ -33,6 +37,13 @@ build-charts:
 build-container:
 	docker build -t $(DOCKER_IMAGE_NAME):$(VERSION) .
 
+build-xx:
+	docker buildx build \
+	--platform=linux/amd64 \
+	-t $(DOCKER_IMAGE_NAME):$(VERSION) \
+	--load \
+	-f Dockerfile.xx .
+
 build-base:
 	docker build -f Dockerfile.base -t $(DOCKER_REPOSITORY)/podinfo-base:latest .
 
@@ -58,16 +69,16 @@ push-container:
 version-set:
 	@next="$(TAG)" && \
 	current="$(VERSION)" && \
-	sed -i '' "s/$$current/$$next/g" pkg/version/version.go && \
+	/usr/bin/sed -i '' "s/$$current/$$next/g" pkg/version/version.go && \
-	sed -i '' "s/tag: $$current/tag: $$next/g" charts/podinfo/values.yaml && \
+	/usr/bin/sed -i '' "s/tag: $$current/tag: $$next/g" charts/podinfo/values.yaml && \
-	sed -i '' "s/tag: $$current/tag: $$next/g" charts/podinfo/values-prod.yaml && \
+	/usr/bin/sed -i '' "s/tag: $$current/tag: $$next/g" charts/podinfo/values-prod.yaml && \
-	sed -i '' "s/appVersion: $$current/appVersion: $$next/g" charts/podinfo/Chart.yaml && \
+	/usr/bin/sed -i '' "s/appVersion: $$current/appVersion: $$next/g" charts/podinfo/Chart.yaml && \
-	sed -i '' "s/version: $$current/version: $$next/g" charts/podinfo/Chart.yaml && \
+	/usr/bin/sed -i '' "s/version: $$current/version: $$next/g" charts/podinfo/Chart.yaml && \
-	sed -i '' "s/podinfo:$$current/podinfo:$$next/g" kustomize/deployment.yaml && \
+	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" kustomize/deployment.yaml && \
-	sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/webapp/frontend/deployment.yaml && \
+	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/webapp/frontend/deployment.yaml && \
-	sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/webapp/backend/deployment.yaml && \
+	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/webapp/backend/deployment.yaml && \
-	sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/frontend/deployment.yaml && \
+	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/frontend/deployment.yaml && \
-	sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/backend/deployment.yaml && \
+	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/backend/deployment.yaml && \
 	echo "Version $$next set in code, deployment, chart and kustomize"
 
 release:
@@ -76,4 +87,4 @@ release:
 
 swagger:
 	go get github.com/swaggo/swag/cmd/swag
-	cd pkg/api && $$(go env GOPATH)/bin/swag init -g server.go
+	cd pkg/api && $$(go env GOPATH)/bin/swag init -g server.go

README.md

@@ -7,6 +7,8 @@
 [![Docker Pulls](https://img.shields.io/docker/pulls/stefanprodan/podinfo)](https://hub.docker.com/r/stefanprodan/podinfo)
 
 Podinfo is a tiny web application made with Go that showcases best practices of running microservices in Kubernetes.
+Podinfo is used by CNCF projects like [Flux](https://github.com/fluxcd/flux2) and [Flagger](https://github.com/fluxcd/flagger)
+for end-to-end testing and workshops.
 
 Specifications:
 
@@ -86,12 +88,11 @@ helm upgrade --install --wait frontend \
 --set backend=http://backend-podinfo:9898/echo \
 podinfo/podinfo
 
-# Test pods have hook-delete-policy: hook-succeeded
 helm test frontend
 
 helm upgrade --install --wait backend \
 --namespace test \
---set hpa.enabled=true \
+--set redis.enabled=true \
 podinfo/podinfo
 ```
 
@@ -105,4 +106,82 @@ Docker:
 
 ```bash
 docker run -dp 9898:9898 stefanprodan/podinfo
-```
+```
+
+### Continuous Delivery
+
+In order to install podinfo on a Kubernetes cluster and keep it up to date with the latest
+release in an automated manner, you can use [Flux](https://fluxcd.io).
+
+Install the Flux CLI on MacOS and Linux using Homebrew:
+
+```sh
+brew install fluxcd/tap/flux
+```
+
+Install the Flux controllers needed for Helm operations:
+
+```sh
+flux install \
+--namespace=flux-system \
+--network-policy=false \
+--components=source-controller,helm-controller
+```
+
+Add podinfo's Helm repository to your cluster and
+configure Flux to check for new chart releases every ten minutes:
+
+```sh
+flux create source helm podinfo \
+--namespace=default \
+--url=https://stefanprodan.github.io/podinfo \
+--interval=10m
+```
+
+Create a `podinfo-values.yaml` file locally:
+
+```sh
+cat > podinfo-values.yaml <<EOL
+replicaCount: 2
+resources:
+  limits:
+    memory: 256Mi
+  requests:
+    cpu: 100m
+    memory: 64Mi
+EOL
+```
+
+Create a Helm release for deploying podinfo in the default namespace:
+
+```sh
+flux create helmrelease podinfo \
+--namespace=default \
+--source=HelmRepository/podinfo \
+--release-name=podinfo \
+--chart=podinfo \
+--chart-version=">5.0.0" \
+--values=podinfo-values.yaml
+```
+
+Based on the above definition, Flux will upgrade the release automatically
+when a new version of podinfo is released. If the upgrade fails, Flux
+can [rollback](https://toolkit.fluxcd.io/components/helm/helmreleases/#configuring-failure-remediation)
+to the previous working version.
+
+You can check what version is currently deployed with:
+
+```sh
+flux get helmreleases -n default
+```
+
+To delete podinfo's Helm repository and release from your cluster run:
+
+```sh
+flux -n default delete source helm podinfo
+flux -n default delete helmrelease podinfo
+```
+
+If you wish to manage the lifecycle of your applications in a **GitOps** manner, check out
+this [workflow example](https://github.com/fluxcd/flux2-kustomize-helm-example)
+for multi-env deployments with Flux, Kustomize and Helm.

charts/podinfo/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
-version: 5.1.3
+version: 6.0.4
-appVersion: 5.1.3
+appVersion: 6.0.4
 name: podinfo
 engine: gotpl
 description: Podinfo Helm chart for Kubernetes
@@ -10,3 +10,4 @@ maintainers:
   name: stefanprodan
 sources:
 - https://github.com/stefanprodan/podinfo
+kubeVersion: ">=1.19.0-0"

charts/podinfo/README.md

@@ -1,8 +1,12 @@
 # Podinfo
 
-Podinfo is a tiny web application made with Go 
+Podinfo is a tiny web application made with Go
 that showcases best practices of running microservices in Kubernetes.
 
+Podinfo is used by CNCF projects like [Flux](https://github.com/fluxcd/flux2)
+and [Flagger](https://github.com/fluxcd/flagger)
+for end-to-end testing and workshops.
+
 ## Installing the Chart
 
 To install the chart with the release name `my-release`:
@@ -10,7 +14,7 @@ To install the chart with the release name `my-release`:
 ```console
 $ helm repo add podinfo https://stefanprodan.github.io/podinfo
 
-$ helm upgrade -i my-release podinfo/podinfo 
+$ helm upgrade -i my-release podinfo/podinfo
 ```
 
 The command deploys podinfo on the Kubernetes cluster in the default namespace.
@@ -33,7 +37,7 @@ The following tables lists the configurable parameters of the podinfo chart and
 Parameter | Default | Description
 --- | --- | ---
 `replicaCount` | `1` | Desired number of pods
-`logLevel` | `info` | Log level: `debug`, `info`, `warn`, `error`, `flat` or `panic`
+`logLevel` | `info` | Log level: `debug`, `info`, `warn`, `error`
 `backend` | `None` | Echo backend URL
 `backends` | `[]` | Array of echo backend URLs
 `cache` | `None` | Redis address in the format `<host>:<port>`
@@ -47,7 +51,6 @@ Parameter | Default | Description
 `faults.unready` | `false` | When set, the ready state is never reached
 `faults.testFail` | `false` | When set, a helm test is included which always fails
 `faults.testTimeout` | `false` | When set, a helm test is included which always times out
-`h2c.enabled` | `false` | Allow upgrading to h2c
 `image.repository` | `stefanprodan/podinfo` | Image repository
 `image.tag` | `<VERSION>` | Image tag
 `image.pullPolicy` | `IfNotPresent` | Image pull policy
@@ -59,6 +62,7 @@ Parameter | Default | Description
 `service.grpcPort` | `9999` | ClusterIP gPRC port
 `service.grpcService` | `podinfo` | gPRC service name
 `service.nodePort` | `31198` | NodePort for the HTTP endpoint
+`h2c.enabled` | `false` | Allow upgrading to h2c (non-TLS version of HTTP/2)
 `hpa.enabled` | `false` | Enables the Kubernetes HPA
 `hpa.maxReplicas` | `10` | Maximum amount of pods
 `hpa.cpu` | `None` | Target CPU usage per pod
@@ -66,12 +70,14 @@ Parameter | Default | Description
 `hpa.requests` | `None` | Target HTTP requests per second per pod
 `serviceAccount.enabled` | `false` | Whether a service account should be created
 `serviceAccount.name` | `None` | The name of the service account to use, if not set and create is true, a name is generated using the fullname template
+`securityContext` | `{}` | The security context to be set on the podinfo container
 `linkerd.profile.enabled` | `false` | Create Linkerd service profile
 `serviceMonitor.enabled` | `false` | Whether a Prometheus Operator service monitor should be created
 `serviceMonitor.interval` | `15s` | Prometheus scraping interval
+`serviceMonitor.additionalLabels` | `{}` | Add additional labels to the service monitor |
 `ingress.enabled` | `false` | Enables Ingress
+`ingress.className ` | `""` | Use ingressClassName
 `ingress.annotations` | `{}` | Ingress annotations
-`ingress.path` | `/*` | Ingress path
 `ingress.hosts` | `[]` | Ingress accepted hosts
 `ingress.tls` | `[]` | Ingress TLS configuration
 `resources.requests.cpu` | `1m` | Pod CPU request

charts/podinfo/templates/deployment.yaml

@@ -34,7 +34,10 @@ spec:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
-          {{- if (or .Values.service.hostPort .Values.tls.hostPort) }}
+          {{- if .Values.securityContext }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          {{- else if (or .Values.service.hostPort .Values.tls.hostPort) }}
           securityContext:
             allowPrivilegeEscalation: true
             capabilities:
@@ -46,6 +49,9 @@ spec:
           command:
             - ./podinfo
             - --port={{ .Values.service.httpPort | default 9898 }}
+            {{- if .Values.host }}
+            - --host={{ .Values.host }}
+            {{- end }}
             {{- if .Values.tls.enabled }}
             - --secure-port={{ .Values.tls.port }}
             {{- end }}
@@ -67,7 +73,7 @@ spec:
             {{- if .Values.cache }}
             - --cache-server={{ .Values.cache }}
             {{- else if .Values.redis.enabled }}
-            - --cache-server={{ template "podinfo.fullname" . }}:6379
+            - --cache-server={{ template "podinfo.fullname" . }}-redis:6379
             {{- end }}
             - --level={{ .Values.logLevel }}
             - --random-delay={{ .Values.faults.delay }}

charts/podinfo/templates/ingress.yaml

@@ -1,43 +1,41 @@
 {{- if .Values.ingress.enabled -}}
 {{- $fullName := include "podinfo.fullname" . -}}
-{{- $ingressPath := .Values.ingress.path -}}
+{{- $svcPort := .Values.service.externalPort -}}
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: {{ $fullName }}
   labels:
     {{- include "podinfo.labels" . | nindent 4 }}
-{{- with .Values.ingress.annotations }}
+  {{- with .Values.ingress.annotations }}
   annotations:
-{{ toYaml . | indent 4 }}
+    {{- toYaml . | nindent 4 }}
-{{- end }}
+  {{- end }}
-spec:
+spec:
-{{- if .Values.ingress.tls }}
+  ingressClassName: {{ .Values.ingress.className }}
-  tls:
+  {{- if .Values.ingress.tls }}
-  {{- range .Values.ingress.tls }}
+  tls:
-    - hosts:
+    {{- range .Values.ingress.tls }}
-      {{- range .hosts }}
+    - hosts:
-        - {{ . | quote }}
+        {{- range .hosts }}
-      {{- end }}
+        - {{ . | quote }}
-      secretName: {{ .secretName }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
   {{- end }}
-{{- end }}
   rules:
-  {{- range .Values.ingress.hosts }}
+    {{- range .Values.ingress.hosts }}
-    - host: {{ . | quote }}
+    - host: {{ .host | quote }}
       http:
         paths:
-          - path: {{ $ingressPath }}
+          {{- range .paths }}
+          - path: {{ .path }}
+            pathType: {{ .pathType }}
             backend:
-              serviceName: {{ $fullName }}
+              service:
-              servicePort: http
+                name: {{ $fullName }}
-  {{- end }}
+                port:
-  {{- if not .Values.ingress.hosts }}
+                  number: {{ $svcPort }}
-    - http:
+          {{- end }}
-        paths:
+    {{- end }}
-          - path: {{ $ingressPath }}
-            backend:
-              serviceName: {{ $fullName }}
-              servicePort: http
-  {{- end }}
 {{- end }}

charts/podinfo/templates/service.yaml

@@ -5,6 +5,10 @@ metadata:
   name: {{ template "podinfo.fullname" . }}
   labels:
     {{- include "podinfo.labels" . | nindent 4 }}
+{{- with .Values.service.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
 spec:
   type: {{ .Values.service.type }}
   ports:

charts/podinfo/templates/servicemonitor.yaml

@@ -5,12 +5,18 @@ metadata:
   name: {{ template "podinfo.fullname" . }}
   labels:
     {{- include "podinfo.labels" . | nindent 4 }}
+    {{- with .Values.serviceMonitor.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
 spec:
   endpoints:
     - path: /metrics
       port: http
       interval: {{ .Values.serviceMonitor.interval }}
+  namespaceSelector:
+    matchNames:
+      - {{ .Release.Namespace }}
   selector:
     matchLabels:
-      app: {{ template "podinfo.fullname" . }}
+      {{- include "podinfo.selectorLabels" . | nindent 6 }}
 {{- end }}

charts/podinfo/values-prod.yaml

@@ -1,15 +1,22 @@
-# Prod values for podinfo.
+# Production values for podinfo.
+# Includes Redis deployment and memory limits.
 
 replicaCount: 1
 logLevel: info
 backend: #http://backend-podinfo:9898/echo
 backends: []
 
+image:
+  repository: ghcr.io/stefanprodan/podinfo
+  tag: 6.0.4
+  pullPolicy: IfNotPresent
+
 ui:
   color: "#34577c"
   message: ""
   logo: ""
 
+# failure conditions
 faults:
   delay: false
   error: false
@@ -18,16 +25,10 @@ faults:
   testFail: false
   testTimeout: false
 
-h2c:
+# Kubernetes Service settings
-  enabled: false
-
-image:
-  repository: ghcr.io/stefanprodan/podinfo
-  tag: 5.1.3
-  pullPolicy: IfNotPresent
-
 service:
   enabled: true
+  annotations: {}
   type: ClusterIP
   metricsPort: 9797
   httpPort: 9898
@@ -36,6 +37,35 @@ service:
   grpcService: podinfo
   nodePort: 31198
 
+# enable h2c protocol (non-TLS version of HTTP/2)
+h2c:
+  enabled: false
+
+# enable tls on the podinfo service
+tls:
+  enabled: false
+  # the name of the secret used to mount the certificate key pair
+  secretName:
+  # the path where the certificate key pair will be mounted
+  certPath: /data/cert
+  # the port used to host the tls endpoint on the service
+  port: 9899
+  # the port used to bind the tls port to the host
+  # NOTE: requires privileged container with NET_BIND_SERVICE capability -- this is useful for testing
+  # in local clusters such as kind without port forwarding
+  hostPort:
+
+# create a certificate manager certificate (cert-manager required)
+certificate:
+  create: false
+  # the issuer used to issue the certificate
+  issuerRef:
+    kind: ClusterIssuer
+    name: self-signed
+  # the hostname / subject alternative names for the certificate
+  dnsNames:
+    - podinfo
+
 # metrics-server add-on required
 hpa:
   enabled: true
@@ -62,27 +92,35 @@ serviceAccount:
   # If not set and create is true, a name is generated using the fullname template
   name:
 
-linkerd:
+# set container security context
-  profile:
+securityContext: {}
-    enabled: false
-
-serviceMonitor:
-  enabled: false
-  interval: 15s
 
 ingress:
   enabled: false
+  className: ""
   annotations: {}
     # kubernetes.io/ingress.class: nginx
-  # kubernetes.io/tls-acme: "true"
+    # kubernetes.io/tls-acme: "true"
-  path: /*
+  hosts:
-  hosts: []
+    - host: podinfo.local
-  #    - podinfo.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
   tls: []
   #  - secretName: chart-example-tls
   #    hosts:
   #      - chart-example.local
 
+linkerd:
+  profile:
+    enabled: false
+
+# create Prometheus Operator monitor
+serviceMonitor:
+  enabled: false
+  interval: 15s
+  additionalLabels: {}
+
 resources:
   limits:
     memory: 256Mi

charts/podinfo/values-secure.yaml

@@ -1,127 +0,0 @@
-# Default values for podinfo.
-
-replicaCount: 1
-logLevel: info
-backend: #http://backend-podinfo:9898/echo
-backends: []
-
-ui:
-  color: "#34577c"
-  message: ""
-  logo: ""
-
-faults:
-  delay: false
-  error: false
-  unhealthy: false
-  unready: false
-  testFail: false
-  testTimeout: false
-
-h2c:
-  enabled: false
-
-image:
-  repository: ghcr.io/stefanprodan/podinfo
-  tag: 5.0.3
-  pullPolicy: IfNotPresent
-
-service:
-  enabled: true
-  type: ClusterIP
-  metricsPort: 9797
-  httpPort: 9898
-  externalPort: 9898
-  grpcPort: 9999
-  grpcService: podinfo
-  nodePort: 31198
-  # the port used to bind the http port to the host
-  # NOTE: requires privileged container with NET_BIND_SERVICE capability -- this is useful for testing
-  # in local clusters such as kind without port forwarding
-  hostPort:
-
-# enable tls on the podinfo service
-tls:
-  enabled: true
-  # the name of the secret used to mount the certificate key pair
-  secretName:
-  # the path where the certificate key pair will be mounted
-  certPath: /data/cert
-  # the port used to host the tls endpoint on the service
-  port: 9899
-  # the port used to bind the tls port to the host
-  # NOTE: requires privileged container with NET_BIND_SERVICE capability -- this is useful for testing
-  # in local clusters such as kind without port forwarding
-  hostPort:
-
-# create a certificate manager certificate
-certificate:
-  create: true
-  # the issuer used to issue the certificate
-  issuerRef:
-    kind: ClusterIssuer
-    name: self-signed
-  # the hostname / subject alternative names for the certificate
-  dnsNames:
-    - podinfo
-
-# metrics-server add-on required
-hpa:
-  enabled: false
-  maxReplicas: 10
-  # average total CPU usage per pod (1-100)
-  cpu:
-  # average memory usage per pod (100Mi-1Gi)
-  memory:
-  # average http requests per second per pod (k8s-prometheus-adapter)
-  requests:
-
-# Redis address in the format <host>:<port>
-cache: ""
-# Redis deployment
-redis:
-  enabled: false
-  repository: redis
-  tag: 6.0.8
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  enabled: false
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name:
-
-linkerd:
-  profile:
-    enabled: false
-
-serviceMonitor:
-  enabled: false
-  interval: 15s
-
-ingress:
-  enabled: false
-  annotations: {}
-    # kubernetes.io/ingress.class: nginx
-    # kubernetes.io/tls-acme: "true"
-  path: /*
-  hosts: []
-#    - podinfo.local
-  tls: []
-  #  - secretName: chart-example-tls
-  #    hosts:
-  #      - chart-example.local
-
-resources:
-  limits:
-  requests:
-    cpu: 1m
-    memory: 16Mi
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-podAnnotations: {}

charts/podinfo/values.yaml

@@ -2,14 +2,21 @@
 
 replicaCount: 1
 logLevel: info
+host: #0.0.0.0
 backend: #http://backend-podinfo:9898/echo
 backends: []
 
+image:
+  repository: ghcr.io/stefanprodan/podinfo
+  tag: 6.0.4
+  pullPolicy: IfNotPresent
+
 ui:
   color: "#34577c"
   message: ""
   logo: ""
 
+# failure conditions
 faults:
   delay: false
   error: false
@@ -18,16 +25,10 @@ faults:
   testFail: false
   testTimeout: false
 
-h2c:
+# Kubernetes Service settings
-  enabled: false
-
-image:
-  repository: ghcr.io/stefanprodan/podinfo
-  tag: 5.1.3
-  pullPolicy: IfNotPresent
-
 service:
   enabled: true
+  annotations: {}
   type: ClusterIP
   metricsPort: 9797
   httpPort: 9898
@@ -40,6 +41,10 @@ service:
   # in local clusters such as kind without port forwarding
   hostPort:
 
+# enable h2c protocol (non-TLS version of HTTP/2)
+h2c:
+  enabled: false
+
 # enable tls on the podinfo service
 tls:
   enabled: false
@@ -54,7 +59,7 @@ tls:
   # in local clusters such as kind without port forwarding
   hostPort:
 
-# create a certificate manager certificate
+# create a certificate manager certificate (cert-manager required)
 certificate:
   create: false
   # the issuer used to issue the certificate
@@ -91,27 +96,35 @@ serviceAccount:
   # If not set and create is true, a name is generated using the fullname template
   name:
 
-linkerd:
+# set container security context
-  profile:
+securityContext: {}
-    enabled: false
-
-serviceMonitor:
-  enabled: false
-  interval: 15s
 
 ingress:
   enabled: false
+  className: ""
   annotations: {}
     # kubernetes.io/ingress.class: nginx
     # kubernetes.io/tls-acme: "true"
-  path: /*
+  hosts:
-  hosts: []
+    - host: podinfo.local
-#    - podinfo.local
+      paths:
+        - path: /
+          pathType: ImplementationSpecific
   tls: []
   #  - secretName: chart-example-tls
   #    hosts:
   #      - chart-example.local
 
+linkerd:
+  profile:
+    enabled: false
+
+# create Prometheus Operator monitor
+serviceMonitor:
+  enabled: false
+  interval: 15s
+  additionalLabels: {}
+
 resources:
   limits:
   requests:

cmd/podinfo/main.go

@@ -23,7 +23,8 @@ import (
 func main() {
 	// flags definition
 	fs := pflag.NewFlagSet("default", pflag.ContinueOnError)
-	fs.Int("port", 9898, "HTTP port")
+	fs.String("host", "", "Host to bind service to")
+	fs.Int("port", 9898, "HTTP port to bind service to")
 	fs.Int("secure-port", 0, "HTTPS port")
 	fs.Int("port-metrics", 0, "metrics port")
 	fs.Int("grpc-port", 0, "gRPC port")
@@ -89,8 +90,6 @@ func main() {
 		if readErr := viper.ReadInConfig(); readErr != nil {
 			fmt.Printf("Error reading config file, %v\n", readErr)
 		}
-	}else{
-		fmt.Printf("Error to open config file, %v\n",fileErr)
 	}
 
 	// configure logging

deploy/bases/backend/deployment.yaml

@@ -23,7 +23,7 @@ spec:
     spec:
       containers:
       - name: backend
-        image: ghcr.io/stefanprodan/podinfo:5.1.3
+        image: ghcr.io/stefanprodan/podinfo:6.0.4
         imagePullPolicy: IfNotPresent
         ports:
         - name: http

deploy/bases/frontend/deployment.yaml

@@ -23,7 +23,7 @@ spec:
     spec:
       containers:
       - name: frontend
-        image: ghcr.io/stefanprodan/podinfo:5.1.3
+        image: ghcr.io/stefanprodan/podinfo:6.0.4
         imagePullPolicy: IfNotPresent
         ports:
         - name: http

deploy/webapp/backend/deployment.yaml

@@ -25,7 +25,7 @@ spec:
       serviceAccountName: webapp
       containers:
       - name: backend
-        image: ghcr.io/stefanprodan/podinfo:5.1.3
+        image: ghcr.io/stefanprodan/podinfo:6.0.4
         imagePullPolicy: IfNotPresent
         ports:
         - name: http

deploy/webapp/frontend/deployment.yaml

@@ -25,7 +25,7 @@ spec:
       serviceAccountName: webapp
       containers:
       - name: frontend
-        image: ghcr.io/stefanprodan/podinfo:5.1.3
+        image: ghcr.io/stefanprodan/podinfo:6.0.4
         imagePullPolicy: IfNotPresent
         ports:
         - name: http

go.mod

@@ -1,25 +1,63 @@
 module github.com/stefanprodan/podinfo
 
-go 1.15
+go 1.17
 
 require (
 	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751
-	github.com/chzyer/logex v1.1.10 // indirect
 	github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e
-	github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 // indirect
+	github.com/dgrijalva/jwt-go/v4 v4.0.0-preview1
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
 	github.com/fatih/color v1.9.0
 	github.com/fsnotify/fsnotify v1.4.9
-	github.com/gomodule/redigo v1.8.2
+	github.com/gomodule/redigo v1.8.4
 	github.com/gorilla/mux v1.8.0
 	github.com/gorilla/websocket v1.4.2
-	github.com/prometheus/client_golang v1.8.0
+	github.com/prometheus/client_golang v1.11.0
-	github.com/spf13/cobra v1.1.1
+	github.com/spf13/cobra v1.2.1
 	github.com/spf13/pflag v1.0.5
-	github.com/spf13/viper v1.7.1
+	github.com/spf13/viper v1.8.1
-	github.com/swaggo/http-swagger v0.0.0-20200308142732-58ac5e232fba
+	github.com/swaggo/http-swagger v1.0.0
-	github.com/swaggo/swag v1.6.9
+	github.com/swaggo/swag v1.7.0
-	go.uber.org/zap v1.16.0
+	go.uber.org/zap v1.19.1
-	golang.org/x/net v0.0.0-20201027133719-8eef5233e2a1
+	golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4
-	google.golang.org/grpc v1.33.1
+	google.golang.org/grpc v1.38.0
+)
+
+require (
+	github.com/KyleBanks/depth v1.2.1 // indirect
+	github.com/PuerkitoBio/purell v1.1.1 // indirect
+	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.1.1 // indirect
+	github.com/go-openapi/jsonpointer v0.19.5 // indirect
+	github.com/go-openapi/jsonreference v0.19.5 // indirect
+	github.com/go-openapi/spec v0.20.0 // indirect
+	github.com/go-openapi/swag v0.19.12 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/magiconair/properties v1.8.5 // indirect
+	github.com/mailru/easyjson v0.7.6 // indirect
+	github.com/mattn/go-colorable v0.1.4 // indirect
+	github.com/mattn/go-isatty v0.0.12 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+	github.com/mitchellh/mapstructure v1.4.1 // indirect
+	github.com/pelletier/go-toml v1.9.3 // indirect
+	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/common v0.26.0 // indirect
+	github.com/prometheus/procfs v0.6.0 // indirect
+	github.com/spf13/afero v1.6.0 // indirect
+	github.com/spf13/cast v1.3.1 // indirect
+	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/subosito/gotenv v1.2.0 // indirect
+	github.com/swaggo/files v0.0.0-20190704085106-630677cd5c14 // indirect
+	go.uber.org/atomic v1.7.0 // indirect
+	go.uber.org/multierr v1.6.0 // indirect
+	golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40 // indirect
+	golang.org/x/text v0.3.5 // indirect
+	golang.org/x/tools v0.1.5 // indirect
+	google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c // indirect
+	google.golang.org/protobuf v1.26.0 // indirect
+	gopkg.in/ini.v1 v1.62.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 )

kustomize/deployment.yaml

@@ -23,7 +23,7 @@ spec:
     spec:
       containers:
       - name: podinfod
-        image: ghcr.io/stefanprodan/podinfo:5.1.3
+        image: ghcr.io/stefanprodan/podinfo:6.0.4
         imagePullPolicy: IfNotPresent
         ports:
         - name: http

pkg/api/docs/docs.go

@@ -132,7 +132,9 @@ var doc = `{
                 ],
                 "summary": "Save payload in cache",
                 "responses": {
-                    "202": {}
+                    "202": {
+                        "description": ""
+                    }
                 }
             },
             "delete": {
@@ -148,7 +150,9 @@ var doc = `{
                 ],
                 "summary": "Delete payload from cache",
                 "responses": {
-                    "202": {}
+                    "202": {
+                        "description": ""
+                    }
                 }
             }
         },

pkg/api/docs/swagger.json

@@ -121,7 +121,9 @@
                 ],
                 "summary": "Save payload in cache",
                 "responses": {
-                    "202": {}
+                    "202": {
+                        "description": ""
+                    }
                 }
             },
             "delete": {
@@ -137,7 +139,9 @@
                 ],
                 "summary": "Delete payload from cache",
                 "responses": {
-                    "202": {}
+                    "202": {
+                        "description": ""
+                    }
                 }
             }
         },

pkg/api/docs/swagger.yaml

@@ -106,7 +106,8 @@ paths:
       produces:
       - application/json
       responses:
-        "202": {}
+        "202":
+          description: ""
       summary: Delete payload from cache
       tags:
       - HTTP API
@@ -131,7 +132,8 @@ paths:
       produces:
       - application/json
       responses:
-        "202": {}
+        "202":
+          description: ""
       summary: Save payload in cache
       tags:
       - HTTP API

pkg/api/server.go

@@ -56,6 +56,7 @@ type Config struct {
 	DataPath                  string        `mapstructure:"data-path"`
 	ConfigPath                string        `mapstructure:"config-path"`
 	CertPath                  string        `mapstructure:"cert-path"`
+	Host                      string        `mapstructure:"host"`
 	Port                      string        `mapstructure:"port"`
 	SecurePort                string        `mapstructure:"secure-port"`
 	PortMetrics               int           `mapstructure:"port-metrics"`
@@ -122,9 +123,6 @@ func (s *Server) registerHandlers() {
 	s.router.PathPrefix("/swagger/").Handler(httpSwagger.Handler(
 		httpSwagger.URL("/swagger/doc.json"),
 	))
-	s.router.PathPrefix("/swagger/").Handler(httpSwagger.Handler(
-		httpSwagger.URL("/swagger/doc.json"),
-	))
 	s.router.HandleFunc("/swagger.json", func(w http.ResponseWriter, r *http.Request) {
 		doc, err := swag.ReadDoc()
 		if err != nil {
@@ -239,7 +237,7 @@ func (s *Server) startServer() *http.Server {
 	}
 
 	srv := &http.Server{
-		Addr:         ":" + s.config.Port,
+		Addr:         s.config.Host + ":" + s.config.Port,
 		WriteTimeout: s.config.HttpServerTimeout,
 		ReadTimeout:  s.config.HttpServerTimeout,
 		IdleTimeout:  2 * s.config.HttpServerTimeout,
@@ -248,6 +246,7 @@ func (s *Server) startServer() *http.Server {
 
 	// start the server in the background
 	go func() {
+		s.logger.Info("Starting HTTP Server.", zap.String("addr", srv.Addr))
 		if err := srv.ListenAndServe(); err != http.ErrServerClosed {
 			s.logger.Fatal("HTTP server crashed", zap.Error(err))
 		}
@@ -267,7 +266,7 @@ func (s *Server) startSecureServer() *http.Server {
 	}
 
 	srv := &http.Server{
-		Addr:         ":" + s.config.SecurePort,
+		Addr:         s.config.Host + ":" + s.config.SecurePort,
 		WriteTimeout: s.config.HttpServerTimeout,
 		ReadTimeout:  s.config.HttpServerTimeout,
 		IdleTimeout:  2 * s.config.HttpServerTimeout,
@@ -279,6 +278,7 @@ func (s *Server) startSecureServer() *http.Server {
 
 	// start the server in the background
 	go func() {
+		s.logger.Info("Starting HTTPS Server.", zap.String("addr", srv.Addr))
 		if err := srv.ListenAndServeTLS(cert, key); err != http.ErrServerClosed {
 			s.logger.Fatal("HTTPS server crashed", zap.Error(err))
 		}

pkg/api/token.go

@@ -8,7 +8,7 @@ import (
 
 	"io/ioutil"
 
-	"github.com/dgrijalva/jwt-go"
+	"github.com/dgrijalva/jwt-go/v4"
 	"go.uber.org/zap"
 )
 
@@ -39,11 +39,12 @@ func (s *Server) tokenGenerateHandler(w http.ResponseWriter, r *http.Request) {
 		user = string(body)
 	}
 
+	expiresAt := time.Now().Add(time.Minute * 1)
 	claims := &jwtCustomClaims{
 		user,
 		jwt.StandardClaims{
 			Issuer:    "podinfo",
-			ExpiresAt: time.Now().Add(time.Minute * 1).Unix(),
+			ExpiresAt: jwt.At(expiresAt),
 		},
 	}
 
@@ -56,7 +57,7 @@ func (s *Server) tokenGenerateHandler(w http.ResponseWriter, r *http.Request) {
 
 	var result = TokenResponse{
 		Token:     t,
-		ExpiresAt: time.Unix(claims.StandardClaims.ExpiresAt, 0),
+		ExpiresAt: time.Unix(claims.StandardClaims.ExpiresAt.Unix(), 0),
 	}
 
 	s.JSONResponse(w, r, result)
@@ -103,7 +104,7 @@ func (s *Server) tokenValidateHandler(w http.ResponseWriter, r *http.Request) {
 		} else {
 			var result = TokenValidationResponse{
 				TokenName: claims.Name,
-				ExpiresAt: time.Unix(claims.StandardClaims.ExpiresAt, 0),
+				ExpiresAt: time.Unix(claims.StandardClaims.ExpiresAt.Unix(), 0),
 			}
 			s.JSONResponse(w, r, result)
 		}

pkg/api/token_test.go

@@ -0,0 +1,36 @@
+package api
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+)
+
+func TestTokenHandler(t *testing.T) {
+	req, err := http.NewRequest("POST", "/token", strings.NewReader("test-user"))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	rr := httptest.NewRecorder()
+	srv := NewMockServer()
+	handler := http.HandlerFunc(srv.tokenGenerateHandler)
+
+	handler.ServeHTTP(rr, req)
+
+	// Check the status code is what we expect.
+	if status := rr.Code; status != http.StatusOK {
+		t.Errorf("handler returned wrong status code: got %v want %v",
+			status, http.StatusOK)
+	}
+
+	var token TokenResponse
+	if err := json.Unmarshal(rr.Body.Bytes(), &token); err != nil {
+		t.Fatal(err)
+	}
+	if token.Token == "" {
+		t.Error("handler returned no token")
+	}
+}

pkg/version/version.go

@@ -1,4 +1,4 @@
 package version
 
-var VERSION = "5.1.3"
+var VERSION = "6.0.4"
 var REVISION = "unknown"

test/deploy.sh

@@ -1,17 +1,12 @@
 #! /usr/bin/env sh
 
-# add jetstack repository
-helm repo add jetstack https://charts.jetstack.io || true
-
 # install cert-manager
-helm upgrade --install cert-manager jetstack/cert-manager \
+kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.yaml
-    --set installCRDs=true \
-    --namespace default
 
 # wait for cert manager
-kubectl rollout status deployment/cert-manager --timeout=2m
+kubectl -n cert-manager rollout status deployment/cert-manager --timeout=2m
-kubectl rollout status deployment/cert-manager-webhook --timeout=2m
+kubectl -n cert-manager rollout status deployment/cert-manager-webhook --timeout=2m
-kubectl rollout status deployment/cert-manager-cainjector --timeout=2m
+kubectl -n cert-manager rollout status deployment/cert-manager-cainjector --timeout=2m
 
 # install self-signed certificate
 cat << 'EOF' | kubectl apply -f -