github/podinfo
1
0
Fork 0
mirror of https://github.com/stefanprodan/podinfo.git synced 2026-04-07 19:46:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github:5.2.1
Branches Tags
github:master github:dependabot/github_actions/actions-cb5fd4910d github:gh-pages github:test-source-watcher github:feat/notation github:v6.x github:v5.x github:v3.x github:v1.x github:v0.x
github:6.11.2 github:6.11.1 github:6.11.0 github:6.10.2 github:6.10.1 github:6.10.0 github:6.9.4 github:6.9.3 github:6.9.2 github:6.9.1 github:6.9.0 github:6.8.0 github:6.7.1 github:6.7.0 github:6.6.3 github:6.6.2 github:6.6.1 github:6.6.0 github:6.5.4 github:6.5.3 github:6.5.2 github:6.5.1 github:6.5.0 github:6.4.1 github:6.4.0 github:6.3.6 github:6.3.5 github:6.3.4 github:6.3.3 github:6.3.2 github:6.3.1 github:6.3.0 github:6.2.3 github:6.2.2 github:6.2.1 github:6.2.0 github:6.1.8 github:6.1.7 github:6.1.6 github:6.1.5 github:6.1.4 github:6.1.3 github:6.1.2 github:6.1.1 github:6.1.0 github:6.0.4 github:6.0.3 github:6.0.2 github:6.0.1 github:6.0.0 github:5.2.1 github:5.2.0 github:5.1.4 github:5.1.3 github:5.1.2 github:5.1.1 github:5.1.0 github:5.0.3 github:5.0.2 github:5.0.1 github:5.0.0 github:4.0.6 github:4.0.5 github:4.0.4 github:4.0.3 github:4.0.2 github:4.0.1 github:4.0.0 github:3.3.1 github:3.3.0 github:3.2.4 github:3.2.3 github:3.2.2 github:3.2.1 github:3.2.0 github:3.1.5 github:3.1.4 github:3.1.3 github:3.1.2 github:3.1.1 github:3.1.0 github:3.0.0 github:2.1.3 github:2.1.2 github:2.1.1 github:2.1.0 github:2.0.2 github:2.0.1 github:2.0.0 github:v1.8.0 github:v1.7.0 github:v1.6.0 github:v1.4.2 github:v1.4.1 github:v1.4.0 github:v1.3.1 github:v1.3.0 github:v1.2.1 github:v1.2.0 github:v1.1.1 github:v1.1.0 github:v1.0.0 github:v0.5.0 github:v0.4.0 github:0.2.2
...
compare: github:6.1.0
Branches Tags
github:dependabot/github_actions/actions-cb5fd4910d github:gh-pages github:master github:test-source-watcher github:feat/notation github:v6.x github:v5.x github:v3.x github:v1.x github:v0.x
github:6.11.2 github:6.11.1 github:6.11.0 github:6.10.2 github:6.10.1 github:6.10.0 github:6.9.4 github:6.9.3 github:6.9.2 github:6.9.1 github:6.9.0 github:6.8.0 github:6.7.1 github:6.7.0 github:6.6.3 github:6.6.2 github:6.6.1 github:6.6.0 github:6.5.4 github:6.5.3 github:6.5.2 github:6.5.1 github:6.5.0 github:6.4.1 github:6.4.0 github:6.3.6 github:6.3.5 github:6.3.4 github:6.3.3 github:6.3.2 github:6.3.1 github:6.3.0 github:6.2.3 github:6.2.2 github:6.2.1 github:6.2.0 github:6.1.8 github:6.1.7 github:6.1.6 github:6.1.5 github:6.1.4 github:6.1.3 github:6.1.2 github:6.1.1 github:6.1.0 github:6.0.4 github:6.0.3 github:6.0.2 github:6.0.1 github:6.0.0 github:5.2.1 github:5.2.0 github:5.1.4 github:5.1.3 github:5.1.2 github:5.1.1 github:5.1.0 github:5.0.3 github:5.0.2 github:5.0.1 github:5.0.0 github:4.0.6 github:4.0.5 github:4.0.4 github:4.0.3 github:4.0.2 github:4.0.1 github:4.0.0 github:3.3.1 github:3.3.0 github:3.2.4 github:3.2.3 github:3.2.2 github:3.2.1 github:3.2.0 github:3.1.5 github:3.1.4 github:3.1.3 github:3.1.2 github:3.1.1 github:3.1.0 github:3.0.0 github:2.1.3 github:2.1.2 github:2.1.1 github:2.1.0 github:2.0.2 github:2.0.1 github:2.0.0 github:v1.8.0 github:v1.7.0 github:v1.6.0 github:v1.4.2 github:v1.4.1 github:v1.4.0 github:v1.3.1 github:v1.3.0 github:v1.2.1 github:v1.2.0 github:v1.1.1 github:v1.1.0 github:v1.0.0 github:v0.5.0 github:v0.4.0 github:0.2.2

45 Commits
5.2.1 ... 6.1.0

Author SHA1 Message Date
Stefan Prodan
79279ccb31 Merge pull request #178 from stefanprodan/release-6.1.0 
Release 6.1.0
 2022-03-12 13:29:52 +02:00
Stefan Prodan
7e1ef7457e Release 6.1.0 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-03-12 13:25:23 +02:00
Stefan Prodan
af4919172a Merge pull request #177 from stefanprodan/cosign 
Sign container images with cosign and GitHub OIDC
 2022-03-12 13:24:26 +02:00
Stefan Prodan
532e8f85b5 Merge pull request #167 from utkuozdemir/patch-1 
Fix ingress URL in Helm chart NOTES.txt
 2022-03-12 13:24:13 +02:00
Stefan Prodan
7c90501b8b Sign container images with cosign and GitHub OIDC 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-03-12 13:15:09 +02:00
Stefan Prodan
5f1fb66f6f Merge pull request #176 from stefanprodan/disable-otel 
Disable tracing by default
 2022-03-12 13:04:59 +02:00
Stefan Prodan
be80733cea Disable tracing by default 
To enable OTEL tracing, the `--otel-service-name` flag must be set.

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-03-12 12:58:39 +02:00
Stefan Prodan
8572a390f7 Merge pull request #170 from rajatvig/otel 
Add support for OpenTelemetry to podinfo http API
 2022-03-12 12:05:16 +02:00
Stefan Prodan
b2a41c64de Update Trivy vulnerability scanner 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-03-09 15:38:51 +02:00
Stefan Prodan
11cf36d838 Merge pull request #175 from stefanprodan/go-1.17 
Update Go to v1.17
 2022-03-09 15:21:47 +02:00
Stefan Prodan
5d440e41da Release 6.0.4 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-03-09 15:16:34 +02:00
Stefan Prodan
170b912d25 Update Go to v1.17 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2022-03-09 15:06:55 +02:00
Rajat Vig
38a7952407 Reformat 2022-01-10 16:19:45 +00:00
Rajat Vig
de90d92697 Remove default to insecure GRPC 2022-01-02 00:19:18 +00:00
Rajat Vig
22ee79fcb8 Add the copyheaders code back 2021-12-22 14:13:36 +00:00
Rajat Vig
03ffc8bc34 Create a new otel directory; Add a readme and makefile 2021-12-22 12:15:56 +00:00
Rajat Vig
c4f2a6c5e6 Setup different name; Copying of headers is not required for spans 2021-12-22 01:29:21 +00:00
Rajat Vig
ab9f7410c2 Get a docker-compose for example; Port code to otel-grpc 2021-12-22 01:09:49 +00:00
Rajat Vig
2c85a72737 Add back copyTraceHeaders() as OpenTelemetry does not default propagate 2021-12-16 14:12:32 +00:00
Rajat Vig
3970a3a323 Add noop tracer to the mockServer; migrate to go 1.17 2021-12-16 13:37:01 +00:00
Ilya Dmitrichenko
61d6ed42f5 Add OpenTelemetry tracer 2021-12-16 12:39:10 +00:00
Utku Özdemir
bb11285c6f Fix ingress URL in Helm chart NOTES.txt 
Fixes the notes that are printed when the Helm chart is installed with `ingress.enabled: true`.

Before:
```
1. Get the application URL by running these commands:
  https://map[host:podinfo.example.com paths:[map[path:/ pathType:ImplementationSpecific]]]
```

After the change:
```
1. Get the application URL by running these commands:
  https://podinfo.example.com/
```

The changed part is taken as-is from the output of the `helm create` command of Helm version 3.7.1.
Tested & working as expected.
 2021-11-30 15:32:01 +01:00
Stefan Prodan
132f4e7192 Merge pull request #165 from cv65kr/cv65kr-patch-1 
Remove duplicated endpoint
 2021-11-14 16:12:13 +02:00
Kajetan
6c596bf19b Remove duplicated endpoint 2021-11-14 14:36:09 +01:00
Stefan Prodan
ea292aa958 Merge pull request #160 from stefanprodan/release-6.0.3 
Release v6.0.3
 2021-10-21 17:50:42 +03:00
Stefan Prodan
33fa856b63 Release v6.0.3 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-10-21 17:45:33 +03:00
Stefan Prodan
6065c5aa79 Merge pull request #159 from stefanprodan/tonistiigi/xx 
Use tonistiigi/xx for multi-arch builds
 2021-10-21 17:44:21 +03:00
Stefan Prodan
0771a597e6 Use tonistiigi/xx for multi-arch builds 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-10-21 17:35:43 +03:00
Stefan Prodan
693ffa9d28 Merge pull request #158 from stefanprodan/release-6.0.2 
Release v6.0.2
 2021-10-21 16:40:23 +03:00
Stefan Prodan
1c39c04ac9 Release v6.0.2 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-10-21 16:35:25 +03:00
Stefan Prodan
a27ef20cb7 Merge pull request #157 from stefanprodan/pub-config-to-ghcr 
Publish the deploy manifests to GHCR
 2021-10-21 16:31:26 +03:00
Stefan Prodan
5e2089eafb Publish the deploy manifests to GHCR 
- bundle the kustomize overlay as an OCI artifact
- push the artifact to `ghcr.io/stefanprodan/podinfo-config` with crane
- sign the artifact with cosign

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-10-21 16:26:10 +03:00
Stefan Prodan
68fd4e245a Merge pull request #156 from stefanprodan/release-6.0.1 
Release v6.0.1
 2021-10-20 13:19:47 +03:00
Stefan Prodan
b718809f3b Release v6.0.1 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-10-20 13:14:39 +03:00
Stefan Prodan
26379a5589 Merge pull request #155 from stefanprodan/update-deps 
Update dependencies
 2021-10-20 13:12:55 +03:00
Stefan Prodan
8d37bcfa32 Update cert-manager to v1.5.3 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-10-20 11:28:30 +03:00
Stefan Prodan
f168e1909b Update dependencies 
github.com/spf13/cobra v1.2.1
github.com/spf13/viper v1.8.1
go.uber.org/zap v1.19.1

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-10-20 11:03:43 +03:00
Stefan Prodan
627d5c4bb6 Merge pull request #140 from stefanprodan/release-6.0.0 
Release v6.0.0
 2021-06-16 15:30:23 +03:00
Stefan Prodan
29f3e7f430 Release v6.0.0 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-06-16 15:24:35 +03:00
Stefan Prodan
8a7d5689e5 Merge pull request #139 from stefanprodan/alpine-3.14 
Update Alpine to v3.14
 2021-06-16 15:21:02 +03:00
Stefan Prodan
70ab46cd6e Update Alpine to v3.14 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-06-16 15:16:43 +03:00
Stefan Prodan
d8effad747 Merge pull request #138 from stefanprodan/deps-update 
Update dependencies
 2021-06-16 14:54:25 +03:00
Stefan Prodan
dc97765557 Update dependencies 
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
 2021-06-16 14:37:41 +03:00
Stefan Prodan
685371108d Merge pull request #136 from monotek/ingressClassName 
chart: Upgrade Ingress to networking.k8s.io/v1 and add ingressClassName
 2021-06-08 19:08:16 +03:00
André Bauer
b6f1555176 added ingressClassName 
Signed-off-by: André Bauer <monotek23@gmail.com>
 2021-06-04 15:51:59 +02:00
48 changed files with 1011 additions and 383 deletions
Expand all files Collapse all files

39
.cosign/README.md Normal file
View File

@@ -0,0 +1,39 @@
# Podinfo signed releases
Podinfo deployment manifests are published to GitHub Container Registry as OCI artifacts
and are signed using [cosign](https://github.com/sigstore/cosign).
## Verify the artifacts with cosign
Install the [cosign](https://github.com/sigstore/cosign) CLI:
```sh
brew install sigstore/tap/cosign
```
Verify a podinfo release with cosign CLI:
```sh
cosign verify -key https://raw.githubusercontent.com/stefanprodan/podinfo/master/cosign/cosign.pub \
ghcr.io/stefanprodan/podinfo-deploy:latest
```
## Download the artifacts with crane
Install the [crane](https://github.com/google/go-containerregistry/tree/main/cmd/crane) CLI:
```sh
brew install crane
```
Download the podinfo deployment manifests with crane CLI:
```console
$ crane export ghcr.io/stefanprodan/podinfo-deploy:latest -| tar -xf -
$ ls -1
deployment.yaml
hpa.yaml
kustomization.yaml
service.yaml
```

4
.cosign/cosign.pub Normal file
View File

@@ -0,0 +1,4 @@
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEST+BqQ1XZhhVYx0YWQjdUJYIG5Lt
iz2+UxRIqmKBqNmce2T+l45qyqOs99qfD7gLNGmkVZ4vtJ9bM7FxChFczg==
-----END PUBLIC KEY-----

11
.github/workflows/cve-scan.yml vendored
View File

@@ -17,7 +17,12 @@ jobs:
IMAGE=test/podinfo:${GITHUB_SHA}
docker build -t ${IMAGE} .
echo "::set-output name=image::$IMAGE"
- name: Scan image
uses: docker://docker.io/aquasec/trivy:latest
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
args: --cache-dir /var/lib/trivy --no-progress --exit-code 1 --severity MEDIUM,HIGH,CRITICAL ${{ steps.build.outputs.image }}
image-ref: ${{ steps.build.outputs.image }}
format: table
exit-code: "1"
ignore-unfixed: true
vuln-type: os,library
severity: CRITICAL,HIGH

4
.github/workflows/e2e.yml vendored
View File

@@ -11,13 +11,15 @@ jobs:
strategy:
matrix:
helm-version:
- 3.5.3
- 3.6.0
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Kubernetes
uses: engineerd/setup-kind@v0.5.0
with:
version: v0.11.1
- name: Build container image
run: |
./test/build.sh

36
.github/workflows/release.yml vendored
View File

@@ -2,13 +2,21 @@ name: release
on:
push:
tags: '*'
tags:
- '*'
permissions:
contents: write # needed to write releases
id-token: write # needed for keyless signing
packages: write # needed for ghcr access
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: imjasonh/setup-crane@v0.1
- uses: sigstore/cosign-installer@main
- name: Setup QEMU
uses: docker/setup-qemu-action@v1
with:
@@ -16,8 +24,6 @@ jobs:
- name: Setup Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
with:
buildkitd-flags: "--debug"
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
@@ -44,7 +50,7 @@ jobs:
push: true
builder: ${{ steps.buildx.outputs.name }}
context: .
file: ./Dockerfile
file: ./Dockerfile.xx
platforms: linux/amd64,linux/arm/v7,linux/arm64
tags: |
docker.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }}
@@ -58,6 +64,13 @@ jobs:
org.opencontainers.image.revision=${{ github.sha }}
org.opencontainers.image.version=${{ steps.prep.outputs.VERSION }}
org.opencontainers.image.created=${{ steps.prep.outputs.BUILD_DATE }}
- name: Sign images
env:
COSIGN_EXPERIMENTAL: 1
run: |
cosign sign docker.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }}
cosign sign docker.io/stefanprodan/podinfo:latest
cosign sign ghcr.io/stefanprodan/podinfo:${{ steps.prep.outputs.VERSION }}
- name: Publish base image
uses: docker/build-push-action@v2
with:
@@ -71,6 +84,21 @@ jobs:
uses: stefanprodan/helm-gh-pages@master
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Publish config artifact
run: |
cd kustomize
tar -cf config.tar * --numeric-owner --owner=0 --group=0
crane append -f config.tar -t ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }}
crane tag ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }} latest
rm config.tar
- name: Sign config artifact
run: |
echo "$COSIGN_KEY" > /tmp/cosign.key
cosign sign -key /tmp/cosign.key ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }}
cosign sign -key /tmp/cosign.key ghcr.io/stefanprodan/podinfo-deploy:latest
env:
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}}
COSIGN_KEY: ${{secrets.COSIGN_KEY}}
- uses: ./.github/actions/release-notes
- name: Generate release notes
run: |

10
.github/workflows/test.yml vendored
View File

@@ -21,7 +21,7 @@ jobs:
- name: Setup Go
uses: actions/setup-go@v2
with:
go-version: 1.16.x
go-version: 1.17.x
- name: Run unit tests
run: make test
- name: Check if working tree is dirty
@@ -33,11 +33,15 @@ jobs:
- name: Validate Helm chart
uses: stefanprodan/kube-tools@v1
with:
kubectl: 1.19.11
helm: 2.17.0
helmv3: 3.6.0
command: |
helmv3 template ./charts/podinfo | kubeval --strict
helmv3 template ./charts/podinfo | kubeval --strict --kubernetes-version 1.19.11 --schema-location https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master
- name: Validate kustomization
uses: stefanprodan/kube-tools@v1
with:
kubectl: 1.19.11
command: |
kustomize build ./kustomize | kubeval --strict
kustomize build ./kustomize | kubeval --strict --kubernetes-version 1.19.11 --schema-location https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master
kustomize build ./kustomize | conftest test -p .github/policy -

4
Dockerfile
View File

@@ -1,4 +1,4 @@
FROM golang:1.16-alpine as builder
FROM golang:1.17-alpine as builder
ARG REVISION
@@ -18,7 +18,7 @@ RUN CGO_ENABLED=0 go build -ldflags "-s -w \
-X github.com/stefanprodan/podinfo/pkg/version.REVISION=${REVISION}" \
-a -o bin/podcli cmd/podcli/*
FROM alpine:3.13
FROM alpine:3.15
ARG BUILD_DATE
ARG VERSION

2
Dockerfile.base
View File

@@ -1,4 +1,4 @@
FROM golang:1.16
FROM golang:1.17
WORKDIR /workspace

53
Dockerfile.xx Normal file
View File

@@ -0,0 +1,53 @@
ARG GO_VERSION=1.17
ARG XX_VERSION=1.1.0
FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine as builder
# Copy the build utilities.
COPY --from=xx / /
ARG TARGETPLATFORM
ARG REVISION
RUN mkdir -p /podinfo/
WORKDIR /podinfo
COPY . .
RUN go mod download
ENV CGO_ENABLED=0
RUN xx-go build -ldflags "-s -w \
-X github.com/stefanprodan/podinfo/pkg/version.REVISION=${REVISION}" \
-a -o bin/podinfo cmd/podinfo/*
RUN xx-go build -ldflags "-s -w \
-X github.com/stefanprodan/podinfo/pkg/version.REVISION=${REVISION}" \
-a -o bin/podcli cmd/podcli/*
FROM alpine:3.15
ARG BUILD_DATE
ARG VERSION
ARG REVISION
LABEL maintainer="stefanprodan"
RUN addgroup -S app \
&& adduser -S -G app app \
&& apk --no-cache add \
ca-certificates curl netcat-openbsd
WORKDIR /home/app
COPY --from=builder /podinfo/bin/podinfo .
COPY --from=builder /podinfo/bin/podcli /usr/local/bin/podcli
COPY ./ui ./ui
RUN chown -R app:app ./
USER app
CMD ["./podinfo"]

30
Makefile
View File

@@ -23,6 +23,9 @@ build:
GIT_COMMIT=$$(git rev-list -1 HEAD) && CGO_ENABLED=0 go build -ldflags "-s -w -X github.com/stefanprodan/podinfo/pkg/version.REVISION=$(GIT_COMMIT)" -a -o ./bin/podinfo ./cmd/podinfo/*
GIT_COMMIT=$$(git rev-list -1 HEAD) && CGO_ENABLED=0 go build -ldflags "-s -w -X github.com/stefanprodan/podinfo/pkg/version.REVISION=$(GIT_COMMIT)" -a -o ./bin/podcli ./cmd/podcli/*
tidy:
rm -f go.sum; go mod tidy -compat=1.17
fmt:
gofmt -l -s -w ./
goimports -l -w ./
@@ -34,6 +37,13 @@ build-charts:
build-container:
docker build -t $(DOCKER_IMAGE_NAME):$(VERSION) .
build-xx:
docker buildx build \
--platform=linux/amd64 \
-t $(DOCKER_IMAGE_NAME):$(VERSION) \
--load \
-f Dockerfile.xx .
build-base:
docker build -f Dockerfile.base -t $(DOCKER_REPOSITORY)/podinfo-base:latest .
@@ -59,16 +69,16 @@ push-container:
version-set:
@next="$(TAG)" && \
current="$(VERSION)" && \
sed -i '' "s/$$current/$$next/g" pkg/version/version.go && \
sed -i '' "s/tag: $$current/tag: $$next/g" charts/podinfo/values.yaml && \
sed -i '' "s/tag: $$current/tag: $$next/g" charts/podinfo/values-prod.yaml && \
sed -i '' "s/appVersion: $$current/appVersion: $$next/g" charts/podinfo/Chart.yaml && \
sed -i '' "s/version: $$current/version: $$next/g" charts/podinfo/Chart.yaml && \
sed -i '' "s/podinfo:$$current/podinfo:$$next/g" kustomize/deployment.yaml && \
sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/webapp/frontend/deployment.yaml && \
sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/webapp/backend/deployment.yaml && \
sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/frontend/deployment.yaml && \
sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/backend/deployment.yaml && \
/usr/bin/sed -i '' "s/$$current/$$next/g" pkg/version/version.go && \
/usr/bin/sed -i '' "s/tag: $$current/tag: $$next/g" charts/podinfo/values.yaml && \
/usr/bin/sed -i '' "s/tag: $$current/tag: $$next/g" charts/podinfo/values-prod.yaml && \
/usr/bin/sed -i '' "s/appVersion: $$current/appVersion: $$next/g" charts/podinfo/Chart.yaml && \
/usr/bin/sed -i '' "s/version: $$current/version: $$next/g" charts/podinfo/Chart.yaml && \
/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" kustomize/deployment.yaml && \
/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/webapp/frontend/deployment.yaml && \
/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/webapp/backend/deployment.yaml && \
/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/frontend/deployment.yaml && \
/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/backend/deployment.yaml && \
echo "Version $$next set in code, deployment, chart and kustomize"
release:

7
README.md
View File

@@ -15,9 +15,7 @@ Specifications:
* Health checks (readiness and liveness)
* Graceful shutdown on interrupt signals
* File watcher for secrets and configmaps
* Instrumented with Prometheus
* Tracing with Istio and Jaeger
* Linkerd service profile
* Instrumented with Prometheus and Open Telemetry
* Structured logging with zap
* 12-factor app with viper
* Fault injection (random errors and latency)
@@ -26,7 +24,8 @@ Specifications:
* End-to-End testing with Kubernetes Kind and Helm
* Kustomize testing with GitHub Actions and Open Policy Agent
* Multi-arch container image with Docker buildx and Github Actions
* CVE scanning with trivy
* Container image signing with Sigstore cosign
* CVE scanning with Trivy
Web API:

5
charts/podinfo/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v1
version: 5.2.1
appVersion: 5.2.1
version: 6.1.0
appVersion: 6.1.0
name: podinfo
engine: gotpl
description: Podinfo Helm chart for Kubernetes
@@ -10,3 +10,4 @@ maintainers:
name: stefanprodan
sources:
- https://github.com/stefanprodan/podinfo
kubeVersion: ">=1.19.0-0"

2
charts/podinfo/README.md
View File

@@ -76,8 +76,8 @@ Parameter | Default | Description
`serviceMonitor.interval` | `15s` | Prometheus scraping interval
`serviceMonitor.additionalLabels` | `{}` | Add additional labels to the service monitor |
`ingress.enabled` | `false` | Enables Ingress
`ingress.className ` | `""` | Use ingressClassName
`ingress.annotations` | `{}` | Ingress annotations
`ingress.path` | `/*` | Ingress path
`ingress.hosts` | `[]` | Ingress accepted hosts
`ingress.tls` | `[]` | Ingress TLS configuration
`resources.requests.cpu` | `1m` | Pod CPU request

6
charts/podinfo/templates/NOTES.txt
View File

@@ -1,7 +1,9 @@
1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range .Values.ingress.hosts }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }}{{ $.Values.ingress.path }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "podinfo.fullname" . }})

56
charts/podinfo/templates/ingress.yaml
View File

@@ -1,43 +1,41 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "podinfo.fullname" . -}}
{{- $ingressPath := .Values.ingress.path -}}
apiVersion: networking.k8s.io/v1beta1
{{- $svcPort := .Values.service.externalPort -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "podinfo.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
{{- with .Values.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
ingressClassName: {{ .Values.ingress.className }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ . | quote }}
{{- range .Values.ingress.hosts }}
- host: {{ .host | quote }}
http:
paths:
- path: {{ $ingressPath }}
{{- range .paths }}
- path: {{ .path }}
pathType: {{ .pathType }}
backend:
serviceName: {{ $fullName }}
servicePort: http
{{- end }}
{{- if not .Values.ingress.hosts }}
- http:
paths:
- path: {{ $ingressPath }}
backend:
serviceName: {{ $fullName }}
servicePort: http
{{- end }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}

11
charts/podinfo/values-prod.yaml
View File

@@ -8,7 +8,7 @@ backends: []
image:
repository: ghcr.io/stefanprodan/podinfo
tag: 5.2.1
tag: 6.1.0
pullPolicy: IfNotPresent
ui:
@@ -97,12 +97,15 @@ securityContext: {}
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
path: /*
hosts: []
# - podinfo.local
hosts:
- host: podinfo.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:

11
charts/podinfo/values.yaml
View File

@@ -8,7 +8,7 @@ backends: []
image:
repository: ghcr.io/stefanprodan/podinfo
tag: 5.2.1
tag: 6.1.0
pullPolicy: IfNotPresent
ui:
@@ -101,12 +101,15 @@ securityContext: {}
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
path: /*
hosts: []
# - podinfo.local
hosts:
- host: podinfo.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:

3
cmd/podinfo/main.go
View File

@@ -53,6 +53,7 @@ func main() {
fs.Int("stress-cpu", 0, "number of CPU cores with 100 load")
fs.Int("stress-memory", 0, "MB of data to load into memory")
fs.String("cache-server", "", "Redis address in the format <host>:<port>")
fs.String("otel-service-name", "", "service name for reporting to open telemetry address, when not set tracing is disabled")
versionFlag := fs.BoolP("version", "v", false, "get version number")
@@ -90,8 +91,6 @@ func main() {
if readErr := viper.ReadInConfig(); readErr != nil {
fmt.Printf("Error reading config file, %v\n", readErr)
}
} else {
fmt.Printf("Error to open config file, %v\n", fileErr)
}
// configure logging

2
deploy/bases/backend/deployment.yaml
View File

@@ -23,7 +23,7 @@ spec:
spec:
containers:
- name: backend
image: ghcr.io/stefanprodan/podinfo:5.2.1
image: ghcr.io/stefanprodan/podinfo:6.1.0
imagePullPolicy: IfNotPresent
ports:
- name: http

2
deploy/bases/frontend/deployment.yaml
View File

@@ -23,7 +23,7 @@ spec:
spec:
containers:
- name: frontend
image: ghcr.io/stefanprodan/podinfo:5.2.1
image: ghcr.io/stefanprodan/podinfo:6.1.0
imagePullPolicy: IfNotPresent
ports:
- name: http

2
deploy/webapp/backend/deployment.yaml
View File

@@ -25,7 +25,7 @@ spec:
serviceAccountName: webapp
containers:
- name: backend
image: ghcr.io/stefanprodan/podinfo:5.2.1
image: ghcr.io/stefanprodan/podinfo:6.1.0
imagePullPolicy: IfNotPresent
ports:
- name: http

2
deploy/webapp/frontend/deployment.yaml
View File

@@ -25,7 +25,7 @@ spec:
serviceAccountName: webapp
containers:
- name: frontend
image: ghcr.io/stefanprodan/podinfo:5.2.1
image: ghcr.io/stefanprodan/podinfo:6.1.0
imagePullPolicy: IfNotPresent
ports:
- name: http

80
go.mod
View File

@@ -1,26 +1,84 @@
module github.com/stefanprodan/podinfo
go 1.15
go 1.17
require (
github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751
github.com/chzyer/logex v1.1.10 // indirect
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 // indirect
github.com/dgrijalva/jwt-go/v4 v4.0.0-preview1
github.com/fatih/color v1.9.0
github.com/fsnotify/fsnotify v1.4.9
github.com/gomodule/redigo v1.8.4
github.com/gorilla/mux v1.8.0
github.com/gorilla/websocket v1.4.2
github.com/mattn/go-isatty v0.0.12 // indirect
github.com/prometheus/client_golang v1.8.0
github.com/spf13/cobra v1.1.3
github.com/prometheus/client_golang v1.11.0
github.com/spf13/cobra v1.2.1
github.com/spf13/pflag v1.0.5
github.com/spf13/viper v1.7.1
github.com/spf13/viper v1.8.1
github.com/swaggo/http-swagger v1.0.0
github.com/swaggo/swag v1.7.0
go.uber.org/zap v1.16.0
golang.org/x/net v0.0.0-20201207224615-747e23833adb
google.golang.org/grpc v1.36.0
github.com/swaggo/swag v1.7.6
go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.28.0
go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.28.0
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.28.0
go.opentelemetry.io/contrib/propagators/aws v1.3.0
go.opentelemetry.io/contrib/propagators/b3 v1.3.0
go.opentelemetry.io/contrib/propagators/jaeger v1.3.0
go.opentelemetry.io/contrib/propagators/ot v1.3.0
go.opentelemetry.io/otel v1.3.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.3.0
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.3.0
go.opentelemetry.io/otel/sdk v1.3.0
go.opentelemetry.io/otel/trace v1.3.0
go.uber.org/zap v1.19.1
golang.org/x/net v0.0.0-20211216030914-fe4d6282115f
google.golang.org/grpc v1.43.0
)
require (
github.com/KyleBanks/depth v1.2.1 // indirect
github.com/PuerkitoBio/purell v1.1.1 // indirect
github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/cenkalti/backoff/v4 v4.1.2 // indirect
github.com/cespare/xxhash/v2 v2.1.1 // indirect
github.com/felixge/httpsnoop v1.0.2 // indirect
github.com/go-logr/logr v1.2.1 // indirect
github.com/go-logr/stdr v1.2.0 // indirect
github.com/go-openapi/jsonpointer v0.19.5 // indirect
github.com/go-openapi/jsonreference v0.19.5 // indirect
github.com/go-openapi/spec v0.20.3 // indirect
github.com/go-openapi/swag v0.19.14 // indirect
github.com/golang/protobuf v1.5.2 // indirect
github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/inconshreveable/mousetrap v1.0.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/magiconair/properties v1.8.5 // indirect
github.com/mailru/easyjson v0.7.6 // indirect
github.com/mattn/go-colorable v0.1.4 // indirect
github.com/mattn/go-isatty v0.0.12 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
github.com/mitchellh/mapstructure v1.4.1 // indirect
github.com/pelletier/go-toml v1.9.3 // indirect
github.com/prometheus/client_model v0.2.0 // indirect
github.com/prometheus/common v0.26.0 // indirect
github.com/prometheus/procfs v0.6.0 // indirect
github.com/spf13/afero v1.6.0 // indirect
github.com/spf13/cast v1.3.1 // indirect
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/subosito/gotenv v1.2.0 // indirect
github.com/swaggo/files v0.0.0-20190704085106-630677cd5c14 // indirect
go.opentelemetry.io/otel/exporters/otlp/internal/retry v1.3.0 // indirect
go.opentelemetry.io/otel/internal/metric v0.26.0 // indirect
go.opentelemetry.io/otel/metric v0.26.0 // indirect
go.opentelemetry.io/proto/otlp v0.11.0 // indirect
go.uber.org/atomic v1.7.0 // indirect
go.uber.org/multierr v1.6.0 // indirect
golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40 // indirect
golang.org/x/text v0.3.6 // indirect
golang.org/x/tools v0.1.5 // indirect
google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c // indirect
google.golang.org/protobuf v1.27.1 // indirect
gopkg.in/ini.v1 v1.62.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
)

625
go.sum
View File

File diff suppressed because it is too large Load Diff

2
kustomize/deployment.yaml
View File

@@ -23,7 +23,7 @@ spec:
spec:
containers:
- name: podinfod
image: ghcr.io/stefanprodan/podinfo:5.2.1
image: ghcr.io/stefanprodan/podinfo:6.1.0
imagePullPolicy: IfNotPresent
ports:
- name: http

20
otel/Makefile Normal file
View File

@@ -0,0 +1,20 @@
DC=docker-compose -f docker-compose.yaml
.PHONY: help
.DEFAULT_GOAL := help
help:
@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
stop: ## Stop all Docker Containers run in Compose
$(DC) stop
clean: stop ## Clean all Docker Containers and Volumes
$(DC) down --rmi local --remove-orphans -v
$(DC) rm -f -v
build: clean ## Rebuild the Docker Image for use by Compose
$(DC) build
run: stop ## Run the Application
$(DC) up

37
otel/README.md Normal file
View File

@@ -0,0 +1,37 @@
# Tracing Demo
The directory contains sample [OpenTelemetry Collector](https://github.com/open-telemetry/opentelemetry-collector)
and [Jaeger](https://www.jaegertracing.io) configurations for a tracing demo.
## Configuration
The provided [docker-compose.yaml](docker-compose.yaml) sets up 4 Containers
1. PodInfo Frontend on port 9898
2. PodInfo Backend on port 9899
3. OpenTelemetry Collector listening on port 4317 for GRPC
4. Jaeger all-in-one listening on multiple ports
## How does it work?
The frontend pods are configured to call onto the backend pods. Both the podinfo
pods are configured to send traces over to the collector at port 4317 using GRPC.
The collector forwards all received spans to Jaeger over port 14250 and Jaeger
exposes a UI over port `16686`.
## Running it locally
1. Start all the Containers
```shell
make run
```
2. Send some sample requests
```shell
curl -v http://localhost:9898/status/200
curl -X POST -v http://localhost:9898/api/echo
```
3. Visit `http://localhost:16686/` to see the spans
4. Stop all the containers
```shell
make stop
```

35
otel/docker-compose.yaml Normal file
View File

@@ -0,0 +1,35 @@
version: '2'
services:
podinfo_frontend:
build: ..
command: ./podinfo --backend-url http://podinfo_backend:9899/status/200 --otel-service-name=podinfo_frontend
environment:
- OTEL_EXPORTER_OTLP_TRACES_ENDPOINT=http://otel:4317
ports:
- "9898:9898"
podinfo_backend:
build: ..
command: ./podinfo --port 9899 --otel-service-name=podinfo_backend
environment:
- OTEL_EXPORTER_OTLP_TRACES_ENDPOINT=http://otel:4317
ports:
- "9899:9899"
otel:
command: --config otel-config.yaml
image: otel/opentelemetry-collector:0.41.0
ports:
- "4317:4317"
volumes:
- ${PWD}/otel-config.yaml:/otel-config.yaml
jaeger:
image: jaegertracing/all-in-one:1.29.0
ports:
- "5775:5775/udp"
- "6831:6831/udp"
- "6832:6832/udp"
- "5778:5778"
- "16686:16686"
- "14268:14268"
- "14250:14250"
- "9411:9411"

26
otel/otel-config.yaml Normal file
View File

@@ -0,0 +1,26 @@
receivers:
otlp:
protocols:
grpc:
http:
processors:
exporters:
jaeger:
endpoint: jaeger:14250
tls:
insecure: true
extensions:
health_check:
pprof:
zpages:
service:
extensions: [health_check,pprof,zpages]
pipelines:
traces:
receivers: [otlp]
processors: []
exporters: [jaeger]

19
pkg/api/cache.go
View File

@@ -21,15 +21,18 @@ import (
// @Router /cache/{key} [post]
// @Success 202
func (s *Server) cacheWriteHandler(w http.ResponseWriter, r *http.Request) {
_, span := s.tracer.Start(r.Context(), "cacheWriteHandler")
defer span.End()
if s.pool == nil {
s.ErrorResponse(w, r, "cache server is offline", http.StatusBadRequest)
s.ErrorResponse(w, r, span, "cache server is offline", http.StatusBadRequest)
return
}
key := mux.Vars(r)["key"]
body, err := ioutil.ReadAll(r.Body)
if err != nil {
s.ErrorResponse(w, r, "reading the request body failed", http.StatusBadRequest)
s.ErrorResponse(w, r, span, "reading the request body failed", http.StatusBadRequest)
return
}
@@ -38,7 +41,7 @@ func (s *Server) cacheWriteHandler(w http.ResponseWriter, r *http.Request) {
_, err = conn.Do("SET", key, string(body))
if err != nil {
s.logger.Warn("cache set failed", zap.Error(err))
s.ErrorResponse(w, r, "cache set failed", http.StatusInternalServerError)
s.ErrorResponse(w, r, span, "cache set failed", http.StatusInternalServerError)
return
}
@@ -54,8 +57,11 @@ func (s *Server) cacheWriteHandler(w http.ResponseWriter, r *http.Request) {
// @Router /cache/{key} [delete]
// @Success 202
func (s *Server) cacheDeleteHandler(w http.ResponseWriter, r *http.Request) {
_, span := s.tracer.Start(r.Context(), "cacheDeleteHandler")
defer span.End()
if s.pool == nil {
s.ErrorResponse(w, r, "cache server is offline", http.StatusBadRequest)
s.ErrorResponse(w, r, span, "cache server is offline", http.StatusBadRequest)
return
}
@@ -82,8 +88,11 @@ func (s *Server) cacheDeleteHandler(w http.ResponseWriter, r *http.Request) {
// @Router /cache/{key} [get]
// @Success 200 {string} string value
func (s *Server) cacheReadHandler(w http.ResponseWriter, r *http.Request) {
_, span := s.tracer.Start(r.Context(), "cacheReadHandler")
defer span.End()
if s.pool == nil {
s.ErrorResponse(w, r, "cache server is offline", http.StatusBadRequest)
s.ErrorResponse(w, r, span, "cache server is offline", http.StatusBadRequest)
return
}

5
pkg/api/chunked.go
View File

@@ -18,6 +18,9 @@ import (
// @Router /chunked/{seconds} [get]
// @Success 200 {object} api.MapResponse
func (s *Server) chunkedHandler(w http.ResponseWriter, r *http.Request) {
_, span := s.tracer.Start(r.Context(), "chunkedHandler")
defer span.End()
vars := mux.Vars(r)
delay, err := strconv.Atoi(vars["wait"])
@@ -27,7 +30,7 @@ func (s *Server) chunkedHandler(w http.ResponseWriter, r *http.Request) {
flusher, ok := w.(http.Flusher)
if !ok {
s.ErrorResponse(w, r, "Streaming unsupported!", http.StatusInternalServerError)
s.ErrorResponse(w, r, span, "Streaming unsupported!", http.StatusInternalServerError)
return
}

3
pkg/api/configs.go
View File

@@ -3,6 +3,9 @@ package api
import "net/http"
func (s *Server) configReadHandler(w http.ResponseWriter, r *http.Request) {
_, span := s.tracer.Start(r.Context(), "configReadHandler")
defer span.End()
files := make(map[string]string)
if watcher != nil {
watcher.Cache.Range(func(key interface{}, value interface{}) bool {

5
pkg/api/delay.go
View File

@@ -52,11 +52,14 @@ func (m *RandomDelayMiddleware) Handler(next http.Handler) http.Handler {
// @Router /delay/{seconds} [get]
// @Success 200 {object} api.MapResponse
func (s *Server) delayHandler(w http.ResponseWriter, r *http.Request) {
_, span := s.tracer.Start(r.Context(), "delayHandler")
defer span.End()
vars := mux.Vars(r)
delay, err := strconv.Atoi(vars["wait"])
if err != nil {
s.ErrorResponse(w, r, err.Error(), http.StatusBadRequest)
s.ErrorResponse(w, r, span, err.Error(), http.StatusBadRequest)
return
}

42
pkg/api/echo.go
View File

@@ -6,9 +6,12 @@ import (
"fmt"
"io/ioutil"
"net/http"
"net/http/httptrace"
"sync"
"github.com/stefanprodan/podinfo/pkg/version"
"go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace"
"go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp"
"go.uber.org/zap"
)
@@ -21,13 +24,19 @@ import (
// @Router /api/echo [post]
// @Success 202 {object} api.MapResponse
func (s *Server) echoHandler(w http.ResponseWriter, r *http.Request) {
ctx, span := s.tracer.Start(r.Context(), "echoHandler")
defer span.End()
body, err := ioutil.ReadAll(r.Body)
if err != nil {
s.logger.Error("reading the request body failed", zap.Error(err))
s.ErrorResponse(w, r, "invalid request body", http.StatusBadRequest)
s.ErrorResponse(w, r, span, "invalid request body", http.StatusBadRequest)
return
}
defer r.Body.Close()
client := http.Client{Transport: otelhttp.NewTransport(http.DefaultTransport)}
if len(s.config.BackendURL) > 0 {
result := make([]string, len(s.config.BackendURL))
var wg sync.WaitGroup
@@ -35,7 +44,12 @@ func (s *Server) echoHandler(w http.ResponseWriter, r *http.Request) {
for i, b := range s.config.BackendURL {
go func(index int, backend string) {
defer wg.Done()
backendReq, err := http.NewRequest("POST", backend, bytes.NewReader(body))
ctx = httptrace.WithClientTrace(ctx, otelhttptrace.NewClientTrace(ctx))
ctx, cancel := context.WithTimeout(ctx, s.config.HttpClientTimeout)
defer cancel()
backendReq, err := http.NewRequestWithContext(ctx, "POST", backend, bytes.NewReader(body))
if err != nil {
s.logger.Error("backend call failed", zap.Error(err), zap.String("url", backend))
return
@@ -47,11 +61,8 @@ func (s *Server) echoHandler(w http.ResponseWriter, r *http.Request) {
backendReq.Header.Set("X-API-Version", version.VERSION)
backendReq.Header.Set("X-API-Revision", version.REVISION)
ctx, cancel := context.WithTimeout(backendReq.Context(), s.config.HttpClientTimeout)
defer cancel()
// call backend
resp, err := http.DefaultClient.Do(backendReq.WithContext(ctx))
resp, err := client.Do(backendReq)
if err != nil {
s.logger.Error("backend call failed", zap.Error(err), zap.String("url", backend))
result[index] = fmt.Sprintf("backend %v call failed %v", backend, err)
@@ -96,3 +107,22 @@ func (s *Server) echoHandler(w http.ResponseWriter, r *http.Request) {
w.Write(body)
}
}
func copyTracingHeaders(from *http.Request, to *http.Request) {
headers := []string{
"x-request-id",
"x-b3-traceid",
"x-b3-spanid",
"x-b3-parentspanid",
"x-b3-sampled",
"x-b3-flags",
"x-ot-span-context",
}
for i := range headers {
headerValue := from.Header.Get(headers[i])
if len(headerValue) > 0 {
to.Header.Set(headers[i], headerValue)
}
}
}

2
pkg/api/env.go
View File

@@ -15,5 +15,7 @@ import (
// @Router /env [get]
// @Success 200 {object} api.ArrayResponse
func (s *Server) envHandler(w http.ResponseWriter, r *http.Request) {
_, span := s.tracer.Start(r.Context(), "envHandler")
defer span.End()
s.JSONResponse(w, r, os.Environ())
}

2
pkg/api/headers.go
View File

@@ -13,5 +13,7 @@ import (
// @Router /headers [get]
// @Success 200 {object} api.ArrayResponse
func (s *Server) echoHeadersHandler(w http.ResponseWriter, r *http.Request) {
_, span := s.tracer.Start(r.Context(), "echoHeadersHandler")
defer span.End()
s.JSONResponse(w, r, r.Header)
}

27
pkg/api/http.go
View File

@@ -8,6 +8,8 @@ import (
"time"
"github.com/stefanprodan/podinfo/pkg/version"
"go.opentelemetry.io/otel/codes"
"go.opentelemetry.io/otel/trace"
"go.uber.org/zap"
)
@@ -33,27 +35,6 @@ func versionMiddleware(next http.Handler) http.Handler {
})
}
// TODO: use Istio tracing package
// https://github.com/istio/istio/blob/master/pkg/tracing/config.go
func copyTracingHeaders(from *http.Request, to *http.Request) {
headers := []string{
"x-request-id",
"x-b3-traceid",
"x-b3-spanid",
"x-b3-parentspanid",
"x-b3-sampled",
"x-b3-flags",
"x-ot-span-context",
}
for i := range headers {
headerValue := from.Header.Get(headers[i])
if len(headerValue) > 0 {
to.Header.Set(headers[i], headerValue)
}
}
}
func (s *Server) JSONResponse(w http.ResponseWriter, r *http.Request, result interface{}) {
body, err := json.Marshal(result)
if err != nil {
@@ -82,7 +63,7 @@ func (s *Server) JSONResponseCode(w http.ResponseWriter, r *http.Request, result
w.Write(prettyJSON(body))
}
func (s *Server) ErrorResponse(w http.ResponseWriter, r *http.Request, error string, code int) {
func (s *Server) ErrorResponse(w http.ResponseWriter, r *http.Request, span trace.Span, error string, code int) {
data := struct {
Code int `json:"code"`
Message string `json:"message"`
@@ -91,6 +72,8 @@ func (s *Server) ErrorResponse(w http.ResponseWriter, r *http.Request, error str
Message: error,
}
span.SetStatus(codes.Error, error)
body, err := json.Marshal(data)
if err != nil {
w.WriteHeader(http.StatusInternalServerError)

3
pkg/api/index.go
View File

@@ -14,6 +14,9 @@ import (
// @Router / [get]
// @Success 200 {string} string "OK"
func (s *Server) indexHandler(w http.ResponseWriter, r *http.Request) {
_, span := s.tracer.Start(r.Context(), "indexHandler")
defer span.End()
tmpl, err := template.New("vue.html").ParseFiles(path.Join(s.config.UIPath, "vue.html"))
if err != nil {
w.WriteHeader(http.StatusInternalServerError)

3
pkg/api/info.go
View File

@@ -18,6 +18,9 @@ import (
// @Success 200 {object} api.RuntimeResponse
// @Router /api/info [get]
func (s *Server) infoHandler(w http.ResponseWriter, r *http.Request) {
_, span := s.tracer.Start(r.Context(), "infoHandler")
defer span.End()
data := RuntimeResponse{
Hostname: s.config.Hostname,
Version: version.VERSION,

3
pkg/api/mock.go
View File

@@ -3,6 +3,8 @@ package api
import (
"time"
"go.opentelemetry.io/otel/trace"
"github.com/gorilla/mux"
"go.uber.org/zap"
)
@@ -28,5 +30,6 @@ func NewMockServer() *Server {
router: mux.NewRouter(),
logger: logger,
config: config,
tracer: trace.NewNoopTracerProvider().Tracer("mock"),
}
}

31
pkg/api/server.go
View File

@@ -19,6 +19,8 @@ import (
"github.com/stefanprodan/podinfo/pkg/fscache"
httpSwagger "github.com/swaggo/http-swagger"
"github.com/swaggo/swag"
sdktrace "go.opentelemetry.io/otel/sdk/trace"
"go.opentelemetry.io/otel/trace"
"go.uber.org/zap"
"golang.org/x/net/http2"
"golang.org/x/net/http2/h2c"
@@ -74,11 +76,13 @@ type Config struct {
}
type Server struct {
router *mux.Router
logger *zap.Logger
config *Config
pool *redis.Pool
handler http.Handler
router *mux.Router
logger *zap.Logger
config *Config
pool *redis.Pool
handler http.Handler
tracer trace.Tracer
tracerProvider *sdktrace.TracerProvider
}
func NewServer(config *Config, logger *zap.Logger) (*Server, error) {
@@ -123,9 +127,6 @@ func (s *Server) registerHandlers() {
s.router.PathPrefix("/swagger/").Handler(httpSwagger.Handler(
httpSwagger.URL("/swagger/doc.json"),
))
s.router.PathPrefix("/swagger/").Handler(httpSwagger.Handler(
httpSwagger.URL("/swagger/doc.json"),
))
s.router.HandleFunc("/swagger.json", func(w http.ResponseWriter, r *http.Request) {
doc, err := swag.ReadDoc()
if err != nil {
@@ -138,6 +139,8 @@ func (s *Server) registerHandlers() {
func (s *Server) registerMiddlewares() {
prom := NewPrometheusMiddleware()
s.router.Use(prom.Handler)
otel := NewOpenTelemetryMiddleware()
s.router.Use(otel)
httpLogger := NewLoggingMiddleware(s.logger)
s.router.Use(httpLogger.Handler)
s.router.Use(versionMiddleware)
@@ -151,8 +154,11 @@ func (s *Server) registerMiddlewares() {
}
func (s *Server) ListenAndServe(stopCh <-chan struct{}) {
ctx := context.Background()
go s.startMetricsServer()
s.initTracer(ctx)
s.registerHandlers()
s.registerMiddlewares()
@@ -195,7 +201,7 @@ func (s *Server) ListenAndServe(stopCh <-chan struct{}) {
// wait for SIGTERM or SIGINT
<-stopCh
ctx, cancel := context.WithTimeout(context.Background(), s.config.HttpServerShutdownTimeout)
ctx, cancel := context.WithTimeout(ctx, s.config.HttpServerShutdownTimeout)
defer cancel()
// all calls to /healthz and /readyz will fail from now on
@@ -215,6 +221,13 @@ func (s *Server) ListenAndServe(stopCh <-chan struct{}) {
time.Sleep(3 * time.Second)
}
// stop OpenTelemetry tracer provider
if s.tracerProvider != nil {
if err := s.tracerProvider.Shutdown(ctx); err != nil {
s.logger.Warn("stopping tracer provider", zap.Error(err))
}
}
// determine if the http server was started
if srv != nil {
if err := srv.Shutdown(ctx); err != nil {

5
pkg/api/status.go
View File

@@ -17,11 +17,14 @@ import (
// @Router /status/{code} [get]
// @Success 200 {object} api.MapResponse
func (s *Server) statusHandler(w http.ResponseWriter, r *http.Request) {
_, span := s.tracer.Start(r.Context(), "statusHandler")
defer span.End()
vars := mux.Vars(r)
code, err := strconv.Atoi(vars["code"])
if err != nil {
s.ErrorResponse(w, r, err.Error(), http.StatusBadRequest)
s.ErrorResponse(w, r, span, err.Error(), http.StatusBadRequest)
return
}

11
pkg/api/store.go
View File

@@ -20,10 +20,12 @@ import (
// @Router /store [post]
// @Success 200 {object} api.MapResponse
func (s *Server) storeWriteHandler(w http.ResponseWriter, r *http.Request) {
_, span := s.tracer.Start(r.Context(), "storeWriteHandler")
defer span.End()
body, err := ioutil.ReadAll(r.Body)
if err != nil {
s.ErrorResponse(w, r, "reading the request body failed", http.StatusBadRequest)
s.ErrorResponse(w, r, span, "reading the request body failed", http.StatusBadRequest)
return
}
@@ -31,7 +33,7 @@ func (s *Server) storeWriteHandler(w http.ResponseWriter, r *http.Request) {
err = ioutil.WriteFile(path.Join(s.config.DataPath, hash), body, 0644)
if err != nil {
s.logger.Warn("writing file failed", zap.Error(err), zap.String("file", path.Join(s.config.DataPath, hash)))
s.ErrorResponse(w, r, "writing file failed", http.StatusInternalServerError)
s.ErrorResponse(w, r, span, "writing file failed", http.StatusInternalServerError)
return
}
s.JSONResponseCode(w, r, map[string]string{"hash": hash}, http.StatusAccepted)
@@ -46,11 +48,14 @@ func (s *Server) storeWriteHandler(w http.ResponseWriter, r *http.Request) {
// @Router /store/{hash} [get]
// @Success 200 {string} string "file"
func (s *Server) storeReadHandler(w http.ResponseWriter, r *http.Request) {
_, span := s.tracer.Start(r.Context(), "storeReadHandler")
defer span.End()
hash := mux.Vars(r)["hash"]
content, err := ioutil.ReadFile(path.Join(s.config.DataPath, hash))
if err != nil {
s.logger.Warn("reading file failed", zap.Error(err), zap.String("file", path.Join(s.config.DataPath, hash)))
s.ErrorResponse(w, r, "reading file failed", http.StatusInternalServerError)
s.ErrorResponse(w, r, span, "reading file failed", http.StatusInternalServerError)
return
}
w.WriteHeader(http.StatusAccepted)

20
pkg/api/token.go
View File

@@ -26,10 +26,13 @@ type jwtCustomClaims struct {
// @Router /token [post]
// @Success 200 {object} api.TokenResponse
func (s *Server) tokenGenerateHandler(w http.ResponseWriter, r *http.Request) {
_, span := s.tracer.Start(r.Context(), "tokenGenerateHandler")
defer span.End()
body, err := ioutil.ReadAll(r.Body)
if err != nil {
s.logger.Error("reading the request body failed", zap.Error(err))
s.ErrorResponse(w, r, "invalid request body", http.StatusBadRequest)
s.ErrorResponse(w, r, span, "invalid request body", http.StatusBadRequest)
return
}
defer r.Body.Close()
@@ -51,7 +54,7 @@ func (s *Server) tokenGenerateHandler(w http.ResponseWriter, r *http.Request) {
token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
t, err := token.SignedString([]byte(s.config.JWTSecret))
if err != nil {
s.ErrorResponse(w, r, err.Error(), http.StatusBadRequest)
s.ErrorResponse(w, r, span, err.Error(), http.StatusBadRequest)
return
}
@@ -75,14 +78,17 @@ func (s *Server) tokenGenerateHandler(w http.ResponseWriter, r *http.Request) {
// Get: JWT=$(curl -s -d 'test' localhost:9898/token | jq -r .token)
// Post: curl -H "Authorization: Bearer ${JWT}" localhost:9898/token/validate
func (s *Server) tokenValidateHandler(w http.ResponseWriter, r *http.Request) {
_, span := s.tracer.Start(r.Context(), "tokenValidateHandler")
defer span.End()
authorizationHeader := r.Header.Get("authorization")
if authorizationHeader == "" {
s.ErrorResponse(w, r, "authorization bearer header required", http.StatusUnauthorized)
s.ErrorResponse(w, r, span, "authorization bearer header required", http.StatusUnauthorized)
return
}
bearerToken := strings.Split(authorizationHeader, " ")
if len(bearerToken) != 2 || strings.ToLower(bearerToken[0]) != "bearer" {
s.ErrorResponse(w, r, "authorization bearer header required", http.StatusUnauthorized)
s.ErrorResponse(w, r, span, "authorization bearer header required", http.StatusUnauthorized)
return
}
@@ -94,13 +100,13 @@ func (s *Server) tokenValidateHandler(w http.ResponseWriter, r *http.Request) {
return []byte(s.config.JWTSecret), nil
})
if err != nil {
s.ErrorResponse(w, r, err.Error(), http.StatusUnauthorized)
s.ErrorResponse(w, r, span, err.Error(), http.StatusUnauthorized)
return
}
if token.Valid {
if claims.StandardClaims.Issuer != "podinfo" {
s.ErrorResponse(w, r, "invalid issuer", http.StatusUnauthorized)
s.ErrorResponse(w, r, span, "invalid issuer", http.StatusUnauthorized)
} else {
var result = TokenValidationResponse{
TokenName: claims.Name,
@@ -109,7 +115,7 @@ func (s *Server) tokenValidateHandler(w http.ResponseWriter, r *http.Request) {
s.JSONResponse(w, r, result)
}
} else {
s.ErrorResponse(w, r, "Invalid authorization token", http.StatusUnauthorized)
s.ErrorResponse(w, r, span, "Invalid authorization token", http.StatusUnauthorized)
}
}

70
pkg/api/tracer.go Normal file
View File

@@ -0,0 +1,70 @@
package api
import (
"context"
"github.com/gorilla/mux"
"github.com/spf13/viper"
"github.com/stefanprodan/podinfo/pkg/version"
"go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux"
"go.opentelemetry.io/contrib/propagators/aws/xray"
"go.opentelemetry.io/contrib/propagators/b3"
"go.opentelemetry.io/contrib/propagators/jaeger"
"go.opentelemetry.io/contrib/propagators/ot"
"go.opentelemetry.io/otel"
"go.opentelemetry.io/otel/exporters/otlp/otlptrace"
"go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc"
"go.opentelemetry.io/otel/propagation"
"go.opentelemetry.io/otel/sdk/resource"
sdktrace "go.opentelemetry.io/otel/sdk/trace"
semconv "go.opentelemetry.io/otel/semconv/v1.7.0"
"go.opentelemetry.io/otel/trace"
"go.uber.org/zap"
)
const (
instrumentationName = "github.com/stefanprodan/podinfo/pkg/api"
)
func (s *Server) initTracer(ctx context.Context) {
if viper.GetString("otel-service-name") == "" {
nop := trace.NewNoopTracerProvider()
s.tracer = nop.Tracer(viper.GetString("otel-service-name"))
return
}
client := otlptracegrpc.NewClient()
exporter, err := otlptrace.New(ctx, client)
if err != nil {
s.logger.Error("creating OTLP trace exporter", zap.Error(err))
}
s.tracerProvider = sdktrace.NewTracerProvider(
sdktrace.WithBatcher(exporter),
sdktrace.WithResource(resource.NewWithAttributes(
semconv.SchemaURL,
semconv.ServiceNameKey.String(viper.GetString("otel-service-name")),
semconv.ServiceVersionKey.String(version.VERSION),
)),
)
otel.SetTracerProvider(s.tracerProvider)
otel.SetTextMapPropagator(propagation.NewCompositeTextMapPropagator(
propagation.TraceContext{},
propagation.Baggage{},
b3.New(),
&jaeger.Jaeger{},
&ot.OT{},
&xray.Propagator{},
))
s.tracer = s.tracerProvider.Tracer(
instrumentationName,
trace.WithInstrumentationVersion(version.VERSION),
trace.WithSchemaURL(semconv.SchemaURL),
)
}
func NewOpenTelemetryMiddleware() mux.MiddlewareFunc {
return otelmux.Middleware(viper.GetString("otel-service-name"))
}

1
pkg/signals/signal_posix.go
View File

@@ -1,3 +1,4 @@
//go:build !windows
// +build !windows
package signals

2
pkg/version/version.go
View File

@@ -1,4 +1,4 @@
package version
var VERSION = "5.2.1"
var VERSION = "6.1.0"
var REVISION = "unknown"

13
test/deploy.sh
View File

@@ -1,17 +1,12 @@
#! /usr/bin/env sh
# add jetstack repository
helm repo add jetstack https://charts.jetstack.io || true
# install cert-manager
helm upgrade --install cert-manager jetstack/cert-manager \
--set installCRDs=true \
--namespace default
kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.3/cert-manager.yaml
# wait for cert manager
kubectl rollout status deployment/cert-manager --timeout=2m
kubectl rollout status deployment/cert-manager-webhook --timeout=2m
kubectl rollout status deployment/cert-manager-cainjector --timeout=2m
kubectl -n cert-manager rollout status deployment/cert-manager --timeout=2m
kubectl -n cert-manager rollout status deployment/cert-manager-webhook --timeout=2m
kubectl -n cert-manager rollout status deployment/cert-manager-cainjector --timeout=2m
# install self-signed certificate
cat << 'EOF' | kubectl apply -f -