Merge pull request #470 from stefanprodan/release-6.11.2

Release 6.11.2
2026-04-07 03:26:54 +00:00 · 2026-03-31 22:52:14 +03:00 · 2026-03-31 22:47:19 +03:00 · 2026-03-31 22:36:36 +03:00 · 2026-03-31 19:32:43 +00:00 · 2026-03-31 22:30:33 +03:00
62 changed files with 1255 additions and 381 deletions
--- a/.github/actions/runner-cleanup/action.yml
+++ b/.github/actions/runner-cleanup/action.yml
@@ -0,0 +1,24 @@
+name: Runner Cleanup
+description: A GitHub Action for removing bloat from Ubuntu GitHub Actions runner.
+author: Stefan Prodan
+branding:
+  color: blue
+  icon: command
+runs:
+  using: composite
+  steps:
+    - name: "Disk Usage Before Cleanup"
+      shell: bash
+      run: |
+        df -h
+    - name: "Remove .NET, Android and Haskell"
+      shell: bash
+      run: |
+        sudo rm -rf /usr/share/dotnet || true
+        sudo rm -rf /usr/local/lib/android || true
+        sudo rm -rf /opt/ghc || true
+        sudo rm -rf /usr/local/.ghcup || true
+    - name: "Disk Usage After Cleanup"
+      shell: bash
+      run: |
+        df -h
--- a/.github/workflows/cve-scan.yml
+++ b/.github/workflows/cve-scan.yml
@@ -16,8 +16,10 @@ jobs:
  govulncheck:
    runs-on: ubuntu-latest
    steps:
-      - name: Checkout
-        uses: actions/checkout@v5
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: ./.github/actions/runner-cleanup
      - name: Vulnerability scan
        id: govulncheck
-        uses: golang/govulncheck-action@v1
+        uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4
+        with:
+          repo-checkout: false
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -14,9 +14,11 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - name: Disk Cleanup
+        uses: ./.github/actions/runner-cleanup
      - name: Setup Kubernetes
-        uses: helm/kind-action@v1.13.0
+        uses: helm/kind-action@ef37e7f390d99f746eb8b610417061a60e82a6cc # v1.14.0
        with:
          cluster_name: kind
      - name: Build container image
@@ -24,9 +26,9 @@ jobs:
          ./test/build.sh
          kind load docker-image test/podinfo:latest
      - name: Setup Helm
-        uses: azure/setup-helm@v4
+        uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
        with:
-          version: v3.17.3
+          version: v4.1.0
      - name: Deploy
        run: ./test/deploy.sh
      - name: Run integration tests
@@ -47,12 +49,12 @@ jobs:
      PODINFO_MODULE_URL: "oci://localhost:5000/podinfo"
      PODINFO_VERSION: "0.0.0-devel"
    steps:
-      - name: Checkout
-        uses: actions/checkout@v5
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: ./.github/actions/runner-cleanup
      - name: Setup Timoni
-        uses: stefanprodan/timoni/actions/setup@main
+        uses: stefanprodan/timoni/actions/setup@c68e33a34f17c7ca93c7fc6717d61a14819276dc # v0.26.0
      - name: Setup Kubernetes
-        uses: helm/kind-action@v1.13.0
+        uses: helm/kind-action@ef37e7f390d99f746eb8b610417061a60e82a6cc # v1.14.0
        with:
          cluster_name: kind
      - name: Build container
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,13 +15,15 @@ jobs:
      contents: write # needed to write releases
      id-token: write # needed for keyless signing
      packages: write # needed for ghcr access
+      attestations: write # needed for provenance
    steps:
-      - uses: actions/checkout@v5
-      - uses: sigstore/cosign-installer@v3
-      - uses: fluxcd/flux2/action@v2.7.3
-      - uses: stefanprodan/timoni/actions/setup@v0.25.2
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: ./.github/actions/runner-cleanup
+      - uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
+      - uses: fluxcd/flux2/action@871be9b40d53627786d3a3835a3ddba1e3234bd2 # v2.8.3
+      - uses: stefanprodan/timoni/actions/setup@c68e33a34f17c7ca93c7fc6717d61a14819276dc # v0.26.0
      - name: Setup Notation CLI
-        uses: notaryproject/notation-action/setup@v1
+        uses: notaryproject/notation-action/setup@b6fee73110795d6793253c673bd723f12bcf9bbb # v1.2.2
        with:
          version: "1.1.0"
      - name: Setup Notation signing keys
@@ -33,28 +35,28 @@ jobs:
        env:
          NOTATION_KEY: ${{ secrets.NOTATION_SIGNING_KEY }}
      - name: Setup Go
-        uses: actions/setup-go@v6
+        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
        with:
-          go-version: 1.25.x
+          go-version: 1.26.x
      - name: Setup Helm
-        uses: azure/setup-helm@v4
+        uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
        with:
-          version: v3.17.3
+          version: v4.1.1
      - name: Setup QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
        with:
          platforms: all
      - name: Setup Docker Buildx
        id: buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Login to Docker Hub
-        uses: docker/login-action@v3
+        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
@@ -70,7 +72,7 @@ jobs:
          echo "REVISION=${GITHUB_SHA}" >> $GITHUB_OUTPUT
      - name: Generate images meta
        id: meta
-        uses: docker/metadata-action@v5
+        uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0
        with:
          images: |
            docker.io/stefanprodan/podinfo
@@ -79,7 +81,7 @@ jobs:
            type=raw,value=${{ steps.prep.outputs.VERSION }}
            type=raw,value=latest
      - name: Publish multi-arch image
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
        with:
          sbom: true
          provenance: true
@@ -122,7 +124,7 @@ jobs:
          cosign sign ghcr.io/stefanprodan/charts/podinfo:${{ steps.prep.outputs.VERSION }} --yes
          cosign sign ghcr.io/stefanprodan/manifests/podinfo:${{ steps.prep.outputs.VERSION }} --yes
      - name: Publish base image
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
        with:
          push: true
          builder: ${{ steps.buildx.outputs.name }}
@@ -131,7 +133,7 @@ jobs:
          file: ./Dockerfile.base
          tags: docker.io/stefanprodan/podinfo-base:latest
      - name: Publish helm chart
-        uses: stefanprodan/helm-gh-pages@master
+        uses: stefanprodan/helm-gh-pages@0ad2bb377311d61ac04ad9eb6f252fb68e207260 # v1.7.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
      - name: Publish config artifact
@@ -157,9 +159,13 @@ jobs:
          notation sign --signature-format cose ghcr.io/stefanprodan/podinfo-deploy:${{ steps.prep.outputs.VERSION }}
          notation sign --signature-format cose ghcr.io/stefanprodan/podinfo-deploy:latest
      - name: Publish release
-        uses: goreleaser/goreleaser-action@v6
+        uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29 # v7.0.0
        with:
          version: latest
          args: release --skip=validate
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Attest release
+        uses: actions/attest@59d89421af93a897026c735860bf21b6eb4f7b26 # v4.1.0
+        with:
+          subject-checksums: ./dist/podinfo_${{ steps.prep.outputs.VERSION }}_checksums.txt
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -10,36 +10,36 @@ permissions:
  contents: read

 env:
-  KUBERNETES_VERSION: 1.31.0
-  HELM_VERSION: 3.17.3
+  KUBERNETES_VERSION: 1.35.0
+  HELM_VERSION: 4.1.1

 jobs:
  test:
    runs-on: ubuntu-latest
    steps:
-      - name: Checkout
-        uses: actions/checkout@v5
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: ./.github/actions/runner-cleanup
      - name: Setup Go
-        uses: actions/setup-go@v6
+        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
        with:
-          go-version: 1.25.x
+          go-version: 1.26.x
          cache-dependency-path: |
            **/go.sum
            **/go.mod
      - name: Setup kubectl
-        uses: azure/setup-kubectl@v4
+        uses: azure/setup-kubectl@15650b3ad78fff148532a140b8a4c821796b2d7b # v5.0.0
        with:
          version: v${{ env.KUBERNETES_VERSION }}
      - name: Setup kubeconform
        uses: ./.github/actions/kubeconform
      - name: Setup Helm
-        uses: azure/setup-helm@v4
+        uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
        with:
          version: v${{ env.HELM_VERSION }}
      - name: Setup CUE
-        uses: cue-lang/setup-cue@v1.0.1
+        uses: cue-lang/setup-cue@a93fa358375740cd8b0078f76355512b9208acb1 # v1.0.1
      - name: Setup Timoni
-        uses: stefanprodan/timoni/actions/setup@v0.25.2
+        uses: stefanprodan/timoni/actions/setup@c68e33a34f17c7ca93c7fc6717d61a14819276dc # v0.26.0
      - name: Run unit tests
        run: make test
      - name: Validate Helm chart
--- a/4
+++ b/4
@@ -1,4 +1,4 @@
-FROM golang:1.25-alpine AS builder
+FROM golang:1.26-alpine AS builder

 ARG REVISION

@@ -18,7 +18,7 @@ RUN CGO_ENABLED=0 go build -ldflags "-s -w \
    -X github.com/stefanprodan/podinfo/pkg/version.REVISION=${REVISION}" \
    -a -o bin/podcli cmd/podcli/*

-FROM alpine:3.22
+FROM alpine:3.23

 ARG BUILD_DATE
 ARG VERSION
--- a/Dockerfile.base
+++ b/Dockerfile.base
@@ -1,4 +1,4 @@
-FROM golang:1.25
+FROM golang:1.26

 WORKDIR /workspace

--- a/Dockerfile.xx
+++ b/Dockerfile.xx
@@ -1,5 +1,5 @@
-ARG GO_VERSION=1.25
-ARG XX_VERSION=1.6.1
+ARG GO_VERSION=1.26
+ARG XX_VERSION=1.9.0

 FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx

@@ -28,7 +28,7 @@ RUN xx-go build -ldflags "-s -w \
    -X github.com/stefanprodan/podinfo/pkg/version.REVISION=${REVISION}" \
    -a -o bin/podcli cmd/podcli/*

-FROM alpine:3.22
+FROM alpine:3.23

 ARG BUILD_DATE
 ARG VERSION
--- a/7
+++ b/7
@@ -24,7 +24,7 @@ build:
 	GIT_COMMIT=$$(git rev-list -1 HEAD) && CGO_ENABLED=0 go build  -ldflags "-s -w -X github.com/stefanprodan/podinfo/pkg/version.REVISION=$(GIT_COMMIT)" -a -o ./bin/podcli ./cmd/podcli/*

 tidy:
-	rm -f go.sum; go mod tidy -compat=1.25
+	rm -f go.sum; go mod tidy -compat=1.26

 vet:
 	go vet ./...
@@ -81,6 +81,11 @@ version-set:
 	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/webapp/backend/deployment.yaml && \
 	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/frontend/deployment.yaml && \
 	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/backend/deployment.yaml && \
+	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/database/statefulset-primary.yaml && \
+	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/database/deployment-replica.yaml && \
+	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/database/cronjob-rollup-daily.yaml && \
+	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/database/cronjob-rollup-weekly.yaml && \
+	/usr/bin/sed -i '' "s/podinfo:$$current/podinfo:$$next/g" deploy/bases/database/cronjob-backup-daily.yaml && \
 	/usr/bin/sed -i '' "s/$$current/$$next/g" timoni/podinfo/values.cue && \
 	echo "Version $$next set in code, deployment, module, chart and kustomize"

--- a/charts/podinfo/Chart.yaml
+++ b/charts/podinfo/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
-version: 6.9.3
-appVersion: 6.9.3
+version: 6.11.2
+appVersion: 6.11.2
 name: podinfo
 engine: gotpl
 description: Podinfo Helm chart for Kubernetes
--- a/charts/podinfo/README.md
+++ b/charts/podinfo/README.md
@@ -52,77 +52,84 @@ The command removes all the Kubernetes components associated with the chart and

 The following tables lists the configurable parameters of the podinfo chart and their default values.

-| Parameter                         | Default                        | Description                                                                                                            |
-|-----------------------------------|--------------------------------|------------------------------------------------------------------------------------------------------------------------|
-| `replicaCount`                    | `1`                            | Desired number of pods                                                                                                 |
-| `logLevel`                        | `info`                         | Log level: `debug`, `info`, `warn`, `error`                                                                            |
-| `backend`                         | `None`                         | Echo backend URL                                                                                                       |
-| `backends`                        | `[]`                           | Array of echo backend URLs                                                                                             |
-| `cache`                           | `None`                         | Redis address in the format `tcp://<host>:<port>`                                                                      |
-| `redis.enabled`                   | `false`                        | Create Redis deployment for caching purposes                                                                           |
-| `redis.repository`                | `docker.io/redis`              | Redis image repository                                                                                                 |
-| `redis.tag`                       | `<VERSION>`                    | Redis image tag                                                                                                        |
-| `redis.imagePullSecrets`          | `[]`                           | Redis image pull secrets                                                                                               |
-| `ui.color`                        | `#34577c`                      | UI color                                                                                                               |
-| `ui.message`                      | `None`                         | UI greetings message                                                                                                   |
-| `ui.logo`                         | `None`                         | UI logo                                                                                                                |
-| `faults.delay`                    | `false`                        | Random HTTP response delays between 0 and 5 seconds                                                                    |
-| `faults.error`                    | `false`                        | 1/3 chances of a random HTTP response error                                                                            |
-| `faults.unhealthy`                | `false`                        | When set, the healthy state is never reached                                                                           |
-| `faults.unready`                  | `false`                        | When set, the ready state is never reached                                                                             |
-| `faults.testFail`                 | `false`                        | When set, a helm test is included which always fails                                                                   |
-| `faults.testTimeout`              | `false`                        | When set, a helm test is included which always times out                                                               |
-| `image.repository`                | `ghcr.io/stefanprodan/podinfo` | Image repository                                                                                                       |
-| `image.tag`                       | `<VERSION>`                    | Image tag                                                                                                              |
-| `image.pullPolicy`                | `IfNotPresent`                 | Image pull policy                                                                                                      |
-| `image.pullSecrets`               | `[]`                           | Image pull secrets                                                                                                     |
-| `service.enabled`                 | `true`                         | Create a Kubernetes Service, should be disabled when using [Flagger](https://flagger.app)                              |
-| `service.type`                    | `ClusterIP`                    | Type of the Kubernetes Service                                                                                         |
-| `service.metricsPort`             | `9797`                         | Prometheus metrics endpoint port                                                                                       |
-| `service.httpPort`                | `9898`                         | Container HTTP port                                                                                                    |
-| `service.externalPort`            | `9898`                         | ClusterIP HTTP port                                                                                                    |
-| `service.grpcPort`                | `9999`                         | ClusterIP gPRC port                                                                                                    |
-| `service.grpcService`             | `podinfo`                      | gPRC service name                                                                                                      |
-| `service.nodePort`                | `31198`                        | NodePort for the HTTP endpoint                                                                                         |
-| `h2c.enabled`                     | `false`                        | Allow upgrading to h2c (non-TLS version of HTTP/2)                                                                     |
-| `extraArgs`                       | `[]`                           | Additional command line arguments to pass to podinfo container                                                         |
-| `extraEnvs`                       | `[]`                           | Extra environment variables for the podinfo container                                                                  |
-| `config.path`                     | `""`                           | config file path                                                                                                       |
-| `config.name`                     | `""`                           | config file name                                                                                                       |
-| `hpa.enabled`                     | `false`                        | Enables the Kubernetes HPA                                                                                             |
-| `hpa.maxReplicas`                 | `10`                           | Maximum amount of pods                                                                                                 |
-| `hpa.cpu`                         | `None`                         | Target CPU usage per pod                                                                                               |
-| `hpa.memory`                      | `None`                         | Target memory usage per pod                                                                                            |
-| `hpa.requests`                    | `None`                         | Target HTTP requests per second per pod                                                                                |
-| `serviceAccount.enabled`          | `false`                        | Whether a service account should be created                                                                            |
-| `serviceAccount.name`             | `None`                         | The name of the service account to use, if not set and create is true, a name is generated using the fullname template |
-| `serviceAccount.imagePullSecrets` | `[]`                           | List of image pull secrets if pulling from private registries.                                                         |
-| `securityContext`                 | `{}`                           | The security context to be set on the podinfo container                                                                |
-| `podSecurityContext`              | `{}`                           | The security context to be set on the pod                                                                              |
-| `podAnnotations`                  | `{}`                           | Pod annotations                                                                                                        |
-| `serviceMonitor.enabled`          | `false`                        | Whether a Prometheus Operator service monitor should be created                                                        |
-| `serviceMonitor.interval`         | `15s`                          | Prometheus scraping interval                                                                                           |
-| `serviceMonitor.additionalLabels` | `{}`                           | Add additional labels to the service monitor                                                                           |
-| `ingress.enabled`                 | `false`                        | Enables Ingress                                                                                                        |
-| `ingress.className`               | `""`                           | Use ingressClassName                                                                                                   |
-| `ingress.additionalLabels`        | `{}`                           | Add additional labels to the ingress                                                                                   |
-| `ingress.annotations`             | `{}`                           | Ingress annotations                                                                                                    |
-| `ingress.hosts`                   | `[]`                           | Ingress accepted hosts                                                                                                 |
-| `ingress.tls`                     | `[]`                           | Ingress TLS configuration                                                                                              |
-| `httpRoute.enabled`               | `false`                        | Enables Gateway API HTTPRoute                                                                                          |
-| `httpRoute.additionalLabels`      | `{}`                           | Add additional labels to the HTTPRoute                                                                                 |
-| `httpRoute.annotations`           | `{}`                           | HTTPRoute annotations                                                                                                  |
-| `httpRoute.parentRefs`            | `[]`                           | Gateways that this route is attached to                                                                                |
-| `httpRoute.hostnames`             | `["podinfo.local"]`            | Hostnames matching HTTP header                                                                                         |
-| `httpRoute.rules`                 | `[]`                           | List of rules and filters applied                                                                                      |
-| `linkerd.profile.enabled`         | `false`                        | Create Linkerd service profile                                                                                         |
-| `resources.requests.cpu`          | `1m`                           | Pod CPU request                                                                                                        |
-| `resources.requests.memory`       | `16Mi`                         | Pod memory request                                                                                                     |
-| `resources.limits.cpu`            | `None`                         | Pod CPU limit                                                                                                          |
-| `resources.limits.memory`         | `None`                         | Pod memory limit                                                                                                       |
-| `nodeSelector`                    | `{}`                           | Node labels for pod assignment                                                                                         |
-| `tolerations`                     | `[]`                           | List of node taints to tolerate                                                                                        |
-| `affinity`                        | `None`                         | Node/pod affinities                                                                                                    |
+| Parameter                                        | Default                        | Description                                                                                       |
+|--------------------------------------------------|--------------------------------|---------------------------------------------------------------------------------------------------|
+| `replicaCount`                                   | `1`                            | Desired number of pods                                                                            |
+| `logLevel`                                       | `info`                         | Log level: `debug`, `info`, `warn`, `error`                                                       |
+| `backend`                                        | `None`                         | Echo backend URL                                                                                  |
+| `backends`                                       | `[]`                           | Array of echo backend URLs                                                                        |
+| `cache`                                          | `None`                         | Redis address in the format `tcp://<host>:<port>`                                                 |
+| `redis.enabled`                                  | `false`                        | Create Redis deployment for caching purposes                                                      |
+| `redis.repository`                               | `docker.io/redis`              | Redis image repository                                                                            |
+| `redis.tag`                                      | `<VERSION>`                    | Redis image tag                                                                                   |
+| `redis.imagePullSecrets`                         | `[]`                           | Redis image pull secrets                                                                          |
+| `ui.color`                                       | `#34577c`                      | UI color                                                                                          |
+| `ui.message`                                     | `None`                         | UI greetings message                                                                              |
+| `ui.logo`                                        | `None`                         | UI logo                                                                                           |
+| `faults.delay`                                   | `false`                        | Random HTTP response delays between 0 and 5 seconds                                               |
+| `faults.error`                                   | `false`                        | 1/3 chances of a random HTTP response error                                                       |
+| `faults.unhealthy`                               | `false`                        | When set, the healthy state is never reached                                                      |
+| `faults.unready`                                 | `false`                        | When set, the ready state is never reached                                                        |
+| `faults.testFail`                                | `false`                        | When set, a helm test is included which always fails                                              |
+| `faults.testTimeout`                             | `false`                        | When set, a helm test is included which always times out                                          |
+| `image.repository`                               | `ghcr.io/stefanprodan/podinfo` | Image repository                                                                                  |
+| `image.tag`                                      | `<VERSION>`                    | Image tag                                                                                         |
+| `image.pullPolicy`                               | `IfNotPresent`                 | Image pull policy                                                                                 |
+| `image.pullSecrets`                              | `[]`                           | Image pull secrets                                                                                |
+| `service.enabled`                                | `true`                         | Create a Kubernetes Service, should be disabled when using [Flagger](https://flagger.app)         |
+| `service.type`                                   | `ClusterIP`                    | Type of the Kubernetes Service                                                                    |
+| `service.metricsPort`                            | `9797`                         | Prometheus metrics endpoint port                                                                  |
+| `service.httpPort`                               | `9898`                         | Container HTTP port                                                                               |
+| `service.externalPort`                           | `9898`                         | ClusterIP HTTP port                                                                               |
+| `service.grpcPort`                               | `9999`                         | ClusterIP gPRC port                                                                               |
+| `service.grpcService`                            | `podinfo`                      | gPRC service name                                                                                 |
+| `service.nodePort`                               | `31198`                        | NodePort for the HTTP endpoint                                                                    |
+| `service.trafficDistribution`                    | `""`                           | Traffic distribution strategy                                                                     |
+| `service.additionalLabels`                       | `{}`                           | Additional labels to add to the service                                                           |
+| `service.externalTrafficPolicy`                  | `None`                         | External traffic policy for LoadBalance service                                                   |
+| `h2c.enabled`                                    | `false`                        | Allow upgrading to h2c (non-TLS version of HTTP/2)                                                |
+| `extraArgs`                                      | `[]`                           | Additional command line arguments to pass to podinfo container                                    |
+| `extraEnvs`                                      | `[]`                           | Extra environment variables for the podinfo container                                             |
+| `config.path`                                    | `""`                           | config file path                                                                                  |
+| `config.name`                                    | `""`                           | config file name                                                                                  |
+| `hpa.enabled`                                    | `false`                        | Enables the Kubernetes HPA                                                                        |
+| `hpa.maxReplicas`                                | `10`                           | Maximum amount of pods                                                                            |
+| `hpa.cpu`                                        | `None`                         | Target CPU usage per pod                                                                          |
+| `hpa.memory`                                     | `None`                         | Target memory usage per pod                                                                       |
+| `hpa.requests`                                   | `None`                         | Target HTTP requests per second per pod                                                           |
+| `serviceAccount.enabled`                         | `false`                        | Whether a service account should be created                                                       |
+| `serviceAccount.name`                            | `None`                         | The name of the service account to use, if not set a name is generated using the fullname template|
+| `serviceAccount.imagePullSecrets`                | `[]`                           | List of image pull secrets if pulling from private registries                                     |
+| `securityContext`                                | `{}`                           | The security context to be set on the podinfo container                                           |
+| `podSecurityContext`                             | `{}`                           | The security context to be set on the pod                                                         |
+| `podAnnotations`                                 | `{}`                           | Pod annotations                                                                                   |
+| `serviceMonitor.enabled`                         | `false`                        | Whether a Prometheus Operator service monitor should be created                                   |
+| `serviceMonitor.interval`                        | `15s`                          | Prometheus scraping interval                                                                      |
+| `serviceMonitor.additionalLabels`                | `{}`                           | Add additional labels to the service monitor                                                      |
+| `ingress.enabled`                                | `false`                        | Enables Ingress                                                                                   |
+| `ingress.className`                              | `""`                           | Use ingressClassName                                                                              |
+| `ingress.additionalLabels`                       | `{}`                           | Add additional labels to the ingress                                                              |
+| `ingress.annotations`                            | `{}`                           | Ingress annotations                                                                               |
+| `ingress.hosts`                                  | `[]`                           | Ingress accepted hosts                                                                            |
+| `ingress.tls`                                    | `[]`                           | Ingress TLS configuration                                                                         |
+| `httpRoute.enabled`                              | `false`                        | Enables Gateway API HTTPRoute                                                                     |
+| `httpRoute.additionalLabels`                     | `{}`                           | Add additional labels to the HTTPRoute                                                            |
+| `httpRoute.annotations`                          | `{}`                           | HTTPRoute annotations                                                                             |
+| `httpRoute.parentRefs`                           | `[]`                           | Gateways that this route is attached to                                                           |
+| `httpRoute.hostnames`                            | `["podinfo.local"]`            | Hostnames matching HTTP header                                                                    |
+| `httpRoute.rules`                                | `[]`                           | List of rules and filters applied                                                                 |
+| `hooks.<hookType>.job.enabled`                   | `false`                        | Create a Helm hook job for testing (hookType: see values.yaml for available hooks)                |
+| `hooks.<hookType>.job.hookDeletePolicy`          | `hook-succeeded,hook-failed`   | Helm hook delete policy                                                                           |
+| `hooks.<hookType>.job.ttlSecondsAfterFinished`   | `None`                         | Job TTL after finished                                                                            |
+| `hooks.<hookType>.job.sleepSeconds`              | `None`                         | Sleep duration before job exits                                                                   |
+| `hooks.<hookType>.job.exitCode`                  | `0`                            | Job exit code                                                                                     |
+| `resources.requests.cpu`                         | `1m`                           | Pod CPU request                                                                                   |
+| `resources.requests.memory`                      | `16Mi`                         | Pod memory request                                                                                |
+| `resources.limits.cpu`                           | `None`                         | Pod CPU limit                                                                                     |
+| `resources.limits.memory`                        | `None`                         | Pod memory limit                                                                                  |
+| `nodeSelector`                                   | `{}`                           | Node labels for pod assignment                                                                    |
+| `tolerations`                                    | `[]`                           | List of node taints to tolerate                                                                   |
+| `affinity`                                       | `None`                         | Node/pod affinities                                                                               |

 Specify each parameter using the `--set key=value[,key=value]` argument:

--- a/charts/podinfo/templates/grpcroute.yaml
+++ b/charts/podinfo/templates/grpcroute.yaml
@@ -0,0 +1,42 @@
+{{- if .Values.grpcRoute.enabled -}}
+{{- $fullName := include "podinfo.fullname" . -}}
+{{- $grpcPort := .Values.service.grpcPort -}}
+apiVersion: gateway.networking.k8s.io/v1
+kind: GRPCRoute
+metadata:
+  name: {{ $fullName }}
+  namespace: {{ include "podinfo.namespace" . }}
+  labels:
+    {{- include "podinfo.labels" . | nindent 4 }}
+    {{- with .Values.grpcRoute.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.grpcRoute.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  parentRefs:
+    {{- with .Values.grpcRoute.parentRefs }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- with .Values.grpcRoute.hostnames }}
+  hostnames:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  rules:
+    {{- range .Values.grpcRoute.rules }}
+    - backendRefs:
+        - name: {{ $fullName }}
+          port: {{ $grpcPort }}
+          weight: 1
+    {{- with .matches }}
+      matches:
+      {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .filters }}
+      filters:
+      {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- end }}
+{{- end }}
--- a/charts/podinfo/templates/hooks/job.yaml
+++ b/charts/podinfo/templates/hooks/job.yaml
@@ -0,0 +1,37 @@
+{{- $hooks := dict "preInstall" "pre-install" "postInstall" "post-install" "preDelete" "pre-delete" "postDelete" "post-delete" "preUpgrade" "pre-upgrade" "postUpgrade" "post-upgrade" "preRollback" "pre-rollback" "postRollback" "post-rollback" }}
+{{- range $hookName, $hookType := $hooks }}
+{{- $hookConfig := index $.Values.hooks $hookName }}
+{{- if and $hookConfig $hookConfig.job $hookConfig.job.enabled }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ template "podinfo.fullname" $ }}-{{ $hookType }}
+  namespace: {{ include "podinfo.namespace" $ }}
+  labels:
+    {{- include "podinfo.labels" $ | nindent 4 }}
+  annotations:
+    "helm.sh/hook": {{ $hookType }}
+    "helm.sh/hook-delete-policy": {{ $hookConfig.job.hookDeletePolicy }}
+spec:
+  {{- if kindIs "float64" $hookConfig.job.ttlSecondsAfterFinished }}
+  ttlSecondsAfterFinished: {{ $hookConfig.job.ttlSecondsAfterFinished | int }}
+  {{- end }}
+  template:
+    spec:
+      containers:
+        - name: job
+          image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag }}"
+          imagePullPolicy: {{ $.Values.image.pullPolicy }}
+          command:
+            - sh
+            - -c
+            - |
+              {{- if kindIs "float64" $hookConfig.job.sleepSeconds }}
+              sleep {{ $hookConfig.job.sleepSeconds | int }}
+              {{- end }}
+              exit {{ $hookConfig.job.exitCode | default 0 }}
+      restartPolicy: Never
+  backoffLimit: 1
+{{- end }}
+{{- end }}
--- a/charts/podinfo/templates/httproute.yaml
+++ b/charts/podinfo/templates/httproute.yaml
@@ -5,6 +5,7 @@ apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 metadata:
  name: {{ $fullName }}
+  namespace: {{ include "podinfo.namespace" . }}
  labels:
    {{- include "podinfo.labels" . | nindent 4 }}
    {{- with .Values.httpRoute.additionalLabels }}
--- a/charts/podinfo/templates/linkerd.yaml
+++ b/charts/podinfo/templates/linkerd.yaml
@@ -1,99 +0,0 @@
-{{- if .Values.linkerd.profile.enabled -}}
-apiVersion: linkerd.io/v1alpha2
-kind: ServiceProfile
-metadata:
-  name: {{ template "podinfo.fullname" . }}.{{ include "podinfo.namespace" . }}.svc.cluster.local
-  namespace: {{ include "podinfo.namespace" . }}
-  labels:
-    {{- include "podinfo.labels" . | nindent 4 }}  
-spec:
-  routes:
-    - condition:
-        method: GET
-        pathRegex: /
-      name: GET /
-    - condition:
-        method: POST
-        pathRegex: /api/echo
-      name: POST /api/echo
-    - condition:
-        method: GET
-        pathRegex: /api/info
-      name: GET /api/info
-    - condition:
-        method: GET
-        pathRegex: /chunked/[^/]*
-      name: GET /chunked/{seconds}
-    - condition:
-        method: GET
-        pathRegex: /delay/[^/]*
-      name: GET /delay/{seconds}
-    - condition:
-        method: GET
-        pathRegex: /env
-      name: GET /env
-    - condition:
-        method: GET
-        pathRegex: /headers
-      name: GET /headers
-    - condition:
-        method: GET
-        pathRegex: /healthz
-      name: GET /healthz
-    - condition:
-        method: GET
-        pathRegex: /metrics
-      name: GET /metrics
-    - condition:
-        method: GET
-        pathRegex: /panic
-      name: GET /panic
-    - condition:
-        method: GET
-        pathRegex: /readyz
-      name: GET /readyz
-    - condition:
-        method: POST
-        pathRegex: /readyz/disable
-      name: POST /readyz/disable
-    - condition:
-        method: POST
-        pathRegex: /readyz/enable
-      name: POST /readyz/enable
-    - condition:
-        method: GET
-        pathRegex: /status/[^/]*
-      name: GET /status/{code}
-    - condition:
-        method: POST
-        pathRegex: /cache
-      name: POST /cache
-    - condition:
-        method: GET
-        pathRegex: /cache/[^/]*
-      name: GET /cache/{hash}
-    - condition:
-        method: POST
-        pathRegex: /store
-      name: POST /store
-    - condition:
-        method: GET
-        pathRegex: /store/[^/]*
-      name: GET /store/{hash}
-    - condition:
-        method: POST
-        pathRegex: /token
-      name: POST /token
-    - condition:
-        method: POST
-        pathRegex: /token/validate
-      name: POST /token/validate
-    - condition:
-        method: GET
-        pathRegex: /version
-      name: GET /version
-    - condition:
-        method: POST
-        pathRegex: /ws/echo
-      name: POST /ws/echo
-{{- end }}
--- a/charts/podinfo/templates/service.yaml
+++ b/charts/podinfo/templates/service.yaml
@@ -6,6 +6,9 @@ metadata:
  namespace: {{ include "podinfo.namespace" . }}
  labels:
    {{- include "podinfo.labels" . | nindent 4 }}
+    {{- with .Values.service.additionalLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
 {{- with .Values.service.annotations }}
  annotations:
 {{ toYaml . | indent 4 }}
@@ -34,4 +37,10 @@ spec:
    {{- end }}
  selector:
    {{- include "podinfo.selectorLabels" . | nindent 4 }}
+  {{- if .Values.service.trafficDistribution }}
+  trafficDistribution: {{ .Values.service.trafficDistribution }}
+  {{- end }}
+  {{- if ( and (.Values.service.externalTrafficPolicy) (eq .Values.service.type "LoadBalancer") ) }}
+  externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
+  {{- end }}
 {{- end }}
--- a/charts/podinfo/values-prod.yaml
+++ b/charts/podinfo/values-prod.yaml
@@ -8,7 +8,7 @@ backends: []

 image:
  repository: ghcr.io/stefanprodan/podinfo
-  tag: 6.9.3
+  tag: 6.11.2
  pullPolicy: IfNotPresent

 ui:
@@ -29,6 +29,7 @@ faults:
 service:
  enabled: true
  annotations: {}
+  additionalLabels: { }
  type: ClusterIP
  metricsPort: 9797
  httpPort: 9898
@@ -36,6 +37,8 @@ service:
  grpcPort: 9999
  grpcService: podinfo
  nodePort: 31198
+  trafficDistribution: ""
+  externalTrafficPolicy: ""

 # enable h2c protocol (non-TLS version of HTTP/2)
 h2c:
@@ -93,7 +96,7 @@ cache: ""
 redis:
  enabled: true
  repository: redis
-  tag: 8.4.0
+  tag: 8.6.1

 serviceAccount:
  # Specifies whether a service account should be created
@@ -155,10 +158,6 @@ httpRoute:
            type: PathPrefix
            value: /

-linkerd:
-  profile:
-    enabled: false
-
 # create Prometheus Operator monitor
 serviceMonitor:
  enabled: false
--- a/charts/podinfo/values.yaml
+++ b/charts/podinfo/values.yaml
@@ -8,7 +8,7 @@ backends: []

 image:
  repository: ghcr.io/stefanprodan/podinfo
-  tag: 6.9.3
+  tag: 6.11.2
  pullPolicy: IfNotPresent
  pullSecrets: []

@@ -30,6 +30,7 @@ faults:
 service:
  enabled: true
  annotations: {}
+  additionalLabels: { }
  type: ClusterIP
  metricsPort: 9797
  httpPort: 9898
@@ -41,6 +42,9 @@ service:
  # NOTE: requires privileged container with NET_BIND_SERVICE capability -- this is useful for testing
  # in local clusters such as kind without port forwarding
  hostPort:
+  # Stable from Kubernetes v1.33+ with a value of PreferClose. Additional values are PreferSameZone and PreferSameNode from v1.34+. Empty string means it's disabled.
+  trafficDistribution: ""
+  externalTrafficPolicy: ""

 # enable h2c protocol (non-TLS version of HTTP/2)
 h2c:
@@ -89,6 +93,65 @@ certificate:
  dnsNames:
    - podinfo

+# Helm hooks (for testing purposes)
+hooks:
+  preInstall:
+    job:
+      enabled: false
+      hookDeletePolicy: hook-succeeded,hook-failed
+      ttlSecondsAfterFinished:
+      sleepSeconds:
+      exitCode: 0
+  postInstall:
+    job:
+      enabled: false
+      hookDeletePolicy: hook-succeeded,hook-failed
+      ttlSecondsAfterFinished:
+      sleepSeconds:
+      exitCode: 0
+  preDelete:
+    job:
+      enabled: false
+      hookDeletePolicy: hook-succeeded,hook-failed
+      ttlSecondsAfterFinished:
+      sleepSeconds:
+      exitCode: 0
+  postDelete:
+    job:
+      enabled: false
+      hookDeletePolicy: hook-succeeded,hook-failed
+      ttlSecondsAfterFinished:
+      sleepSeconds:
+      exitCode: 0
+  preUpgrade:
+    job:
+      enabled: false
+      hookDeletePolicy: hook-succeeded,hook-failed
+      ttlSecondsAfterFinished:
+      sleepSeconds:
+      exitCode: 0
+  postUpgrade:
+    job:
+      enabled: false
+      hookDeletePolicy: hook-succeeded,hook-failed
+      ttlSecondsAfterFinished:
+      sleepSeconds:
+      exitCode: 0
+  preRollback:
+    job:
+      enabled: false
+      hookDeletePolicy: hook-succeeded,hook-failed
+      ttlSecondsAfterFinished:
+      sleepSeconds:
+      exitCode: 0
+  postRollback:
+    job:
+      enabled: false
+      hookDeletePolicy: hook-succeeded,hook-failed
+      ttlSecondsAfterFinished:
+      sleepSeconds:
+      exitCode: 0
+
 # metrics-server add-on required
 hpa:
  enabled: false
@@ -106,7 +169,7 @@ cache: ""
 redis:
  enabled: false
  repository: docker.io/redis
-  tag: 8.4.0
+  tag: 8.6.1
  imagePullSecrets: []

 serviceAccount:
@@ -169,9 +232,27 @@ httpRoute:
            type: PathPrefix
            value: /

-linkerd:
-  profile:
-    enabled: false
+# -- Expose the gRPC service via Gateway GRPCRoute
+# Requires a Gateway controller with GRPCRoute support
+# Docs https://gateway-api.sigs.k8s.io/guides/grpc-routing/
+grpcRoute:
+  # GRPCRoute enabled.
+  enabled: false
+  # Add additional labels to the GRPCRoute.
+  additionalLabels: {}
+  # GRPCRoute annotations.
+  annotations: {}
+  # Which Gateways this Route is attached to.
+  parentRefs:
+    - name: gateway
+      sectionName: http
+      # namespace: default
+  # Hostnames matching HTTP header.
+  hostnames:
+    - podinfo.local
+  # List of rules applied.
+  rules:
+    - {}

 # create Prometheus Operator monitor
 serviceMonitor:
--- a/cloudbuild.yaml
+++ b/cloudbuild.yaml
@@ -1,4 +0,0 @@
-steps:
- name: 'gcr.io/cloud-builders/docker'
-  args: ['build','-f' , 'Dockerfile', '-t', 'gcr.io/$PROJECT_ID/podinfo:$BRANCH_NAME-$SHORT_SHA', '.']
-images: ['gcr.io/$PROJECT_ID/podinfo:$BRANCH_NAME-$SHORT_SHA']
--- a/cmd/podcli/check.go
+++ b/cmd/podcli/check.go
@@ -12,10 +12,13 @@ import (
 	"strings"
 	"time"

+	"github.com/gorilla/websocket"
 	"github.com/spf13/cobra"
 	"go.uber.org/zap"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/codes"
+	"google.golang.org/grpc/credentials"
+	"google.golang.org/grpc/credentials/insecure"
 	"google.golang.org/grpc/health/grpc_health_v1"
 	"google.golang.org/grpc/status"
 )
@@ -27,6 +30,7 @@ var (
 	body            string
 	timeout         time.Duration
 	grpcServiceName string
+	grpcTLS         bool
 )

 var checkCmd = &cobra.Command{
@@ -63,6 +67,13 @@ var checkgRPCCmd = &cobra.Command{
 	RunE:    runCheckgPRC,
 }

+var checkWsCmd = &cobra.Command{
+	Use:     `ws [address]`,
+	Short:   "WebSocket round-trip health check",
+	Example: `  check ws ws://localhost:9898/ws/echo --retry=1 --delay=2s --timeout=5s`,
+	RunE:    runCheckWs,
+}
+
 func init() {
 	checkUrlCmd.Flags().StringVar(&method, "method", "GET", "HTTP method")
 	checkUrlCmd.Flags().StringVar(&body, "body", "", "HTTP POST/PUT content")
@@ -80,10 +91,16 @@ func init() {
 	checkgRPCCmd.Flags().DurationVar(&retryDelay, "delay", 1*time.Second, "wait duration between retries")
 	checkgRPCCmd.Flags().DurationVar(&timeout, "timeout", 5*time.Second, "timeout")
 	checkgRPCCmd.Flags().StringVar(&grpcServiceName, "service", "", "gRPC service name")
+	checkgRPCCmd.Flags().BoolVar(&grpcTLS, "tls", false, "use TLS for gRPC connection")
 	checkCmd.AddCommand(checkgRPCCmd)

 	checkCmd.AddCommand(checkCertCmd)

+	checkWsCmd.Flags().IntVar(&retryCount, "retry", 0, "times to retry the WebSocket check")
+	checkWsCmd.Flags().DurationVar(&retryDelay, "delay", 1*time.Second, "wait duration between retries")
+	checkWsCmd.Flags().DurationVar(&timeout, "timeout", 5*time.Second, "timeout")
+	checkCmd.AddCommand(checkWsCmd)
+
 	rootCmd.AddCommand(checkCmd)
 }

@@ -262,6 +279,72 @@ func fmtContentLength(b int64) string {
 	return fmt.Sprintf("%.1f %cB", float64(b)/float64(div), "kMGTPE"[exp])
 }

+func runCheckWs(cmd *cobra.Command, args []string) error {
+	if retryCount < 0 {
+		return fmt.Errorf("--retry is required")
+	}
+	if len(args) < 1 {
+		return fmt.Errorf("address is required! example: check ws wss://localhost:9898/ws/echo")
+	}
+
+	address := args[0]
+	if !strings.HasPrefix(address, "ws://") && !strings.HasPrefix(address, "wss://") {
+		return fmt.Errorf("address must start with ws:// or wss://")
+	}
+
+	for n := 0; n <= retryCount; n++ {
+		if n != 0 {
+			time.Sleep(retryDelay)
+		}
+
+		dialer := websocket.Dialer{
+			HandshakeTimeout: timeout,
+		}
+
+		conn, _, err := dialer.Dial(address, nil)
+		if err != nil {
+			logger.Info("check failed",
+				zap.String("address", address),
+				zap.Error(err))
+			continue
+		}
+
+		msg := "podinfo-check"
+		start := time.Now()
+
+		conn.SetWriteDeadline(start.Add(timeout))
+		if err := conn.WriteMessage(websocket.TextMessage, []byte(msg)); err != nil {
+			conn.Close()
+			logger.Info("check failed",
+				zap.String("address", address),
+				zap.Error(err))
+			continue
+		}
+
+		conn.SetReadDeadline(time.Now().Add(timeout))
+		_, resp, err := conn.ReadMessage()
+		if err != nil {
+			conn.Close()
+			logger.Info("check failed",
+				zap.String("address", address),
+				zap.Error(err))
+			continue
+		}
+
+		rtt := time.Since(start)
+		conn.Close()
+
+		logger.Info("check succeed",
+			zap.String("address", address),
+			zap.Duration("round-trip", rtt),
+			zap.Int("response size", len(resp)))
+		os.Exit(0)
+	}
+
+	os.Exit(1)
+	return nil
+}
+
 func runCheckgPRC(cmd *cobra.Command, args []string) error {
 	if retryCount < 0 {
 		return fmt.Errorf("--retry is required")
@@ -271,12 +354,19 @@ func runCheckgPRC(cmd *cobra.Command, args []string) error {
 	}
 	address := args[0]

+	var creds grpc.DialOption
+	if grpcTLS {
+		creds = grpc.WithTransportCredentials(credentials.NewTLS(&tls.Config{}))
+	} else {
+		creds = grpc.WithTransportCredentials(insecure.NewCredentials())
+	}
+
 	for n := 0; n <= retryCount; n++ {
-		if n != 1 {
+		if n != 0 {
 			time.Sleep(retryDelay)
 		}

-		conn, err := grpc.Dial(address, grpc.WithInsecure())
+		conn, err := grpc.NewClient(address, creds)
 		if err != nil {
 			logger.Info("check failed",
 				zap.String("address", address),
@@ -291,13 +381,14 @@ func runCheckgPRC(cmd *cobra.Command, args []string) error {

 		if err != nil {
 			if stat, ok := status.FromError(err); ok && stat.Code() == codes.Unimplemented {
-				logger.Info("gPRC health protocol not implemented")
+				logger.Info("gRPC health protocol not implemented")
 				os.Exit(1)
 			} else {
 				logger.Info("check failed",
 					zap.String("address", address),
 					zap.Error(err))
 			}
+			conn.Close()
 			continue
 		}

@@ -305,7 +396,6 @@ func runCheckgPRC(cmd *cobra.Command, args []string) error {
 		logger.Info("check succeed",
 			zap.String("status", resp.GetStatus().String()))
 		os.Exit(0)
-
 	}

 	os.Exit(1)
--- a/cmd/podinfo/main.go
+++ b/cmd/podinfo/main.go
@@ -1,6 +1,7 @@
 package main

 import (
+	"context"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -10,6 +11,11 @@ import (

 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
+	"go.opentelemetry.io/contrib/bridges/otelzap"
+	"go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc"
+	sdklog "go.opentelemetry.io/otel/sdk/log"
+	"go.opentelemetry.io/otel/sdk/resource"
+	semconv "go.opentelemetry.io/otel/semconv/v1.7.0"
 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"

@@ -53,7 +59,7 @@ func main() {
 	fs.Int("stress-cpu", 0, "number of CPU cores with 100 load")
 	fs.Int("stress-memory", 0, "MB of data to load into memory")
 	fs.String("cache-server", "", "Redis address in the format 'tcp://<host>:<port>'")
-	fs.String("otel-service-name", "", "service name for reporting to open telemetry address, when not set tracing is disabled")
+	fs.String("otel-service-name", "", "service name for OpenTelemetry, when not set tracing and log export are disabled")

 	versionFlag := fs.BoolP("version", "v", false, "get version number")

@@ -93,8 +99,18 @@ func main() {
 		}
 	}

+	// initialize OTel log provider if service name is set
+	var loggerProvider *sdklog.LoggerProvider
+	if otelServiceName := viper.GetString("otel-service-name"); otelServiceName != "" {
+		var err error
+		loggerProvider, err = initLoggerProvider(context.Background(), otelServiceName)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "Error initializing OTel log provider: %s\n", err.Error())
+		}
+	}
+
 	// configure logging
-	logger, _ := initZap(viper.GetString("level"))
+	logger, _ := initZap(viper.GetString("level"), loggerProvider)
 	defer logger.Sync()
 	stdLog := zap.RedirectStdLog(logger)
 	defer stdLog()
@@ -163,10 +179,29 @@ func main() {
 	// graceful shutdown
 	stopCh := signals.SetupSignalHandler()
 	sd, _ := signals.NewShutdown(srvCfg.ServerShutdownTimeout, logger)
+	sd.SetLoggerProvider(loggerProvider)
 	sd.Graceful(stopCh, httpServer, httpsServer, grpcServer, healthy, ready)
 }

-func initZap(logLevel string) (*zap.Logger, error) {
+func initLoggerProvider(ctx context.Context, serviceName string) (*sdklog.LoggerProvider, error) {
+	exporter, err := otlploggrpc.New(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("creating OTLP log exporter: %w", err)
+	}
+
+	provider := sdklog.NewLoggerProvider(
+		sdklog.WithProcessor(sdklog.NewBatchProcessor(exporter)),
+		sdklog.WithResource(resource.NewWithAttributes(
+			semconv.SchemaURL,
+			semconv.ServiceNameKey.String(serviceName),
+			semconv.ServiceVersionKey.String(version.VERSION),
+		)),
+	)
+
+	return provider, nil
+}
+
+func initZap(logLevel string, loggerProvider *sdklog.LoggerProvider) (*zap.Logger, error) {
 	level := zap.NewAtomicLevelAt(zapcore.InfoLevel)
 	switch logLevel {
 	case "debug":
@@ -210,7 +245,21 @@ func initZap(logLevel string) (*zap.Logger, error) {
 		ErrorOutputPaths: []string{"stderr"},
 	}

-	return zapConfig.Build()
+	logger, err := zapConfig.Build()
+	if err != nil {
+		return nil, err
+	}
+
+	if loggerProvider != nil {
+		otelCore := otelzap.NewCore("github.com/stefanprodan/podinfo",
+			otelzap.WithLoggerProvider(loggerProvider),
+		)
+		logger = logger.WithOptions(zap.WrapCore(func(core zapcore.Core) zapcore.Core {
+			return zapcore.NewTee(core, otelCore)
+		}))
+	}
+
+	return logger, nil
 }

 var stressMemoryPayload []byte
--- a/deploy/bases/backend/deployment.yaml
+++ b/deploy/bases/backend/deployment.yaml
@@ -12,18 +12,18 @@ spec:
    type: RollingUpdate
  selector:
    matchLabels:
-      app: backend
+      app.kubernetes.io/name: backend
  template:
    metadata:
      annotations:
        prometheus.io/scrape: "true"
        prometheus.io/port: "9797"
      labels:
-        app: backend
+        app.kubernetes.io/name: backend
    spec:
      containers:
      - name: backend
-        image: ghcr.io/stefanprodan/podinfo:6.9.3
+        image: ghcr.io/stefanprodan/podinfo:6.11.2
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
--- a/deploy/bases/backend/service.yaml
+++ b/deploy/bases/backend/service.yaml
@@ -5,7 +5,7 @@ metadata:
 spec:
  type: ClusterIP
  selector:
-    app: backend
+    app.kubernetes.io/name: backend
  ports:
    - name: http
      port: 9898
--- a/deploy/bases/cache/deployment.yaml
+++ b/deploy/bases/cache/deployment.yaml
@@ -5,15 +5,15 @@ metadata:
 spec:
  selector:
    matchLabels:
-      app: cache
+      app.kubernetes.io/name: cache
  template:
    metadata:
      labels:
-        app: cache
+        app.kubernetes.io/name: cache
    spec:
      containers:
        - name: redis
-          image: docker.io/redis:8.4.0
+          image: docker.io/redis:8.6.1
          imagePullPolicy: IfNotPresent
          command:
            - redis-server
--- a/deploy/bases/cache/service.yaml
+++ b/deploy/bases/cache/service.yaml
@@ -5,7 +5,7 @@ metadata:
 spec:
  type: ClusterIP
  selector:
-    app: cache
+    app.kubernetes.io/name: cache
  ports:
    - name: redis
      port: 6379
--- a/deploy/bases/database/README.md
+++ b/deploy/bases/database/README.md
@@ -0,0 +1,76 @@
+# Database Setup
+
+This directory contains the Kubernetes manifests to simulate a database setup
+with a primary database, read replicas, and scheduled maintenance tasks using CronJobs.
+
+## Components
+
+### Core Resources
+
+| Resource | File | Description |
+|----------|------|-------------|
+| ServiceAccount | `serviceaccount.yaml` | Shared service account for all database workloads |
+| PVC | `pvc-primary.yaml` | 1Gi persistent storage for primary database |
+| StatefulSet | `statefulset-primary.yaml` | Primary database with persistent storage at `/data` |
+| Deployment | `deployment-replica.yaml` | Read replica deployment |
+| Service (Headless) | `service-primary.yaml` | Headless service for StatefulSet |
+| Service | `service-replica.yaml` | ClusterIP service for replicas |
+| HPA | `hpa-replica.yaml` | Autoscaler for replicas (2-3 pods, 99% CPU) |
+
+### CronJobs
+
+| CronJob | Schedule | Duration | TTL Cleanup | Description |
+|---------|----------|----------|-------------|-------------|
+| `rollup-daily` | Every 10 min | ~1 min | 1 hour | Daily rollup simulation (6 iterations) |
+| `rollup-weekly` | Every 30 min | ~2 min | 1 day | Weekly rollup simulation (12 iterations) |
+| `backup-daily` | Daily at midnight | ~1 min | 1 day | Backup simulation (configured to fail) |
+
+### Scripts
+
+Located in `scripts/` directory:
+
+- `rollup.sh` - Rollup simulation script with configurable steps via `ROLLUP_STEPS` env var
+- `backup.sh` - Backup simulation script with configurable exit code via `BACKUP_EXIT` env var
+
+## Labels
+
+All resources use Kubernetes recommended labels:
+
+- `app.kubernetes.io/name` - Component name
+- `app.kubernetes.io/part-of: database` - Part of database application
+
+## Configuration
+
+### Primary Database
+- **Port**: 3306 (MySQL standard)
+- **Storage**: 1Gi PersistentVolumeClaim mounted at `/data`
+- **Service**: Headless (`clusterIP: None`) for StatefulSet
+
+### Replica Database
+- **Port**: 3306
+- **Scaling**: HPA with 2-3 replicas at 99% CPU utilization
+- **Service**: ClusterIP
+
+### CronJob Scripts
+
+The scripts check database-replica health before running:
+
+```sh
+podcli check http database-replica:3306/readyz
+```
+
+## Usage
+
+Deploy with Kustomize:
+
+```bash
+kubectl apply -k deploy/bases/database
+```
+
+Or include in an overlay:
+
+```yaml
+# kustomization.yaml
+resources:
+  - ../../bases/database
+```
--- a/deploy/bases/database/cronjob-backup-daily.yaml
+++ b/deploy/bases/database/cronjob-backup-daily.yaml
@@ -0,0 +1,48 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: backup-daily
+spec:
+  # Runs every day at midnight for 1 minute
+  schedule: "0 0 * * *"
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 1
+  failedJobsHistoryLimit: 1
+  jobTemplate:
+    spec:
+      # Cleanup after 1 day
+      ttlSecondsAfterFinished: 86400
+      backoffLimit: 1
+      template:
+        metadata:
+          labels:
+            app.kubernetes.io/name: backup-daily
+            app.kubernetes.io/part-of: database
+        spec:
+          serviceAccountName: database
+          restartPolicy: Never
+          containers:
+          - name: backup
+            image: ghcr.io/stefanprodan/podinfo:6.11.2
+            imagePullPolicy: IfNotPresent
+            command:
+            - /bin/sh
+            - /scripts/backup.sh
+            env:
+            - name: BACKUP_EXIT
+              value: "1"
+            resources:
+              limits:
+                cpu: 100m
+                memory: 32Mi
+              requests:
+                cpu: 10m
+                memory: 16Mi
+            volumeMounts:
+            - name: scripts
+              mountPath: /scripts
+          volumes:
+          - name: scripts
+            configMap:
+              name: backup-script
+              defaultMode: 0755
--- a/deploy/bases/database/cronjob-rollup-daily.yaml
+++ b/deploy/bases/database/cronjob-rollup-daily.yaml
@@ -0,0 +1,48 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: rollup-daily
+spec:
+  # Runs every 10 minutes for 1 minute
+  schedule: "*/10 * * * *"
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 1
+  failedJobsHistoryLimit: 1
+  jobTemplate:
+    spec:
+      # Cleanup after 1 hour
+      ttlSecondsAfterFinished: 3600
+      backoffLimit: 3
+      template:
+        metadata:
+          labels:
+            app.kubernetes.io/name: rollup-daily
+            app.kubernetes.io/part-of: database
+        spec:
+          serviceAccountName: database
+          restartPolicy: OnFailure
+          containers:
+          - name: healthcheck
+            image: ghcr.io/stefanprodan/podinfo:6.11.2
+            imagePullPolicy: IfNotPresent
+            command:
+            - /bin/sh
+            - /scripts/rollup.sh
+            env:
+            - name: ROLLUP_STEPS
+              value: "6"
+            resources:
+              limits:
+                cpu: 100m
+                memory: 32Mi
+              requests:
+                cpu: 10m
+                memory: 16Mi
+            volumeMounts:
+            - name: scripts
+              mountPath: /scripts
+          volumes:
+          - name: scripts
+            configMap:
+              name: rollup-script
+              defaultMode: 0755
--- a/deploy/bases/database/cronjob-rollup-weekly.yaml
+++ b/deploy/bases/database/cronjob-rollup-weekly.yaml
@@ -0,0 +1,48 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: rollup-weekly
+spec:
+  # Runs every 30 minutes for 2 minutes
+  schedule: "*/30 * * * *"
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 1
+  failedJobsHistoryLimit: 1
+  jobTemplate:
+    spec:
+      # Cleanup after 1 day
+      ttlSecondsAfterFinished: 86400
+      backoffLimit: 3
+      template:
+        metadata:
+          labels:
+            app.kubernetes.io/name: rollup-weekly
+            app.kubernetes.io/part-of: database
+        spec:
+          serviceAccountName: database
+          restartPolicy: OnFailure
+          containers:
+          - name: healthcheck
+            image: ghcr.io/stefanprodan/podinfo:6.11.2
+            imagePullPolicy: IfNotPresent
+            command:
+            - /bin/sh
+            - /scripts/rollup.sh
+            env:
+            - name: ROLLUP_STEPS
+              value: "12"
+            resources:
+              limits:
+                cpu: 100m
+                memory: 32Mi
+              requests:
+                cpu: 10m
+                memory: 16Mi
+            volumeMounts:
+            - name: scripts
+              mountPath: /scripts
+          volumes:
+          - name: scripts
+            configMap:
+              name: rollup-script
+              defaultMode: 0755
--- a/deploy/bases/database/deployment-replica.yaml
+++ b/deploy/bases/database/deployment-replica.yaml
@@ -0,0 +1,66 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: database-replica
+spec:
+  minReadySeconds: 3
+  revisionHistoryLimit: 5
+  progressDeadlineSeconds: 60
+  strategy:
+    rollingUpdate:
+      maxUnavailable: 0
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: database-replica
+  template:
+    metadata:
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "9797"
+      labels:
+        app.kubernetes.io/name: database-replica
+        app.kubernetes.io/part-of: database
+    spec:
+      serviceAccountName: database
+      containers:
+      - name: database
+        image: ghcr.io/stefanprodan/podinfo:6.11.2
+        imagePullPolicy: IfNotPresent
+        ports:
+        - name: db
+          containerPort: 3306
+          protocol: TCP
+        - name: http-metrics
+          containerPort: 9797
+          protocol: TCP
+        command:
+        - ./podinfo
+        - --port=3306
+        - --port-metrics=9797
+        - --level=info
+        livenessProbe:
+          exec:
+            command:
+            - podcli
+            - check
+            - http
+            - localhost:3306/healthz
+          initialDelaySeconds: 5
+          timeoutSeconds: 5
+        readinessProbe:
+          exec:
+            command:
+            - podcli
+            - check
+            - http
+            - localhost:3306/readyz
+          initialDelaySeconds: 5
+          timeoutSeconds: 5
+        resources:
+          limits:
+            cpu: 2000m
+            memory: 512Mi
+          requests:
+            cpu: 100m
+            memory: 32Mi
--- a/deploy/bases/database/hpa-replica.yaml
+++ b/deploy/bases/database/hpa-replica.yaml
@@ -0,0 +1,18 @@
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: database-replica
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: database-replica
+  minReplicas: 2
+  maxReplicas: 3
+  metrics:
+  - type: Resource
+    resource:
+      name: cpu
+      target:
+        type: Utilization
+        averageUtilization: 99
--- a/deploy/bases/database/kustomization.yaml
+++ b/deploy/bases/database/kustomization.yaml
@@ -0,0 +1,24 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - serviceaccount.yaml
+  - pvc-primary.yaml
+  - statefulset-primary.yaml
+  - deployment-replica.yaml
+  - service-primary.yaml
+  - service-replica.yaml
+  - hpa-replica.yaml
+  - cronjob-rollup-daily.yaml
+  - cronjob-rollup-weekly.yaml
+  - cronjob-backup-daily.yaml
+configMapGenerator:
+  - name: rollup-script
+    files:
+      - scripts/rollup.sh
+    options:
+      disableNameSuffixHash: true
+  - name: backup-script
+    files:
+      - scripts/backup.sh
+    options:
+      disableNameSuffixHash: true
--- a/deploy/bases/database/pvc-primary.yaml
+++ b/deploy/bases/database/pvc-primary.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: database-primary
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
--- a/deploy/bases/database/scripts/backup.sh
+++ b/deploy/bases/database/scripts/backup.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+set -e
+
+# This is a simulation of a backup process.
+
+EXIT_CODE=${BACKUP_EXIT:-0}
+
+echo "Starting backup (estimated run time: 60s)"
+podcli check http database-replica:3306/readyz
+sleep 60
+echo "Backup finished"
+exit $EXIT_CODE
--- a/deploy/bases/database/scripts/rollup.sh
+++ b/deploy/bases/database/scripts/rollup.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+set -e
+
+# This is a simulation of a rollup process.
+
+STEPS=${ROLLUP_STEPS:-6}
+echo "Starting rollup with $STEPS steps (estimated run time: $((STEPS * 10))s)"
+podcli check http database-replica:3306/readyz
+i=1
+while [ $i -le $STEPS ]; do
+  echo "Running rollup iteration $i of $STEPS"
+  sleep 10
+  i=$((i + 1))
+done
+echo "Rollup finished"
--- a/deploy/bases/database/service-primary.yaml
+++ b/deploy/bases/database/service-primary.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: database-primary
+spec:
+  type: ClusterIP
+  clusterIP: None
+  selector:
+    app.kubernetes.io/name: database-primary
+  ports:
+    - name: db
+      port: 3306
+      protocol: TCP
+      targetPort: db
--- a/deploy/bases/database/service-replica.yaml
+++ b/deploy/bases/database/service-replica.yaml
@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: database-replica
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: database-replica
+  ports:
+    - name: db
+      port: 3306
+      protocol: TCP
+      targetPort: db
--- a/deploy/bases/database/serviceaccount.yaml
+++ b/deploy/bases/database/serviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: database
--- a/deploy/bases/database/statefulset-primary.yaml
+++ b/deploy/bases/database/statefulset-primary.yaml
@@ -0,0 +1,70 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: database-primary
+spec:
+  serviceName: database-primary
+  replicas: 1
+  minReadySeconds: 3
+  revisionHistoryLimit: 5
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: database-primary
+  template:
+    metadata:
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "9797"
+      labels:
+        app.kubernetes.io/name: database-primary
+        app.kubernetes.io/part-of: database
+    spec:
+      serviceAccountName: database
+      containers:
+      - name: database
+        image: ghcr.io/stefanprodan/podinfo:6.11.2
+        imagePullPolicy: IfNotPresent
+        ports:
+        - name: db
+          containerPort: 3306
+          protocol: TCP
+        - name: http-metrics
+          containerPort: 9797
+          protocol: TCP
+        command:
+        - ./podinfo
+        - --port=3306
+        - --port-metrics=9797
+        - --level=info
+        livenessProbe:
+          exec:
+            command:
+            - podcli
+            - check
+            - http
+            - localhost:3306/healthz
+          initialDelaySeconds: 5
+          timeoutSeconds: 5
+        readinessProbe:
+          exec:
+            command:
+            - podcli
+            - check
+            - http
+            - localhost:3306/readyz
+          initialDelaySeconds: 5
+          timeoutSeconds: 5
+        resources:
+          limits:
+            cpu: 2000m
+            memory: 512Mi
+          requests:
+            cpu: 100m
+            memory: 32Mi
+        volumeMounts:
+        - name: data
+          mountPath: /data
+      volumes:
+      - name: data
+        persistentVolumeClaim:
+          claimName: database-primary
--- a/deploy/bases/frontend/deployment.yaml
+++ b/deploy/bases/frontend/deployment.yaml
@@ -12,18 +12,18 @@ spec:
    type: RollingUpdate
  selector:
    matchLabels:
-      app: frontend
+      app.kubernetes.io/name: frontend
  template:
    metadata:
      annotations:
        prometheus.io/scrape: "true"
        prometheus.io/port: "9797"
      labels:
-        app: frontend
+        app.kubernetes.io/name: frontend
    spec:
      containers:
      - name: frontend
-        image: ghcr.io/stefanprodan/podinfo:6.9.3
+        image: ghcr.io/stefanprodan/podinfo:6.11.2
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
--- a/deploy/bases/frontend/service.yaml
+++ b/deploy/bases/frontend/service.yaml
@@ -5,7 +5,7 @@ metadata:
 spec:
  type: ClusterIP
  selector:
-    app: frontend
+    app.kubernetes.io/name: frontend
  ports:
    - name: http
      port: 80
--- a/deploy/overlays/dev/kustomization.yaml
+++ b/deploy/overlays/dev/kustomization.yaml
@@ -5,6 +5,7 @@ resources:
  - ../../bases/backend
  - ../../bases/frontend
  - ../../bases/cache
+  - ../../bases/database
  - namespace.yaml
 transformers:
  - labels.yaml
--- a/deploy/overlays/dev/labels.yaml
+++ b/deploy/overlays/dev/labels.yaml
@@ -3,8 +3,8 @@ kind: LabelTransformer
 metadata:
  name: labels
 labels:
-  env: dev
-  instance: webapp
+  app.kubernetes.io/environment: dev
+  app.kubernetes.io/instance: webapp
 fieldSpecs:
  - path: metadata/labels
    create: true
--- a/deploy/overlays/production/kustomization.yaml
+++ b/deploy/overlays/production/kustomization.yaml
@@ -5,6 +5,7 @@ resources:
  - ../../bases/backend
  - ../../bases/frontend
  - ../../bases/cache
+  - ../../bases/database
  - namespace.yaml
 transformers:
  - labels.yaml
--- a/deploy/overlays/production/labels.yaml
+++ b/deploy/overlays/production/labels.yaml
@@ -3,8 +3,8 @@ kind: LabelTransformer
 metadata:
  name: labels
 labels:
-  env: production
-  instance: webapp
+  app.kubernetes.io/environment: production
+  app.kubernetes.io/instance: webapp
 fieldSpecs:
  - path: metadata/labels
    create: true
--- a/deploy/overlays/staging/kustomization.yaml
+++ b/deploy/overlays/staging/kustomization.yaml
@@ -5,6 +5,7 @@ resources:
  - ../../bases/backend
  - ../../bases/frontend
  - ../../bases/cache
+  - ../../bases/database
  - namespace.yaml
 transformers:
  - labels.yaml
--- a/deploy/overlays/staging/labels.yaml
+++ b/deploy/overlays/staging/labels.yaml
@@ -3,8 +3,8 @@ kind: LabelTransformer
 metadata:
  name: labels
 labels:
-  env: staging
-  instance: webapp
+  app.kubernetes.io/environment: staging
+  app.kubernetes.io/instance: webapp
 fieldSpecs:
  - path: metadata/labels
    create: true
--- a/deploy/webapp/backend/deployment.yaml
+++ b/deploy/webapp/backend/deployment.yaml
@@ -25,7 +25,7 @@ spec:
      serviceAccountName: webapp
      containers:
      - name: backend
-        image: ghcr.io/stefanprodan/podinfo:6.9.3
+        image: ghcr.io/stefanprodan/podinfo:6.11.2
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
--- a/deploy/webapp/frontend/deployment.yaml
+++ b/deploy/webapp/frontend/deployment.yaml
@@ -25,7 +25,7 @@ spec:
      serviceAccountName: webapp
      containers:
      - name: frontend
-        image: ghcr.io/stefanprodan/podinfo:6.9.3
+        image: ghcr.io/stefanprodan/podinfo:6.11.2
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/stefanprodan/podinfo

-go 1.25
+go 1.26.0

 require (
 	github.com/chzyer/readline v1.5.1
@@ -11,27 +11,30 @@ require (
 	github.com/gorilla/mux v1.8.1
 	github.com/gorilla/websocket v1.5.3
 	github.com/prometheus/client_golang v1.23.2
-	github.com/spf13/cobra v1.10.1
+	github.com/spf13/cobra v1.10.2
 	github.com/spf13/pflag v1.0.10
 	github.com/spf13/viper v1.21.0
 	github.com/swaggo/http-swagger v1.3.4
 	github.com/swaggo/swag v1.16.6
-	go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.63.0
-	go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.63.0
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0
-	go.opentelemetry.io/contrib/propagators/aws v1.38.0
-	go.opentelemetry.io/contrib/propagators/b3 v1.38.0
-	go.opentelemetry.io/contrib/propagators/jaeger v1.38.0
-	go.opentelemetry.io/contrib/propagators/ot v1.38.0
-	go.opentelemetry.io/otel v1.38.0
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0
-	go.opentelemetry.io/otel/sdk v1.38.0
-	go.opentelemetry.io/otel/trace v1.38.0
-	go.uber.org/zap v1.27.0
-	golang.org/x/net v0.47.0
-	google.golang.org/grpc v1.76.0
-	google.golang.org/protobuf v1.36.10
+	go.opentelemetry.io/contrib/bridges/otelzap v0.15.0
+	go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.65.0
+	go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.65.0
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0
+	go.opentelemetry.io/contrib/propagators/aws v1.40.0
+	go.opentelemetry.io/contrib/propagators/b3 v1.40.0
+	go.opentelemetry.io/contrib/propagators/jaeger v1.40.0
+	go.opentelemetry.io/contrib/propagators/ot v1.40.0
+	go.opentelemetry.io/otel v1.40.0
+	go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.16.0
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.40.0
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.40.0
+	go.opentelemetry.io/otel/sdk v1.40.0
+	go.opentelemetry.io/otel/sdk/log v0.16.0
+	go.opentelemetry.io/otel/trace v1.40.0
+	go.uber.org/zap v1.27.1
+	golang.org/x/net v0.51.0
+	google.golang.org/grpc v1.79.3
+	google.golang.org/protobuf v1.36.11
 )

 require (
@@ -48,7 +51,7 @@ require (
 	github.com/go-openapi/swag v0.23.1 // indirect
 	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.7 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/mailru/easyjson v0.9.0 // indirect
@@ -65,18 +68,19 @@ require (
 	github.com/spf13/cast v1.10.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/swaggo/files v1.0.1 // indirect
-	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
-	go.opentelemetry.io/otel/metric v1.38.0 // indirect
-	go.opentelemetry.io/proto/otlp v1.7.1 // indirect
+	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
+	go.opentelemetry.io/otel/log v0.16.0 // indirect
+	go.opentelemetry.io/otel/metric v1.40.0 // indirect
+	go.opentelemetry.io/proto/otlp v1.9.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.yaml.in/yaml/v2 v2.4.2 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
-	golang.org/x/mod v0.30.0 // indirect
-	golang.org/x/sync v0.18.0 // indirect
-	golang.org/x/sys v0.38.0 // indirect
-	golang.org/x/text v0.31.0 // indirect
-	golang.org/x/tools v0.39.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20250825161204-c5933d9347a5 // indirect
+	golang.org/x/mod v0.33.0 // indirect
+	golang.org/x/sync v0.19.0 // indirect
+	golang.org/x/sys v0.41.0 // indirect
+	golang.org/x/text v0.34.0 // indirect
+	golang.org/x/tools v0.42.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -52,8 +52,8 @@ github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
 github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 h1:8Tjv8EJ+pM1xP8mK6egEbD1OgnVTyacbefKhmbLhIhU=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2/go.mod h1:pkJQ2tZHJ0aFOVEEot6oZmaVEZcRme73eIFmhiVuRWs=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.7 h1:X+2YciYSxvMQK0UZ7sg45ZVabVZBeBuvMkmuI2V3Fak=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.7/go.mod h1:lW34nIZuQ8UDPdkon5fmfp2l3+ZkQ2me/+oecHYLOII=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
@@ -86,8 +86,8 @@ github.com/prometheus/common v0.66.1 h1:h5E0h5/Y8niHc5DlaLlWLArTQI7tMrsfQjHV+d9Z
 github.com/prometheus/common v0.66.1/go.mod h1:gcaUsgf3KfRSwHY4dIMXLPV0K/Wg1oZ8+SbZk/HH/dA=
 github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg=
 github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is=
-github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
-github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
+github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ=
+github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sagikazarmark/locafero v0.11.0 h1:1iurJgmM9G3PA/I+wWYIOw/5SyBtxapeHDcg+AAIFXc=
 github.com/sagikazarmark/locafero v0.11.0/go.mod h1:nVIGvgyzw595SUSUE6tvCp3YYTeHs15MvlmU87WwIik=
@@ -97,8 +97,8 @@ github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=
 github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg=
 github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY=
 github.com/spf13/cast v1.10.0/go.mod h1:jNfB8QC9IA6ZuY2ZjDp0KtFO2LZZlg4S/7bzP6qqeHo=
-github.com/spf13/cobra v1.10.1 h1:lJeBwCfmrnXthfAupyUTzJ/J4Nc1RsHC/mSRU2dll/s=
-github.com/spf13/cobra v1.10.1/go.mod h1:7SmJGaTHFVBY0jW4NXGluQoLvhqFQM+6XSKD+P4XaB0=
+github.com/spf13/cobra v1.10.2 h1:DMTTonx5m65Ic0GOoRY2c16WCbHxOOw6xxezuLaBpcU=
+github.com/spf13/cobra v1.10.2/go.mod h1:7C1pvHqHw5A4vrJfjNwvOdzYu0Gml16OCs2GRiTUUS4=
 github.com/spf13/pflag v1.0.9/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
 github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
@@ -115,46 +115,58 @@ github.com/swaggo/http-swagger v1.3.4/go.mod h1:9dAh0unqMBAlbp1uE2Uc2mQTxNMU/ha4
 github.com/swaggo/swag v1.16.6 h1:qBNcx53ZaX+M5dxVyTrgQ0PJ/ACK+NzhwcbieTt+9yI=
 github.com/swaggo/swag v1.16.6/go.mod h1:ngP2etMK5a0P3QBizic5MEwpRmluJZPHjXcMoj4Xesg=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
-go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
-go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.63.0 h1:rATLgFjv0P9qyXQR/aChJ6JVbMtXOQjt49GgT36cBbk=
-go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.63.0/go.mod h1:34csimR1lUhdT5HH4Rii9aKPrvBcnFRwxLwcevsU+Kk=
-go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.63.0 h1:2pn7OzMewmYRiNtv1doZnLo3gONcnMHlFnmOR8Vgt+8=
-go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.63.0/go.mod h1:rjbQTDEPQymPE0YnRQp9/NuPwwtL0sesz/fnqRW/v84=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0 h1:RbKq8BG0FI8OiXhBfcRtqqHcZcka+gU3cskNuf05R18=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0/go.mod h1:h06DGIukJOevXaj/xrNjhi/2098RZzcLTbc0jDAUbsg=
-go.opentelemetry.io/contrib/propagators/aws v1.38.0 h1:eRZ7asSbLc5dH7+TBzL6hFKb1dabz0IV51uUUwYRZts=
-go.opentelemetry.io/contrib/propagators/aws v1.38.0/go.mod h1:wXqc9NTGcXapBExHBDVLEZlByu6quiQL8w7Tjgv8TCg=
-go.opentelemetry.io/contrib/propagators/b3 v1.38.0 h1:uHsCCOSKl0kLrV2dLkFK+8Ywk9iKa/fptkytc6aFFEo=
-go.opentelemetry.io/contrib/propagators/b3 v1.38.0/go.mod h1:wMRSZJZcY8ya9mApLLhwIMjqmApy2o/Ml+62lhvxyHU=
-go.opentelemetry.io/contrib/propagators/jaeger v1.38.0 h1:nXGeLvT1QtCAhkASkP/ksjkTKZALIaQBIW+JSIw1KIc=
-go.opentelemetry.io/contrib/propagators/jaeger v1.38.0/go.mod h1:oMvOXk78ZR3KEuPMBgp/ThAMDy9ku/eyUVztr+3G6Wo=
-go.opentelemetry.io/contrib/propagators/ot v1.38.0 h1:k4gSyyohaDXI8F9BDXYC3uO2vr5sRNeQFMsN9Zn0EoI=
-go.opentelemetry.io/contrib/propagators/ot v1.38.0/go.mod h1:2hDsuiHRO39SRUMhYGqmj64z/IuMRoxE4bBSFR82Lo8=
-go.opentelemetry.io/otel v1.38.0 h1:RkfdswUDRimDg0m2Az18RKOsnI8UDzppJAtj01/Ymk8=
-go.opentelemetry.io/otel v1.38.0/go.mod h1:zcmtmQ1+YmQM9wrNsTGV/q/uyusom3P8RxwExxkZhjM=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 h1:GqRJVj7UmLjCVyVJ3ZFLdPRmhDUp2zFmQe3RHIOsw24=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0/go.mod h1:ri3aaHSmCTVYu2AWv44YMauwAQc0aqI9gHKIcSbI1pU=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0 h1:lwI4Dc5leUqENgGuQImwLo4WnuXFPetmPpkLi2IrX54=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.38.0/go.mod h1:Kz/oCE7z5wuyhPxsXDuaPteSWqjSBD5YaSdbxZYGbGk=
-go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.38.0 h1:kJxSDN4SgWWTjG/hPp3O7LCGLcHXFlvS2/FFOrwL+SE=
-go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.38.0/go.mod h1:mgIOzS7iZeKJdeB8/NYHrJ48fdGc71Llo5bJ1J4DWUE=
-go.opentelemetry.io/otel/metric v1.38.0 h1:Kl6lzIYGAh5M159u9NgiRkmoMKjvbsKtYRwgfrA6WpA=
-go.opentelemetry.io/otel/metric v1.38.0/go.mod h1:kB5n/QoRM8YwmUahxvI3bO34eVtQf2i4utNVLr9gEmI=
-go.opentelemetry.io/otel/sdk v1.38.0 h1:l48sr5YbNf2hpCUj/FoGhW9yDkl+Ma+LrVl8qaM5b+E=
-go.opentelemetry.io/otel/sdk v1.38.0/go.mod h1:ghmNdGlVemJI3+ZB5iDEuk4bWA3GkTpW+DOoZMYBVVg=
-go.opentelemetry.io/otel/sdk/metric v1.38.0 h1:aSH66iL0aZqo//xXzQLYozmWrXxyFkBJ6qT5wthqPoM=
-go.opentelemetry.io/otel/sdk/metric v1.38.0/go.mod h1:dg9PBnW9XdQ1Hd6ZnRz689CbtrUp0wMMs9iPcgT9EZA=
-go.opentelemetry.io/otel/trace v1.38.0 h1:Fxk5bKrDZJUH+AMyyIXGcFAPah0oRcT+LuNtJrmcNLE=
-go.opentelemetry.io/otel/trace v1.38.0/go.mod h1:j1P9ivuFsTceSWe1oY+EeW3sc+Pp42sO++GHkg4wwhs=
-go.opentelemetry.io/proto/otlp v1.7.1 h1:gTOMpGDb0WTBOP8JaO72iL3auEZhVmAQg4ipjOVAtj4=
-go.opentelemetry.io/proto/otlp v1.7.1/go.mod h1:b2rVh6rfI/s2pHWNlB7ILJcRALpcNDzKhACevjI+ZnE=
+go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64=
+go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y=
+go.opentelemetry.io/contrib/bridges/otelzap v0.15.0 h1:x4qzjKkTl2hXmLl+IviSXvzaTyCJSYvpFZL5SRVLBxs=
+go.opentelemetry.io/contrib/bridges/otelzap v0.15.0/go.mod h1:h7dZHJgqkzUiKFXCTJBrPWH0LEZaZXBFzKWstjWBRxw=
+go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.65.0 h1:LIMn2KWRS0jRDDHYyIEYgKWsMwufA9GXusJiwik0u64=
+go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.65.0/go.mod h1:JwJa4o3Wq+4Yz2BjlYFGWyx2h0Fw1lnoj5kpsaTI97o=
+go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.65.0 h1:ab5U7DpTjjN8pNgwqlA/s0Csb+N2Raqo9eTSDhfg4Z8=
+go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.65.0/go.mod h1:nwFJC46Dxhqz5R9k7IV8To/Z46JPvW+GNKhTxQQlUzg=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0 h1:7iP2uCb7sGddAr30RRS6xjKy7AZ2JtTOPA3oolgVSw8=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.65.0/go.mod h1:c7hN3ddxs/z6q9xwvfLPk+UHlWRQyaeR1LdgfL/66l0=
+go.opentelemetry.io/contrib/propagators/aws v1.40.0 h1:4VIrh75jW4RTimUNx1DSk+6H9/nDr1FvmKoOVDh3K04=
+go.opentelemetry.io/contrib/propagators/aws v1.40.0/go.mod h1:B0dCov9KNQGlut3T8wZZjDnLXEXdBroM7bFsHh/gRos=
+go.opentelemetry.io/contrib/propagators/b3 v1.40.0 h1:xariChe8OOVF3rNlfzGFgQc61npQmXhzZj/i82mxMfg=
+go.opentelemetry.io/contrib/propagators/b3 v1.40.0/go.mod h1:72WvbdxbOfXaELEQfonFfOL6osvcVjI7uJEE8C2nkrs=
+go.opentelemetry.io/contrib/propagators/jaeger v1.40.0 h1:aXl9uobjJs5vquMLt9ZkI/3zIuz8XQ3TqOKSWx0/xdU=
+go.opentelemetry.io/contrib/propagators/jaeger v1.40.0/go.mod h1:ioMePqe6k6c/ovXSkmkMr1mbN5qRBGJxNTVop7/2XO0=
+go.opentelemetry.io/contrib/propagators/ot v1.40.0 h1:Lon8J5SPmWaL1Ko2TIlCNHJ42/J1b5XbJlgJaE/9m7I=
+go.opentelemetry.io/contrib/propagators/ot v1.40.0/go.mod h1:dKWtJTlp1Yj+8Cneye5idO46eRPIbi23qVuJYKjNnvY=
+go.opentelemetry.io/otel v1.40.0 h1:oA5YeOcpRTXq6NN7frwmwFR0Cn3RhTVZvXsP4duvCms=
+go.opentelemetry.io/otel v1.40.0/go.mod h1:IMb+uXZUKkMXdPddhwAHm6UfOwJyh4ct1ybIlV14J0g=
+go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.16.0 h1:ZVg+kCXxd9LtAaQNKBxAvJ5NpMf7LpvEr4MIZqb0TMQ=
+go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.16.0/go.mod h1:hh0tMeZ75CCXrHd9OXRYxTlCAdxcXioWHFIpYw2rZu8=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.40.0 h1:QKdN8ly8zEMrByybbQgv8cWBcdAarwmIPZ6FThrWXJs=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.40.0/go.mod h1:bTdK1nhqF76qiPoCCdyFIV+N/sRHYXYCTQc+3VCi3MI=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.40.0 h1:DvJDOPmSWQHWywQS6lKL+pb8s3gBLOZUtw4N+mavW1I=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.40.0/go.mod h1:EtekO9DEJb4/jRyN4v4Qjc2yA7AtfCBuz2FynRUWTXs=
+go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.40.0 h1:MzfofMZN8ulNqobCmCAVbqVL5syHw+eB2qPRkCMA/fQ=
+go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.40.0/go.mod h1:E73G9UFtKRXrxhBsHtG00TB5WxX57lpsQzogDkqBTz8=
+go.opentelemetry.io/otel/log v0.16.0 h1:DeuBPqCi6pQwtCK0pO4fvMB5eBq6sNxEnuTs88pjsN4=
+go.opentelemetry.io/otel/log v0.16.0/go.mod h1:rWsmqNVTLIA8UnwYVOItjyEZDbKIkMxdQunsIhpUMes=
+go.opentelemetry.io/otel/log/logtest v0.16.0 h1:jr1CG3Z6FD9pwUaL/D0s0X4lY2ZVm1jP3JfCtzGxUmE=
+go.opentelemetry.io/otel/log/logtest v0.16.0/go.mod h1:qeeZw+cI/rAtCzZ03Kq1ozq6C4z/PCa+K+bb0eJfKNs=
+go.opentelemetry.io/otel/metric v1.40.0 h1:rcZe317KPftE2rstWIBitCdVp89A2HqjkxR3c11+p9g=
+go.opentelemetry.io/otel/metric v1.40.0/go.mod h1:ib/crwQH7N3r5kfiBZQbwrTge743UDc7DTFVZrrXnqc=
+go.opentelemetry.io/otel/sdk v1.40.0 h1:KHW/jUzgo6wsPh9At46+h4upjtccTmuZCFAc9OJ71f8=
+go.opentelemetry.io/otel/sdk v1.40.0/go.mod h1:Ph7EFdYvxq72Y8Li9q8KebuYUr2KoeyHx0DRMKrYBUE=
+go.opentelemetry.io/otel/sdk/log v0.16.0 h1:e/b4bdlQwC5fnGtG3dlXUrNOnP7c8YLVSpSfEBIkTnI=
+go.opentelemetry.io/otel/sdk/log v0.16.0/go.mod h1:JKfP3T6ycy7QEuv3Hj8oKDy7KItrEkus8XJE6EoSzw4=
+go.opentelemetry.io/otel/sdk/log/logtest v0.16.0 h1:/XVkpZ41rVRTP4DfMgYv1nEtNmf65XPPyAdqV90TMy4=
+go.opentelemetry.io/otel/sdk/log/logtest v0.16.0/go.mod h1:iOOPgQr5MY9oac/F5W86mXdeyWZGleIx3uXO98X2R6Y=
+go.opentelemetry.io/otel/sdk/metric v1.40.0 h1:mtmdVqgQkeRxHgRv4qhyJduP3fYJRMX4AtAlbuWdCYw=
+go.opentelemetry.io/otel/sdk/metric v1.40.0/go.mod h1:4Z2bGMf0KSK3uRjlczMOeMhKU2rhUqdWNoKcYrtcBPg=
+go.opentelemetry.io/otel/trace v1.40.0 h1:WA4etStDttCSYuhwvEa8OP8I5EWu24lkOzp+ZYblVjw=
+go.opentelemetry.io/otel/trace v1.40.0/go.mod h1:zeAhriXecNGP/s2SEG3+Y8X9ujcJOTqQ5RgdEJcawiA=
+go.opentelemetry.io/proto/otlp v1.9.0 h1:l706jCMITVouPOqEnii2fIAuO3IVGBRPV5ICjceRb/A=
+go.opentelemetry.io/proto/otlp v1.9.0/go.mod h1:xE+Cx5E/eEHw+ISFkwPLwCZefwVjY+pqKg1qcK03+/4=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
 go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
 go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
-go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
-go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
+go.uber.org/zap v1.27.1 h1:08RqriUEv8+ArZRYSTXy1LeBScaMpVSTBhCeaZYfMYc=
+go.uber.org/zap v1.27.1/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI=
 go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU=
 go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
@@ -162,18 +174,18 @@ go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
-golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk=
-golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc=
+golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
+golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
-golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
+golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo=
+golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
-golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
+golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=
+golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -182,8 +194,8 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
-golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k=
+golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
@@ -191,24 +203,24 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
-golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
+golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk=
+golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
-golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ=
-golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ=
+golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
+golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk=
 gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E=
-google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5 h1:BIRfGDEjiHRrk0QKZe3Xv2ieMhtgRGeLcZQ0mIVn4EY=
-google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5/go.mod h1:j3QtIyytwqGr1JUDtYXwtMXWPKsEa5LtzIFN1Wn5WvE=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250825161204-c5933d9347a5 h1:eaY8u2EuxbRv7c3NiGK0/NedzVsCcV6hDuU5qPX5EGE=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20250825161204-c5933d9347a5/go.mod h1:M4/wBTSeyLxupu3W3tJtOgB14jILAS/XWPSSa3TAlJc=
-google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A=
-google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c=
-google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
-google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
+google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409 h1:merA0rdPeUV3YIIfHHcH4qBkiQAc1nfCKSI7lB4cV2M=
+google.golang.org/genproto/googleapis/api v0.0.0-20260128011058-8636f8732409/go.mod h1:fl8J1IvUjCilwZzQowmw2b7HQB2eAuYBabMXzWurF+I=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409 h1:H86B94AW+VfJWDqFeEbBPhEtHzJwJfTbgE2lZa54ZAQ=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20260128011058-8636f8732409/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ=
+google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE=
+google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ=
+google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE=
+google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
--- a/kustomize/deployment.yaml
+++ b/kustomize/deployment.yaml
@@ -23,7 +23,7 @@ spec:
    spec:
      containers:
      - name: podinfod
-        image: ghcr.io/stefanprodan/podinfo:6.9.3
+        image: ghcr.io/stefanprodan/podinfo:6.11.2
        imagePullPolicy: IfNotPresent
        ports:
        - name: http
--- a/otel/README.md
+++ b/otel/README.md
@@ -1,27 +1,34 @@
-# Tracing Demo
+# Tracing & Logging Demo

 The directory contains sample [OpenTelemetry Collector](https://github.com/open-telemetry/opentelemetry-collector)
-and [Jaeger](https://www.jaegertracing.io) configurations for a tracing demo.
+and [Jaeger](https://www.jaegertracing.io) / [Loki](https://grafana.com/oss/loki/) configurations for a tracing and logging demo.

 ## Configuration

-The provided [docker-compose.yaml](docker-compose.yaml) sets up 4 Containers
+The provided [docker-compose.yaml](docker-compose.yaml) sets up 6 containers:

 1. PodInfo Frontend on port 9898
 2. PodInfo Backend on port 9899
 3. OpenTelemetry Collector listening on port 4317 for GRPC
-4. Jaeger all-in-one listening on multiple ports
+4. Jaeger all-in-one with UI on port 16686
+5. Loki on port 3100
+6. Grafana on port 3000

 ## How does it work?

-The frontend pods are configured to call onto the backend pods. Both the podinfo
-pods are configured to send traces over to the collector at port 4317 using GRPC.
-The collector forwards all received spans to Jaeger over port 14250 and Jaeger
-exposes a UI over port `16686`.
+The frontend pod is configured to call the backend pod. Both podinfo pods send traces
+and logs to the collector at port 4317 using OTLP gRPC.
+
+The collector forwards:
+- **Traces** to Jaeger via OTLP gRPC on port 4317
+- **Logs** to Loki via OTLP HTTP on port 3100
+
+Jaeger exposes its UI on port `16686`. Grafana exposes its UI on port `3000` and is
+pre-configured with both Jaeger and Loki as datasources.

 ## Running it locally

-1. Start all the Containers
+1. Start all the containers
 ```shell
 make run
 ```
@@ -30,8 +37,9 @@ make run
 curl -v http://localhost:9898/status/200
 curl -X POST -v http://localhost:9898/api/echo
 ```
-3. Visit `http://localhost:16686/` to see the spans
-4. Stop all the containers
+3. Visit `http://localhost:16686/` to see traces in Jaeger
+4. Visit `http://localhost:3000/` to explore logs in Grafana (Explore → Loki) and traces (Explore → Jaeger)
+5. Stop all the containers
 ```shell
 make stop
 ```
--- a/otel/docker-compose.yaml
+++ b/otel/docker-compose.yaml
@@ -5,31 +5,38 @@ services:
    build: ..
    command: ./podinfo --backend-url http://podinfo_backend:9899/status/200 --otel-service-name=podinfo_frontend
    environment:
-      - OTEL_EXPORTER_OTLP_TRACES_ENDPOINT=http://otel:4317
+      - OTEL_EXPORTER_OTLP_ENDPOINT=http://otel:4317
    ports:
      - "9898:9898"
  podinfo_backend:
    build: ..
    command: ./podinfo --port 9899 --otel-service-name=podinfo_backend
    environment:
-      - OTEL_EXPORTER_OTLP_TRACES_ENDPOINT=http://otel:4317
+      - OTEL_EXPORTER_OTLP_ENDPOINT=http://otel:4317
    ports:
      - "9899:9899"
  otel:
    command: --config otel-config.yaml
-    image: otel/opentelemetry-collector:0.41.0
+    image: otel/opentelemetry-collector-contrib:0.116.1
    ports:
      - "4317:4317"
    volumes:
      - ${PWD}/otel-config.yaml:/otel-config.yaml
-  jaeger:
-    image: jaegertracing/all-in-one:1.29.0
+  loki:
+    image: grafana/loki:3.0.0
+    ports:
+      - "3100:3100"
+    command: -config.file=/etc/loki/local-config.yaml
+  grafana:
+    image: grafana/grafana:10.4.0
+    ports:
+      - "3000:3000"
+    environment:
+      - GF_AUTH_ANONYMOUS_ENABLED=true
+      - GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
+    volumes:
+      - ${PWD}/grafana-datasources.yaml:/etc/grafana/provisioning/datasources/datasources.yaml
+  jaeger:
+    image: jaegertracing/all-in-one:1.57.0
    ports:
-      - "5775:5775/udp"
-      - "6831:6831/udp"
-      - "6832:6832/udp"
-      - "5778:5778"
      - "16686:16686"
-      - "14268:14268"
-      - "14250:14250"
-      - "9411:9411"
--- a/otel/grafana-datasources.yaml
+++ b/otel/grafana-datasources.yaml
@@ -0,0 +1,10 @@
+apiVersion: 1
+
+datasources:
+  - name: Loki
+    type: loki
+    url: http://loki:3100
+    isDefault: true
+  - name: Jaeger
+    type: jaeger
+    url: http://jaeger:16686
--- a/otel/otel-config.yaml
+++ b/otel/otel-config.yaml
@@ -2,15 +2,18 @@ receivers:
  otlp:
    protocols:
      grpc:
+        endpoint: 0.0.0.0:4317
      http:

 processors:

 exporters:
-  jaeger:
-    endpoint: jaeger:14250
+  otlp/jaeger:
+    endpoint: jaeger:4317
    tls:
      insecure: true
+  otlphttp/loki:
+    endpoint: http://loki:3100/otlp

 extensions:
  health_check:
@@ -23,4 +26,8 @@ service:
    traces:
      receivers: [otlp]
      processors: []
-      exporters: [jaeger]
+      exporters: [otlp/jaeger]
+    logs:
+      receivers: [otlp]
+      processors: []
+      exporters: [otlphttp/loki]
--- a/pkg/api/http/store.go
+++ b/pkg/api/http/store.go
@@ -7,11 +7,14 @@ import (
 	"net/http"
 	"os"
 	"path"
+	"regexp"

 	"github.com/gorilla/mux"
 	"go.uber.org/zap"
 )

+var validHash = regexp.MustCompile(`^[a-f0-9]{40}$`)
+
 // Store godoc
 // @Summary Upload file
 // @Description writes the posted content to disk at /data/hash and returns the SHA1 hash of the content
@@ -54,12 +57,19 @@ func (s *Server) storeReadHandler(w http.ResponseWriter, r *http.Request) {
 	defer span.End()

 	hash := mux.Vars(r)["hash"]
+	if !validHash.MatchString(hash) {
+		s.ErrorResponse(w, r, span, "invalid hash", http.StatusBadRequest)
+		return
+	}
 	content, err := os.ReadFile(path.Join(s.config.DataPath, hash))
 	if err != nil {
 		s.logger.Warn("reading file failed", zap.Error(err), zap.String("file", path.Join(s.config.DataPath, hash)))
 		s.ErrorResponse(w, r, span, "reading file failed", http.StatusInternalServerError)
 		return
 	}
+	w.Header().Set("Content-Type", "application/octet-stream")
+	w.Header().Set("X-Content-Type-Options", "nosniff")
+	w.Header().Set("Content-Security-Policy", "default-src 'none'")
 	w.WriteHeader(http.StatusAccepted)
 	w.Write([]byte(content))
 }
--- a/pkg/api/http/store_test.go
+++ b/pkg/api/http/store_test.go
@@ -0,0 +1,82 @@
+package http
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"strings"
+	"testing"
+
+	"github.com/gorilla/mux"
+)
+
+func TestStoreReadHandler_ContentType(t *testing.T) {
+	dataDir := t.TempDir()
+	srv := NewMockServer()
+	srv.config.DataPath = dataDir
+
+	// Write an HTML payload to the store.
+	writeReq, err := http.NewRequest("POST", "/store", strings.NewReader("<html><script>alert(1)</script></html>"))
+	if err != nil {
+		t.Fatal(err)
+	}
+	writeRR := httptest.NewRecorder()
+	http.HandlerFunc(srv.storeWriteHandler).ServeHTTP(writeRR, writeReq)
+
+	if writeRR.Code != http.StatusAccepted {
+		t.Fatalf("store write returned status %d, want %d", writeRR.Code, http.StatusAccepted)
+	}
+
+	// Read it back and verify Content-Type is application/octet-stream, not text/html.
+	hash := hash("<html><script>alert(1)</script></html>")
+	readReq, err := http.NewRequest("GET", "/store/"+hash, nil)
+	if err != nil {
+		t.Fatal(err)
+	}
+	readReq = mux.SetURLVars(readReq, map[string]string{"hash": hash})
+
+	readRR := httptest.NewRecorder()
+	http.HandlerFunc(srv.storeReadHandler).ServeHTTP(readRR, readReq)
+
+	if readRR.Code != http.StatusAccepted {
+		t.Fatalf("store read returned status %d, want %d", readRR.Code, http.StatusAccepted)
+	}
+
+	expectedHeaders := map[string]string{
+		"Content-Type":            "application/octet-stream",
+		"X-Content-Type-Options":  "nosniff",
+		"Content-Security-Policy": "default-src 'none'",
+	}
+	for header, want := range expectedHeaders {
+		if got := readRR.Header().Get(header); got != want {
+			t.Errorf("%s = %q, want %q", header, got, want)
+		}
+	}
+}
+
+func TestStoreReadHandler_PathTraversal(t *testing.T) {
+	srv := NewMockServer()
+	srv.config.DataPath = t.TempDir()
+
+	traversalPaths := []string{
+		"../../../../etc/passwd",
+		"../../../etc/shadow",
+		"..%2f..%2f..%2fetc%2fpasswd",
+		"abc123",
+		"zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzg", // 40 chars but not hex
+	}
+
+	for _, tp := range traversalPaths {
+		req, err := http.NewRequest("GET", "/store/"+tp, nil)
+		if err != nil {
+			t.Fatal(err)
+		}
+		req = mux.SetURLVars(req, map[string]string{"hash": tp})
+
+		rr := httptest.NewRecorder()
+		http.HandlerFunc(srv.storeReadHandler).ServeHTTP(rr, req)
+
+		if !strings.Contains(rr.Body.String(), "invalid hash") {
+			t.Errorf("path %q: expected 'invalid hash' error, got %q", tp, rr.Body.String())
+		}
+	}
+}
--- a/pkg/signals/shutdown.go
+++ b/pkg/signals/shutdown.go
@@ -8,6 +8,7 @@ import (

 	"github.com/gomodule/redigo/redis"
 	"github.com/spf13/viper"
+	sdklog "go.opentelemetry.io/otel/sdk/log"
 	sdktrace "go.opentelemetry.io/otel/sdk/trace"
 	"go.uber.org/zap"
 	"google.golang.org/grpc"
@@ -17,9 +18,14 @@ type Shutdown struct {
 	logger                *zap.Logger
 	pool                  *redis.Pool
 	tracerProvider        *sdktrace.TracerProvider
+	loggerProvider        *sdklog.LoggerProvider
 	serverShutdownTimeout time.Duration
 }

+func (s *Shutdown) SetLoggerProvider(lp *sdklog.LoggerProvider) {
+	s.loggerProvider = lp
+}
+
 func NewShutdown(serverShutdownTimeout time.Duration, logger *zap.Logger) (*Shutdown, error) {
 	srv := &Shutdown{
 		logger:                logger,
@@ -62,6 +68,13 @@ func (s *Shutdown) Graceful(stopCh <-chan struct{}, httpServer *http.Server, htt
 		}
 	}

+	// stop OpenTelemetry logger provider
+	if s.loggerProvider != nil {
+		if err := s.loggerProvider.Shutdown(ctx); err != nil {
+			s.logger.Warn("stopping logger provider", zap.Error(err))
+		}
+	}
+
 	// determine if the GRPC was started
 	if grpcServer != nil {
 		s.logger.Info("Shutting down GRPC server", zap.Duration("timeout", s.serverShutdownTimeout))
--- a/pkg/version/version.go
+++ b/pkg/version/version.go
@@ -1,4 +1,4 @@
 package version

-var VERSION = "6.9.3"
+var VERSION = "6.11.2"
 var REVISION = "unknown"
--- a/test/deploy.sh
+++ b/test/deploy.sh
@@ -26,4 +26,5 @@ helm upgrade --install podinfo ./charts/podinfo \
    --set certificate.create=true \
    --set hpa.enabled=true \
    --set hpa.cpu=95 \
+    --set hooks.postInstall.job.enabled=true \
    --namespace=default
--- a/timoni/podinfo/values.cue
+++ b/timoni/podinfo/values.cue
@@ -9,7 +9,7 @@ package main
 values: {
 	image: {
 		repository: "ghcr.io/stefanprodan/podinfo"
-		tag:        "6.9.3"
+		tag:        "6.11.2"
 		digest:     ""
 	}
 	test: image: {
Author	SHA1	Message	Date
Stefan Prodan	b501abd1f0	Merge pull request #470 from stefanprodan/release-6.11.2 Release 6.11.2	2026-03-31 22:52:14 +03:00
Stefan Prodan	e0a79a4ddd	Release 6.11.2 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-03-31 22:47:19 +03:00
Stefan Prodan	be8baac695	Merge pull request #468 from stefanprodan/dependabot/github_actions/actions-6b017b3799 build(deps): bump the actions group across 1 directory with 4 updates	2026-03-31 22:36:36 +03:00
dependabot[bot]	f539517440	build(deps): bump the actions group across 1 directory with 4 updates Bumps the actions group with 4 updates in the / directory: [azure/setup-helm](https://github.com/azure/setup-helm), [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer), [fluxcd/flux2](https://github.com/fluxcd/flux2) and [azure/setup-kubectl](https://github.com/azure/setup-kubectl). Updates `azure/setup-helm` from 4 to 5 - [Release notes](https://github.com/azure/setup-helm/releases) - [Changelog](https://github.com/Azure/setup-helm/blob/main/CHANGELOG.md) - [Commits](https://github.com/azure/setup-helm/compare/v4...v5) Updates `sigstore/cosign-installer` from 4.0.0 to 4.1.1 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/v4.0.0...v4.1.1) Updates `fluxcd/flux2` from 2.8.1 to 2.8.3 - [Release notes](https://github.com/fluxcd/flux2/releases) - [Commits](https://github.com/fluxcd/flux2/compare/v2.8.1...v2.8.3) Updates `azure/setup-kubectl` from 4 to 5 - [Release notes](https://github.com/azure/setup-kubectl/releases) - [Changelog](https://github.com/Azure/setup-kubectl/blob/main/CHANGELOG.md) - [Commits](https://github.com/azure/setup-kubectl/compare/v4...v5) --- updated-dependencies: - dependency-name: azure/setup-helm dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: sigstore/cosign-installer dependency-version: 4.1.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: fluxcd/flux2 dependency-version: 2.8.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: azure/setup-kubectl dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-31 19:32:43 +00:00
Stefan Prodan	01219a196e	Merge pull request #469 from stefanprodan/pin-actions ci: Pin actions and enable release attentions	2026-03-31 22:30:33 +03:00
Stefan Prodan	b9acae4064	ci: Pin actions and enable release attentions Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-03-31 22:27:07 +03:00
Stefan Prodan	64a8da1836	Merge pull request #467 from stefanprodan/dependabot/go_modules/google.golang.org/grpc-1.79.3 build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3	2026-03-31 19:08:11 +03:00
dependabot[bot]	420d0db8bf	build(deps): bump google.golang.org/grpc from 1.79.1 to 1.79.3 Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.79.1 to 1.79.3. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.79.1...v1.79.3) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.79.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-19 02:41:57 +00:00
Stefan Prodan	6b67f2bdd6	Merge pull request #454 from hansbogert/master feat: add otlp logging support	2026-03-17 09:22:56 +02:00
Hans van den Bogert	095b1cd251	feat: add otlp logging support - Adds a loggerprovider based on otlp logger - In demo directory of oltp: - Added grafana for unified view of both traces and logs - tracing now uses oltp from the collector to the jaeger instance Signed-off-by: Hans van den Bogert <hansbogert@gmail.com>	2026-03-14 22:38:14 +01:00
Stefan Prodan	0a27dbe40c	Merge pull request #465 from stefanprodan/release-6.11.1 Release 6.11.1	2026-03-14 15:27:35 +02:00
Stefan Prodan	2da74a4ec2	Release 6.11.1 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-03-14 15:18:19 +02:00
Stefan Prodan	c7ffdba3bd	Merge pull request #461 from stefanprodan/dependabot/github_actions/actions-1590fac0fc build(deps): bump the actions group with 5 updates	2026-03-14 15:10:39 +02:00
Stefan Prodan	06f7cd3777	Merge pull request #464 from stefanprodan/fix-store-path-traversal Fix path traversal in `/store` endpoint	2026-03-14 15:08:52 +02:00
Stefan Prodan	620b9b7e2c	Fix path traversal in /store endpoint Validate that the hash URL parameter matches the expected SHA1 hex format (40 lowercase hex characters) before using it in file path operations. Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-03-14 15:02:25 +02:00
Stefan Prodan	83deb7fcb7	Merge pull request #463 from stefanprodan/fix-CVE-2025-70849 Fix XSS in `/store` endpoint (CVE-2025-70849)	2026-03-14 14:58:53 +02:00
Stefan Prodan	550ee9f7b9	Fix stored XSS in /store endpoint (CVE-2025-70849) Set Content-Type to application/octet-stream in storeReadHandler to prevent Go's content sniffing from serving HTML payloads as text/html. Add X-Content-Type-Options: nosniff to prevent browsers from overriding Content-Type via MIME sniffing, and Content-Security-Policy: default-src 'none' to block script execution as defense-in-depth. Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-03-14 14:40:55 +02:00
dependabot[bot]	dd185df435	build(deps): bump the actions group with 5 updates Bumps the actions group with 5 updates: \| Package \| From \| To \| \| --- \| --- \| --- \| \| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) \| `3` \| `4` \| \| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) \| `3` \| `4` \| \| [docker/login-action](https://github.com/docker/login-action) \| `3` \| `4` \| \| [docker/metadata-action](https://github.com/docker/metadata-action) \| `5` \| `6` \| \| [docker/build-push-action](https://github.com/docker/build-push-action) \| `6` \| `7` \| Updates `docker/setup-qemu-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/v3...v4) Updates `docker/setup-buildx-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4) Updates `docker/login-action` from 3 to 4 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3...v4) Updates `docker/metadata-action` from 5 to 6 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/v5...v6) Updates `docker/build-push-action` from 6 to 7 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6...v7) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/metadata-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-09 06:46:46 +00:00
Stefan Prodan	07a524ba01	Merge pull request #460 from stefanprodan/release-6.11.0 Release 6.11.0	2026-03-06 19:50:57 +00:00
Stefan Prodan	5d97df9c89	Release 6.11.0 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-03-06 21:43:50 +02:00
Stefan Prodan	a8cadef09b	Merge pull request #459 from stefanprodan/cosign-v3 Sign release artifacts with cosign v3	2026-03-06 19:32:20 +00:00
Stefan Prodan	32f6e3d8c9	Sign release artifacts with cosign v3 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-03-06 21:31:06 +02:00
Stefan Prodan	77dc46241d	Merge pull request #458 from matheuscscp/grpcroute Introduce GRPCRoute in the Helm chart	2026-03-06 19:23:43 +00:00
Matheus Pimenta	3a31e973c0	Introduce GRPCRoute in the Helm chart Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>	2026-03-06 03:44:28 +00:00
Stefan Prodan	e15511a92d	Merge pull request #456 from matheuscscp/check-grpc-tls Introduce `--tls` flag for command `check grpc`	2026-03-03 08:36:06 +02:00
Matheus Pimenta	4656ca0517	Introduce --tls flag for command check grpc Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>	2026-03-03 03:02:20 +00:00
Stefan Prodan	1f66430364	Merge pull request #455 from matheuscscp/ws-check Introduce podcli check ws command	2026-03-02 20:46:52 +02:00
Matheus Pimenta	117533e329	Introduce podcli check ws command Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>	2026-03-02 17:38:35 +00:00
Stefan Prodan	29827dd944	Merge pull request #453 from stefanprodan/release-6.10.2 Release 6.10.2	2026-03-01 10:22:42 +02:00
Stefan Prodan	9525259938	Release 6.10.2 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-03-01 10:17:39 +02:00
Stefan Prodan	a53ddbcffc	Merge pull request #452 from stefanprodan/go-1.26 Build with Go 1.26	2026-03-01 10:15:35 +02:00
Stefan Prodan	e3c8277e58	Update redis to 8.6.1 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-03-01 10:10:08 +02:00
Stefan Prodan	420b2f64b8	Build with Go 1.26 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-03-01 10:05:27 +02:00
Stefan Prodan	0a93807324	Merge pull request #450 from stefanprodan/dependabot/github_actions/actions-9753a9b660 build(deps): bump the actions group with 2 updates	2026-03-01 09:56:59 +02:00
dependabot[bot]	d73d94eec9	build(deps): bump the actions group with 2 updates Bumps the actions group with 2 updates: [helm/kind-action](https://github.com/helm/kind-action) and [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action). Updates `helm/kind-action` from 1.13.0 to 1.14.0 - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/v1.13.0...v1.14.0) Updates `goreleaser/goreleaser-action` from 6 to 7 - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/v6...v7) --- updated-dependencies: - dependency-name: helm/kind-action dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: goreleaser/goreleaser-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>	2026-02-23 06:56:00 +00:00
Stefan Prodan	a723c9447d	Merge pull request #449 from stefanprodan/release-6.10.1 Some checks failed e2e / kind-timoni (push) Failing after 6s e2e / kind-helm (push) Failing after 1m57s test / test (push) Failing after 5m47s cve-scan / govulncheck (push) Successful in 12m37s Release v6.10.1	2026-02-03 17:46:37 +02:00
Stefan Prodan	eca2d3a1d9	Release v6.10.1 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-02-03 17:42:33 +02:00
Stefan Prodan	2dfda568b2	Merge pull request #448 from matheuscscp/job-ttl chart: introduce configurable Job hook	2026-02-03 17:39:43 +02:00
Matheus Pimenta	4d7604ab63	chart: introduce configurable Job hook Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>	2026-02-03 15:27:53 +00:00
Stefan Prodan	f3c2e57a6f	Merge pull request #447 from stefanprodan/release-6.10.0 Some checks failed e2e / kind-helm (push) Failing after 2m23s e2e / kind-timoni (push) Failing after 11s test / test (push) Failing after 23s cve-scan / govulncheck (push) Successful in 12m20s Release v6.10.0	2026-02-01 12:34:49 +02:00
Stefan Prodan	8bded1ba80	Release v6.10.0 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-02-01 12:30:00 +02:00
Stefan Prodan	da120efc04	Merge pull request #446 from stefanprodan/helm-remove-linkerd helm: remove linkerd profile	2026-02-01 12:27:17 +02:00
Stefan Prodan	ea672716dd	helm: remove linkerd profile Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-02-01 12:22:40 +02:00
Stefan Prodan	47742372b9	Merge pull request #441 from darox/add-external-traffic-policy helm: add externalTrafficPolicy value	2026-02-01 12:13:50 +02:00
Stefan Prodan	30be5f5b6a	Merge pull request #445 from stefanprodan/update-go-deps Update dependencies	2026-02-01 12:12:22 +02:00
Stefan Prodan	4fb3be1de0	Update dependencies Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-02-01 12:08:25 +02:00
Stefan Prodan	d532cc2a24	Merge pull request #444 from stefanprodan/deploy-database-demo Add database deployment demo	2026-02-01 11:56:08 +02:00
Stefan Prodan	f1eb631ac9	Add database deployment demo Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2026-02-01 11:45:23 +02:00
darox	03172452ee	service: add externalTrafficPolicy value Signed-off-by: darox <maderdario@gmail.com>	2025-12-22 14:26:32 +01:00
Stefan Prodan	b6b680fe50	Merge pull request #439 from stefanprodan/release-6.9.4 Some checks failed cve-scan / govulncheck (push) Successful in 12m0s e2e / kind-helm (push) Failing after 1m13s e2e / kind-timoni (push) Failing after 7s test / test (push) Failing after 5m32s Release 6.9.4	2025-12-07 20:02:41 +00:00
Stefan Prodan	e51374c0ec	Release 6.9.4 Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2025-12-07 21:58:53 +02:00
Stefan Prodan	80b5bf5495	Merge pull request #438 from stefanprodan/fix-httproute helm: Add namespace to HTTPRoute	2025-12-07 19:52:57 +00:00
Stefan Prodan	f53a3109cf	helm: Add namespace to HTTPRoute Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2025-12-07 21:46:51 +02:00
Stefan Prodan	11b7ac4319	Merge pull request #436 from stefanprodan/dependabot/github_actions/actions-27fc00b90e build(deps): bump fluxcd/flux2 from 2.7.4 to 2.7.5 in the actions group	2025-12-07 19:45:44 +00:00
Stefan Prodan	396a56493b	Merge pull request #424 from darox/helm-add-trafficDistribution helm: add trafficDistribution to service spec	2025-12-07 19:43:18 +00:00
darox	4991d2e6d0	helm: add trafficDistribution and additionalLabels to service config This commit adds the trafficDistribution and additionalLabels parameters to the Helm chart's service configuration. Signed-off-by: darox <maderdario@gmail.com>	2025-12-04 08:57:50 +01:00
dependabot[bot]	c0669703ab	build(deps): bump fluxcd/flux2 from 2.7.4 to 2.7.5 in the actions group Bumps the actions group with 1 update: [fluxcd/flux2](https://github.com/fluxcd/flux2). Updates `fluxcd/flux2` from 2.7.4 to 2.7.5 - [Release notes](https://github.com/fluxcd/flux2/releases) - [Commits](https://github.com/fluxcd/flux2/compare/v2.7.4...v2.7.5) --- updated-dependencies: - dependency-name: fluxcd/flux2 dependency-version: 2.7.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>	2025-12-01 06:51:24 +00:00
Stefan Prodan	0f360bb788	Merge pull request #434 from stefanprodan/gha-disk-cleanup Some checks failed cve-scan / govulncheck (push) Successful in 11m52s e2e / kind-helm (push) Failing after 1m21s e2e / kind-timoni (push) Failing after 11s test / test (push) Failing after 5m30s ci: Free disk space on Ubuntu runners	2025-11-28 16:18:18 +02:00
Stefan Prodan	d7fee06b63	ci: Free disk space on Ubuntu runners Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2025-11-28 16:12:49 +02:00
Stefan Prodan	4f64661bff	Merge pull request #433 from stefanprodan/dependabot/github_actions/actions-42767b8147 Some checks failed cve-scan / govulncheck (push) Successful in 11m41s e2e / kind-helm (push) Failing after 57s e2e / kind-timoni (push) Failing after 7s test / test (push) Failing after 5m14s build(deps): bump the actions group across 1 directory with 2 updates	2025-11-26 11:32:14 +02:00
dependabot[bot]	1318ba1bd1	build(deps): bump the actions group across 1 directory with 2 updates Bumps the actions group with 2 updates in the / directory: [actions/checkout](https://github.com/actions/checkout) and [fluxcd/flux2](https://github.com/fluxcd/flux2). Updates `actions/checkout` from 5 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) Updates `fluxcd/flux2` from 2.7.3 to 2.7.4 - [Release notes](https://github.com/fluxcd/flux2/releases) - [Changelog](https://github.com/fluxcd/flux2/blob/main/.goreleaser.yml) - [Commits](https://github.com/fluxcd/flux2/compare/v2.7.3...v2.7.4) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: fluxcd/flux2 dependency-version: 2.7.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>	2025-11-26 09:14:41 +00:00
Stefan Prodan	1267688401	Merge pull request #432 from stefanprodan/cosign-v2.6.1 ci: Pin cosign to v2.6.1 (Flux compat)	2025-11-26 11:12:51 +02:00
Stefan Prodan	3ed50e4d85	ci: Pin cosign to v2.6.1 (Flux compat) Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>	2025-11-26 10:27:12 +02:00