Refactor to alpine

Alpine-Readme.md

@@ -0,0 +1,24 @@
+# httpbin with compact alpine container
+
+The goal is:
+
+- compact secure container based on alpine linux
+- runnable in kubernetes / OpenShift / OKD in a secure and scalable fashion
+- multi architecture container (at least linux/amd64 and linux/arm64: means modern Intel, modern raspis and modern Macs with Mx processor)
+
+## build
+
+We are building the containers with podman (podman-desktop under MacOS or Windows):
+
+```shell
+podman build --manifest quay.io/pflaeging/httpbin:0.9.2-alpine --rm --no-cache --platform linux/amd64 --platform linux/arm64 -f Dockerfile.alpine .
+podman manifest push quay.io/pflaeging/httpbin:0.9.2-alpine docker://quay.io/pflaeging/httpbin:0.9.2-alpine --rm
+```
+
+ (please replace the `quay.io/pflaeging` part with your own registry place)
+
+## Kubernetes rollout
+
+The application is fully compatible with Kubernetes / OpenShift4 / OKD4.
+
+Example objects are in the folder [./kubernetes/](./kubernetes/).

Dockerfile.alpine

@@ -0,0 +1,38 @@
+## Just the builder
+FROM alpine:latest as builder
+
+RUN apk add --no-cache git gcc libc-dev libffi-dev build-base python3 py3-pip py3-wheel python3-dev \
+    && pip install --no-cache-dir pipenv gunicorn
+
+ADD Pipfile Pipfile.lock /opt/httpbin/
+WORKDIR /opt/httpbin
+RUN /bin/sh -c "pip3 install --no-cache-dir -r <(pipenv lock -r)"
+
+ADD . /httpbin
+RUN pip3 install --no-cache-dir /httpbin
+
+## Here comes the real container
+##
+##
+FROM alpine:latest
+
+LABEL name="httpbin"
+LABEL version="0.9.2"
+LABEL description="A simple HTTP service."
+LABEL org.kennethreitz.vendor="Kenneth Reitz"
+
+ENV LC_ALL=C.UTF-8
+ENV LANG=C.UTF-8
+
+WORKDIR /opt/httpbin
+
+RUN apk add --no-cache python3  py3-pip\
+    && pip install --no-cache-dir gunicorn
+
+COPY --from=builder /opt/httpbin /opt/
+COPY --from=builder /usr/lib/python3.10/site-packages/ /usr/lib/python3.10/site-packages/
+
+
+EXPOSE 8080
+
+CMD ["gunicorn", "-b", "0.0.0.0:8080", "httpbin:app", "-k", "gevent"]

Pipfile

@@ -1,12 +1,11 @@
 [[source]]
 url = "https://pypi.python.org/simple"
 verify_ssl = true
+name = "pypi"
 
 [packages]
 gunicorn = "*"
 decorator = "*"
-brotlipy = "*"
-gevent = "*"
 Flask = "*"
 meinheld = "*"
 werkzeug = ">=0.14.1"

httpbin/core.py

@@ -29,7 +29,10 @@
 from six.moves import range as xrange
 from werkzeug.datastructures import WWWAuthenticate, MultiDict
 from werkzeug.http import http_date
-from werkzeug.wrappers import BaseResponse
+try:
+  from werkzeug.wrappers import BaseResponse as WzResponse
+except ImportError:
+  from werkzeug.wrappers import Response as WzResponse
 from werkzeug.http import parse_authorization_header
 from flasgger import Swagger, NO_SANITIZER
 
@@ -77,7 +80,7 @@ def jsonify(*args, **kwargs):
 
 
 # Prevent WSGI from correcting the casing of the Location header
-BaseResponse.autocorrect_location_header = False
+WzResponse.autocorrect_location_header = False
 
 # Find the correct template folder when running from a different location
 tmpl_dir = os.path.join(os.path.dirname(os.path.abspath(__file__)), "templates")

kubernetes/deployment.yaml

@@ -0,0 +1,36 @@
+kind: Deployment
+apiVersion: apps/v1
+metadata:
+  name: httpbin
+spec:
+  replicas: 3
+  selector:
+    matchLabels:
+      app: httpbin
+  template:
+    metadata:
+      labels:
+        app: httpbin
+    spec:
+      containers:
+        - name: container
+          image: quay.io/pflaeging/httpbin:0.9.2-alpine
+          ports:
+            - containerPort: 8080
+              protocol: TCP
+          resources: {}
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          imagePullPolicy: IfNotPresent
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
+      dnsPolicy: ClusterFirst
+      securityContext: {}
+      schedulerName: default-scheduler
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 25%
+      maxSurge: 25%
+  revisionHistoryLimit: 10
+  progressDeadlineSeconds: 600

kubernetes/ingress.yaml

@@ -0,0 +1,16 @@
+kind: Ingress
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: httpbin
+spec:
+  rules:
+    - host: httpbin.mysupercluster.net
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: httpbin
+                port:
+                  number: 8080

kubernetes/service.yaml

@@ -0,0 +1,11 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: httpbin
+spec:
+  ports:
+    - protocol: TCP
+      port: 8080
+      targetPort: 8080
+  selector:
+    app: httpbin