feat(api)!: introduce new version of APIs

.envrc

@@ -1,2 +1,2 @@
 use flake
-export IN_NIX_SHELL="arnal#chaos-monkey"
+export IN_NIX_SHELL="chaos-monkey"

Dockerfile

@@ -13,6 +13,7 @@ RUN apk add --no-cache gcc musl-dev make && make
 FROM alpine:3
 
 EXPOSE 9000
+EXPOSE 9443
 
 # hadolint ignore=DL3018
 RUN \
@@ -24,4 +25,8 @@ COPY --from=builder /build/bin/chaos-monkey /usr/bin/chaos-monkey
 WORKDIR /home/chaosmonkey
 USER chaosmonkey
 
+# Copy the certificates over
+COPY --chown=chaosmonkey:users ./certs/chaos-monkey.chaosmonkey.svc.crt ./main.crt
+COPY --chown=chaosmonkey:users ./certs/chaos-monkey.chaosmonkey.svc.key ./main.key
+
 CMD ["chaos-monkey"]

README.md

@@ -1,58 +1,52 @@
+# Chaos Monkey
+
 <div align="center">
-  <img src="./assets/cm-nobg.png" width="300px">
+  <img src="./assets/cm-nobg.png" width="400px" />
 </div>
 
-# Chaos Monkey
-This small project written using [Golang](https://go.dev) implements the ideas of the
-[Netflix's Chaos Monkey](https://netflix.github.io/chaosmonkey/) natively for
-[Kubernetes](https://kubernetes.io) clusters.
+[Golang](https://go.dev) implementation of the ideas of [Netflix's Chaos Monkey](https://netflix.github.io/chaosmonkey/) natively for [Kubernetes](https://kubernetes.io) clusters.
 
-For this small project I have decided not to use the official
-[Operator Framework for Golang](https://sdk.operatorframework.io/docs/building-operators/golang/tutorial/),
+For this small project I have decided not to use the official [Operator Framework for Golang](https://sdk.operatorframework.io/docs/building-operators/golang/tutorial/),
 mainly because I wanted to familiarize with the core concepts of CRDs and Watchers with Golang
 before adventuring further. In the future I might want to migrate to using the Operator Framework.
 
 ## Architecture
 The architecture of the Chaos Monkey is fairly simple and all fits in a single Pod.
-As you can imagine, we rely heavily on
-[Kubernetes' API](https://kubernetes.io/docs/reference/using-api/api-concepts/) to react
-based on what happens inside the cluster.
+As you can imagine, we rely heavily on [Kubernetes' API](https://kubernetes.io/docs/reference/using-api/api-concepts/) to react based on what happens inside the cluster.
 
 Four main components are part of the current architecture.
 
 <div align="center">
-  <img src="./assets/cm-architecture.png" width="600px">
+  <img src="./assets/cm-architecture.png" width="600px" />
 </div>
 
 ### Namespace Watcher
 The code for the `NamespaceWatcher` can be found [here](./internal/watcher/namespace.go).
+
 Its role is to constantly monitor the changes in the Namespaces of the cluster, and start
 the CRD Watchers for those Namespaces. We start the watch by passing `ResourceVersion: ""`
 to the Kubernetes API, which means that the first events we receive are synthetic events
 (`ADD`) to help us rebuild the current state of the cluster. After that, we react to both
 the `ADDED` and the `DELETED` events accordingly.
 
-Basically, it spawns a new [goroutine](https://go.dev/tour/concurrency/1) with a
-[CRD Watcher](#crd-watcher) every time a new namespace is detected and it stops the
-corresponding goroutine when a namespace is deleted.
+Basically, it spawns a new [goroutine](https://go.dev/tour/concurrency/1) with a [CRD Watcher](#crd-watcher) every time a new namespace is
+detected and it stops the corresponding goroutine when a namespace is deleted.
+
+The Namespace can be [configured](#configuration) to either monitor all namespaces by default (with an
+opt-out strategy) or to monitor only the namespaces which contain the label
+`cm.massix.github.io/namespace="true"`.
 
-The Namespace can be [configured](#configuration) to either monitor all namespaces by
-default (with an opt-out strategy) or to monitor only the namespaces which contain the
-label `cm.massix.github.io/namespace="true"`. Check the [Configuration](#configuration)
-paragraph for more details.
+Check the [Configuration](#configuration) paragraph for more details.
 
 ### CRD Watcher
-We make use of a
-[Custom Resource Definition (CRD)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/)
-in order to trigger the Chaos Monkey. The CRD is defined using the
-[OpenAPI](https://www.openapis.org/) specification, which you can find
-[here](./crds/chaosmonkey-configuration.yaml).
+We make use of a [Custom Resource Definition (CRD)](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/) in order to trigger the Chaos Monkey.
+The CRD is defined using the [OpenAPI](https://www.openapis.org/) specification, which you can find [here](./crds/chaosmonkey-configuration.yaml).
 
-Following the schema, this is a valid definition of a CRD which can be injected inside of
-a namespace:
+Following the schema, this is a valid definition of a CRD which can be injected inside
+of a namespace:
 
 ```yaml
-apiVersion: cm.massix.github.io/v1alpha1
+apiVersion: cm.massix.github.io/v1
 kind: ChaosMonkeyConfiguration
 metadata:
   name: chaosmonkey-nginx
@@ -62,8 +56,9 @@ spec:
   minReplicas: 0
   maxReplicas: 9
   timeout: 10s
-  deploymentName: nginx
-  podMode: true
+  deployment:
+    name: nginx
+  scalingMode: killPod
 ```
 
 The CRD is **namespaced**, meaning that it **must** reside inside a Namespace and cannot be
@@ -74,13 +69,18 @@ The CRD Watcher, similarly to the [namespace one](#namespace-watcher), reacts to
 reacts to the `MODIFIED` event, making it possible to modify a configuration while the
 Monkey is running.
 
-Depending on the value of the `podMode` flag, the CRD watcher will either create a
+Depending on the value of the `scalingMode` flag, the CRD watcher will either create a
 [DeploymentWatcher](#deployment-watcher) or a [PodWatcher](#pod-watcher) The difference between
 the two is highlighted in the right paragraph, but in short: the DeploymentWatcher
 operates by modifying the `spec.replicas` field of the Deployment, using the
 `deployment/scale` APIs, while the PodWatcher simply deletes a random pod using the
 same `spec.selector` value of the targeted Deployment.
 
+As of now, three values are supported by the `scalingMode` field:
+* `randomScale`, which will create a [DeploymentWatcher](#deployment-watcher), it will randomly modify the scales of the given deployment;
+* `killPod`, which will create a [PodWatcher](#pod-watcher), it will randomly kill a pod;
+* `antiPressure`, do not use it because it's not implemented yet.
+
 ### Deployment Watcher
 This is where the fun begins, the Deployment Watcher is responsible of creating the
 Chaos inside the cluster. The watcher is associated to a specific deployment (see the
@@ -179,6 +179,17 @@ spec:
       serviceAccountName: chaosmonkey
 ```
 
+## A note on CRD
+The CRD defines multiple versions of the APIs (at the moment two versions are supported:
+`v1alpha1` and `v1`). You should **always** use the latest version available (`v1`), but
+there is a conversion endpoint in case you are still using the older version of the API.
+
+The only caveat is that if you **need** to use the conversion Webhook, you **must** install the
+chaosmonkey in a namespace named `chaosmonkey` and create a service named `chaos-monkey`
+for it.
+
+If in doubt, do not use the older version of the API.
+
 ## Configuration
 There are some configurable parts of the ChaosMonkey (on top of what the [CRD](./crds/chaosmonkey-configuration.yaml)
 already permits of course).

certs/ca.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDCInGleQRqsbFq
+CCvpm6ioB5Mbi4r6PG6VWfxzXBecQ1+6mm2YlCxxjFYTi4oJxjrWh7Vv/32AI85r
+igrz9Ms6kP98T/Nh/WQ8jKeST2fyqTz4ntU5Sl7v2WeApnwrRDhV287aObbd54nQ
+BILHoMrOt1jVzlIEBgsmF+KhqwvCG/FoIO7SNf8OgFI+5odeMVRIPjdw9dU0wv7J
+XqipG++CjoHn3esctRwMtaP1mgYVDKiuL402W+x5B+GeOLjsLLIvK7llHJN9/0dK
+o5ASz1Zm1clek3FSgrE6rT6n900orm5NVqNJg3aratMdCc7oY23M2Uzm56wHb+26
+OfZsJV1AgCY2H7yoRzeC0DRUHhQLyQ52yMu1uQRmDX3K69K9ymHfJwN59Z57RTH4
+dkD1KAJMZrLdHiH9DomjAYPqWFYmNK1BQWWWo+PTFCymAlNfzquJfm+MPJZTLAOa
+bAmF8SxFxliyR0QNMjZ+GU6txBR/XfJseXYfSlsP0OjlvQWREMiEySTkJK7wPF30
+blYvC8VLtad/JstzWYqBRtLFyqc2L8s6JUrwNw726iEvasJDlgrr/VLwi/4fC7by
+aCI6XsJ0w8agUa/Tf/IJZgEH9Ed4y/1iJYI/N/HKiiMzRCUmdsJivbeCAj9FTbc4
+qoPD//F1pWSrFOkJUxS4YK8p1h+tOwIDAQABAoICAFf+2NiSdCgQh0Ryk8T944LW
+fB2+MK6gedeExGNd2O3htCCXIxpH/6UwYUvWsikgC0d2mA0+F5rfoA8qsTBHQ182
+njew3bcK7kZr0wEEsS9S+uoOxMOFLGc3eizcSegqsgZo7egIxRTsgJEjmkv2XDc6
+8C9pp89fFeqcZQO2zkub8t6qHtZ11zixfZY5VB6j6XodiW/QXmXeBTMtjvGoUfYx
+tjxtYMbQaPhx1PHccOlVpZfewfljzVpG8kOPnnKfB91NymlEfK5d6eixHvsHtDhE
+q1QNLQ6jYsYgBQiJlhXciu7PWJBX4JBuiWbeLUU03G5ACRWY6WctmuoQn9wBS7TI
+gaL86dJcIENqJD74TXFunbeeAK5dZTC5b1vOIHhYYm1ICECCBRBwrSgq85oW8/B5
+9iY28VA4r4LHUXVhRq4TuikwqZ0Yz23ouQnYRBC78VR9whYB1H8P9P624H0K9aZ4
+VdKFUZyUyWaGYxfCCnzJxjm86JGomOy/25+lT2XE8TWpE6eTOBptxRyBPnL6Yoki
+U/aU5K5qM8ytgOBUWfaReFaGDbPTg+Nn3c23278IMPuyCY7ImTG+9yZxOT8tcN94
+qLs5GeYk36/rlqeTJVI/2FwZaaD8tXwCT3IHTXUJ6a65pvq9Ofgehw/ZWGStg/Es
+xR+DFposia8szJFC5YQxAoIBAQDq3esOpFDWRIDix+45mxzcWgK4J4Z3d7mkSgxn
+wpDRN8Hv0a4WS+61ErMIhDCc/9Z3rkTTAWV+gMTmPaoFDtFf03QLPQJV3yHv2MCT
+tjVsdjLXiD5EcJ12w3D4PZBTudlAlpWL499XIfTpfuJSwytMzD8u5XdQSXbyTqZR
+Oc6dQjufo8j7krcCuEt7bHav0xLJXFlEwQu1rBVxwCpiNBVCEVABQxrDoUWA7c9a
+94MxvS6EGBtTu1jg+Aj8FeSICbC9SlI+Pg4hUxwcz/4Mcn2V3w3jkVgAza+jgyvl
+2iDl8gCSXpaULJs4z1dy/ncxSNdyMLtKJEwOX5Us1U4wderfAoIBAQDTmkUdorcM
+IgwgnbMNKXrGCRzNv1ynZfqEZi6abr5DB49G1Mne5S91aRV6dY8BKMNW6JpRXuN8
+QCElUhpz0aKcsfrCEeqmvha+iyGf7PmSiU50qCfLEmpeDixHsp+zUBzghK1hWmf0
+FtWKzTVGy5/4X3R25G7zlUhWk37kQ3xeVWaHcbEeqxM0YIIqcBHN+x68F+p/wKR9
+xr/K9ZEJ8c1bstkbzqoXyhXCMdyx7oH3EIDLqCJC7gqBMRFwmd7SOQrQ3SuAubxq
+7a/HQ8xXgsFtfbqAP/5pXIc2BFHWOP2KEZSFKhq9ZvO1L7tLi93YbQdUtM39xIEf
+pv1U8g5kraUlAoIBABMOABUHBbvsgNxlRhGMYRILh27zXfhxUTFgBJOieGdQ874G
+L+6FKI+uPbIyL1N9eiPpkpHf6iESR2c6l4Gjix8QI7kJsRfQa4tu9WjGfp0XFdbg
+qdSZolzRTGgHbp8sU9DmpqlbynHiQmFzNt9qEChB5dpjKYPtAeZ0tQ+f9gBSME4q
+VpL6eziQRSd1TEfFgx+tC10FoHKTzIWXBplDCnp6txfzHsfCXMYyBQGnVRCC/bQf
+1I+9gl92IBx7ljfnOVySHAwKstDHUl+QDFdsLn4rQ5Az6YTfKyHD8ZrLUKH3OU6m
+t+a7m7hHMhwVQwxPkZMlGvzP5w+/d3XUtGxAFNcCggEBALyzeqdvD+YWBtKfT6mR
+MBei0Lj6ylnOK5Yeubimwa1s9GyqHkxT/fqqd6j5ZUoXW/wI+nVONXf8iJKLoWNf
+s7AhWAnxiFyicA4EbTv9TKNNJ1YJD1OdXJX79akKtjhmXRort6J1yPZ31n8teTFl
+LYeFOIs+M2Ot4RC0ABj3xdUqO4DV9qnuzfWLiwjlYDtckpASk+DRnt87epY4X9uK
+cyQvXkXaCv2kDbtcU/+pPuVhJjp3+fXN6jhD1dWgooC+tdKFKeJlwI1q4bLF11jD
+FlPaJ5NvfiXfigS13XU45YFXJCeM4MO/J96Qbmp0lKYItNzpUDnaH3xmosw6AHPw
+FrECggEBANHOcl0L88de5ANWBxYuISgYD4bNcpA1+ZR1GJ87zrg+576IcnRh1slC
+xzlBAb6iWiA2PeXJPxSLgB+D278b0NJERAjrd9Ym92ZIP6O1vLOKy198Rd4b0ihX
+h0QDj1n2f3wCVWv5nf6+FujdHTpM8BHjNrnAvPiT4l51y0ryHym2JSp12IntI956
+g8RIdHFHg3J32DyQQPNHgCbCGW8ZB6BT1C9N4G8FTaQj0vdy/+ChXYpXa8aSq7sP
+mkaXTLHr/U3cdVrLF+krKs/EtDVRTJlknwEHvolXStLm3RTnB1GbTsJqjU+qvHkH
++yguFaA4utr9XESsZk0R5RprwjvHK+0=
+-----END PRIVATE KEY-----

certs/ca.pem

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFazCCA1OgAwIBAgIUBSenMfCoyedpog3XhYsIr+pFa2EwDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCRlIxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDA3MjAxMzE0MDdaFw0yOTA3
+MTkxMzE0MDdaMEUxCzAJBgNVBAYTAkZSMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQDCInGleQRqsbFqCCvpm6ioB5Mbi4r6PG6VWfxzXBec
+Q1+6mm2YlCxxjFYTi4oJxjrWh7Vv/32AI85rigrz9Ms6kP98T/Nh/WQ8jKeST2fy
+qTz4ntU5Sl7v2WeApnwrRDhV287aObbd54nQBILHoMrOt1jVzlIEBgsmF+KhqwvC
+G/FoIO7SNf8OgFI+5odeMVRIPjdw9dU0wv7JXqipG++CjoHn3esctRwMtaP1mgYV
+DKiuL402W+x5B+GeOLjsLLIvK7llHJN9/0dKo5ASz1Zm1clek3FSgrE6rT6n900o
+rm5NVqNJg3aratMdCc7oY23M2Uzm56wHb+26OfZsJV1AgCY2H7yoRzeC0DRUHhQL
+yQ52yMu1uQRmDX3K69K9ymHfJwN59Z57RTH4dkD1KAJMZrLdHiH9DomjAYPqWFYm
+NK1BQWWWo+PTFCymAlNfzquJfm+MPJZTLAOabAmF8SxFxliyR0QNMjZ+GU6txBR/
+XfJseXYfSlsP0OjlvQWREMiEySTkJK7wPF30blYvC8VLtad/JstzWYqBRtLFyqc2
+L8s6JUrwNw726iEvasJDlgrr/VLwi/4fC7byaCI6XsJ0w8agUa/Tf/IJZgEH9Ed4
+y/1iJYI/N/HKiiMzRCUmdsJivbeCAj9FTbc4qoPD//F1pWSrFOkJUxS4YK8p1h+t
+OwIDAQABo1MwUTAdBgNVHQ4EFgQU3V1QDjdSPbkz7RTolAhphXmAg1AwHwYDVR0j
+BBgwFoAU3V1QDjdSPbkz7RTolAhphXmAg1AwDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAgEAABnCrjKTLPUG/LzqYU9vIS56IC1D+hYAY2jK+UVZuCx9
+m1uHb7z/We1h5kX6Y7PhWcB1j/WaGLmO56RwqPAbOuGygttUYELJhesaM7oa1PmT
+6f2Dhju6GzqTI6+6qNGSqJLwmmF5SoW1skmKGo/Dp7YBrnC4o8k+ztodEi2tFEIU
+JAJeAuI889ldYvve56AOGT6lcjqghVs/zdaNNdOe9q9PDlDQfygfQaFmEbYVTz9T
+MdtNQGIUjK13qn7yal6OrgMLTv2MBIK5QUkK2Ipaz6DOh8EN+J8LGNA/zH/nrRq+
+vZSkHEXdmGptmxnU8+j9PG+wcLebPCb80u4QP5tpd2dAb4lgvI9qe5XMEoA5ZSn2
+PO8ZUtl8aRJSVDKX+NlCOd3AvR3LZb7+F+VsI+8cqdyaV53JkRG61RFEdLd1tjHo
+r3gNobyIYAwZnH5xuwMDbvFfI0nI2rawUs7KMrTRlxutka2kbjE97CtLIBnXjkck
+lPKZDrCfnH5mghJK/qwW0Pca+HPOgdqYzsw4o4gUbYeX8vqvOPxntGx8HOXN8q3l
+vo2m/76dE63k4jtvJz4FNdBkDjSldnKDnPtIYLM7YMxxaWO574bkwl2I2t75Ig5X
+uCuQ49vfisjjVnDmb+y044fXWAdxL4J4szuVlT3ke3Eh55uFnAocfqBTV9HoQfY=
+-----END CERTIFICATE-----

certs/ca.srl

@@ -0,0 +1 @@
+6465863EC2FD9368982E213156354C60AF25DCC5

certs/chaos-monkey.chaosmonkey.svc.crt

@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEnTCCAoWgAwIBAgIUZGWGPsL9k2iYLiExVjVMYK8l3MUwDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCRlIxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yNDA3MjAxMzU5NDRaFw0yNjEw
+MjMxMzU5NDRaMEUxCzAJBgNVBAYTAkZSMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC23z2lnx/FR3LK6QGKA9W1LkefoD/2urJevjaBK1lg
+bEzcxSArDMauh+pOGJOhoR4/wwaOAlhXe54vc5xx1hWpKK/GjTxaP6X3nMTaVvQn
+oiqJZrskt9SN4LOx0ro93sT62XB006jeFXcJ31OVh1RZoQ5UPIbyb3Sc9s/fPJ0D
+D8TVSN4Z1xjpE0A9wBu6h7ZPXh7/wBXmmjukNwC/bzgXs0OCNe9ufXdjwL8EvnsL
+vdAIuQNhHW5qzFj+QB/vqRVdJvp+HqSHr0PDWfNfqmflhf3ffR/xk5S7bwlSrP04
+gtS1aJ0m1XmJg8SsopJF8HXGXNQBxJMUXt3OGm3etjBFAgMBAAGjgYQwgYEwHwYD
+VR0jBBgwFoAU3V1QDjdSPbkz7RTolAhphXmAg1AwCQYDVR0TBAIwADALBgNVHQ8E
+BAMCBPAwJwYDVR0RBCAwHoIcY2hhb3MtbW9ua2V5LmNoYW9zbW9ua2V5LnN2YzAd
+BgNVHQ4EFgQUHx/md1rCS0Z/LgUJvgZuzQNl3x0wDQYJKoZIhvcNAQELBQADggIB
+ACLlozd5WtyWzl3xYkL50PZVyeSWstkDAu6Ud6ZJlm1kC9niWFgXjnmcHyfpCp8a
+ZgwEqHdYcnbqCMzjPtDo9gaYf1SWoC0HG65gQhJVll0Ft/htnNnsUAnHEWoNnSfq
+1LK//kqgz5C47dd2hDRHuk3nqTcokGkS5g/kJCpTCQiAfV9nSiZNfFfIiUEEUaIR
+4+tWA6CrtnL4zKG0XgOSX3vj66JTkMtNO+S9dMGSYmdDWHyLlrsMr+fJWAcRgRK3
+Kn8oJQZTIiy2T4I+MVhjHYUU+IQKXoYOQHdQVZX/BZ/dLeiCXvib180QsKjdf9Vk
+zGByjCY/xBgAz8uBk332PhBesu+08EPG/TJPV/XNZ1jX2GaGBIC83Bk4Xj7HiK2R
+hNkHtRnTMhLFgwP2D8d35z5shuhsUFzZUK9MQcYBTzh7c1eCwWvf4IoWQgy98fAz
+4xpNyuImvG3w3mrIU5YCVGxqOjekHuLZP6YABc8ZPnoanLy6qDg8aSP0nw6I8smJ
+UOLzHuwlVsg1Z8dguDqo9eqTLwHPxXNHXCaetILHN+HAf5kn6+6TMj2hw0GC6wqw
+OosBrXdi+Rbaz6LxPEyo1URswVwsjmyevZDhvnb7Y8dPZKg18HmfFnYKE/37qS8g
+3eSQuZrJznjMx5h3YOXqBILeVXE0uIKCCv2AVdBPo1fo
+-----END CERTIFICATE-----

certs/chaos-monkey.chaosmonkey.svc.csr

@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICijCCAXICAQAwRTELMAkGA1UEBhMCRlIxEzARBgNVBAgMClNvbWUtU3RhdGUx
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBALbfPaWfH8VHcsrpAYoD1bUuR5+gP/a6sl6+NoEr
+WWBsTNzFICsMxq6H6k4Yk6GhHj/DBo4CWFd7ni9znHHWFakor8aNPFo/pfecxNpW
+9CeiKolmuyS31I3gs7HSuj3exPrZcHTTqN4VdwnfU5WHVFmhDlQ8hvJvdJz2z988
+nQMPxNVI3hnXGOkTQD3AG7qHtk9eHv/AFeaaO6Q3AL9vOBezQ4I17259d2PAvwS+
+ewu90Ai5A2EdbmrMWP5AH++pFV0m+n4epIevQ8NZ81+qZ+WF/d99H/GTlLtvCVKs
+/TiC1LVonSbVeYmDxKyikkXwdcZc1AHEkxRe3c4abd62MEUCAwEAAaAAMA0GCSqG
+SIb3DQEBCwUAA4IBAQAGxMd9tGwXhCTxYF86OsdK++ABynt8p5HyRGr1PnOiLJcf
+eSKWeVRLrzPQXAO/2FiFH1bnsfnaqpcywQWsMlwOLu4vaHk8eeOBjUHdikld4g0b
+2Ko3VqNF6i9cqcyBKaLk/THhRkXZmSVDYSp0Auq578k1WIbH76kOmg1QvZlyKla4
+JFzL9WDfHxnuMeN8xt/fJV+x5Bn0vHpb0HbTafgebAeeP38JXIAZt3vORWTW9r9z
+6JyjtKOX54eOslMO0jJqnfAcOE3ziR0SycmXWb6vKCVPueX1XML3+8DDNI4tg85i
+t5flORI3L/unZC5+Rew/0Pt7YjSS3KG5vDxU3gKe
+-----END CERTIFICATE REQUEST-----

certs/chaos-monkey.chaosmonkey.svc.ext

@@ -0,0 +1,7 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = chaos-monkey.chaosmonkey.svc

certs/chaos-monkey.chaosmonkey.svc.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC23z2lnx/FR3LK
+6QGKA9W1LkefoD/2urJevjaBK1lgbEzcxSArDMauh+pOGJOhoR4/wwaOAlhXe54v
+c5xx1hWpKK/GjTxaP6X3nMTaVvQnoiqJZrskt9SN4LOx0ro93sT62XB006jeFXcJ
+31OVh1RZoQ5UPIbyb3Sc9s/fPJ0DD8TVSN4Z1xjpE0A9wBu6h7ZPXh7/wBXmmjuk
+NwC/bzgXs0OCNe9ufXdjwL8EvnsLvdAIuQNhHW5qzFj+QB/vqRVdJvp+HqSHr0PD
+WfNfqmflhf3ffR/xk5S7bwlSrP04gtS1aJ0m1XmJg8SsopJF8HXGXNQBxJMUXt3O
+Gm3etjBFAgMBAAECggEABSpZcu1Y4o5/QxUBep+wxdKIqmJxPBZk8GvTXU2sqMkW
+WLa8Dws9gh42Xj4FJC/JYMgGTjTpwDrZKoJLp87Xbh+clhv/hEBqVIwEkXLwUuhF
+PFFUYEKjCd46z9SMdy/s2iBnM/LrQQP+iJ8Fcjf63XdA+4ckJq1C8CYWlA8saN2D
+xFdVlxuHiamjXEiIprqUud9I3fBYYorPRPMpasVTzbCu9r0QLo8iYw4gNWHaWP2L
+ooaNJF9S21n8bb0+6LQyILoTWE6S5D5uOIHc8vTD3oAgzc2L3+eIpNlcuYmVfY5X
+scQ6m+Ni+xr+mUbrLfiLWRte4GdiOhwu8nGyWLUMVwKBgQDeQ+ce6Ye8pWWDJpYY
+T49arNXVThfLIxzwqmRIDGk0vQPYP6RP81CgHg0fAZvlDIkxY7k+nJ5tOv/vIPBO
+QIW8YJihS6aA5sGNVSmY5C+FK8kAWeBY16/z2bToYsqNy+8MHAxiR0qKJHKDNwEU
+yzPOxZB5Bjae3fe6ra9jkyiIQwKBgQDSoLfXsoSDZbJv9Tpu1XH9w8RRuuS/6Wxm
+vIvvT4MiHyEwMovfMYOx+gIvHpPQie0m5ckqoSrebajPl7REYW1PgFHEV8vNCZfu
+TwQDnUkf/3Xd1virtAcAUaB3JwUektZ/W9q253jWS8lcth5CAae0BxVUToQpzRtG
+z6jFI8lA1wKBgAiF0An2aHcKXI8f3qeF/Xg7omNwgCcQ7J4p2niMyUf1a31SS2mp
+adEJ9fTXafPpfCVBrqvA8646ke/Ico59mOM1TQT6UqMktg1GU7cCIPRZTnbN+3VM
+p/mQwogaqauwQzVSqgLmuuv7I8z2QftbI1xtZPHPFC8ZUdN9r3kA/o/jAoGBAMHD
+vJyfy6wdaFP6ozDHB0DOUdJmPn4WPPUeSxVybk57mMqAFZDUOjUGq++xD4Zu/E4m
+YjPnZEqPUxb2lo25mxfiElav9fq/8pb29dhlX5oiJspYMxeyXCZ88UPsD5eaud0c
+IU7WDqIFwk6Z86gBYcgKJCMUwBy8ZXV1H+uMCl6tAoGBAJrtV3sMH4jP+AjJtuvC
+zNG1pOhZ6hWHaKsZ+p3Wpcbq3KxGDpk0ss3kqKM542JpepHGf1nWwzMcdIJVYWds
+QXVDZ+FfzM4J8OzKxWBe6duESfgEMSgcjR7XwFQZZQHYUiZQfvZAQo2TaJcdj4n7
+LaOtW/zcx9nBNK5vkDu0qpRN
+-----END PRIVATE KEY-----

cmd/chaosmonkey/main.go

@@ -63,29 +63,47 @@ func main() {
 	}()
 
 	// Spawn the HTTP Server for Prometheus in background
-	srv := &http.Server{
+	httpServer := &http.Server{
 		Addr: "0.0.0.0:9000",
 	}
 
+	tlsServer := &http.Server{
+		Addr: "0.0.0.0:9443",
+	}
+
 	// Register methods
 	http.Handle("GET /metrics", promhttp.Handler())
 	http.Handle("GET /health", endpoints.NewHealthEndpoint(nsWatcher.(*watcher.NamespaceWatcher)))
 
+	http.Handle("POST /convertcrd", endpoints.NewConversionEndpoint())
+
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		if err := srv.ListenAndServe(); err != nil {
+		if err := httpServer.ListenAndServe(); err != nil {
 			log.Warnf("Could not spawn http server: %s", err)
 		}
 	}()
 
+	wg.Add(1)
+	go func() {
+		defer wg.Done()
+		if err := tlsServer.ListenAndServeTLS("./main.crt", "./main.key"); err != nil {
+			log.Errorf("Could not spawn https server: %s", err)
+		}
+	}()
+
 	// Wait for a signal to arrive
 	<-s
 
-	if err := srv.Shutdown(context.Background()); err != nil {
+	if err := httpServer.Shutdown(context.Background()); err != nil {
 		log.Warnf("Could not shutdown http server: %s", err)
 	}
 
+	if err := tlsServer.Shutdown(context.Background()); err != nil {
+		log.Warnf("Could not shutdown https server: %s", err)
+	}
+
 	log.Info("Shutting down...")
 	cancel()