# gl-operate-go-k8s Go HTTP server for a Gitlab Interview ## Requirements - Go 1.23+ - Docker (optional) - Helm 4.0+ (optional) ## Quick Start Build and run: ```bash go build -o interview-server . ./interview-server ``` Server starts on `http://localhost:8080` ## Configuration You can configure the server using environment variables or a JSON config file. Environment variables take precedence. **Environment variables:** - `SERVER_PORT` - Port to listen on (default: 8080) - `SERVER_HOST` - Host to bind to (default: 0.0.0.0) - `SERVER_ROOT_PATH` - Directory to serve files from (default: current directory) - `SERVER_AUTH_SECRET` - Bearer token for API authentication - `CONFIG_FILE` - Path to config file **Example:** ```bash export SERVER_PORT=3000 export SERVER_ROOT_PATH=/var/www export SERVER_AUTH_SECRET=my-secret-token ./interview-server ``` **Config file:** ```bash ./interview-server -config config.json ``` The config file is JSON: ```json { "port": 8080, "host": "0.0.0.0", "root_path": "/app/data", "auth_secret": "your-secret-token" } ``` ## Docker Build: ```bash docker build -t interview-service:latest . ``` Run: ```bash docker run -p 8080:8080 -e SERVER_AUTH_SECRET=mysecret interview-service:latest ``` ## Kubernetes Install with Helm: ```bash helm install interview-server ./helm ``` Port forward to access locally: ```bash kubectl port-forward svc/interview-server-interview-server 8080:8080 ``` ## Testing ```bash go test -v ``` ## How it works The server has two main parts: - `/` - Serves static files from the configured root path - `/api/*` - Protected endpoint that requires authentication For `/api/*` routes, you need to send a Bearer token that matches `SERVER_AUTH_SECRET`: ```bash curl -H "Authorization: Bearer my-secret-token" http://localhost:8080/api/test ``` Logs are JSON formatted and go to stdout. The app handles SIGTERM/SIGINT for graceful shutdown. ## Deployment notes The application is stateless and can be scaled horizontally. It runs as a non-root user (UID 1000) in the container. Resource usage is minimal - 50m CPU and 64Mi memory is enough for most workloads. Recommended limits are 100m CPU and 128Mi memory. The server doesn't do TLS, so you'll want a reverse proxy or ingress controller in production for HTTPS. Store `SERVER_AUTH_SECRET` in Kubernetes Secrets, not in plain text config.