From 29fa134f1f685fd9936572c3cc8a46fba0f1d771 Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Mon, 25 Sep 2023 19:21:40 -0500 Subject: [PATCH] Updating for talos infra. --- .../kubelet-csr-approver/app/helmrelease.yaml | 21 +++++ .../app/kustomization.yaml | 14 +++ .../app/kustomizeconfig.yaml | 7 ++ .../kubelet-csr-approver/app/values.yaml | 5 + .../apps/system/kubelet-csr-approver/ks.yaml | 15 +++ kubernetes/apps/system/kustomization.yaml | 1 + talos/clusterconfig/.gitignore | 4 + talos/integrations/cni/kustomiation.yaml | 18 ++++ .../kubelet-csr-approver/kustomization.yaml | 18 ++++ talos/talconfig.yaml | 93 +++++++++++++++++++ talos/talenv.sops.yaml | 22 +++++ talos/talsecret.sops.yaml | 43 +++++++++ 12 files changed, 261 insertions(+) create mode 100644 kubernetes/apps/system/kubelet-csr-approver/app/helmrelease.yaml create mode 100644 kubernetes/apps/system/kubelet-csr-approver/app/kustomization.yaml create mode 100644 kubernetes/apps/system/kubelet-csr-approver/app/kustomizeconfig.yaml create mode 100644 kubernetes/apps/system/kubelet-csr-approver/app/values.yaml create mode 100644 kubernetes/apps/system/kubelet-csr-approver/ks.yaml create mode 100644 talos/clusterconfig/.gitignore create mode 100644 talos/integrations/cni/kustomiation.yaml create mode 100644 talos/integrations/kubelet-csr-approver/kustomization.yaml create mode 100644 talos/talconfig.yaml create mode 100644 talos/talenv.sops.yaml create mode 100644 talos/talsecret.sops.yaml diff --git a/kubernetes/apps/system/kubelet-csr-approver/app/helmrelease.yaml b/kubernetes/apps/system/kubelet-csr-approver/app/helmrelease.yaml new file mode 100644 index 0000000..1b6edd9 --- /dev/null +++ b/kubernetes/apps/system/kubelet-csr-approver/app/helmrelease.yaml @@ -0,0 +1,21 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/helmrelease-helm-v2beta1.json +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: kubelet-csr-approver + namespace: system-controllers +spec: + interval: 30m + chart: + spec: + chart: kubelet-csr-approver + version: 1.0.5 + sourceRef: + kind: HelmRepository + name: postfinance + namespace: flux-system + interval: 30m + valuesFrom: + - kind: ConfigMap + name: kubelet-csr-approver-values diff --git a/kubernetes/apps/system/kubelet-csr-approver/app/kustomization.yaml b/kubernetes/apps/system/kubelet-csr-approver/app/kustomization.yaml new file mode 100644 index 0000000..59dcf0e --- /dev/null +++ b/kubernetes/apps/system/kubelet-csr-approver/app/kustomization.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: system-controllers +resources: + - ./helmrelease.yaml + +configMapGenerator: + - name: kubelet-csr-approver-values + files: + - values.yaml=./values.yaml + +configurations: + - kustomizeconfig.yaml diff --git a/kubernetes/apps/system/kubelet-csr-approver/app/kustomizeconfig.yaml b/kubernetes/apps/system/kubelet-csr-approver/app/kustomizeconfig.yaml new file mode 100644 index 0000000..58f92ba --- /dev/null +++ b/kubernetes/apps/system/kubelet-csr-approver/app/kustomizeconfig.yaml @@ -0,0 +1,7 @@ +--- +nameReference: + - kind: ConfigMap + version: v1 + fieldSpecs: + - path: spec/valuesFrom/name + kind: HelmRelease diff --git a/kubernetes/apps/system/kubelet-csr-approver/app/values.yaml b/kubernetes/apps/system/kubelet-csr-approver/app/values.yaml new file mode 100644 index 0000000..3755b48 --- /dev/null +++ b/kubernetes/apps/system/kubelet-csr-approver/app/values.yaml @@ -0,0 +1,5 @@ +--- +providerRegex: | + ^(eonwe|aule|arlen)$ + +bypassDnsResolution: true diff --git a/kubernetes/apps/system/kubelet-csr-approver/ks.yaml b/kubernetes/apps/system/kubelet-csr-approver/ks.yaml new file mode 100644 index 0000000..b845586 --- /dev/null +++ b/kubernetes/apps/system/kubelet-csr-approver/ks.yaml @@ -0,0 +1,15 @@ +--- +# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: cluster-apps-kubelet-csr-approver + namespace: flux-system +spec: + interval: 10m + path: "./kubernetes/apps/system-controllers/kubelet-csr-approver/app" + prune: true + sourceRef: + kind: GitRepository + name: valinor + wait: true diff --git a/kubernetes/apps/system/kustomization.yaml b/kubernetes/apps/system/kustomization.yaml index 5d93ed2..20ddf63 100644 --- a/kubernetes/apps/system/kustomization.yaml +++ b/kubernetes/apps/system/kustomization.yaml @@ -6,3 +6,4 @@ resources: - ./namespace.yaml # Flux-Kustomizations - ./reloader/ks.yaml + - ./kubelet-csr-approver/ks.yaml diff --git a/talos/clusterconfig/.gitignore b/talos/clusterconfig/.gitignore new file mode 100644 index 0000000..7568faf --- /dev/null +++ b/talos/clusterconfig/.gitignore @@ -0,0 +1,4 @@ +valinor-aule.hsn.dev.yaml +valinor-eonwe.hsn.dev.yaml +valinor-arlen.hsn.dev.yaml +talosconfig diff --git a/talos/integrations/cni/kustomiation.yaml b/talos/integrations/cni/kustomiation.yaml new file mode 100644 index 0000000..a13a60d --- /dev/null +++ b/talos/integrations/cni/kustomiation.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +helmCharts: + - name: cilium + repo: https://helm.cilium.io/ + version: 1.14.2 + releaseName: cilium + includeCRDs: true + namespace: kube-system + valuesFile: values.yaml + +commonAnnotations: + meta.helm.sh/release-name: cilium + meta.helm.sh/release-namespace: kube-system +commonLabels: + app.kubernetes.io/managed-by: Helm diff --git a/talos/integrations/kubelet-csr-approver/kustomization.yaml b/talos/integrations/kubelet-csr-approver/kustomization.yaml new file mode 100644 index 0000000..39f025b --- /dev/null +++ b/talos/integrations/kubelet-csr-approver/kustomization.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +helmCharts: + - name: kubelet-csr-approver + repo: https://postfinance.github.io/kubelet-csr-approver + version: 1.0.5 + releaseName: kubelet-csr-approver + includeCRDs: true + namespace: system-controllers + valuesFile: values.yaml + +commonAnnotations: + meta.helm.sh/release-name: kubelet-csr-approver + meta.helm.sh/release-namespace: system-controllers +commonLabels: + app.kubernetes.io/managed-by: Helm diff --git a/talos/talconfig.yaml b/talos/talconfig.yaml new file mode 100644 index 0000000..5fb64db --- /dev/null +++ b/talos/talconfig.yaml @@ -0,0 +1,93 @@ +--- +clusterName: ${clusterName} + +talosVersion: v1.5.1 +kubernetesVersion: 1.28.1 +endpoint: "https://${clusterName}.hsn.dev:6443" + +cniConfig: + name: none + +additionalApiServerCertSans: + - ${clusterEndpointIP} + +additionalMachineCertSans: + - ${clusterEndpointIP} + - ${clusterName}.hsn.dev + +nodes: + - hostname: aule.hsn.dev + disableSearchDomain: true + ipAddress: 10.2.0.3 + controlPlane: true + installDiskSelector: + busPath: /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_37145789 + networkInterfaces: + - interface: eth0 + dhcp: true + + - hostname: eonwe.hsn.dev + disableSearchDomain: true + ipAddress: 10.2.0.4 + controlPlane: true + installDiskSelector: + busPath: /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_37145792 + networkInterfaces: + - interface: eth0 + dhcp: true + + - hostname: arlen.hsn.dev + disableSearchDomain: true + ipAddress: 10.2.0.5 + controlPlane: true + installDiskSelector: + busPath: /dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_37145790 + networkInterfaces: + - interface: eth0 + dhcp: true +controlPlane: + patches: + - |- + cluster: + allowSchedulingOnMasters: true + proxy: + disabled: true + etcd: + advertisedSubnets: + - 10.2.0.0/24 + + - |- + - op: remove + path: /cluster/apiServer/admissionControl + + - |- + machine: + files: + - op: create + path: /etc/cri/conf.d/20-customization.part + content: | + [plugins] + [plugins."io.containerd.grpc.v1.cri"] + enable_unprivileged_ports = true + enable_unprivileged_icmp = true + kubelet: + extraArgs: + feature-gates: CronJobTimeZone=true,GracefulNodeShutdown=true,NewVolumeManagerReconstruction=false + rotate-server-certificates: "true" + extraConfig: + maxPods: 150 + nodeIP: + validSubnets: + - 10.2.0.0/24 + network: + extraHostEntries: + - ip: ${clusterEndpointIP} + aliases: + - ${clusterName}.hsn.dev + sysctls: + fs.inotify.max_user_watches: "1048576" + fs.inotify.max_user_instances: "8192" + time: + disabled: false + servers: + - ntp.hetzner.com diff --git a/talos/talenv.sops.yaml b/talos/talenv.sops.yaml new file mode 100644 index 0000000..bdec1f0 --- /dev/null +++ b/talos/talenv.sops.yaml @@ -0,0 +1,22 @@ +clusterName: ENC[AES256_GCM,data:iT5CwpMddw==,iv:st1ajjpRXQiHozpIJqUUwmRe542IiR2aWLEdqkk4W9k=,tag:KOCQ8x28kwNNDUXwOTpulg==,type:str] +clusterEndpointIP: ENC[AES256_GCM,data:5VXivET/uV4=,iv:SRhLmDfbSlhnb9DsaFXCqiP/Bx4Khi4GdXseyuhuYAw=,tag:BrP3OL/1FwrUyCMWRFB0BQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1g786w8t40g9y29l33rfd4jqlwhrgsxsc7ped6uju60k54j0q3enql3kfve + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQYkFFdkluSU5heUJLZ1hZ + NlVFR0RMdDN5QTU3UjhZQzFGbS83ZXRKOXpRCmJwZTlmQ2drbWp0aFZaZmFad2Nm + dkxZV1g0NUozY1laV2N4ellTaEJGVE0KLS0tIEptRWFJZVpYcWR6MGNzeU41Vnpi + MTFUZEplYVN5RGhhMGNEcDlGbTVQcjQKktwztZAHGUqoxbGHuAg0dX5Vap+wFVfx + ku6Hzg1ZU8Lvd8ODe+4p+RvHSKVll1akgpPVuymCUxl+I6EvH7gEDA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-09-25T17:08:14Z" + mac: ENC[AES256_GCM,data:WpwataAKsHlCIH6MN/lBBwBk5sKMCYlIptHXCnoqFCMdzPK8JR86XzeOPpJEN9aXu1wfdve+y1f7r4j7j+8V/eYjKDAYnv1ewsmZm9VfzfIcRAv2BGVANp52OASPCyoTwq9wpv7p/1d+f4C2vCZCarmurroxhGcvb17COFOs1SQ=,iv:2sSA+2NyqaSFA1v/Gp6XyTeaqBt5b5OLALmZ/b2TqJE=,tag:DxbiT2+bwjhOjZ38KQ26vQ==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.0 diff --git a/talos/talsecret.sops.yaml b/talos/talsecret.sops.yaml new file mode 100644 index 0000000..8f99df7 --- /dev/null +++ b/talos/talsecret.sops.yaml @@ -0,0 +1,43 @@ +cluster: + id: ENC[AES256_GCM,data:K+hrEJHwEkMvD7vP6Dl7g3VZ0LC9Ytxm4us4Dcj7kMz6n5mEUjO7AeK1ZXI=,iv:QwxLybEen4e06QrV2fXq7NZU523tly2QzvEERAO4PDY=,tag:NOrMociqIh+JNzPEpMRthg==,type:str] + secret: ENC[AES256_GCM,data:bS0TsqBwbjSZcaMnh/16ZLFmbihpTctaHJQPxfhjmPKL1W0pJ7ivdlk44jc=,iv:qfL7Q26+tNCyTRYxqVGcwNVY+nYrNkylqxv1fDVZIPM=,tag:AszrJ1/igGLHQWVKyGJsAA==,type:str] +secrets: + bootstraptoken: ENC[AES256_GCM,data:P0ZbFPa8yMtDamH307VD5fJnTFgj38A=,iv:5rFtX93mSAhZdRZhV3/ZhUYZvjoEq7aHYbuSxMfsjWo=,tag:xYQakQbO1nVyA6oE0qVfZQ==,type:str] + secretboxencryptionsecret: ENC[AES256_GCM,data:HGcJPvrgpWFMTCf1Zo74ek7sZqm8dwa0+EbLcwB3P7/u6mTooOOskONQKA4=,iv:/iOLOaNxdOOv6bwvpJInhfs8sIzaIHsjErIlhTEReds=,tag:u3MdQnaE0+EnFOqSJtSYmw==,type:str] +trustdinfo: + token: ENC[AES256_GCM,data:tfYLX59Xy2Cp9t3GAhqeDus2moEEMns=,iv:xiQOuMWnGnJcr4zTqHOMFGeaVdQNZDg6FTgu9T9NrEU=,tag:A46+Hqq1n9x2WSLQqepIfA==,type:str] +certs: + etcd: + crt: ENC[AES256_GCM,data:ZXI0AWHjVzDiq3D+/txZX3hNsi8bNx/wO/JtVUQyXWbn0gPEpwQIQ/Ty+/juYeQoxot7Cq3QHWvmIn5A+EwBcercL0xg6mv4NNLWYpKiEGa37/lC5B1C2R2jG52GARVEbrfrTqTLZgaxJYltHpZE5GYahESAJihmh9F5t5/6pPnGn5yQUlv840ETfVQzn6F46dTp88dveokEZsNN9QGPySdJHJLRNIyVHcM/pJ57bqJdtCQlS/P3vBsamiL44WMYLfRDzsTqd/kJojGRfUbyB65J24uutX8h1W5BcaJgVlfSfFbs+WXPW6RQA+4495f+KPjMWQh3XoIIXcoQt1fsKo6ZQ783Z2H49ORkNArx1Io3GHhxSuzV7kI/losHZGr7Qxz4TcsV1/mJBKsCjRttQ6xI6Mps40j7PG8X1yuX3PFjy8rHrww3QZOpjs1dUin+mJ/YMvEEAIY9UdrqeORNByV4lQinLA5jnKGlxKcpVC2xESE3hULVwp+M5zah1XD0JM3hTzdd2ainn8h+RPF2RMULUopxlFnyPCOfyhk1KaXDGtzwZn3dlF1t86WRqZPsWvxe7k+F1g4pq/KCniaroAGn8ABpXW9xC653NvKPJJHk4vKV+PthalUANOao7WWHFTFSJI0ZpFeIUffGrSCwFeQH6q/vYNku+XNF4ujqDqNY7ZvUvP8k9p33HXs2ElBz+Yx9+a/NUFTW+OmIAd1yntggTVT/UFJ7WmVlNnZ7XchvupQmChef4KCgnukYkh10s5tYFQRvEhn5jUjPechRKRCAQZn40YzpcoAlxQcQbdjb53QUlDGleAb0vMBmZojcUXE2z+6dKejTsrs0pS2LXnp4dk+Lfsi0iS/VmGQhw6t94LrSEaP9tFioHJejkRMrNbiZMmU+I+6SsP1YFJd0RGHJsuRVychiGRAsYxXISO1ihlUEAlrSnV7wENhbtLpA/xw307ZemnIHJhDR1j4I00lx9tqqkTXaIc47OT+qD53KZTcW2mY5Qm1z+GlXVaXIjR1I4Q==,iv:35Ctm7TvpQHdDMqC4hOQZwWC0vZxDWwfI/GyrwCl85E=,tag:LI1CIl0tgUEUUqH8AU6flg==,type:str] + key: ENC[AES256_GCM,data:J5ocIosLtz1M2HpCdhzXYbxtOCrSaKbAAoBvzC3jazWY6G2SLP4T/z+pgxicYfvO1liiZg6Ehv+hz5/oDk9E9qNOn2BDR1b3Tn1GuQVvmvW0qPK8EFUht23nAARNTpct6binkq1zt4ei/yuFCWVIkPBnzooNb6jupaRML73JHpV24H7EXO6Qx+5z5SUUycmi8Tjb1oaOCp2sXY5dtzAp14qVlMcKh8SKIkCc2iO5sQvuGKnNZAEketHqatocY/24FMAK6TbRkEqJIPsugX56uc5XlcSqrCu2k4am97sprrSWcwgoRfAFHGG6CejquQXK/1RerwGh5R/RpZXX7I4aHcnN1Yeadr9xZpJlLLS8cj/X+wZd1yYbjac56ZMDRM3ihW/XLMi34K05Rz50WKI8Sw==,iv:dOAgaO+5MmXSsZ/75Gg4TG38c3Lp+bfP/g5z9ycmJrQ=,tag:saCtqLXcmWXoKfohRAH8iQ==,type:str] + k8s: + crt: ENC[AES256_GCM,data:i1r1OtMITZzP50t/5Fr32Q9P1NDhetE9sYmmH3vHCaiF0rELFqXLkB983KljHIE65jKvljDooOwpRy1fQwf1ssvOgOF+PYbb6LQdLlIpy69eygA9FLJvKbntZAcjuUzl7wAS/+80jq4Ra9+YHu7gzXlKsesBLF7Q9tbi72HAC89jVn8S5k8pMwTftdJlRtdkeqeXDahFLHBfCyyD8RmtNIRDzR8LBpQ80dk61WENY/Dn/WN8t8QQ2F0YUmgTYvwzGotGSA7w2q9RmSXiRspTGXwYF2Pi8VSVSJ1u01kFASjHpq94vN4Mt1B0+IayyM1/F5gnjfWIY2ax+bIF5h9lF7GvCmTdRuN0GuYh04OojnvtIXtr5gfoN7qB2GsWn1unpFud83AMdpcsYTEQJRISwR4+RFPWswwX0TU2uEx1gPwRZDgyb9yOPEPQUwnXDeJoJT6ToM+uku4Kka0fMRdtlm34BLOvDoOPFOCakONi3cjiYxOwOd8o9Wdm1ipfOUiApvbJzRY7KCpaH657rdpM8CKEmYJUH43wC5IqOmoIC7H4DS6uTlnovTt2IGK7Pk7npGJQ1vzs3jz/fCv/pBoIImhzZmwUwVfFE7W2BeZHPy3Ka1WyujBKMqtZve3acIKLwatpXxq/Aivdae4DavlsXMPn0L3KpTB2ySwCZ1dz7olzTAF5RzalttWeYdPxIDm+QYjxOVV/YLlFO1X7OwtWyJzr9gDxChk5cKXDkIO0lgVQ3DmoCpE4T95C7x4CxKuoPP94EWiobVgA2fINmrpuaas3qSAa5YB2oOyG7qQbLvJ+YV48btZzLaIWh2tR1KK0S6fE/ZQWLQapY1cbV7oEGPDxjqDalfvhqixPbbWNQRxblczoigjEoy9437inXJvbCnb92UUTrfDqxHdJ2FekpQ5pAo8Ioq9QCH2cnaiLTcixAsjKKVGUnqYtpO5bCes2aemlPjFurl19jRg4SqOW9xm7MjGzhzjp17b+VgfrgHpYrsBNYdNL/Fc5XVqMfRHwJLyWpMzs952eM2H/mmb0hEgSiqS96eJpr4tK5A==,iv:26IsGB31zf8Ml1rb7rdMHFj+8AjIrCwo/GDtOLYZHVw=,tag:AZQ1+wiT98i1MkLrMzXnKQ==,type:str] + key: ENC[AES256_GCM,data:R35atBogRh6eeQrm7xDrKT3/4heuVsY1bNcVqyopx7YRnjML7VU56ngfH5rmdHPum0+eabDb0IfukdPtqMti6psAwwlvQdS/epAYaA+sM7HxXZ5YDuaNT3F8tg+cBcNb7UEiD2BDASWdH/ayjuQ3KkDFmGldIIAWsS9EmVAGHvqSziSDgggVuHwkcUULGjFVtfmhuYlGkKaayOhHJO305iwt5xjkQSULMxay4X9k0dJ5WEf6NJNuT2kB60K9mSVdmqMadm3Q3maU4BODQ3RxcSbjhjfjBtLK9yE9zcV5U94mP8kIDwL4kcjUVc+4qjLGcLoOrvkbvRMZWhPIj1dJp9PSdmzhuH18chT3/DMykA7fcpBM9mK1SRKmhDCVGoyz96q9+jSJzNKtsDcB0eGv5Q==,iv:3Dwawk28ccYFO4+x8P3kF7vVnuksIFiwzsAWDpX4sB4=,tag:Sl5uDFN7V+K8NU3N44o1ew==,type:str] + k8saggregator: + crt: ENC[AES256_GCM,data:s3hlp1K8dmIuyAFU2FGuovi6SUuH35ooFj/yCFtbllwzVuYT8QFwkdRqK1JF+mdrD9QfEO8ik0r0QrapJR87xvubyFt3pb3FRjCluAz/KuU4xTlCYynQ50yXqAkKWiLh7w5N3yaDVLtav8+aXq9j5asLSZJtUT2v6mjuDoH+mbnUD1Pn5kyNTDDvUIT5HPj94aj4YMR81Al7XFMlM0nhRxhOISBzu5nLQYeUDNrx1MVRIjg5pVTXLByHfFLEyfPwz7wmYv0GQ080NHnq0D4Ws3GAzkqnYxiFG7OrLbsu7GTcye2pQmaLSd8ihq/G5rCktggeTQLPWinR2gTVouqNhQWRjIVcVROtbtALGB8kuJAj3dlA26taPGfa8szYNKCOzgMY8V/RNXsbzjpORG8lLmW+C/046/IX+kQE+5s1FeZ7FUlcZOJXki0nsIQDdwYaOWlj9mkTRYxZYjaWQtcahJBZYXvrkLbVAR/aYWQq7pK+lZJc1aDk26tJhvEFc7vDQAlmhJWKfPPRITM3cBXkhu50FuXRbwyq6HmrW8Ht8ExnYDPWX70993W0mBOo/pRfExApMbQyZuRjUjaoHQ1lqAuW0rsTfXOjE/VKWO0jpJxfWzXWFLLAeVNkbl+skz0iophNhNq0vMrgVWMoR5Zat7N+PBsE6WvGsGcantk9ooYtBxNe1ogSmQqT9rygsNKFGn46NDDaUbn8N4MwLg05dfH8BeokXqax50KEGP6DeH8LyPUXgF7rindJgZ+7atLRkloABdpwkDk85uxvX3F3OS/8GKVsLl2VINpuy50F/MF7MXvCm5EVnw/B9pi1ScX3Iypgu1IG2vwaKbHxdvOtZLGYutvBI8YIgkU1GRZ78SXexUL5turG2dQVV5FBa6G5RYBAgLJRwSRAH/x73RABSLva416llwkbJc98TjhoFmTb2PfuyYMYR/ZYl2XCUpXl,iv:nGJR2zH+9v4aC936Y3yfNkVTCh6F1HZ1mNGWZ1e0Bp0=,tag:DdJP6Ytwa3ab7LXnZFXv5w==,type:str] + key: ENC[AES256_GCM,data:zSWKIdW1G5ytG7OeYpy/omYYHMvQM88DTgDjC5tXnwolH6JRHG68dNyJA/+9sOlz6Gzy7X2LLnA/+hCH3/lNfBy+H2q+9u8LsBfYIXzh1LtQC008rdygh0BnFF0wrBP6ge6bLyF61WUIGk3hLjj7bgsXOhxAyEgwN1dLIBsUR6MsRJfIlbXNZ2LCN7TgmU+NbhWUxWU2LnpsCpEWB4EJ75RaTseyDBdwGt9SZuC43GkUFUrwCWQpVusXNAtuAB9VvS9Rimtz4OuhuI30BneMyx7xH1XCzItIm+8Kt6ZPDehVKQqvsyq9wfOhUUf77raxUurmMBWz+qQDohVy3mP/4Z8CmybI1+vEXvedV3ncw9NlUQmqre56MOjPAA47shtqcvdOvgSRTDfdDcWRNdsmIg==,iv:zVrm4Rl4pR+qoE6/oESzT5gvaLH7sZPBKuYkm1pU9KM=,tag:aWq+/8orGZfrmUlH0hIf9w==,type:str] + k8sserviceaccount: + key: ENC[AES256_GCM,data:9Kxsp7UMZ+WpRiRVtwS/qWt9wuWbazM1fx8uD7JPwUP6Pf9s1/KDtMjmHaR2VvXCPAG9QfxjyGCgltlrm6ytVFpP2i9FEEhkhQjdXY2H4ySG1/TjB3oBLkOnhFFXo/SDtSAbQb6AVgsqMMw9dJykL4p6GyqLoSw4FFATnWRAKGi3bRZ7ZxkhAkFCBr99N4FmSU5THVWmHH6e3Yy3eklfegIArgm2OMBxJCb5s3FfsIRFLd86Gw6IgsgVglCo+lRhajab4nxrhxE4nwffpszfSYq2Ux/ZRujEiLZmd+Qizy4j6Zib7t3NQ2ptmgZJr/cRiWKaniNQrhBLADpEXWSMoakVg1R6hE0Zom7YH2tgof+ghkUp939TpOqUKKG1qGqKenxn+iEgsN0vFDyUL7v4Zg==,iv:a5XN2Unipx5JrfpIYMiRzm5q1Nz2iWBlK4eCaVaBsg4=,tag:VsfZfdqeIPAhFk0clqCh/g==,type:str] + os: + crt: ENC[AES256_GCM,data:47Y6SogDWQygUOmFEbhmrdR7EPL/PnGH6spsH4IyVGJWP1BVBlHipUl3nxQ4yJwhiNbTRdfwqXGv25mIq4r59evNQWlmLxqe95MGua4326djYrBotuo9zp+m65bfstfdZ2OirHs8gdnlpQgfE+m86/y5Ez4rc3W3/QmDvw2cHU5WmFgHP6gxPy8Uv+RZ/5T3p6e0321mLLw0OVTJd14FED1Aw6gnmQ63E5J2WUDwKKqSALemar+DVBwc6HMoPw06i0oB5Mpt1+kwvPNfa0UvJhaoUXK9KYHIP28+pGBqgxqt6zC40xGOBV8DEpAXKDmEQZPsSaOq4cXsWQ33xO5Oj9qxR4HxZlhfD5bmGRBgxO8RE8LcXWJ4p9ecAgitZ1HTARMurAcqy/eYO1Zn7z8bNxzNUY6FT72CE5a/ujH2xDiiS6mJB0fDzD9f58J/P2s1cLC/1h4IE5WKXmsvy6QAXs3Q1m31D3g0CSTQoo6sNAV3s0kHl0ejDwjutZ5x0MIlemrtcN8WigSxRt7jxDpVxiCvb2KcporyGcCNSFzjpGA3HToThTHQ1IE3iES5CauKUHJlerMJ2tmYgRiAf/pVEaqoovjcRnGY5ZB/QaV8svDdM4u6rg2yEV8yhQ/V80jsDRMJ937CiJJiEJJPXC+mAEQYaPx1/REaGHeLWfyH/UtxRbG/jAZT7mnBW/gQXyZwKsbYhKRi9tEMIq0ur/R3rjw9IMBXoS0o6ZpvD69BW1zAou6Ep9CAhXtVXFqrIgagBKjzYf/H4bTmVZzTIfRhUAcjzWkBj9MzoyWOhP4ogLuAraHoD1t/yui8Y08OPDVCotrWPsHhVg/+exBzs654FqYyfzmpG/xthiQ9YbYIgztjI0d4,iv:7jKIr7PMK/k0uv/B/FAxJoW3mJREeENgTSCs80K1mcs=,tag:+ilIFyLKNfE9I3TardZk3Q==,type:str] + key: ENC[AES256_GCM,data:duo8abMvBl20XmCmVGEl3E8/f9/vYt9PxW1E7zGoyRA2JR/0FOmqA7lAGer0lJMvdCJE5pNPo4ltT5Naod259ww5z7vVM/XgGY+zPY2UslrjaFxOXd2HFY2t1VEv1fhr9xFHMQ/8aS07nF9vX5tVEnWI+uqDqbvyVL2ecQSOuR0gsADL4+lpyxDoqgqR2ynDTP5CJ96bfEowH9n6O/UeMNm8KAVd3sCN0K4Y4MvpU1AZN9/s,iv:Pw2hjuTWiDhIMeqpC4D050Ykqpd7FwQxH/jkxAn2wJQ=,tag:J/m8Cvko0V4dCx2Ap9pP8g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1g786w8t40g9y29l33rfd4jqlwhrgsxsc7ped6uju60k54j0q3enql3kfve + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxdk0yeUljL0N1eCtJUlNl + RUk0Y1V3M1F2WUhFZE9NRENjNDNQdUNSUXpRCk1KbmtlaEJkZnZHS2FaUDVCMVN6 + Y3lvSWdpaG9vOVRNdUxjS2dibFNXS00KLS0tIDJ4QTE2VXQ5L2JvTTZ5cFB0blZz + d1FDb25DWWVkRmJQdDJXRzlDYjI2b1EK88JtK5D39eJ0vFrHf5ba0dEiNcBIT0w0 + WGOqOa+LUDhZ10Sa2X/z2IewH1hF+qFceEcXTRBjjmHTTUjn1fdNgQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-09-25T21:31:24Z" + mac: ENC[AES256_GCM,data:XwvzArzbdT+S2txA2Cis3mIpn/ncWEo15yGch57vNDjRlw8ZGLrjneHcbWRThmq84gSbsBh2S2tpiROvT+e+iZ62d1rF2RXusDxY/8a7UXo9ckKY1YVcxQploXmbVadw9FFbaiZkCjGTirrf6SHzPDuN8wAKpfZuVPZG3l4CA8I=,iv:bFED8pWnuLRN4oY1/HvYwFEnAZgrAOp0zETn49XNx1A=,tag:dPUKw38HclNjoLEaPid63g==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.0