diff --git a/infrastructure/cluster/flux-v2/README.md b/infrastructure/cluster/flux-v2/README.md deleted file mode 100644 index cffdd104..00000000 --- a/infrastructure/cluster/flux-v2/README.md +++ /dev/null @@ -1,15 +0,0 @@ -# Flux - -Flux was installed manually via: -`flux bootstrap github --owner=vre-hub --repository=vre --branch=main --path=infrastructure/cluster/flux-v2 --author-name flux-ops` -with version v2.0.0-rc.5. - -Flux version was set to `v2.0.0-rc.5`. Higher flux versions are incompatible with the current cluster version. To install this flux specific version run -`curl -s https://fluxcd.io/install.sh | sudo FLUX_VERSION=v2.0.0-rc.5 bash` - - - To bootstrap the repository you will need to pass a valid GitHub PAT. - - After running the above command, a new `deploy-key` will be automatically set up in the repository configuration under the username of the person that run the command. - -Manifests inside the path `infrastructure/cluster/flux-v2` will be automatically deployed to the VRE cluster. - -Refer to the [official flux docs](https://fluxcd.io/flux/) for information on how to add manifests e. g. helm charts and add kustomizations. diff --git a/infrastructure/cluster/flux-v2/flux-system/gotk-components.yaml b/infrastructure/cluster/flux-v2/flux-system/gotk-components.yaml deleted file mode 100644 index 3f2cdef5..00000000 --- a/infrastructure/cluster/flux-v2/flux-system/gotk-components.yaml +++ /dev/null @@ -1,7962 +0,0 @@ ---- -# This manifest was generated by flux. DO NOT EDIT. -# Flux Version: v2.0.0-rc.5 -# Components: source-controller,kustomize-controller,helm-controller,notification-controller -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - pod-security.kubernetes.io/warn: restricted - pod-security.kubernetes.io/warn-version: latest - name: flux-system ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - name: allow-egress - namespace: flux-system -spec: - egress: - - {} - ingress: - - from: - - podSelector: {} - podSelector: {} - policyTypes: - - Ingress - - Egress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - name: allow-scraping - namespace: flux-system -spec: - ingress: - - from: - - namespaceSelector: {} - ports: - - port: 8080 - protocol: TCP - podSelector: {} - policyTypes: - - Ingress ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - name: allow-webhooks - namespace: flux-system -spec: - ingress: - - from: - - namespaceSelector: {} - podSelector: - matchLabels: - app: notification-controller - policyTypes: - - Ingress ---- -apiVersion: v1 -kind: ResourceQuota -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - name: critical-pods-flux-system - namespace: flux-system -spec: - hard: - pods: "1000" - scopeSelector: - matchExpressions: - - operator: In - scopeName: PriorityClass - values: - - system-node-critical - - system-cluster-critical ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - name: crd-controller-flux-system -rules: -- apiGroups: - - source.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - kustomize.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - helm.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - notification.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - image.toolkit.fluxcd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - "" - resources: - - namespaces - - secrets - - configmaps - - serviceaccounts - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - get - - update - - patch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch - - delete ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - name: flux-edit-flux-system -rules: -- apiGroups: - - notification.toolkit.fluxcd.io - - source.toolkit.fluxcd.io - - helm.toolkit.fluxcd.io - - image.toolkit.fluxcd.io - - kustomize.toolkit.fluxcd.io - resources: - - '*' - verbs: - - create - - delete - - deletecollection - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" - name: flux-view-flux-system -rules: -- apiGroups: - - notification.toolkit.fluxcd.io - - source.toolkit.fluxcd.io - - helm.toolkit.fluxcd.io - - image.toolkit.fluxcd.io - - kustomize.toolkit.fluxcd.io - resources: - - '*' - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - name: cluster-reconciler-flux-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: kustomize-controller - namespace: flux-system -- kind: ServiceAccount - name: helm-controller - namespace: flux-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - name: crd-controller-flux-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: crd-controller-flux-system -subjects: -- kind: ServiceAccount - name: kustomize-controller - namespace: flux-system -- kind: ServiceAccount - name: helm-controller - namespace: flux-system -- kind: ServiceAccount - name: source-controller - namespace: flux-system -- kind: ServiceAccount - name: notification-controller - namespace: flux-system -- kind: ServiceAccount - name: image-reflector-controller - namespace: flux-system -- kind: ServiceAccount - name: image-automation-controller - namespace: flux-system ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - name: buckets.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: Bucket - listKind: BucketList - plural: buckets - singular: bucket - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.endpoint - name: Endpoint - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: Bucket is the Schema for the buckets API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BucketSpec defines the desired state of an S3 compatible - bucket - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - bucketName: - description: The bucket name. - type: string - endpoint: - description: The bucket endpoint address. - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS S3 HTTP endpoint. - type: boolean - interval: - description: The interval at which to check for bucket updates. - type: string - provider: - default: generic - description: The S3 compatible storage provider name, default ('generic'). - enum: - - generic - - aws - - gcp - type: string - region: - description: The bucket region. - type: string - secretRef: - description: The name of the secret containing authentication credentials - for the Bucket. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout for download operations, defaults to 60s. - type: string - required: - - bucketName - - endpoint - - interval - type: object - status: - default: - observedGeneration: -1 - description: BucketStatus defines the observed state of a bucket - properties: - artifact: - description: Artifact represents the output of the last successful - Bucket sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the Bucket. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the artifact output of the - last Bucket sync. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.endpoint - name: Endpoint - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: Bucket is the Schema for the buckets API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: BucketSpec specifies the required configuration to produce - an Artifact for an object storage bucket. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - bucketName: - description: BucketName is the name of the object storage bucket. - type: string - endpoint: - description: Endpoint is the object storage address the BucketName - is located at. - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS HTTP Endpoint. - type: boolean - interval: - description: Interval at which to check the Endpoint for updates. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - provider: - default: generic - description: Provider of the object storage bucket. Defaults to 'generic', - which expects an S3 (API) compatible object storage. - enum: - - generic - - aws - - gcp - - azure - type: string - region: - description: Region of the Endpoint where the BucketName is located - in. - type: string - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the Bucket. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this Bucket. - type: boolean - timeout: - default: 60s - description: Timeout for fetch operations, defaults to 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - required: - - bucketName - - endpoint - - interval - type: object - status: - default: - observedGeneration: -1 - description: BucketStatus records the observed state of a Bucket. - properties: - artifact: - description: Artifact represents the last successful Bucket reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the Bucket. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the Bucket object. - format: int64 - type: integer - observedIgnore: - description: ObservedIgnore is the observed exclusion patterns used - for constructing the source artifact. - type: string - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - name: gitrepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: GitRepository - listKind: GitRepositoryList - plural: gitrepositories - shortNames: - - gitrepo - singular: gitrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GitRepositorySpec specifies the required configuration to - produce an Artifact for a Git repository. - properties: - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - include: - description: Include specifies a list of GitRepository resources which - Artifacts should be included in the Artifact produced for this GitRepository. - items: - description: GitRepositoryInclude specifies a local reference to - a GitRepository which Artifact (sub-)contents must be included, - and where they should be placed. - properties: - fromPath: - description: FromPath specifies the path to copy contents from, - defaults to the root of the Artifact. - type: string - repository: - description: GitRepositoryRef specifies the GitRepository which - Artifact contents must be included. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: ToPath specifies the path to copy contents to, - defaults to the name of the GitRepositoryRef. - type: string - required: - - repository - type: object - type: array - interval: - description: Interval at which to check the GitRepository for updates. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - recurseSubmodules: - description: RecurseSubmodules enables the initialization of all submodules - within the GitRepository as cloned from the URL, using their default - settings. - type: boolean - ref: - description: Reference specifies the Git reference to resolve and - monitor for changes, defaults to the 'master' branch. - properties: - branch: - description: Branch to check out, defaults to 'master' if no other - field is defined. - type: string - commit: - description: "Commit SHA to check out, takes precedence over all - reference fields. \n This can be combined with Branch to shallow - clone the branch, in which the commit is expected to exist." - type: string - name: - description: "Name of the reference to check out; takes precedence - over Branch, Tag and SemVer. \n It must be a valid Git reference: - https://git-scm.com/docs/git-check-ref-format#_description Examples: - \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", - \"refs/merge-requests/1/head\"" - type: string - semver: - description: SemVer tag expression to check out, takes precedence - over Tag. - type: string - tag: - description: Tag to check out, takes precedence over Branch. - type: string - type: object - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the GitRepository. For HTTPS repositories the Secret - must contain 'username' and 'password' fields for basic auth or - 'bearerToken' field for token auth. For SSH repositories the Secret - must contain 'identity' and 'known_hosts' fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this GitRepository. - type: boolean - timeout: - default: 60s - description: Timeout for Git operations like cloning, defaults to - 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - url: - description: URL specifies the Git repository URL, it can be an HTTP/S - or SSH address. - pattern: ^(http|https|ssh)://.*$ - type: string - verify: - description: Verification specifies the configuration to verify the - Git commit signature(s). - properties: - mode: - description: Mode specifies what Git object should be verified, - currently ('head'). - enum: - - head - type: string - secretRef: - description: SecretRef specifies the Secret containing the public - keys of trusted Git authors. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - mode - - secretRef - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: GitRepositoryStatus records the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the last successful GitRepository - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - includedArtifacts: - description: IncludedArtifacts contains a list of the last successfully - included Artifacts as instructed by GitRepositorySpec.Include. - items: - description: Artifact represents the output of a Source reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of - ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI - annotations. - type: object - path: - description: Path is the relative file path of the Artifact. - It can be used to locate the file in the root of the Artifact - storage on the local file system of the controller managing - the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the GitRepository object. - format: int64 - type: integer - observedIgnore: - description: ObservedIgnore is the observed exclusion patterns used - for constructing the source artifact. - type: string - observedInclude: - description: ObservedInclude is the observed list of GitRepository - resources used to produce the current Artifact. - items: - description: GitRepositoryInclude specifies a local reference to - a GitRepository which Artifact (sub-)contents must be included, - and where they should be placed. - properties: - fromPath: - description: FromPath specifies the path to copy contents from, - defaults to the root of the Artifact. - type: string - repository: - description: GitRepositoryRef specifies the GitRepository which - Artifact contents must be included. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: ToPath specifies the path to copy contents to, - defaults to the name of the GitRepositoryRef. - type: string - required: - - repository - type: object - type: array - observedRecurseSubmodules: - description: ObservedRecurseSubmodules is the observed resource submodules - configuration used to produce the current Artifact. - type: boolean - type: object - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: v1beta1 GitRepository is deprecated, upgrade to v1 - name: v1beta1 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GitRepositorySpec defines the desired state of a Git repository. - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - gitImplementation: - default: go-git - description: Determines which git client library to use. Defaults - to go-git, valid values are ('go-git', 'libgit2'). - enum: - - go-git - - libgit2 - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - include: - description: Extra git repositories to map into the repository - items: - description: GitRepositoryInclude defines a source with a from and - to path. - properties: - fromPath: - description: The path to copy contents from, defaults to the - root directory. - type: string - repository: - description: Reference to a GitRepository to include. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: The path to copy contents to, defaults to the name - of the source ref. - type: string - required: - - repository - type: object - type: array - interval: - description: The interval at which to check for repository updates. - type: string - recurseSubmodules: - description: When enabled, after the clone is created, initializes - all submodules within, using their default settings. This option - is available only when using the 'go-git' GitImplementation. - type: boolean - ref: - description: The Git reference to checkout and monitor for changes, - defaults to master branch. - properties: - branch: - description: The Git branch to checkout, defaults to master. - type: string - commit: - description: The Git commit SHA to checkout, if specified Tag - filters will be ignored. - type: string - semver: - description: The Git tag semver expression, takes precedence over - Tag. - type: string - tag: - description: The Git tag to checkout, takes precedence over Branch. - type: string - type: object - secretRef: - description: The secret name containing the Git credentials. For HTTPS - repositories the secret must contain username and password fields. - For SSH repositories the secret must contain identity and known_hosts - fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout for remote Git operations like cloning, defaults - to 60s. - type: string - url: - description: The repository URL, can be a HTTP/S or SSH address. - pattern: ^(http|https|ssh)://.*$ - type: string - verify: - description: Verify OpenPGP signature for the Git commit HEAD points - to. - properties: - mode: - description: Mode describes what git object should be verified, - currently ('head'). - enum: - - head - type: string - secretRef: - description: The secret name containing the public keys of all - trusted Git authors. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - mode - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: GitRepositoryStatus defines the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the output of the last successful - repository sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - includedArtifacts: - description: IncludedArtifacts represents the included artifacts from - the last successful repository sync. - items: - description: Artifact represents the output of a source synchronisation. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the artifact output of the - last repository sync. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 GitRepository is deprecated, upgrade to v1 - name: v1beta2 - schema: - openAPIV3Schema: - description: GitRepository is the Schema for the gitrepositories API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: GitRepositorySpec specifies the required configuration to - produce an Artifact for a Git repository. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - gitImplementation: - default: go-git - description: 'GitImplementation specifies which Git client library - implementation to use. Defaults to ''go-git'', valid values are - (''go-git'', ''libgit2''). Deprecated: gitImplementation is deprecated - now that ''go-git'' is the only supported implementation.' - enum: - - go-git - - libgit2 - type: string - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - include: - description: Include specifies a list of GitRepository resources which - Artifacts should be included in the Artifact produced for this GitRepository. - items: - description: GitRepositoryInclude specifies a local reference to - a GitRepository which Artifact (sub-)contents must be included, - and where they should be placed. - properties: - fromPath: - description: FromPath specifies the path to copy contents from, - defaults to the root of the Artifact. - type: string - repository: - description: GitRepositoryRef specifies the GitRepository which - Artifact contents must be included. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: ToPath specifies the path to copy contents to, - defaults to the name of the GitRepositoryRef. - type: string - required: - - repository - type: object - type: array - interval: - description: Interval at which to check the GitRepository for updates. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - recurseSubmodules: - description: RecurseSubmodules enables the initialization of all submodules - within the GitRepository as cloned from the URL, using their default - settings. - type: boolean - ref: - description: Reference specifies the Git reference to resolve and - monitor for changes, defaults to the 'master' branch. - properties: - branch: - description: Branch to check out, defaults to 'master' if no other - field is defined. - type: string - commit: - description: "Commit SHA to check out, takes precedence over all - reference fields. \n This can be combined with Branch to shallow - clone the branch, in which the commit is expected to exist." - type: string - name: - description: "Name of the reference to check out; takes precedence - over Branch, Tag and SemVer. \n It must be a valid Git reference: - https://git-scm.com/docs/git-check-ref-format#_description Examples: - \"refs/heads/main\", \"refs/tags/v0.1.0\", \"refs/pull/420/head\", - \"refs/merge-requests/1/head\"" - type: string - semver: - description: SemVer tag expression to check out, takes precedence - over Tag. - type: string - tag: - description: Tag to check out, takes precedence over Branch. - type: string - type: object - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the GitRepository. For HTTPS repositories the Secret - must contain 'username' and 'password' fields for basic auth or - 'bearerToken' field for token auth. For SSH repositories the Secret - must contain 'identity' and 'known_hosts' fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this GitRepository. - type: boolean - timeout: - default: 60s - description: Timeout for Git operations like cloning, defaults to - 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - url: - description: URL specifies the Git repository URL, it can be an HTTP/S - or SSH address. - pattern: ^(http|https|ssh)://.*$ - type: string - verify: - description: Verification specifies the configuration to verify the - Git commit signature(s). - properties: - mode: - description: Mode specifies what Git object should be verified, - currently ('head'). - enum: - - head - type: string - secretRef: - description: SecretRef specifies the Secret containing the public - keys of trusted Git authors. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - mode - - secretRef - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: GitRepositoryStatus records the observed state of a Git repository. - properties: - artifact: - description: Artifact represents the last successful GitRepository - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the GitRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - contentConfigChecksum: - description: "ContentConfigChecksum is a checksum of all the configurations - related to the content of the source artifact: - .spec.ignore - - .spec.recurseSubmodules - .spec.included and the checksum of the - included artifacts observed in .status.observedGeneration version - of the object. This can be used to determine if the content of the - included repository has changed. It has the format of `:`, - for example: `sha256:`. \n Deprecated: Replaced with explicit - fields for observed artifact content config in the status." - type: string - includedArtifacts: - description: IncludedArtifacts contains a list of the last successfully - included Artifacts as instructed by GitRepositorySpec.Include. - items: - description: Artifact represents the output of a Source reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of - ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI - annotations. - type: object - path: - description: Path is the relative file path of the Artifact. - It can be used to locate the file in the root of the Artifact - storage on the local file system of the controller managing - the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the GitRepository object. - format: int64 - type: integer - observedIgnore: - description: ObservedIgnore is the observed exclusion patterns used - for constructing the source artifact. - type: string - observedInclude: - description: ObservedInclude is the observed list of GitRepository - resources used to to produce the current Artifact. - items: - description: GitRepositoryInclude specifies a local reference to - a GitRepository which Artifact (sub-)contents must be included, - and where they should be placed. - properties: - fromPath: - description: FromPath specifies the path to copy contents from, - defaults to the root of the Artifact. - type: string - repository: - description: GitRepositoryRef specifies the GitRepository which - Artifact contents must be included. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - toPath: - description: ToPath specifies the path to copy contents to, - defaults to the name of the GitRepositoryRef. - type: string - required: - - repository - type: object - type: array - observedRecurseSubmodules: - description: ObservedRecurseSubmodules is the observed resource submodules - configuration used to produce the current Artifact. - type: boolean - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise GitRepositoryStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - name: helmcharts.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmChart - listKind: HelmChartList - plural: helmcharts - shortNames: - - hc - singular: helmchart - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.chart - name: Chart - type: string - - jsonPath: .spec.version - name: Version - type: string - - jsonPath: .spec.sourceRef.kind - name: Source Kind - type: string - - jsonPath: .spec.sourceRef.name - name: Source Name - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: HelmChart is the Schema for the helmcharts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmChartSpec defines the desired state of a Helm chart. - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - chart: - description: The name or path the Helm chart is available at in the - SourceRef. - type: string - interval: - description: The interval at which to check the Source for updates. - type: string - reconcileStrategy: - default: ChartVersion - description: Determines what enables the creation of a new artifact. - Valid values are ('ChartVersion', 'Revision'). See the documentation - of the values for an explanation on their behavior. Defaults to - ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: The reference to the Source the chart is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent, valid values are ('HelmRepository', - 'GitRepository', 'Bucket'). - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - valuesFile: - description: Alternative values file to use as the default chart values, - expected to be a relative path in the SourceRef. Deprecated in favor - of ValuesFiles, for backwards compatibility the file defined here - is merged before the ValuesFiles items. Ignored when omitted. - type: string - valuesFiles: - description: Alternative list of values files to use as the chart - values (values.yaml is not included by default), expected to be - a relative path in the SourceRef. Values files are merged in the - order of this list with the last file overriding the first. Ignored - when omitted. - items: - type: string - type: array - version: - default: '*' - description: The chart version semver expression, ignored for charts - from GitRepository and Bucket sources. Defaults to latest when omitted. - type: string - required: - - chart - - interval - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: HelmChartStatus defines the observed state of the HelmChart. - properties: - artifact: - description: Artifact represents the output of the last successful - chart sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmChart. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the last chart pulled. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.chart - name: Chart - type: string - - jsonPath: .spec.version - name: Version - type: string - - jsonPath: .spec.sourceRef.kind - name: Source Kind - type: string - - jsonPath: .spec.sourceRef.name - name: Source Name - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: HelmChart is the Schema for the helmcharts API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmChartSpec specifies the desired state of a Helm chart. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - chart: - description: Chart is the name or path the Helm chart is available - at in the SourceRef. - type: string - interval: - description: Interval is the interval at which to check the Source - for updates. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - reconcileStrategy: - default: ChartVersion - description: ReconcileStrategy determines what enables the creation - of a new artifact. Valid values are ('ChartVersion', 'Revision'). - See the documentation of the values for an explanation on their - behavior. Defaults to ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: SourceRef is the reference to the Source the chart is - available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent, valid values are ('HelmRepository', - 'GitRepository', 'Bucket'). - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - required: - - kind - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this source. - type: boolean - valuesFile: - description: ValuesFile is an alternative values file to use as the - default chart values, expected to be a relative path in the SourceRef. - Deprecated in favor of ValuesFiles, for backwards compatibility - the file specified here is merged before the ValuesFiles items. - Ignored when omitted. - type: string - valuesFiles: - description: ValuesFiles is an alternative list of values files to - use as the chart values (values.yaml is not included by default), - expected to be a relative path in the SourceRef. Values files are - merged in the order of this list with the last file overriding the - first. Ignored when omitted. - items: - type: string - type: array - verify: - description: Verify contains the secret name containing the trusted - public keys used to verify the signature and specifies which provider - to use to check whether OCI image is authentic. This field is only - supported when using HelmRepository source with spec.type 'oci'. - Chart dependencies, which are not bundled in the umbrella chart - artifact, are not verified. - properties: - provider: - default: cosign - description: Provider specifies the technology used to sign the - OCI Artifact. - enum: - - cosign - type: string - secretRef: - description: SecretRef specifies the Kubernetes Secret containing - the trusted public keys. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - version: - default: '*' - description: Version is the chart version semver expression, ignored - for charts from GitRepository and Bucket sources. Defaults to latest - when omitted. - type: string - required: - - chart - - interval - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: HelmChartStatus records the observed state of the HelmChart. - properties: - artifact: - description: Artifact represents the output of the last successful - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmChart. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedChartName: - description: ObservedChartName is the last observed chart name as - specified by the resolved chart reference. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the HelmChart object. - format: int64 - type: integer - observedSourceArtifactRevision: - description: ObservedSourceArtifactRevision is the last observed Artifact.Revision - of the HelmChartSpec.SourceRef. - type: string - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise BucketStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - name: helmrepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: HelmRepository - listKind: HelmRepositoryList - plural: helmrepositories - shortNames: - - helmrepo - singular: helmrepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: HelmRepository is the Schema for the helmrepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmRepositorySpec defines the reference to a Helm repository. - properties: - accessFrom: - description: AccessFrom defines an Access Control List for allowing - cross-namespace references to this object. - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - interval: - description: The interval at which to check the upstream for updates. - type: string - passCredentials: - description: PassCredentials allows the credentials from the SecretRef - to be passed on to a host that does not match the host as defined - in URL. This may be required if the host of the advertised chart - URLs in the index differ from the defined URL. Enabling this should - be done with caution, as it can potentially result in credentials - getting stolen in a MITM-attack. - type: boolean - secretRef: - description: The name of the secret containing authentication credentials - for the Helm repository. For HTTP/S basic auth the secret must contain - username and password fields. For TLS the secret must contain a - certFile and keyFile, and/or caFile fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout of index downloading, defaults to 60s. - type: string - url: - description: The Helm repository URL, a valid URL contains at least - a protocol and host. - type: string - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: HelmRepositoryStatus defines the observed state of the HelmRepository. - properties: - artifact: - description: Artifact represents the output of the last successful - repository sync. - properties: - checksum: - description: Checksum is the SHA256 checksum of the artifact. - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of this artifact. - format: date-time - type: string - path: - description: Path is the relative file path of this artifact. - type: string - revision: - description: Revision is a human readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm index timestamp, a Helm chart version, etc. - type: string - url: - description: URL is the HTTP address of this artifact. - type: string - required: - - path - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: URL is the download link for the last index fetched. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: HelmRepository is the Schema for the helmrepositories API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmRepositorySpec specifies the required configuration to - produce an Artifact for a Helm repository index YAML. - properties: - accessFrom: - description: 'AccessFrom specifies an Access Control List for allowing - cross-namespace references to this object. NOTE: Not implemented, - provisional as of https://github.com/fluxcd/flux2/pull/2092' - properties: - namespaceSelectors: - description: NamespaceSelectors is the list of namespace selectors - to which this ACL applies. Items in this list are evaluated - using a logical OR operation. - items: - description: NamespaceSelector selects the namespaces to which - this ACL applies. An empty map of MatchLabels matches all - namespaces in a cluster. - properties: - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - type: array - required: - - namespaceSelectors - type: object - interval: - description: Interval at which to check the URL for updates. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - passCredentials: - description: PassCredentials allows the credentials from the SecretRef - to be passed on to a host that does not match the host as defined - in URL. This may be required if the host of the advertised chart - URLs in the index differ from the defined URL. Enabling this should - be done with caution, as it can potentially result in credentials - getting stolen in a MITM-attack. - type: boolean - provider: - default: generic - description: Provider used for authentication, can be 'aws', 'azure', - 'gcp' or 'generic'. This field is optional, and only taken into - account if the .spec.type field is set to 'oci'. When not specified, - defaults to 'generic'. - enum: - - generic - - aws - - azure - - gcp - type: string - secretRef: - description: SecretRef specifies the Secret containing authentication - credentials for the HelmRepository. For HTTP/S basic auth the secret - must contain 'username' and 'password' fields. For TLS the secret - must contain a 'certFile' and 'keyFile', and/or 'caFile' fields. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend the reconciliation - of this HelmRepository. - type: boolean - timeout: - default: 60s - description: Timeout is used for the index fetch operation for an - HTTPS helm repository, and for remote OCI Repository operations - like pulling for an OCI helm repository. Its default value is 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: - description: Type of the HelmRepository. When this field is set to "oci", - the URL field value must be prefixed with "oci://". - enum: - - default - - oci - type: string - url: - description: URL of the Helm repository, a valid URL contains at least - a protocol and host. - type: string - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: HelmRepositoryStatus records the observed state of the HelmRepository. - properties: - artifact: - description: Artifact represents the last successful HelmRepository - reconciliation. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the HelmRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the HelmRepository object. - format: int64 - type: integer - url: - description: URL is the dynamic fetch link for the latest Artifact. - It is provided on a "best effort" basis, and using the precise HelmRepositoryStatus.Artifact - data is recommended. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - name: ocirepositories.source.toolkit.fluxcd.io -spec: - group: source.toolkit.fluxcd.io - names: - kind: OCIRepository - listKind: OCIRepositoryList - plural: ocirepositories - shortNames: - - ocirepo - singular: ocirepository - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .spec.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta2 - schema: - openAPIV3Schema: - description: OCIRepository is the Schema for the ocirepositories API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OCIRepositorySpec defines the desired state of OCIRepository - properties: - certSecretRef: - description: "CertSecretRef can be given the name of a secret containing - either or both of \n - a PEM-encoded client certificate (`certFile`) - and private key (`keyFile`); - a PEM-encoded CA certificate (`caFile`) - \n and whichever are supplied, will be used for connecting to the - registry. The client cert and key are useful if you are authenticating - with a certificate; the CA cert is useful if you are using a self-signed - server certificate." - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - ignore: - description: Ignore overrides the set of excluded patterns in the - .sourceignore format (which is the same as .gitignore). If not provided, - a default will be used, consult the documentation for your version - to find out what those are. - type: string - insecure: - description: Insecure allows connecting to a non-TLS HTTP container - registry. - type: boolean - interval: - description: The interval at which to check for image updates. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - layerSelector: - description: LayerSelector specifies which layer should be extracted - from the OCI artifact. When not specified, the first layer found - in the artifact is selected. - properties: - mediaType: - description: MediaType specifies the OCI media type of the layer - which should be extracted from the OCI Artifact. The first layer - matching this type is selected. - type: string - operation: - description: Operation specifies how the selected layer should - be processed. By default, the layer compressed content is extracted - to storage. When the operation is set to 'copy', the layer compressed - content is persisted to storage as it is. - enum: - - extract - - copy - type: string - type: object - provider: - default: generic - description: The provider used for authentication, can be 'aws', 'azure', - 'gcp' or 'generic'. When not specified, defaults to 'generic'. - enum: - - generic - - aws - - azure - - gcp - type: string - ref: - description: The OCI reference to pull and monitor for changes, defaults - to the latest tag. - properties: - digest: - description: Digest is the image digest to pull, takes precedence - over SemVer. The value should be in the format 'sha256:'. - type: string - semver: - description: SemVer is the range of tags to pull selecting the - latest within the range, takes precedence over Tag. - type: string - tag: - description: Tag is the image tag to pull, defaults to latest. - type: string - type: object - secretRef: - description: SecretRef contains the secret name containing the registry - login credentials to resolve image metadata. The secret must be - of type kubernetes.io/dockerconfigjson. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - serviceAccountName: - description: 'ServiceAccountName is the name of the Kubernetes ServiceAccount - used to authenticate the image pull if the service account has attached - pull secrets. For more information: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#add-imagepullsecrets-to-a-service-account' - type: string - suspend: - description: This flag tells the controller to suspend the reconciliation - of this source. - type: boolean - timeout: - default: 60s - description: The timeout for remote OCI Repository operations like - pulling, defaults to 60s. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - url: - description: URL is a reference to an OCI artifact repository hosted - on a remote container registry. - pattern: ^oci://.*$ - type: string - verify: - description: Verify contains the secret name containing the trusted - public keys used to verify the signature and specifies which provider - to use to check whether OCI image is authentic. - properties: - provider: - default: cosign - description: Provider specifies the technology used to sign the - OCI Artifact. - enum: - - cosign - type: string - secretRef: - description: SecretRef specifies the Kubernetes Secret containing - the trusted public keys. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - required: - - interval - - url - type: object - status: - default: - observedGeneration: -1 - description: OCIRepositoryStatus defines the observed state of OCIRepository - properties: - artifact: - description: Artifact represents the output of the last successful - OCI Repository sync. - properties: - digest: - description: Digest is the digest of the file in the form of ':'. - pattern: ^[a-z0-9]+(?:[.+_-][a-z0-9]+)*:[a-zA-Z0-9=_-]+$ - type: string - lastUpdateTime: - description: LastUpdateTime is the timestamp corresponding to - the last update of the Artifact. - format: date-time - type: string - metadata: - additionalProperties: - type: string - description: Metadata holds upstream information such as OCI annotations. - type: object - path: - description: Path is the relative file path of the Artifact. It - can be used to locate the file in the root of the Artifact storage - on the local file system of the controller managing the Source. - type: string - revision: - description: Revision is a human-readable identifier traceable - in the origin source system. It can be a Git commit SHA, Git - tag, a Helm chart version, etc. - type: string - size: - description: Size is the number of bytes in the file. - format: int64 - type: integer - url: - description: URL is the HTTP address of the Artifact as exposed - by the controller managing the Source. It can be used to retrieve - the Artifact for consumption, e.g. by another controller applying - the Artifact contents. - type: string - required: - - lastUpdateTime - - path - - revision - - url - type: object - conditions: - description: Conditions holds the conditions for the OCIRepository. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - contentConfigChecksum: - description: "ContentConfigChecksum is a checksum of all the configurations - related to the content of the source artifact: - .spec.ignore - - .spec.layerSelector observed in .status.observedGeneration version - of the object. This can be used to determine if the content configuration - has changed and the artifact needs to be rebuilt. It has the format - of `:`, for example: `sha256:`. \n Deprecated: - Replaced with explicit fields for observed artifact content config - in the status." - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - observedIgnore: - description: ObservedIgnore is the observed exclusion patterns used - for constructing the source artifact. - type: string - observedLayerSelector: - description: ObservedLayerSelector is the observed layer selector - used for constructing the source artifact. - properties: - mediaType: - description: MediaType specifies the OCI media type of the layer - which should be extracted from the OCI Artifact. The first layer - matching this type is selected. - type: string - operation: - description: Operation specifies how the selected layer should - be processed. By default, the layer compressed content is extracted - to storage. When the operation is set to 'copy', the layer compressed - content is persisted to storage as it is. - enum: - - extract - - copy - type: string - type: object - url: - description: URL is the download link for the artifact output of the - last OCI Repository sync. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - name: source-controller - namespace: flux-system ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - control-plane: controller - name: source-controller - namespace: flux-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - selector: - app: source-controller - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: source-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - control-plane: controller - name: source-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: source-controller - strategy: - type: Recreate - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: source-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - - --storage-path=/data - - --storage-adv-addr=source-controller.$(RUNTIME_NAMESPACE).svc.cluster.local. - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: TUF_ROOT - value: /tmp/.sigstore - image: ghcr.io/fluxcd/source-controller:v1.0.0-rc.5 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9090 - name: http - protocol: TCP - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: / - port: http - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 50m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /data - name: data - - mountPath: /tmp - name: tmp - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 1337 - serviceAccountName: source-controller - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: data - - emptyDir: {} - name: tmp ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: kustomize-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - name: kustomizations.kustomize.toolkit.fluxcd.io -spec: - group: kustomize.toolkit.fluxcd.io - names: - kind: Kustomization - listKind: KustomizationList - plural: kustomizations - shortNames: - - ks - singular: kustomization - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: Kustomization is the Schema for the kustomizations API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KustomizationSpec defines the configuration to calculate - the desired state from a Source using Kustomize. - properties: - commonMetadata: - description: CommonMetadata specifies the common labels and annotations - that are applied to all resources. Any existing label or annotation - will be overridden if its key matches a common one. - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added to the object's metadata. - type: object - labels: - additionalProperties: - type: string - description: Labels to be added to the object's metadata. - type: object - type: object - components: - description: Components specifies relative paths to specifications - of other Components. - items: - type: string - type: array - decryption: - description: Decrypt Kubernetes secrets before applying them on the - cluster. - properties: - provider: - description: Provider is the name of the decryption engine. - enum: - - sops - type: string - secretRef: - description: The secret name containing the private OpenPGP keys - used for decryption. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to Kustomization resources that must be ready - before this Kustomization can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - force: - default: false - description: Force instructs the controller to recreate resources - when patching fails due to an immutable field change. - type: boolean - healthChecks: - description: A list of resources to be included in the health assessment. - items: - description: NamespacedObjectKindReference contains enough information - to locate the typed referenced Kubernetes resource object in any - namespace. - properties: - apiVersion: - description: API version of the referent, if not specified the - Kubernetes preferred version will be used. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - kind - - name - type: object - type: array - images: - description: Images is a list of (image name, new name, new tag or - digest) for changing image names, tags or digests. This can also - be achieved with a patch, but this operator is simpler to specify. - items: - description: Image contains an image name, a new name, a new tag - or digest, which will replace the original name and tag. - properties: - digest: - description: Digest is the value used to replace the original - image tag. If digest is present NewTag value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the original - name. - type: string - newTag: - description: NewTag is the value used to replace the original - tag. - type: string - required: - - name - type: object - type: array - interval: - description: The interval at which to reconcile the Kustomization. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - kubeConfig: - description: The KubeConfig for reconciling the Kustomization on a - remote cluster. When used in combination with KustomizationSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at - the target cluster. If the --default-service-account flag is set, - its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName - is empty. - properties: - secretRef: - description: SecretRef holds the name of a secret that contains - a key with the kubeconfig file as the value. If no key is set, - the key will default to 'value'. It is recommended that the - kubeconfig is self-contained, and the secret is regularly updated - if credentials such as a cloud-access-token expire. Cloud specific - `cmd-path` auth helpers will not function without adding binaries - and credentials to the Pod that is responsible for reconciling - Kubernetes resources. - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - required: - - secretRef - type: object - patches: - description: Strategic merge and JSON patches, defined as inline YAML - objects, capable of targeting objects based on kind, label and annotation - selectors. - items: - description: Patch contains an inline StrategicMerge or JSON6902 - patch, and the target the patch should be applied to. - properties: - patch: - description: Patch contains an inline StrategicMerge patch or - an inline JSON6902 patch with an array of operation objects. - type: string - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - type: object - type: array - path: - description: Path to the directory containing the kustomization.yaml - file, or the set of plain YAMLs a kustomization.yaml should be generated - for. Defaults to 'None', which translates to the root path of the - SourceRef. - type: string - postBuild: - description: PostBuild describes which actions to perform on the YAML - manifest generated by building the kustomize overlay. - properties: - substitute: - additionalProperties: - type: string - description: Substitute holds a map of key/value pairs. The variables - defined in your YAML manifests that match any of the keys defined - in the map will be substituted with the set value. Includes - support for bash string replacement functions e.g. ${var:=default}, - ${var:position} and ${var/substring/replacement}. - type: object - substituteFrom: - description: SubstituteFrom holds references to ConfigMaps and - Secrets containing the variables and their values to be substituted - in the YAML manifests. The ConfigMap and the Secret data keys - represent the var names, and they must match the vars declared - in the manifests for the substitution to happen. - items: - description: SubstituteReference contains a reference to a resource - containing the variables name and value. - properties: - kind: - description: Kind of the values referent, valid values are - ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside - in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - default: false - description: Optional indicates whether the referenced resource - must exist, or whether to tolerate its absence. If true - and the referenced resource is absent, proceed as if the - resource was present but empty, without any variables - defined. - type: boolean - required: - - kind - - name - type: object - type: array - type: object - prune: - description: Prune enables garbage collection. - type: boolean - retryInterval: - description: The interval at which to retry a previously failed reconciliation. - When not specified, the controller uses the KustomizationSpec.Interval - value to retry failures. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this Kustomization. - type: string - sourceRef: - description: Reference of the source where the kustomization file - is. - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - OCIRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, defaults to the namespace - of the Kubernetes resource object that contains the reference. - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - kustomize executions, it does not apply to already started executions. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace sets or overrides the namespace in the - kustomization.yaml file. - maxLength: 63 - minLength: 1 - type: string - timeout: - description: Timeout for validation, apply and health checking operations. - Defaults to 'Interval' duration. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - wait: - description: Wait instructs the controller to check the health of - all the reconciled resources. When enabled, the HealthChecks are - ignored. Defaults to false. - type: boolean - required: - - interval - - prune - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: KustomizationStatus defines the observed state of a kustomization. - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - inventory: - description: Inventory contains the list of Kubernetes resource object - references that have been successfully applied. - properties: - entries: - description: Entries of Kubernetes resource object references. - items: - description: ResourceRef contains the information necessary - to locate a resource within a cluster. - properties: - id: - description: ID is the string representation of the Kubernetes - resource object's metadata, in the format '___'. - type: string - v: - description: Version is the API version of the Kubernetes - resource object's kind. - type: string - required: - - id - - v - type: object - type: array - required: - - entries - type: object - lastAppliedRevision: - description: The last successfully applied revision. Equals the Revision - of the applied Artifact from the referenced Source. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - deprecated: true - deprecationWarning: v1beta1 Kustomization is deprecated, upgrade to v1 - name: v1beta1 - schema: - openAPIV3Schema: - description: Kustomization is the Schema for the kustomizations API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KustomizationSpec defines the desired state of a kustomization. - properties: - decryption: - description: Decrypt Kubernetes secrets before applying them on the - cluster. - properties: - provider: - description: Provider is the name of the decryption engine. - enum: - - sops - type: string - secretRef: - description: The secret name containing the private OpenPGP keys - used for decryption. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to Kustomization resources that must be ready - before this Kustomization can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - force: - default: false - description: Force instructs the controller to recreate resources - when patching fails due to an immutable field change. - type: boolean - healthChecks: - description: A list of resources to be included in the health assessment. - items: - description: NamespacedObjectKindReference contains enough information - to locate the typed referenced Kubernetes resource object in any - namespace. - properties: - apiVersion: - description: API version of the referent, if not specified the - Kubernetes preferred version will be used. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - kind - - name - type: object - type: array - images: - description: Images is a list of (image name, new name, new tag or - digest) for changing image names, tags or digests. This can also - be achieved with a patch, but this operator is simpler to specify. - items: - description: Image contains an image name, a new name, a new tag - or digest, which will replace the original name and tag. - properties: - digest: - description: Digest is the value used to replace the original - image tag. If digest is present NewTag value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the original - name. - type: string - newTag: - description: NewTag is the value used to replace the original - tag. - type: string - required: - - name - type: object - type: array - interval: - description: The interval at which to reconcile the Kustomization. - type: string - kubeConfig: - description: The KubeConfig for reconciling the Kustomization on a - remote cluster. When specified, KubeConfig takes precedence over - ServiceAccountName. - properties: - secretRef: - description: SecretRef holds the name to a secret that contains - a 'value' key with the kubeconfig file as the value. It must - be in the same namespace as the Kustomization. It is recommended - that the kubeconfig is self-contained, and the secret is regularly - updated if credentials such as a cloud-access-token expire. - Cloud specific `cmd-path` auth helpers will not function without - adding binaries and credentials to the Pod that is responsible - for reconciling the Kustomization. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - type: object - patches: - description: Strategic merge and JSON patches, defined as inline YAML - objects, capable of targeting objects based on kind, label and annotation - selectors. - items: - description: Patch contains an inline StrategicMerge or JSON6902 - patch, and the target the patch should be applied to. - properties: - patch: - description: Patch contains an inline StrategicMerge patch or - an inline JSON6902 patch with an array of operation objects. - type: string - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - type: object - type: array - patchesJson6902: - description: JSON 6902 patches, defined as inline YAML objects. - items: - description: JSON6902Patch contains a JSON6902 patch and the target - the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document with - an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value that references - a location within the target document where the operation - is performed. The meaning of the value depends on the - value of Op, and is NOT taken into account by all operations. - type: string - op: - description: Op indicates the operation to perform. Its - value MUST be one of "add", "remove", "replace", "move", - "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer value that - references a location within the target document where - the operation is performed. The meaning of the value - depends on the value of Op. - type: string - value: - description: Value contains a valid JSON structure. The - meaning of the value depends on the value of Op, and - is NOT taken into account by all operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: Strategic merge patches, defined as inline YAML objects. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - path: - description: Path to the directory containing the kustomization.yaml - file, or the set of plain YAMLs a kustomization.yaml should be generated - for. Defaults to 'None', which translates to the root path of the - SourceRef. - type: string - postBuild: - description: PostBuild describes which actions to perform on the YAML - manifest generated by building the kustomize overlay. - properties: - substitute: - additionalProperties: - type: string - description: Substitute holds a map of key/value pairs. The variables - defined in your YAML manifests that match any of the keys defined - in the map will be substituted with the set value. Includes - support for bash string replacement functions e.g. ${var:=default}, - ${var:position} and ${var/substring/replacement}. - type: object - substituteFrom: - description: SubstituteFrom holds references to ConfigMaps and - Secrets containing the variables and their values to be substituted - in the YAML manifests. The ConfigMap and the Secret data keys - represent the var names and they must match the vars declared - in the manifests for the substitution to happen. - items: - description: SubstituteReference contains a reference to a resource - containing the variables name and value. - properties: - kind: - description: Kind of the values referent, valid values are - ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside - in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - type: object - prune: - description: Prune enables garbage collection. - type: boolean - retryInterval: - description: The interval at which to retry a previously failed reconciliation. - When not specified, the controller uses the KustomizationSpec.Interval - value to retry failures. - type: string - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this Kustomization. - type: string - sourceRef: - description: Reference of the source where the kustomization file - is. - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - GitRepository - - Bucket - type: string - name: - description: Name of the referent - type: string - namespace: - description: Namespace of the referent, defaults to the Kustomization - namespace - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - kustomize executions, it does not apply to already started executions. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace sets or overrides the namespace in the - kustomization.yaml file. - maxLength: 63 - minLength: 1 - type: string - timeout: - description: Timeout for validation, apply and health checking operations. - Defaults to 'Interval' duration. - type: string - validation: - description: Validate the Kubernetes objects before applying them - on the cluster. The validation strategy can be 'client' (local dry-run), - 'server' (APIServer dry-run) or 'none'. When 'Force' is 'true', - validation will fallback to 'client' if set to 'server' because - server-side validation is not supported in this scenario. - enum: - - none - - client - - server - type: string - required: - - interval - - prune - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: KustomizationStatus defines the observed state of a kustomization. - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastAppliedRevision: - description: The last successfully applied revision. The revision - format for Git sources is /. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - snapshot: - description: The last successfully applied revision metadata. - properties: - checksum: - description: The manifests sha1 checksum. - type: string - entries: - description: A list of Kubernetes kinds grouped by namespace. - items: - description: Snapshot holds the metadata of namespaced Kubernetes - objects - properties: - kinds: - additionalProperties: - type: string - description: The list of Kubernetes kinds. - type: object - namespace: - description: The namespace of this entry. - type: string - required: - - kinds - type: object - type: array - required: - - checksum - - entries - type: object - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 Kustomization is deprecated, upgrade to v1 - name: v1beta2 - schema: - openAPIV3Schema: - description: Kustomization is the Schema for the kustomizations API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KustomizationSpec defines the configuration to calculate - the desired state from a Source using Kustomize. - properties: - commonMetadata: - description: CommonMetadata specifies the common labels and annotations - that are applied to all resources. Any existing label or annotation - will be overridden if its key matches a common one. - properties: - annotations: - additionalProperties: - type: string - description: Annotations to be added to the object's metadata. - type: object - labels: - additionalProperties: - type: string - description: Labels to be added to the object's metadata. - type: object - type: object - components: - description: Components specifies relative paths to specifications - of other Components. - items: - type: string - type: array - decryption: - description: Decrypt Kubernetes secrets before applying them on the - cluster. - properties: - provider: - description: Provider is the name of the decryption engine. - enum: - - sops - type: string - secretRef: - description: The secret name containing the private OpenPGP keys - used for decryption. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to Kustomization resources that must be ready - before this Kustomization can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - force: - default: false - description: Force instructs the controller to recreate resources - when patching fails due to an immutable field change. - type: boolean - healthChecks: - description: A list of resources to be included in the health assessment. - items: - description: NamespacedObjectKindReference contains enough information - to locate the typed referenced Kubernetes resource object in any - namespace. - properties: - apiVersion: - description: API version of the referent, if not specified the - Kubernetes preferred version will be used. - type: string - kind: - description: Kind of the referent. - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - kind - - name - type: object - type: array - images: - description: Images is a list of (image name, new name, new tag or - digest) for changing image names, tags or digests. This can also - be achieved with a patch, but this operator is simpler to specify. - items: - description: Image contains an image name, a new name, a new tag - or digest, which will replace the original name and tag. - properties: - digest: - description: Digest is the value used to replace the original - image tag. If digest is present NewTag value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace the original - name. - type: string - newTag: - description: NewTag is the value used to replace the original - tag. - type: string - required: - - name - type: object - type: array - interval: - description: The interval at which to reconcile the Kustomization. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - kubeConfig: - description: The KubeConfig for reconciling the Kustomization on a - remote cluster. When used in combination with KustomizationSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at - the target cluster. If the --default-service-account flag is set, - its value will be used as a controller level fallback for when KustomizationSpec.ServiceAccountName - is empty. - properties: - secretRef: - description: SecretRef holds the name of a secret that contains - a key with the kubeconfig file as the value. If no key is set, - the key will default to 'value'. It is recommended that the - kubeconfig is self-contained, and the secret is regularly updated - if credentials such as a cloud-access-token expire. Cloud specific - `cmd-path` auth helpers will not function without adding binaries - and credentials to the Pod that is responsible for reconciling - Kubernetes resources. - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - required: - - secretRef - type: object - patches: - description: Strategic merge and JSON patches, defined as inline YAML - objects, capable of targeting objects based on kind, label and annotation - selectors. - items: - description: Patch contains an inline StrategicMerge or JSON6902 - patch, and the target the patch should be applied to. - properties: - patch: - description: Patch contains an inline StrategicMerge patch or - an inline JSON6902 patch with an array of operation objects. - type: string - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - type: object - type: array - patchesJson6902: - description: 'JSON 6902 patches, defined as inline YAML objects. Deprecated: - Use Patches instead.' - items: - description: JSON6902Patch contains a JSON6902 patch and the target - the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document with - an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value that references - a location within the target document where the operation - is performed. The meaning of the value depends on the - value of Op, and is NOT taken into account by all operations. - type: string - op: - description: Op indicates the operation to perform. Its - value MUST be one of "add", "remove", "replace", "move", - "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer value that - references a location within the target document where - the operation is performed. The meaning of the value - depends on the value of Op. - type: string - value: - description: Value contains a valid JSON structure. The - meaning of the value depends on the value of Op, and - is NOT taken into account by all operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the patch document - should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select resources - from. Together with Version and Kind it is capable of - unambiguously identifying and/or selecting resources. - https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources from. - Together with Group and Version it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows the - label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select resources - from. Together with Group and Kind it is capable of unambiguously - identifying and/or selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: 'Strategic merge patches, defined as inline YAML objects. - Deprecated: Use Patches instead.' - items: - x-kubernetes-preserve-unknown-fields: true - type: array - path: - description: Path to the directory containing the kustomization.yaml - file, or the set of plain YAMLs a kustomization.yaml should be generated - for. Defaults to 'None', which translates to the root path of the - SourceRef. - type: string - postBuild: - description: PostBuild describes which actions to perform on the YAML - manifest generated by building the kustomize overlay. - properties: - substitute: - additionalProperties: - type: string - description: Substitute holds a map of key/value pairs. The variables - defined in your YAML manifests that match any of the keys defined - in the map will be substituted with the set value. Includes - support for bash string replacement functions e.g. ${var:=default}, - ${var:position} and ${var/substring/replacement}. - type: object - substituteFrom: - description: SubstituteFrom holds references to ConfigMaps and - Secrets containing the variables and their values to be substituted - in the YAML manifests. The ConfigMap and the Secret data keys - represent the var names and they must match the vars declared - in the manifests for the substitution to happen. - items: - description: SubstituteReference contains a reference to a resource - containing the variables name and value. - properties: - kind: - description: Kind of the values referent, valid values are - ('Secret', 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside - in the same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - default: false - description: Optional indicates whether the referenced resource - must exist, or whether to tolerate its absence. If true - and the referenced resource is absent, proceed as if the - resource was present but empty, without any variables - defined. - type: boolean - required: - - kind - - name - type: object - type: array - type: object - prune: - description: Prune enables garbage collection. - type: boolean - retryInterval: - description: The interval at which to retry a previously failed reconciliation. - When not specified, the controller uses the KustomizationSpec.Interval - value to retry failures. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this Kustomization. - type: string - sourceRef: - description: Reference of the source where the kustomization file - is. - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - OCIRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, defaults to the namespace - of the Kubernetes resource object that contains the reference. - type: string - required: - - kind - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - kustomize executions, it does not apply to already started executions. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace sets or overrides the namespace in the - kustomization.yaml file. - maxLength: 63 - minLength: 1 - type: string - timeout: - description: Timeout for validation, apply and health checking operations. - Defaults to 'Interval' duration. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - validation: - description: 'Deprecated: Not used in v1beta2.' - enum: - - none - - client - - server - type: string - wait: - description: Wait instructs the controller to check the health of - all the reconciled resources. When enabled, the HealthChecks are - ignored. Defaults to false. - type: boolean - required: - - interval - - prune - - sourceRef - type: object - status: - default: - observedGeneration: -1 - description: KustomizationStatus defines the observed state of a kustomization. - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - inventory: - description: Inventory contains the list of Kubernetes resource object - references that have been successfully applied. - properties: - entries: - description: Entries of Kubernetes resource object references. - items: - description: ResourceRef contains the information necessary - to locate a resource within a cluster. - properties: - id: - description: ID is the string representation of the Kubernetes - resource object's metadata, in the format '___'. - type: string - v: - description: Version is the API version of the Kubernetes - resource object's kind. - type: string - required: - - id - - v - type: object - type: array - required: - - entries - type: object - lastAppliedRevision: - description: The last successfully applied revision. Equals the Revision - of the applied Artifact from the referenced Source. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: kustomize-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - name: kustomize-controller - namespace: flux-system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: kustomize-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - control-plane: controller - name: kustomize-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: kustomize-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: kustomize-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/kustomize-controller:v1.0.0-rc.4 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 1337 - serviceAccountName: kustomize-controller - terminationGracePeriodSeconds: 60 - volumes: - - emptyDir: {} - name: temp ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: helm-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - name: helmreleases.helm.toolkit.fluxcd.io -spec: - group: helm.toolkit.fluxcd.io - names: - kind: HelmRelease - listKind: HelmReleaseList - plural: helmreleases - shortNames: - - hr - singular: helmrelease - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v2beta1 - schema: - openAPIV3Schema: - description: HelmRelease is the Schema for the helmreleases API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: HelmReleaseSpec defines the desired state of a Helm release. - properties: - chart: - description: Chart defines the template of the v1beta2.HelmChart that - should be created for this HelmRelease. - properties: - metadata: - description: ObjectMeta holds the template for metadata like labels - and annotations. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/' - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used - to organize and categorize (scope and select) objects. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/' - type: object - type: object - spec: - description: Spec holds the template for the v1beta2.HelmChartSpec - for this HelmRelease. - properties: - chart: - description: The name or path the Helm chart is available - at in the SourceRef. - type: string - interval: - description: Interval at which to check the v1beta2.Source - for updates. Defaults to 'HelmReleaseSpec.Interval'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - reconcileStrategy: - default: ChartVersion - description: Determines what enables the creation of a new - artifact. Valid values are ('ChartVersion', 'Revision'). - See the documentation of the values for an explanation on - their behavior. Defaults to ChartVersion when omitted. - enum: - - ChartVersion - - Revision - type: string - sourceRef: - description: The name and namespace of the v1beta2.Source - the chart is available at. - properties: - apiVersion: - description: APIVersion of the referent. - type: string - kind: - description: Kind of the referent. - enum: - - HelmRepository - - GitRepository - - Bucket - type: string - name: - description: Name of the referent. - maxLength: 253 - minLength: 1 - type: string - namespace: - description: Namespace of the referent. - maxLength: 63 - minLength: 1 - type: string - required: - - name - type: object - valuesFile: - description: Alternative values file to use as the default - chart values, expected to be a relative path in the SourceRef. - Deprecated in favor of ValuesFiles, for backwards compatibility - the file defined here is merged before the ValuesFiles items. - Ignored when omitted. - type: string - valuesFiles: - description: Alternative list of values files to use as the - chart values (values.yaml is not included by default), expected - to be a relative path in the SourceRef. Values files are - merged in the order of this list with the last file overriding - the first. Ignored when omitted. - items: - type: string - type: array - verify: - description: Verify contains the secret name containing the - trusted public keys used to verify the signature and specifies - which provider to use to check whether OCI image is authentic. - This field is only supported for OCI sources. Chart dependencies, - which are not bundled in the umbrella chart artifact, are - not verified. - properties: - provider: - default: cosign - description: Provider specifies the technology used to - sign the OCI Helm chart. - enum: - - cosign - type: string - secretRef: - description: SecretRef specifies the Kubernetes Secret - containing the trusted public keys. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - required: - - provider - type: object - version: - default: '*' - description: Version semver expression, ignored for charts - from v1beta2.GitRepository and v1beta2.Bucket sources. Defaults - to latest when omitted. - type: string - required: - - chart - - sourceRef - type: object - required: - - spec - type: object - dependsOn: - description: DependsOn may contain a meta.NamespacedObjectReference - slice with references to HelmRelease resources that must be ready - before this HelmRelease can be reconciled. - items: - description: NamespacedObjectReference contains enough information - to locate the referenced Kubernetes resource object in any namespace. - properties: - name: - description: Name of the referent. - type: string - namespace: - description: Namespace of the referent, when not specified it - acts as LocalObjectReference. - type: string - required: - - name - type: object - type: array - install: - description: Install holds the configuration for Helm install actions - for this HelmRelease. - properties: - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory - according to the CRD upgrade policy provided here. Valid values - are `Skip`, `Create` or `CreateReplace`. Default is `Create` - and if omitted CRDs are installed but not updated. \n Skip: - do neither install nor replace (update) any CRDs. \n Create: - new CRDs are created, existing CRDs are neither updated nor - deleted. \n CreateReplace: new CRDs are created, existing CRDs - are updated (replaced) but not deleted. \n By default, CRDs - are applied (installed) during Helm install action. With this - option users can opt-in to CRD replace existing CRDs on Helm - install actions, which is not (yet) natively supported by Helm. - https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - createNamespace: - description: CreateNamespace tells the Helm install action to - create the HelmReleaseSpec.TargetNamespace if it does not exist - yet. On uninstall, the namespace will not be garbage collected. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm install action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm install - action from validating rendered templates against the Kubernetes - OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm install has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm install has been performed. - type: boolean - remediation: - description: Remediation holds the remediation configuration for - when the Helm install action for the HelmRelease fails. The - default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip - remediation when the Helm tests are run after an install - action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to - remediate the last failure, when no retries remain. Defaults - to 'false'. - type: boolean - retries: - description: Retries is the number of retries that should - be attempted on failures before bailing. Remediation, using - an uninstall, is performed between each attempt. Defaults - to '0', a negative integer equals to unlimited retries. - type: integer - type: object - replace: - description: Replace tells the Helm install action to re-use the - 'ReleaseName', but only if that name is a deleted release which - remains in the history. - type: boolean - skipCRDs: - description: "SkipCRDs tells the Helm install action to not install - any CRDs. By default, CRDs are installed if not already present. - \n Deprecated use CRD policy (`crds`) attribute with value `Skip` - instead." - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm install action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - interval: - description: Interval at which to reconcile the Helm release. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - kubeConfig: - description: KubeConfig for reconciling the HelmRelease on a remote - cluster. When used in combination with HelmReleaseSpec.ServiceAccountName, - forces the controller to act on behalf of that Service Account at - the target cluster. If the --default-service-account flag is set, - its value will be used as a controller level fallback for when HelmReleaseSpec.ServiceAccountName - is empty. - properties: - secretRef: - description: SecretRef holds the name of a secret that contains - a key with the kubeconfig file as the value. If no key is set, - the key will default to 'value'. It is recommended that the - kubeconfig is self-contained, and the secret is regularly updated - if credentials such as a cloud-access-token expire. Cloud specific - `cmd-path` auth helpers will not function without adding binaries - and credentials to the Pod that is responsible for reconciling - Kubernetes resources. - properties: - key: - description: Key in the Secret, when not specified an implementation-specific - default key is used. - type: string - name: - description: Name of the Secret. - type: string - required: - - name - type: object - required: - - secretRef - type: object - maxHistory: - description: MaxHistory is the number of revisions saved by Helm for - this HelmRelease. Use '0' for an unlimited number of revisions; - defaults to '10'. - type: integer - persistentClient: - description: "PersistentClient tells the controller to use a persistent - Kubernetes client for this release. When enabled, the client will - be reused for the duration of the reconciliation, instead of being - created and destroyed for each (step of a) Helm action. \n This - can improve performance, but may cause issues with some Helm charts - that for example do create Custom Resource Definitions during installation - outside Helm's CRD lifecycle hooks, which are then not observed - to be available by e.g. post-install hooks. \n If not set, it defaults - to true." - type: boolean - postRenderers: - description: PostRenderers holds an array of Helm PostRenderers, which - will be applied in order of their definition. - items: - description: PostRenderer contains a Helm PostRenderer specification. - properties: - kustomize: - description: Kustomization to apply as PostRenderer. - properties: - images: - description: Images is a list of (image name, new name, - new tag or digest) for changing image names, tags or digests. - This can also be achieved with a patch, but this operator - is simpler to specify. - items: - description: Image contains an image name, a new name, - a new tag or digest, which will replace the original - name and tag. - properties: - digest: - description: Digest is the value used to replace the - original image tag. If digest is present NewTag - value is ignored. - type: string - name: - description: Name is a tag-less image name. - type: string - newName: - description: NewName is the value used to replace - the original name. - type: string - newTag: - description: NewTag is the value used to replace the - original tag. - type: string - required: - - name - type: object - type: array - patches: - description: Strategic merge and JSON patches, defined as - inline YAML objects, capable of targeting objects based - on kind, label and annotation selectors. - items: - description: Patch contains an inline StrategicMerge or - JSON6902 patch, and the target the patch should be applied - to. - properties: - patch: - description: Patch contains an inline StrategicMerge - patch or an inline JSON6902 patch with an array - of operation objects. - type: string - target: - description: Target points to the resources that the - patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that - follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select - resources from. Together with Version and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is - capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select - resources from. Together with Group and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - type: object - type: array - patchesJson6902: - description: JSON 6902 patches, defined as inline YAML objects. - items: - description: JSON6902Patch contains a JSON6902 patch and - the target the patch should be applied to. - properties: - patch: - description: Patch contains the JSON6902 patch document - with an array of operation objects. - items: - description: JSON6902 is a JSON6902 operation object. - https://datatracker.ietf.org/doc/html/rfc6902#section-4 - properties: - from: - description: From contains a JSON-pointer value - that references a location within the target - document where the operation is performed. - The meaning of the value depends on the value - of Op, and is NOT taken into account by all - operations. - type: string - op: - description: Op indicates the operation to perform. - Its value MUST be one of "add", "remove", - "replace", "move", "copy", or "test". https://datatracker.ietf.org/doc/html/rfc6902#section-4 - enum: - - test - - remove - - add - - replace - - move - - copy - type: string - path: - description: Path contains the JSON-pointer - value that references a location within the - target document where the operation is performed. - The meaning of the value depends on the value - of Op. - type: string - value: - description: Value contains a valid JSON structure. - The meaning of the value depends on the value - of Op, and is NOT taken into account by all - operations. - x-kubernetes-preserve-unknown-fields: true - required: - - op - - path - type: object - type: array - target: - description: Target points to the resources that the - patch document should be applied to. - properties: - annotationSelector: - description: AnnotationSelector is a string that - follows the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource annotations. - type: string - group: - description: Group is the API group to select - resources from. Together with Version and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - kind: - description: Kind of the API Group to select resources - from. Together with Group and Version it is - capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - labelSelector: - description: LabelSelector is a string that follows - the label selection expression https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api - It matches with the resource labels. - type: string - name: - description: Name to match resources with. - type: string - namespace: - description: Namespace to select resources from. - type: string - version: - description: Version of the API Group to select - resources from. Together with Group and Kind - it is capable of unambiguously identifying and/or - selecting resources. https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md - type: string - type: object - required: - - patch - - target - type: object - type: array - patchesStrategicMerge: - description: Strategic merge patches, defined as inline - YAML objects. - items: - x-kubernetes-preserve-unknown-fields: true - type: array - type: object - type: object - type: array - releaseName: - description: ReleaseName used for the Helm release. Defaults to a - composition of '[TargetNamespace-]Name'. - maxLength: 53 - minLength: 1 - type: string - rollback: - description: Rollback holds the configuration for Helm rollback actions - for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created - during the Helm rollback action when it fails. - type: boolean - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm rollback action. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm rollback has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm rollback has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - recreate: - description: Recreate performs pod restarts for the resource if - applicable. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm rollback action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - serviceAccountName: - description: The name of the Kubernetes service account to impersonate - when reconciling this HelmRelease. - type: string - storageNamespace: - description: StorageNamespace used for the Helm storage. Defaults - to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - suspend: - description: Suspend tells the controller to suspend reconciliation - for this HelmRelease, it does not apply to already started reconciliations. - Defaults to false. - type: boolean - targetNamespace: - description: TargetNamespace to target when performing operations - for the HelmRelease. Defaults to the namespace of the HelmRelease. - maxLength: 63 - minLength: 1 - type: string - test: - description: Test holds the configuration for Helm test actions for - this HelmRelease. - properties: - enable: - description: Enable enables Helm test actions for this HelmRelease - after an Helm install or upgrade action has been performed. - type: boolean - ignoreFailures: - description: IgnoreFailures tells the controller to skip remediation - when the Helm tests are run but fail. Can be overwritten for - tests run after install or upgrade actions in 'Install.IgnoreTestFailures' - and 'Upgrade.IgnoreTestFailures'. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation during the performance of a Helm test action. Defaults - to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a Helm - action. Defaults to '5m0s'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - uninstall: - description: Uninstall holds the configuration for Helm uninstall - actions for this HelmRelease. - properties: - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm rollback action. - type: boolean - disableWait: - description: DisableWait disables waiting for all the resources - to be deleted after a Helm uninstall is performed. - type: boolean - keepHistory: - description: KeepHistory tells Helm to remove all associated resources - and mark the release as deleted, but retain the release history. - type: boolean - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm uninstall action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - upgrade: - description: Upgrade holds the configuration for Helm upgrade actions - for this HelmRelease. - properties: - cleanupOnFail: - description: CleanupOnFail allows deletion of new resources created - during the Helm upgrade action when it fails. - type: boolean - crds: - description: "CRDs upgrade CRDs from the Helm Chart's crds directory - according to the CRD upgrade policy provided here. Valid values - are `Skip`, `Create` or `CreateReplace`. Default is `Skip` and - if omitted CRDs are neither installed nor upgraded. \n Skip: - do neither install nor replace (update) any CRDs. \n Create: - new CRDs are created, existing CRDs are neither updated nor - deleted. \n CreateReplace: new CRDs are created, existing CRDs - are updated (replaced) but not deleted. \n By default, CRDs - are not applied during Helm upgrade action. With this option - users can opt-in to CRD upgrade, which is not (yet) natively - supported by Helm. https://helm.sh/docs/chart_best_practices/custom_resource_definitions." - enum: - - Skip - - Create - - CreateReplace - type: string - disableHooks: - description: DisableHooks prevents hooks from running during the - Helm upgrade action. - type: boolean - disableOpenAPIValidation: - description: DisableOpenAPIValidation prevents the Helm upgrade - action from validating rendered templates against the Kubernetes - OpenAPI Schema. - type: boolean - disableWait: - description: DisableWait disables the waiting for resources to - be ready after a Helm upgrade has been performed. - type: boolean - disableWaitForJobs: - description: DisableWaitForJobs disables waiting for jobs to complete - after a Helm upgrade has been performed. - type: boolean - force: - description: Force forces resource updates through a replacement - strategy. - type: boolean - preserveValues: - description: PreserveValues will make Helm reuse the last release's - values and merge in overrides from 'Values'. Setting this flag - makes the HelmRelease non-declarative. - type: boolean - remediation: - description: Remediation holds the remediation configuration for - when the Helm upgrade action for the HelmRelease fails. The - default is to not perform any action. - properties: - ignoreTestFailures: - description: IgnoreTestFailures tells the controller to skip - remediation when the Helm tests are run after an upgrade - action but fail. Defaults to 'Test.IgnoreFailures'. - type: boolean - remediateLastFailure: - description: RemediateLastFailure tells the controller to - remediate the last failure, when no retries remain. Defaults - to 'false' unless 'Retries' is greater than 0. - type: boolean - retries: - description: Retries is the number of retries that should - be attempted on failures before bailing. Remediation, using - 'Strategy', is performed between each attempt. Defaults - to '0', a negative integer equals to unlimited retries. - type: integer - strategy: - description: Strategy to use for failure remediation. Defaults - to 'rollback'. - enum: - - rollback - - uninstall - type: string - type: object - timeout: - description: Timeout is the time to wait for any individual Kubernetes - operation (like Jobs for hooks) during the performance of a - Helm upgrade action. Defaults to 'HelmReleaseSpec.Timeout'. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - type: object - values: - description: Values holds the values for this Helm release. - x-kubernetes-preserve-unknown-fields: true - valuesFrom: - description: ValuesFrom holds references to resources containing Helm - values for this HelmRelease, and information about how they should - be merged. - items: - description: ValuesReference contains a reference to a resource - containing Helm values, and optionally the key they can be found - at. - properties: - kind: - description: Kind of the values referent, valid values are ('Secret', - 'ConfigMap'). - enum: - - Secret - - ConfigMap - type: string - name: - description: Name of the values referent. Should reside in the - same namespace as the referring resource. - maxLength: 253 - minLength: 1 - type: string - optional: - description: Optional marks this ValuesReference as optional. - When set, a not found error for the values reference is ignored, - but any ValuesKey, TargetPath or transient error will still - result in a reconciliation failure. - type: boolean - targetPath: - description: TargetPath is the YAML dot notation path the value - should be merged at. When set, the ValuesKey is expected to - be a single flat value. Defaults to 'None', which results - in the values getting merged at the root. - maxLength: 250 - pattern: ^([a-zA-Z0-9_\-.\\\/]|\[[0-9]{1,5}\])+$ - type: string - valuesKey: - description: ValuesKey is the data key where the values.yaml - or a specific value can be found at. Defaults to 'values.yaml'. - When set, must be a valid Data Key, consisting of alphanumeric - characters, '-', '_' or '.'. - maxLength: 253 - pattern: ^[\-._a-zA-Z0-9]+$ - type: string - required: - - kind - - name - type: object - type: array - required: - - chart - - interval - type: object - status: - default: - observedGeneration: -1 - description: HelmReleaseStatus defines the observed state of a HelmRelease. - properties: - conditions: - description: Conditions holds the conditions for the HelmRelease. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - failures: - description: Failures is the reconciliation failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - helmChart: - description: HelmChart is the namespaced name of the HelmChart resource - created by the controller for the HelmRelease. - type: string - installFailures: - description: InstallFailures is the install failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - lastAppliedRevision: - description: LastAppliedRevision is the revision of the last successfully - applied source. - type: string - lastAttemptedRevision: - description: LastAttemptedRevision is the revision of the last reconciliation - attempt. - type: string - lastAttemptedValuesChecksum: - description: LastAttemptedValuesChecksum is the SHA1 checksum of the - values of the last reconciliation attempt. - type: string - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - lastReleaseRevision: - description: LastReleaseRevision is the revision of the last successful - Helm release. - type: integer - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - upgradeFailures: - description: UpgradeFailures is the upgrade failure count against - the latest desired state. It is reset after a successful reconciliation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: helm-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - name: helm-controller - namespace: flux-system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: helm-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - control-plane: controller - name: helm-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: helm-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: helm-controller - spec: - containers: - - args: - - --events-addr=http://notification-controller.flux-system.svc.cluster.local./ - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/helm-controller:v0.34.1 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - priorityClassName: system-cluster-critical - securityContext: - fsGroup: 1337 - serviceAccountName: helm-controller - terminationGracePeriodSeconds: 600 - volumes: - - emptyDir: {} - name: temp ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - name: alerts.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Alert - listKind: AlertList - plural: alerts - singular: alert - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: Alert is the Schema for the alerts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AlertSpec defines an alerting rule for events involving a - list of objects - properties: - eventSeverity: - default: info - description: Filter events based on severity, defaults to ('info'). - If set to 'info' no events will be filtered. - enum: - - info - - error - type: string - eventSources: - description: Filter events based on the involved objects. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - name: - description: Name of the referent - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - name - type: object - type: array - exclusionList: - description: A list of Golang regular expressions to be used for excluding - messages. - items: - type: string - type: array - providerRef: - description: Send events using this provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - summary: - description: Short description of the impact and affected cluster. - type: string - suspend: - description: This flag tells the controller to suspend subsequent - events dispatching. Defaults to false. - type: boolean - required: - - eventSources - - providerRef - type: object - status: - default: - observedGeneration: -1 - description: AlertStatus defines the observed state of Alert - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: Alert is the Schema for the alerts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: AlertSpec defines an alerting rule for events involving a - list of objects. - properties: - eventMetadata: - additionalProperties: - type: string - description: EventMetadata is an optional field for adding metadata - to events dispatched by the controller. This can be used for enhancing - the context of the event. If a field would override one already - present on the original event as generated by the emitter, then - the override doesn't happen, i.e. the original value is preserved, - and an error log is printed. - type: object - eventSeverity: - default: info - description: EventSeverity specifies how to filter events based on - severity. If set to 'info' no events will be filtered. - enum: - - info - - error - type: string - eventSources: - description: EventSources specifies how to filter events based on - the involved object kind, name and namespace. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. MatchLabels requires the name to be set to `*`. - type: object - name: - description: Name of the referent If multiple resources are - targeted `*` may be set. - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - exclusionList: - description: ExclusionList specifies a list of Golang regular expressions - to be used for excluding messages. - items: - type: string - type: array - inclusionList: - description: InclusionList specifies a list of Golang regular expressions - to be used for including messages. - items: - type: string - type: array - providerRef: - description: ProviderRef specifies which Provider this Alert should - use. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - summary: - description: Summary holds a short description of the impact and affected - cluster. - maxLength: 255 - type: string - suspend: - description: Suspend tells the controller to suspend subsequent events - handling for this Alert. - type: boolean - required: - - eventSources - - providerRef - type: object - status: - default: - observedGeneration: -1 - description: AlertStatus defines the observed state of the Alert. - properties: - conditions: - description: Conditions holds the conditions for the Alert. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - name: providers.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Provider - listKind: ProviderList - plural: providers - singular: provider - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: Provider is the Schema for the providers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ProviderSpec defines the desired state of Provider - properties: - address: - description: HTTP/S webhook address of this provider - pattern: ^(http|https):// - type: string - certSecretRef: - description: CertSecretRef can be given the name of a secret containing - a PEM-encoded CA certificate (`caFile`) - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - channel: - description: Alert channel for this provider - type: string - proxy: - description: HTTP/S address of the proxy - pattern: ^(http|https):// - type: string - secretRef: - description: Secret reference containing the provider webhook URL - using "address" as data key - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - events handling. Defaults to false. - type: boolean - timeout: - description: Timeout for sending alerts to the provider. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: - description: Type of provider - enum: - - slack - - discord - - msteams - - rocket - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - azuredevops - - googlechat - - webex - - sentry - - azureeventhub - - telegram - - lark - - matrix - - opsgenie - - alertmanager - - grafana - - githubdispatch - type: string - username: - description: Bot username for this provider - type: string - required: - - type - type: object - status: - default: - observedGeneration: -1 - description: ProviderStatus defines the observed state of Provider - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1beta2 - schema: - openAPIV3Schema: - description: Provider is the Schema for the providers API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ProviderSpec defines the desired state of the Provider. - properties: - address: - description: Address specifies the HTTP/S incoming webhook address - of this Provider. - maxLength: 2048 - pattern: ^(http|https)://.*$ - type: string - certSecretRef: - description: CertSecretRef specifies the Secret containing a PEM-encoded - CA certificate (`caFile`). - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - channel: - description: Channel specifies the destination channel where events - should be posted. - maxLength: 2048 - type: string - interval: - description: Interval at which to reconcile the Provider with its - Secret references. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - proxy: - description: Proxy the HTTP/S address of the proxy server. - maxLength: 2048 - pattern: ^(http|https)://.*$ - type: string - secretRef: - description: SecretRef specifies the Secret containing the authentication - credentials for this Provider. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend subsequent events - handling for this Provider. - type: boolean - timeout: - description: Timeout for sending alerts to the Provider. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m))+$ - type: string - type: - description: Type specifies which Provider implementation to use. - enum: - - slack - - discord - - msteams - - rocket - - generic - - generic-hmac - - github - - gitlab - - gitea - - bitbucket - - azuredevops - - googlechat - - webex - - sentry - - azureeventhub - - telegram - - lark - - matrix - - opsgenie - - alertmanager - - grafana - - githubdispatch - type: string - username: - description: Username specifies the name under which events are posted. - maxLength: 2048 - type: string - required: - - type - type: object - status: - default: - observedGeneration: -1 - description: ProviderStatus defines the observed state of the Provider. - properties: - conditions: - description: Conditions holds the conditions for the Provider. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last reconciled generation. - format: int64 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - name: receivers.notification.toolkit.fluxcd.io -spec: - group: notification.toolkit.fluxcd.io - names: - kind: Receiver - listKind: ReceiverList - plural: receivers - singular: receiver - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: Receiver is the Schema for the receivers API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ReceiverSpec defines the desired state of the Receiver. - properties: - events: - description: Events specifies the list of event types to handle, e.g. - 'push' for GitHub or 'Push Hook' for GitLab. - items: - type: string - type: array - interval: - default: 10m - description: Interval at which to reconcile the Receiver with its - Secret references. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - resources: - description: A list of resources to be notified about changes. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. MatchLabels requires the name to be set to `*`. - type: object - name: - description: Name of the referent If multiple resources are - targeted `*` may be set. - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - secretRef: - description: SecretRef specifies the Secret containing the token used - to validate the payload authenticity. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend subsequent events - handling for this receiver. - type: boolean - type: - description: Type of webhook sender, used to determine the validation - procedure and payload deserialization. - enum: - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - harbor - - dockerhub - - quay - - gcr - - nexus - - acr - type: string - required: - - resources - - secretRef - - type - type: object - status: - default: - observedGeneration: -1 - description: ReceiverStatus defines the observed state of the Receiver. - properties: - conditions: - description: Conditions holds the conditions for the Receiver. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the Receiver object. - format: int64 - type: integer - webhookPath: - description: WebhookPath is the generated incoming webhook address - in the format of '/hook/sha256sum(token+name+namespace)'. - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta1 Receiver is deprecated, upgrade to v1 - name: v1beta1 - schema: - openAPIV3Schema: - description: Receiver is the Schema for the receivers API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ReceiverSpec defines the desired state of Receiver - properties: - events: - description: A list of events to handle, e.g. 'push' for GitHub or - 'Push Hook' for GitLab. - items: - type: string - type: array - resources: - description: A list of resources to be notified about changes. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - name: - description: Name of the referent - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - name - type: object - type: array - secretRef: - description: Secret reference containing the token used to validate - the payload authenticity - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: This flag tells the controller to suspend subsequent - events handling. Defaults to false. - type: boolean - type: - description: Type of webhook sender, used to determine the validation - procedure and payload deserialization. - enum: - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - harbor - - dockerhub - - quay - - gcr - - nexus - - acr - type: string - required: - - resources - - type - type: object - status: - default: - observedGeneration: -1 - description: ReceiverStatus defines the observed state of Receiver - properties: - conditions: - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - observedGeneration: - description: ObservedGeneration is the last observed generation. - format: int64 - type: integer - url: - description: Generated webhook URL in the format of '/hook/sha256sum(token+name+namespace)'. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} - - additionalPrinterColumns: - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - jsonPath: .status.conditions[?(@.type=="Ready")].status - name: Ready - type: string - - jsonPath: .status.conditions[?(@.type=="Ready")].message - name: Status - type: string - deprecated: true - deprecationWarning: v1beta2 Receiver is deprecated, upgrade to v1 - name: v1beta2 - schema: - openAPIV3Schema: - description: Receiver is the Schema for the receivers API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ReceiverSpec defines the desired state of the Receiver. - properties: - events: - description: Events specifies the list of event types to handle, e.g. - 'push' for GitHub or 'Push Hook' for GitLab. - items: - type: string - type: array - interval: - description: Interval at which to reconcile the Receiver with its - Secret references. - pattern: ^([0-9]+(\.[0-9]+)?(ms|s|m|h))+$ - type: string - resources: - description: A list of resources to be notified about changes. - items: - description: CrossNamespaceObjectReference contains enough information - to let you locate the typed referenced object at cluster level - properties: - apiVersion: - description: API version of the referent - type: string - kind: - description: Kind of the referent - enum: - - Bucket - - GitRepository - - Kustomization - - HelmRelease - - HelmChart - - HelmRepository - - ImageRepository - - ImagePolicy - - ImageUpdateAutomation - - OCIRepository - type: string - matchLabels: - additionalProperties: - type: string - description: MatchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. MatchLabels requires the name to be set to `*`. - type: object - name: - description: Name of the referent If multiple resources are - targeted `*` may be set. - maxLength: 53 - minLength: 1 - type: string - namespace: - description: Namespace of the referent - maxLength: 53 - minLength: 1 - type: string - required: - - kind - - name - type: object - type: array - secretRef: - description: SecretRef specifies the Secret containing the token used - to validate the payload authenticity. - properties: - name: - description: Name of the referent. - type: string - required: - - name - type: object - suspend: - description: Suspend tells the controller to suspend subsequent events - handling for this receiver. - type: boolean - type: - description: Type of webhook sender, used to determine the validation - procedure and payload deserialization. - enum: - - generic - - generic-hmac - - github - - gitlab - - bitbucket - - harbor - - dockerhub - - quay - - gcr - - nexus - - acr - type: string - required: - - resources - - type - type: object - status: - default: - observedGeneration: -1 - description: ReceiverStatus defines the observed state of the Receiver. - properties: - conditions: - description: Conditions holds the conditions for the Receiver. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - lastHandledReconcileAt: - description: LastHandledReconcileAt holds the value of the most recent - reconcile request value, so a change of the annotation value can - be detected. - type: string - observedGeneration: - description: ObservedGeneration is the last observed generation of - the Receiver object. - format: int64 - type: integer - url: - description: 'URL is the generated incoming webhook address in the - format of ''/hook/sha256sum(token+name+namespace)''. Deprecated: - Replaced by WebhookPath.' - type: string - webhookPath: - description: WebhookPath is the generated incoming webhook address - in the format of '/hook/sha256sum(token+name+namespace)'. - type: string - type: object - type: object - served: true - storage: false - subresources: - status: {} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - name: notification-controller - namespace: flux-system ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - control-plane: controller - name: notification-controller - namespace: flux-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http - selector: - app: notification-controller - type: ClusterIP ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - control-plane: controller - name: webhook-receiver - namespace: flux-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: http-webhook - selector: - app: notification-controller - type: ClusterIP ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app.kubernetes.io/component: notification-controller - app.kubernetes.io/instance: flux-system - app.kubernetes.io/part-of: flux - app.kubernetes.io/version: v2.0.0-rc.5 - control-plane: controller - name: notification-controller - namespace: flux-system -spec: - replicas: 1 - selector: - matchLabels: - app: notification-controller - template: - metadata: - annotations: - prometheus.io/port: "8080" - prometheus.io/scrape: "true" - labels: - app: notification-controller - spec: - containers: - - args: - - --watch-all-namespaces=true - - --log-level=info - - --log-encoding=json - - --enable-leader-election - env: - - name: RUNTIME_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: ghcr.io/fluxcd/notification-controller:v1.0.0-rc.4 - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: /healthz - port: healthz - name: manager - ports: - - containerPort: 9090 - name: http - protocol: TCP - - containerPort: 9292 - name: http-webhook - protocol: TCP - - containerPort: 8080 - name: http-prom - protocol: TCP - - containerPort: 9440 - name: healthz - protocol: TCP - readinessProbe: - httpGet: - path: /readyz - port: healthz - resources: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 100m - memory: 64Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /tmp - name: temp - nodeSelector: - kubernetes.io/os: linux - securityContext: - fsGroup: 1337 - serviceAccountName: notification-controller - terminationGracePeriodSeconds: 10 - volumes: - - emptyDir: {} - name: temp diff --git a/infrastructure/cluster/flux-v2/flux-system/gotk-sync.yaml b/infrastructure/cluster/flux-v2/flux-system/gotk-sync.yaml deleted file mode 100644 index e8fd4c60..00000000 --- a/infrastructure/cluster/flux-v2/flux-system/gotk-sync.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# This manifest was generated by flux. DO NOT EDIT. ---- -apiVersion: source.toolkit.fluxcd.io/v1 -kind: GitRepository -metadata: - name: flux-system - namespace: flux-system -spec: - interval: 1m0s - ref: - branch: main - secretRef: - name: flux-system - url: ssh://git@github.com/vre-hub/vre ---- -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: flux-system - namespace: flux-system -spec: - interval: 10m0s - path: ./infrastructure/cluster/flux-v2 - prune: true - sourceRef: - kind: GitRepository - name: flux-system diff --git a/infrastructure/cluster/flux-v2/flux-system/kustomization.yaml b/infrastructure/cluster/flux-v2/flux-system/kustomization.yaml deleted file mode 100644 index 3842229e..00000000 --- a/infrastructure/cluster/flux-v2/flux-system/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- gotk-components.yaml -- gotk-sync.yaml diff --git a/infrastructure/cluster/tf/.terraform.lock.hcl b/infrastructure/cluster/tf/.terraform.lock.hcl deleted file mode 100644 index dfd95336..00000000 --- a/infrastructure/cluster/tf/.terraform.lock.hcl +++ /dev/null @@ -1,64 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/helm" { - version = "2.8.0" - constraints = "2.8.0" - hashes = [ - "h1:abRryu69lsIGXctqjMVoaKqi74eE12Vzd2FLpds1/PI=", - "zh:1e42d1a04c07d4006844e477ca32b5f45b04f6525dbbbe00b6be6e6ec5a11c54", - "zh:2f87187cb48ccfb18d12e2c4332e7e822923b659e7339b954b7db78aff91529f", - "zh:391fe49b4d2dc07bc717248a3fc6952189cfc49c596c514ad72a29c9a9f9d575", - "zh:89272048e1e63f3edc3e83dfddd5a9fd4bd2a4ead104e67de1e14319294dedf1", - "zh:a5a057c3435a854389ce8a1d98a54aaa7cbab68aca7baa436a605897aa70ff7e", - "zh:b1098e53e1a8a3afcd325ecd0328662156b3d9c3d80948f19ba3a4eb870cee2b", - "zh:b676f949e8274a2b6c3fa41f5428ea597125579c7b93bb50bb73a5e295a7a447", - "zh:cdf7e9460f28c2dbfe49a79a5022bd0d474ff18120d340738aa35456ba77ebca", - "zh:e24b59b4ed1c593facbf8051ec58550917991e2e017f3085dac5fb902d9908cb", - "zh:e3b5e1f5543cac9d9031a028f1c1be4858fb80fae69f181f21e9465e366ebfa2", - "zh:e9fddc0bcdb28503078456f0088851d45451600d229975fd9990ee92c7489a10", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.16.0" - constraints = "2.16.0" - hashes = [ - "h1:GcpVjl1LbyGDGGaR0KDJrdVaTKW2ge9g51Ej4yrai6Q=", - "zh:172830e270e49b3d6c975383f6c2f1683524ab667e48a481285d535392f29cf4", - "zh:1b2919c66f6bf49a24adb3f0663e198383562829bc1c06c680cf0a2019571d4f", - "zh:2c0b1c6032358c11539d1f99ddd803dc37b06127e8d220e9b9a81a233a290a58", - "zh:2c6b49d0014a4398e35d05ce2303d10482c91b49320555e2389a8b85f28117ea", - "zh:497e76411feb3f79b8eaa3bb29a387c6d89b888f7d9d028142dc5590ff149e45", - "zh:771428ba9ed855743fd7e6b7ee7d3d837e401c787da618a8cff5f6e7375a6245", - "zh:cb15f6d7eaa6aa385215f6d77dcfd5615e40d170800ce9fbee3d73b5c6ad379f", - "zh:e8de8530e27903d4581b4494a267ab84ab3faeaaa598986fea74a99cfa3b37dc", - "zh:efd5d1b02d3b68d0b8913372421d292766ba572e54b60b16bc38b439b9865095", - "zh:f4568bda22c959dc510f9fb8c1ac141ded7c99df4ba430efcd470b13776ce9cb", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - "zh:fa08fa52d3b4f93d24373a34360855787971532a1f5fe085a4549b04ebf329cc", - ] -} - -provider "registry.terraform.io/terraform-provider-openstack/openstack" { - version = "1.49.0" - constraints = "1.49.0" - hashes = [ - "h1:6I8IFY2JDKc6ntkF3C5w1rgIATpbdmvgWrnV7kcRq5o=", - "zh:18b0a5d528fe3eb30060cf478db5a5efaed9d9837f4afb35ba58f0196ba6a51c", - "zh:3cd7f28730ed216740a7bc62169a0d630f95ecdaee1162952aab67011fcf8831", - "zh:60a827813523fd77e75d0145cd066cb4c2a89453083a5bd9e0712a8423bdc14a", - "zh:70a4e4af076ce946943d36cb81c47569d8b30722f2b89768006565a4f512fdbb", - "zh:83563688ec5a5435649191f3e80fc96b93571b7333eee12e2d448149f21ba7c5", - "zh:9067cba5ef3f89e81f01b7e68989ffce2460c239a697ece2cd08c77c73afaf87", - "zh:92589eec7fd057ad5bb00a5c5968eb93d2a4b07380c5be794410349f0188787f", - "zh:951db60626bedcd4538b88d284f9b70ef41166dfbdc568ae781518e24be0b077", - "zh:9d7340122ae1a7ea5b0e5c469e89ffc43c24f4391fc870b27efe4dba461f8b84", - "zh:9f31056e278e8bd0a4b0fbfe5b02a625ee9d072177c36148cde3295adbd4a9d1", - "zh:bf7a0beb72d9214fe2a61db76401057462f1133a48f8ce0a666756660d27b2b5", - "zh:e44dcadcc0680e7b7af94a8a4dd1e421835497178976604455182dd98d6ffe96", - "zh:f5d03f5ada85d41cb94bd7a2b956ca2eb9d7d6cb6d5382bf78a5e641be3eadb0", - "zh:fa7134711a60f8518b82c0246f5a72efd24d23e074f3aec4eda90c013c0d23b5", - ] -} diff --git a/infrastructure/cluster/tf/README.md b/infrastructure/cluster/tf/README.md deleted file mode 100644 index 7c6a0d58..00000000 --- a/infrastructure/cluster/tf/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# Terraform Infrastructure - -The OpenStack infrastructure is managed by Terraform. The Terraform configuration is split into multiple files and explained in the below graph. - -![](graph.png) - -`terraform graph -type=plan | dot -Tpng > graph.png` was used to generate the graph. diff --git a/infrastructure/cluster/tf/eos/eosfuse.yaml b/infrastructure/cluster/tf/eos/eosfuse.yaml deleted file mode 100644 index 8a4c369c..00000000 --- a/infrastructure/cluster/tf/eos/eosfuse.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: eosfuse - namespace: jhub -spec: - selector: - matchLabels: - name: eosfuse - template: - metadata: - labels: - name: eosfuse - spec: - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - hostPID: true - hostIPC: true - # tolerations: - # - key: jupyter-role - # operator: Equal - # value: singleuser - # effect: NoSchedule - # nodeSelector: - # jupyter-role: singleuser - containers: - - name: eosfuse - image: gitlab-registry.cern.ch/escape-wp2/docker-images/eoseulake-fuse-mount:9b667f57 # replace with private GitHub image - securityContext: - privileged: true - capabilities: - add: - - SYS_ADMIN - - NET_ADMIN - volumeMounts: - - name: dev-fuse - mountPath: /dev/fuse - - name: eos-eulake - mountPath: /eos - mountPropagation: Bidirectional - terminationGracePeriodSeconds: 30 - volumes: - - name: dev-fuse - hostPath: - path: /dev/fuse - - name: eos-eulake - hostPath: - path: /var/eos-eulake-home/ diff --git a/infrastructure/cluster/tf/graph.png b/infrastructure/cluster/tf/graph.png deleted file mode 100644 index 1dd5c50d..00000000 Binary files a/infrastructure/cluster/tf/graph.png and /dev/null differ diff --git a/infrastructure/cluster/tf/main-helm.tf b/infrastructure/cluster/tf/main-helm.tf deleted file mode 100644 index 05e60f15..00000000 --- a/infrastructure/cluster/tf/main-helm.tf +++ /dev/null @@ -1,11 +0,0 @@ -# Helm Resources - -# Sealed Secrets - -resource "helm_release" "sealed-secrets-chart" { - name = "sealed-secrets-${var.resource-suffix}" - repository = "https://bitnami-labs.github.io/sealed-secrets" - chart = "sealed-secrets" - version = "2.7.1" - namespace = var.ns-shared-services -} diff --git a/infrastructure/cluster/tf/main-k8s.tf b/infrastructure/cluster/tf/main-k8s.tf deleted file mode 100644 index 7a22222b..00000000 --- a/infrastructure/cluster/tf/main-k8s.tf +++ /dev/null @@ -1,93 +0,0 @@ -# Kubernetes Data Sources - -# Kubernetes Resources - -# Namespaces - -resource "kubernetes_namespace_v1" "ns_shared_services" { - metadata { - name = var.ns-shared-services - } -} - -resource "kubernetes_namespace_v1" "ns_jupyterhub" { - metadata { - name = var.ns-jupyterhub - } -} - -# Storage - -## StorageClass - -### Reclaim Policy Delete - -resource "kubernetes_storage_class_v1" "sc_manila-meyrin-cephfs" { - metadata { - name = "manila-meyrin-cephfs" # ref.: https://kubernetes.docs.cern.ch/docs/storage/fileshares/ - } - storage_provisioner = "cephfs.manila.csi.openstack.org" - reclaim_policy = "Delete" - allow_volume_expansion = true - parameters = { - type = "Meyrin CephFS" # ref.: https://clouddocs.web.cern.ch/file_shares/share_types.html - "csi.storage.k8s.io/provisioner-secret-name" = "os-trustee" - "csi.storage.k8s.io/provisioner-secret-namespace" = "kube-system" - "csi.storage.k8s.io/controller-expand-secret-name" = "os-trustee" - "csi.storage.k8s.io/controller-expand-secret-namespace" = "kube-system" - "csi.storage.k8s.io/node-stage-secret-name" = "os-trustee" - "csi.storage.k8s.io/node-stage-secret-namespace" = "kube-system" - "csi.storage.k8s.io/node-publish-secret-name" = "os-trustee" - "csi.storage.k8s.io/node-publish-secret-namespace" = "kube-system" - } -} - -### Reclaim Policy Retain - -resource "kubernetes_storage_class_v1" "sc_manila-meyrin-cephfs-retain" { - metadata { - name = "manila-meyrin-cephfs-retain" # ref.: https://kubernetes.docs.cern.ch/docs/storage/fileshares/ - } - storage_provisioner = "cephfs.manila.csi.openstack.org" - reclaim_policy = "Retain" - allow_volume_expansion = true - parameters = { - type = "Meyrin CephFS" # ref.: https://clouddocs.web.cern.ch/file_shares/share_types.html - "csi.storage.k8s.io/provisioner-secret-name" = "os-trustee" - "csi.storage.k8s.io/provisioner-secret-namespace" = "kube-system" - "csi.storage.k8s.io/controller-expand-secret-name" = "os-trustee" - "csi.storage.k8s.io/controller-expand-secret-namespace" = "kube-system" - "csi.storage.k8s.io/node-stage-secret-name" = "os-trustee" - "csi.storage.k8s.io/node-stage-secret-namespace" = "kube-system" - "csi.storage.k8s.io/node-publish-secret-name" = "os-trustee" - "csi.storage.k8s.io/node-publish-secret-namespace" = "kube-system" - } -} - -## PersistentVolumeClaim - -### PersistentVolumeClaim for JupyterHub Single User Storage - -resource "kubernetes_persistent_volume_claim_v1" "pvc_jhub_singleuser" { - metadata { - name = "jhub-singleuser" - namespace = var.ns-jupyterhub - } - spec { - access_modes = ["ReadWriteMany"] - resources { - requests = { - storage = "800Gi" - } - } - storage_class_name = "manila-meyrin-cephfs-retain" - } -} - -# DeamonSets - -## DeamonSet Manifest for EOS FUSE mount - -resource "kubernetes_manifest" "eosfuse" { - manifest = yamldecode(file("eos/eosfuse.yaml")) -} diff --git a/infrastructure/cluster/tf/main-openstack.tf b/infrastructure/cluster/tf/main-openstack.tf deleted file mode 100644 index fcdbe664..00000000 --- a/infrastructure/cluster/tf/main-openstack.tf +++ /dev/null @@ -1,66 +0,0 @@ -# Openstack Resources (cannot be changed after applied due to limitations of the OpenStack tf provider) - -# Data - -data "openstack_containerinfra_clustertemplate_v1" "cluster_template" { - name = var.cluster-template-name -} - -data "openstack_sharedfilesystem_share_v2" "share_1_reana" { - name = var.reana-share-name -} - -# Resources - -resource "openstack_compute_keypair_v2" "openstack_cluster_keypair" { - name = var.cluster-keypair-name -} - -resource "openstack_containerinfra_cluster_v1" "openstack_cluster" { - name = var.cluster-name - cluster_template_id = data.openstack_containerinfra_clustertemplate_v1.cluster_template.id # 22a4c77f-cfe3-47bb-8006-31d02375a3f3 - master_count = 3 - node_count = 23 - keypair = var.cluster-keypair-name - merge_labels = true - flavor = "m2.xlarge" - master_flavor = "m2.large" - labels = { - cern_enabled = "true" - cvmfs_enabled = "true" - cvmfs_storage_driver = "true" - eos_enabled = "true" - monitoring_enabled = "true" - metrics_server_enabled = "true" - ingress_controller = "nginx" - logging_producer = var.logging-producer - logging_installer = "helm" - logging_include_internal = "true" - grafana_admin_passwd = "admin" - keystone_auth_enabled = "true" - auto_scaling_enabled = "true" - min_node_count = "4" - max_node_count = "23" - } - provisioner "local-exec" { - command = "sh ../../scripts/post_cluster_setup.sh" - environment = { - cluster = var.cluster-name - } - } -} - -resource "openstack_sharedfilesystem_share_v2" "share_1_reana" { - name = var.reana-share-name - description = "Share for reana" - share_proto = "CEPHFS" - size = 1000 - share_type = var.cephfs-type -} - -resource "openstack_sharedfilesystem_share_access_v2" "share_access_2" { - share_id = openstack_sharedfilesystem_share_v2.share_1_reana.id - access_type = "cephx" - access_to = var.reana-share-name - access_level = "rw" -} diff --git a/infrastructure/cluster/tf/outputs.tf b/infrastructure/cluster/tf/outputs.tf deleted file mode 100644 index 9438c2fd..00000000 --- a/infrastructure/cluster/tf/outputs.tf +++ /dev/null @@ -1 +0,0 @@ -# see examples here: https://developer.hashicorp.com/terraform/language/values/outputs diff --git a/infrastructure/cluster/tf/providers.tf b/infrastructure/cluster/tf/providers.tf deleted file mode 100644 index 06e259df..00000000 --- a/infrastructure/cluster/tf/providers.tf +++ /dev/null @@ -1,45 +0,0 @@ -terraform { - backend "kubernetes" { - secret_suffix = "state" - config_path = "~/.kube/config" # Change to your local config path if necessary (variables cannot be used inside here) - namespace = "default" - } - required_providers { - openstack = { - source = "terraform-provider-openstack/openstack" - version = "1.49.0" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = "2.16.0" - } - helm = { - source = "hashicorp/helm" - version = "2.8.0" - } - } -} - -provider "openstack" { - # Configuration options are taken from env. variables (this requires you to source the openstack rc file first) -} - -provider "kubernetes" { - # config_context = "default" - # config_path = "~/.kube/config" # Change to your local config path if necessary - host = openstack_containerinfra_cluster_v1.openstack_cluster.kubeconfig.host - cluster_ca_certificate = openstack_containerinfra_cluster_v1.openstack_cluster.kubeconfig.cluster_ca_certificate - client_certificate = openstack_containerinfra_cluster_v1.openstack_cluster.kubeconfig.client_certificate - client_key = openstack_containerinfra_cluster_v1.openstack_cluster.kubeconfig.client_key -} - -provider "helm" { - kubernetes { - # config_context = "default" - # config_path = "~/.kube/config" # Change to your local config path if necessary - host = openstack_containerinfra_cluster_v1.openstack_cluster.kubeconfig.host - cluster_ca_certificate = openstack_containerinfra_cluster_v1.openstack_cluster.kubeconfig.cluster_ca_certificate - client_certificate = openstack_containerinfra_cluster_v1.openstack_cluster.kubeconfig.client_certificate - client_key = openstack_containerinfra_cluster_v1.openstack_cluster.kubeconfig.client_key - } -} diff --git a/infrastructure/cluster/tf/variables.tf b/infrastructure/cluster/tf/variables.tf deleted file mode 100644 index 08805ea9..00000000 --- a/infrastructure/cluster/tf/variables.tf +++ /dev/null @@ -1,59 +0,0 @@ -# General variables - -variable "resource-suffix" { - description = "The cluster resource suffix" - type = string - default = "cvre" -} - -# Openstack variables - -variable "cluster-template-name" { - description = "The cluster template" - type = string - default = "kubernetes-1.22.9-1-multi" -} - -variable "cluster-name" { - description = "The openstack cluster name" - type = string - default = "cern-vre" -} - -variable "cluster-keypair-name" { - description = "The cluster keypair name" - type = string - default = "cern-vre-keypair" -} - -variable "logging-producer" { - description = "The cluster logging producer" - type = string - default = "eosc-future" -} - -variable "reana-share-name" { - description = "The reana share name" - type = string - default = "cvre-reana" -} - -variable "cephfs-type" { - description = "The cephfs share type" - type = string - default = "Meyrin CephFS" -} - -# Kubernetes variables - -variable "ns-shared-services" { - description = "The name of the namespace for shared services" - type = string - default = "shared-services" -} - -variable "ns-jupyterhub" { - description = "The name of the namespace for jupyterhub" - type = string - default = "jhub" -} diff --git a/infrastructure/secrets/dask/ss_daskhub-db.yaml b/infrastructure/secrets/dask/ss_daskhub-db.yaml deleted file mode 100644 index c5714e54..00000000 --- a/infrastructure/secrets/dask/ss_daskhub-db.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: daskhub-vre-dbconnectstring - namespace: daskhub -spec: - encryptedData: - dbconnectstring: AgAoaCl7wXVK/sHLjWUys0l0B8S1ayTkNxE1MntGyndi26mCQ5xVrBo0me0th3FnyLlfHbvi6IiTNPP0kwahp3T8nHi2GFlu4NGD3WaMgEkFGptGM2le/16k755TKgZiAYiW0llk97XO2muWrSrW67aqlTgg5kSi9/djtvdls461aFp4cAVYe1iy0xja6O4myA6cD16Sd/4PCDcvJdKr/zCu8uvQD80eD7pxNH71zVa+I3VT/Nj0JhWDechuHi+MOxEAmFPHHjOL/rQ2B8I8twDhgpQdBOurnUlqRl/1MH5VEP0OWo719icHnaR0UgMJrctxhKti+d5KR6i5A8GCklf94VFV7jMHIWiVQhPaWbBlzvsJJ3YQNjgkdhImB4w/5jDL7uf3X/xflE31NkEVjavCWEarqXQjoS568F4No6PKYKWPDUlt3EwGvuJ7DA98+Zi5kymGEbvOWgyIlMO5tqBE1bguKM3g4gt3LibgWgCalJT+3J09IKK6l2cOPZ2Zm2MRGDgGpY3bWH+i718VO7Yb7aIJ2Z1N2MrjUbRc8+DE0ABirk6M02MkO9ElTe8Q3UvIpEDx9j5hVLEycjsgIcb5fzML5b0AiAUoAkDo243tYTiKGMdB7bFqSQgaCQnab1RY250PZarreys+LglV88hN1SBH3sDgfRMGoTzvdFcASdn0Cps0o8rJPou1giKrTEIGjkZIUKCSO/Lwl+wCFpKxf+CJcbmtL8ElatFjwNRsqmruJ4YEZWGtpaUugSoAzHXKjxMGCwUYpTwxjwU5aNlc1u5hvadE196Vqg== - template: - metadata: - creationTimestamp: null - name: daskhub-vre-dbconnectstring - namespace: daskhub - type: Opaque - diff --git a/infrastructure/secrets/dask/ss_nb-vre-api-token.yaml b/infrastructure/secrets/dask/ss_nb-vre-api-token.yaml deleted file mode 100644 index e087849d..00000000 --- a/infrastructure/secrets/dask/ss_nb-vre-api-token.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: nb-vre-api-token - namespace: daskhub -spec: - encryptedData: - apiToken: AgBcXIPWygHzQJt6nTqpnCnDvDk/rMHL8JBPue+9UXdQyRmUvskWx96H3TdK/ke8E9Qryn4VmBgGogjMx/F6NUgjA1obyAe8dsIKu/kSHJ93Jw8mckYOh18ic1RNPOCKVqRZRme74Vg3KeXk13WaeikUQfCGP3Xy2R9a05ID83vkOCFoJgy6l1WzNIDpNdi1+xUMnsdQ0JlxQUn09YDm36W8iyJxwnYBH5cjHCjIO9bCfN/YZkAG0RMjx11Ze6dKPno+hTrFianT5l7XZpWaUszC5QQFH9b4VpDKu1h3humKQq8M8dkHz2Yu0vJAcX13Ux5Eeg2VhJrrUk7ZY+Y5cgb55P5iHDs4PFN0JSDZEB1tAU7NuDDPvf0yXiFHUjICGhvjimOQQU2MIahlPeecuMDud7+WVCclweKVraV4HIVj/lMxBXBLXTG27qcMCfGC6wUhpHruidDE1CvBipeP30hhoPM17tNpf4mnNoAvja/EhK6OclTUbbn289rrsz/UVNgi0JQqt/e19A5Tq2R5P01denCF3vxMm5GTTwnB/pfQPYEru0GT6JX7MGLQkzOSivWyK0arecNFaiVCHKQzikwSAa7CrGmDQGyMda5APPOGOCgLZwsZyLmLuG52Un8HQtY4CEtfk28dx5jHCYNt5Wvkl3cvhPTlRPDx3aZKpBGdbtnSm8Tgrasxdsi06YL0OPAAHDwnU0RLPQ9r1zDvWIMUwNJhOS2u/dZLTOCdH+FI7TBqF3TeYXSjllDNbbQRsLIKkucdk7XIv4+oBd9dA6Cd - template: - metadata: - creationTimestamp: null - name: nb-vre-api-token - namespace: daskhub - type: Opaque - diff --git a/infrastructure/secrets/dask/ss_nb-vre-iam-client.yaml b/infrastructure/secrets/dask/ss_nb-vre-iam-client.yaml deleted file mode 100644 index 7db1ad6d..00000000 --- a/infrastructure/secrets/dask/ss_nb-vre-iam-client.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: nb-vre-iam-client - namespace: daskhub -spec: - encryptedData: - client_id: AgC2F1POvhOInYsWM547rKDSkz2/BkKaaIwJmPiFDh0rRC/jLWFIK9AlUnk0jqkvo58abK/c0S21k+7tm7K3Bn3sGMYIELSNM7/aC+FLQaAqv+h6zpIGW/ty5QxQlAjZThoZzhuAULpaBkXxSV7+DKeBMLHj427UG9vsgvrKWkC2FkgIsCmcM7rx2HBF4BYkqq398OiFjFoN+XosXxsb8J1vLI+vhnk2bEFXbASmrZKHUIm2pDuwEL+3FL9gvbjx4nf2I0pzuHAy1I63r11eNWGQQrXxwGZBWD3Sgd9DmrM71DjmZGul34OjKFgkBx5AJ31XwqrgcRxlAqgex5eiWRUkzi2Pde/rUcwycsg1HsTDW0rw/vIxOYVQTrlCsh9LbNgM41EGpiEQejLOX9ni1q3RYZf+lS8vcM9JDLhc0Q2BPK4rmR38+kqrmM24ihMsPM8FSb3ESzDRvWmYqqXklYxAi9EM6Uef7r45/w6afLzAwkFJyx+IXVICYG7UzG42ySemHrJt53Dab5uLoyw+ecvRaB9ok7gKg7YtQkU8fzYQB3rlfdeFYD6H+3Gr2lr7xGKtMeyjiWKn7JVa8HgSnUfGiNHE3nJ1WbhI0PwzmVnggT4HKbfjYTySzUgTkGZLpJP2PbMRs9jt1BL4tkqXpK8TM0MQ3pSxz/mQfgWx1Mv9rGjPMyyCod/6eAQCVS11rL1+e2aVUT7D0EzvlTYIgR2B45E/LjgVyN3O2J7Z5bU0b74u56M= - client_secret: AgCPy9f51nh/+TyAQZzkqqoAe2LEAmnqBInD/4Iz2tJ95I0fRAfIM9YQVAL5/TjroqD3zX3QlITnsV0/mZdmjNcWaQa3s3aexrud+v7De1rL6ZxitRMMOHcSsSmsIZlcRaZgBRDB3PLQFc8sS8IWSv5Fwebt8hUr9ZRX6Mwnjv8801/p1pWXF5d2lWr3xvP/mzm5W8w51EVAbm91UHYePj5kyv4T7XI3OifXuE4MaLyvGL49rvLJTYk0Vu0SGlfJAp7Bkl6q8peLRk0yqd5218UwNvip1LGow4GgG5m8Zz5uA2NvvSR3TS7pFEoWHXIvETTynUUEaBzvQ5y9jha9YtztQChU+szIDZKWYz7vjhTlAsJ+CCrOoB74BVsz6Y3G2g6LxgkRiak1e1xwQcnWtiLwud5Ppcw9/Aklujj20A0fLpbqiNse8C17kQAXsJeNAkdRVVDjf//d2Ky3rtOUjAjyXZbrinyq4fWlzVGSQcmNW6xD4W1KJOBaYyTFgGlt8HR6qs6AQtaALOzF9t73WcUeYCsUJB3VfZ/Gtpmn2eStzy/g8guLqxBFj5zXQlmi2cpLtEu0rBx8b5W/0dcIheZqU2Z3PFPmCArdZNqAztuJe8Vx7ry5vRVDqpkUztkNjJ/jUNf+OJTWC7qJBk9cy3qeK6xdFdiN7LCjnnP6RGuKis7M1nVnkl0cF88BYHFLfJ0EbCvJG5lC5c4mhVJ6nD4gyo/ATqZC1qyGJuOygxEZRBzYyCBBhjSETz5+1+/2oFwvFfubnZ8jaC5Ohsq1clWqwEaT6OkWCpO9cGZ6btf+YF11YFpcXg== - template: - metadata: - creationTimestamp: null - name: nb-vre-iam-client - namespace: daskhub - type: Opaque - diff --git a/infrastructure/secrets/rucio-vre/README.md b/infrastructure/secrets/rucio-vre/README.md deleted file mode 100644 index cc577403..00000000 --- a/infrastructure/secrets/rucio-vre/README.md +++ /dev/null @@ -1 +0,0 @@ -# Secrets for Rucio K8s \ No newline at end of file diff --git a/infrastructure/secrets/rucio-vre/ss_daemons-vre-cafile.yaml b/infrastructure/secrets/rucio-vre/ss_daemons-vre-cafile.yaml deleted file mode 100644 index 91c476f2..00000000 --- a/infrastructure/secrets/rucio-vre/ss_daemons-vre-cafile.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: daemons-vre-cafile - namespace: rucio-vre -spec: - encryptedData: - ca.pem: AgCcXzwmCgHjHao75Jo/UlELNLZWWkUVfyJQyEHUtKRY0ULMFyw/v9OuwgmMmzvk3wT4X5kjphQDfCAMwFgapk0rHNiZsn23DJld/nV/fugTTHvKnSsonEj0o3wJsSK5w0Hc9BgJ7riBvVDUMQDPYop9ohq8qoxbln7G4PuiF5HqkHsxIcaJYDLf5wzGszk08UbrYCaM5Lov0M1nb4bpg+lcFKuWSykmL6N/WzmhGj7XolDLylFqPUJOkUiKTkH8XPzyKkjC1hTyCUm2hv8xOLRogPoT66J1GW9mzGWa1M9Fd5zMQzfT2FS73Ui4deK+4ZKR45y5Ne/dEYCLZnR4Cphv5dFBKyNwZWJxCgfTDayq6V74OAjGyCYeacACptsAdTdzp0rsX7MwxaBL+WRR2pqItDJ6sKTKzJO8Jy9xfg3s1y+v56sqQmVWjfoZi1kTf/N7GFZEyMGP2aVS6hvgQfv6aOGqQkW0cyxMI4094236QIqcAOo8Rqi5Hp9PgYVQUPEbmwSgvW7LeGTWr+NBu3fv8ypt/1+Ydc2CD7SewlyPE1vuyQR3rtVfcG9VxHQICm/Po9gFtRX4pVG9BxXeFmM/JTx1+a1wWy0yhBNLhjmqWpCN/1mQMg6Vi8P1a5g9K795IrKHXtCMstLeXvRVdcgGcOF11oV4hG4YE8Yw+u6nxmorI+ZiWlUcfU2eq7rdGIkdX3JCU9r49GNixc5I6qvP7+avu46IwX+2pF+v02G3EH4S0SaUPzOJi4vzIv7r7fgMmIatX0oh6wyoRbSNY6Al5Mt5s/4FONwXrqyVu7R/3YJ8jhwJmjgWg0r/KMkIu8/yNnIwR/hY4Xpwp4srH9mdIce/5r3sSgfUNs+TMcDL6yV2TK4NHBAt/48YeanR5/tgeznWtNCuOqxuUVHq77OgZdTH1l48L/uXxG+oamTRvq+xf2imu6+A4Vhj5quelYaLOMhL5hzQK5FNKJYVY/E+1ztcsu9a2B2ot7FIKxpznaazQ3SAdwXTd6r7nvr7uScOxtdXi705+IFmcxSGNXd7k6WkPVt3ONUSInxmlLvVuDzV+uIoEMEQPOQWDbKN9Ymd/st1mDnPhtkl+Q7sbpgUq5GZ/GZAUrN74VTC8QdIjKnCPq36s+/MMuGwa0G1EVyqqCZfZjeLf2BjMSLJcoEe7wvof6XJYBCiMRl1wzBFnJsMO31x5GHhLAl0hwbiezr0xqjqgpNiMie0AABGRW9Ic797teqmqlDSEmZVji3DaIvmDjubKwk7F2oTd5dpfvR8GawRW4CQBeYNfztRlbvSxd+Zbj0Mu6ItOe0BObq7/sepvTwje4KazCc9golqnp7JOpWvbDszptBi5QzaDnD233Odb9gui0lIto81oKT8we1AwJAjbe/VYZLoM3ruaICrJAtEEn57BiJEe5w4YRvRmjTf0bcWRxKRenvS6h1zy+vCwbx8ATwUSMlBfcbrMCxuawAvP6LGoD2oTOOT+ammfreT7IFa3Y0RHdTt1m8XhpDE8YmCwW4enZdr+fZGU70YxMfEFCVYBIOiMvCcff7HvTm6tlU9lFFEaAtvpruT2ZD6R0TVMdpdL8iDUak925ls4rlvWIoYo0/FXMNfeCanocUgOwwr49uQkGsQlfZ5Y0Oe8nxGz7ZvL5h9k+0ArFCZY3SE+yNWPfVSogFhKNGuagucDMfj/OTiOj+Irpw4TB07a4vs3NRXOX/DIqAUy4liaW0vTxPtuhpi6pcLv+h+uSvM34rzX2PwyI3C765dkrHZVsHAvWl3qrYSAM4vTuG0R2ZB9rNDxaSVyIyOZ2gsAWtfLM/HxT20u4l561Zrnc2xKhicteBkituHJFipSYOeDSy1TSNThC+Ckn3LJA6VxUW9o6lGFDmzzU+XM+W1GbM4NNENzRI9/kLzxwmKTHIhyrwwdegTzwp27EZXsDArJcilIoxGV7ZNk8AVLHBCH2nZAfFd8Hmg9GkDeVujOc7xINH6f1NXiYgBRV0/3c39nh8E2KiagrgPJRy1N2LsoNsdi8rK98TNd3vYwxD6UWhwOqe7dVGytHkKKhJYbNOHWOw/eYV3FhHGjrYhay8plpPDsd0OMYP2EqqMYIm7KtSU2DMVC/8hG1+yxhLUAzUfoHVK0zDnZ9dQjF6MYwzlMCi0EmpTlit2gLiXKtPgg1LrAfB3orV9loqIpBHD9dvk+iq1BZmUt70RQSXar/7JB9yqdC5rfGgkE2kFcjFsI9X817VZ3089hqvFY9m7e8mtJRRoJgvdu0+3ztlMGOkH8HqV0z0Ny1DBnQLBNUJs2OBROHjeT3phvYV6owMCLnPvNsjvbGIwR5vFthUOttWnsE9qf6yX46UkOP13AHXLoS5ej/JRcIVT/rh+UNMT33zzG5od6MAv8bZruASNGop/OhRfTxaqQeMd0F5Z+WHROklhUNWtnxUUDFCmDIpi1U0Ol4A/ooElqicTLm9LI8yuOTcBMXzWifkgqD6Sy9TzGdVTW0LSjxqPDYW5474T8Aly7R81pyiIeuKMjzubIKZ6lje6EF/2XBQUaGDmXsVwBqJJtiJaDbZ3Dgviu6N06OKYUJIT+V9Bx5LeTv0CNJzbvqEs5J8nC+dbBOVqrhuDzRq8jaiZalTWoe4yLsfmoXE7k0mVmGx6PXzOoVto7mA4ikqWdqL9d0thap5t124CHv7CmLiAXKSiMKtT4cDX94HJUDGGnlTa8DjnHpF3XD2CiCbf5kbJQ6pVk7NUaTcGTpuK6puXySSd2HDAWbKUx9SzLkudJUGeMREr0yZtO3pF/KmEa74ScACwTwz2iRfkSjCMmy5ySrHMvRkQoK5TOVD+qJYawKs0wQPaNNfbgYMAApIBhvd9Js6jZQV52RAcbltQOWYjiZwtG4i9kQ+ubMogw9XTrN9ODD+qakOyUV7B55jCTtCJZcQZWU/b0JUIEXt900E8mVCGTcGRU3t4L6bV2YlBvFBoylhxX6eLK4WnBRgZmogh1ldcMx4ubUkjQ4vFxqG2N9GoOyU1JGULvdGuAOr/5PL9WK0htFoZSOj7UXupyqM2486aLQWNlFTRFXXUqT/iHifYg3FgoVsWZEUHDx61Ed2xLbF+FcPgv0ZumIdCU5Xe2HQ+Stz4R3R9DYr8r+M3kIIFCt3IhHBT5nUlKf+245OpNeE0Mudl8VWiETinDYFrxpVo6C4JkoNGywaUCoz0jjFkl2yhaW29k3N6B7G7/o+Td80LylhrcNP2Omtb7mzsA9BQD+TGBB33zJymtqStChzLDq/5CAjAHUgEyu9gohO1hIzatfOtmxWXSQY+LrmmxNYztF0Rh3bKOYh0JjFH/W0IZil21OOBaZIVQ97FvSeDQ1xvfuunt45wx6gC+yRDYIfKFU4bPkTWl0i9C/MzFin8U8nGTf6TPGI/qDBWBIffGnWGjn2aeFlWi7En8iFR3j68hlO7dwrCJqWhbeyPeCGwnhbA2POMPP3s6LApPrKw1XXDb1NPXASdLFEQuL3KXOleDIg1yfPSRFfImGxiavaHijUeTCjQ+KpSGQukI25eftqp+UATGLPE6JW2W85PECCpxTKjVzQxy7nYm8038QvgEYVSup4rggql80BM1iQyIn07ZwvI2YpjjpHes5fMKhqtPn8vBsqWYw0/vxGb8eiec+rXLPWhPEw7Y5MqiO5cnWL40CfikT0PDTbVTESGIB8o8CO6sUiDooyYN/xbTqaSTHFQ2EQIoMeybuhx6EJAgtGeC2bVdi6MlfG7giKzmgDXXBQDPx2kItG9gs2oXnpm7IGJuIWSdEPN6yvrDmZbACdNXgClAer/Rp+0uARzreZ7exqGpdtENoD+5FO5PVKHzsu2X7Rs892HIhOXMFDpRrUmYjr3TuEuWXTGlBbfllEph84iF7jyJ2bWf26JtMhJNlNmD6X+00gaW6lPgLqiteue6E/7xmGH+kTH0QVib54J4EWy+kT4mjTf97UQOr/98wul7rf9PYXd9duPfP2kZy3DwXMQGJvS8AnEqrv/P+p2NhD7jSqO4kLeSclNu0j8fmQwjlWs23wHZrAPmTj9bCGNe01mmE4DsBDc+7GetECg/KxRO4iTVYTUTl/bW66tDYzwi5C7K0cFp5dn2rJ2wdjHeEePaezCRA4I6ph2Sr+WKxFHiBCFWaHHLiTmjG0fDXrODzBo3IYLLLAWtc+0ZB8kTAeP5CVQXSUQ4L+mi08MqvgszTST+JqjxpxU7f7nE3+wRth1wND/CrUEhAUy+BU8NXDGsxBEdK3FapvAaZA3m1YsJsOOiekM/va0NHb85uMMQqi1QpWRh10koadA3gNXIUUIYJVUhoz75iT6EJyjPwoMYXwrxvQVSHKnOvPj41ufZWB3i/qxNXSXUndwS7HsicwnoQu007xXyhbOXCR9LeMM1021ziszFuNSSP3BS9Akmap7debMwqPewGxNRz6lf5GgMjvgs/PcZvYqDlMGgAwksP5Js/+tgtUwkz9enEph6MpmzG6babrktmzpjfrYmpaDWNEdLtIP2SsPGUV+AGvBcyo083WdJOwCHcONHK9sCRmzFMxKKJYQBf4TZRWTFEHibi8UBnISVHub5/8pGT9OlSb/ZdCBAWRbBY/1DNwGwfNWZvwAFg2EkyI8PysTSSykfqH9T1UcA+laGrrRlJulH6y9fG1KWldHMp1mFlxyjlXzWa1heCVEq0Xyrouj8XqG5SMTm97dTOGPi0BqfH5XIqxaaJixsw2NHuCCimNtmURsvwsEyGCV2xX5JM/mwKc1nZTBX6+hoJakBmGuqIBzAEkuPaucX/TuqxfsYvNbHRL7fUVOx9FKt3HxkwMqsG18irXhHLJRsIWcavM0go91OH/wy3kpHO+SEiCX3OJLy9Xi+JLwc06IA/3R0d5y+SnVL6OH5R83wbONVhWkpCDxZoqN8g4I0UOGw0cy5LlHMma6XK5FNHqCK6AIrCpn8hy9VbRQHkPL59Yjz9d2Kqe/ZkaOLovkVn6U3HHJHQGPvceSg5v/z561b+UG1r+tyOnC3jJ5ylAsIWSa6s00J/PLTQUepmhxeSCTkNflTk3JBuj+VeNOpLJYFnUc02L27ioUl+rnejCyl3kr5PhdhDGaADhTEK7qAEzNxyTL704uopZsAreGKhbF1vt3/su9iM3r9P/DLC9YLtrNwIfqLhYF0X73myy/EtTtwS4rOwLQQ2igGvE9L9pPjGEnhdMpPaqb8NotR/w8bgcnTMnINzdmjxNr48c9OHpJzSjHyvgOlRhxf5JSD0zGmxd9uUtFc6edO1r6den3n1IVzsVe6sU+dETlDN4eXretU8rHJTaK9NxnsaMdJs5c5/g3VrYgiJgXjs2t4sTm2Db6rMU7rHl1gtrxi8quViq4cIqPn8F3OqtryUR3mXc2GRYOaQsAu0/Y1urEVqc/23vWcSo2v/VAIV8MuyUfK/z9XyjNw2k/XfWgIGc6wAqtis8rknBjV6B5e6hL43Wo3Mims6msGdQU/fy0xI1AUodzfBm+NaufPu9iRVbGFghR34fhdnCYEPNcCjpsCdbhTa968mCFrJslQwCK9eXvbBhL4C06RNKA6ojp6PWns7D4gsGCUd0cCj8HY0RzcgZnV5fXBAZW5ugjEJ90cvPFXhavS8Kz0aM8BIA5fqStmWDEKyelCoSmFD5esImxKoy9drK1R3v8XE2dtYaMtvyIhh/iVVZL1Bco0+Kjd/kBB0J4o0gmwo5LbhYdp4J4Bhv9cU5HwFNtiuxoWUwdqPTkqCBvfy9F/9kSTXnpfFBaaxZEf0hV8MhMYusHvNdlCwSGCvg1i8TjaNh4Lbn5S/5e4sRWSqnNZ7yIwpjmONMZTuKQ32/CxbJUli15/CarG3C+sbHaHg8EuIhiQXxZZ9acR/1pFjGDv3OEvRd/Ka8TIFeQoaMK8YGuGs74+KxMNbqUsC6G84pDUhEfwWAtveC0o556okQE2d1ciZl3v+UncaAGDR1uHA6JdSUifg+nXl2I0e5mDFs+UjmpApOgihYvfn8+58/w139D4BORjzaGKZIapifardIa18vkuf72Zzth0KR86H9p4r6AaIxq/IoxL4KKThpCaPL4jcKRe86N9sCbntQ4/EXgobZHPjfemnjgOk0xMaJKkh5c38DQW+kuBYRL3EwvwO2owy3fxTZU+F87DtZmCGfeHHT9YZdVJxFMyw48VvMCizGWS4KJVB8F/PM+IZy9XdPlH3n+wgZ/RE76RrVLjlVZurRwvVGTaPrSOF4CDMJ80lfhe7xcMvO0FiABm0GT8g+jOwmPp9m+lhdK4fPfnG2+OjGXfPPYf3OEDdcQQW07jIGiaQZttZerWfFuD2b0S9TK9Qdi/g5VUqXwApA8yEuyzUF4oq+NyAfEJ4RwOD5vuEUId9Di7y3xRYER+3JhEWmsj9SYvMgXlVMqYHbvPljMAHXO5uvOb9Im116wpiCXPBxYwX2rfBCDD/F1Ah0p4OtKKxujHvGCmZkav7tm4sYj1LsbIOr940OJm2H2rVH/YPa5IamUhj8dm6mfNV6oRfAC4UnYQVxDHwFoDjaLoJtN93pPAq220XTeNXbHu1JViHKAtgHwVv5svTzzKWfAKXyCoANlzk+SjAniwItKMiNnzxnnQY31r+WNlAd6Uleh2Dp7DGnr5Mc90+zB9j3paJfXKcLLV+bXaZwZ0xQUIdRrxELuGKEWSEeHpNWGTFemPEGYPBB4ucXsScjnyYlZgzE4eq8pSpUZ/SUxS3u/7CU08GgTgsXO8PbDp3iC/VRgrmG6CXxFyGchFNXupbNkZZj1usosVERf9F9CyPOS9SZ1nLk2vVYNgiNpLRfg2D+isLyE71fw2GhpnwfhM80WnlGJflBGv5dTydYkn0G6aH70Jqa11UEt8B1aw5GSWfCVhLsIE8yzinv7nN8mrQqXoaELUEQlnJ/ns1aPCsIQORSDXR+2JFyEQnaP/TTyimUVmHDzgjnRKVZ7HQoSCe0PKgpNL308DeWhAdsgDSUMaKfaxIbDDLAcHGECyo+hAP/ZcWvf6zmKqsn7o7rey0v9hNgEOp+JKxMZHpERoI4b0OfJZuIatgCcnzpUOa7i7eU8ozLtMRVZstuKEhjM1Gh67S1o6Xq2jWmyMFcdU+FTjkDz3/ccrXN8cJkLZK5JwmeazXyfsMMun9xSHzfUVLqyPZQVBxTG684oTuPfEmTahTsfa4DoFatll2S3xd1eDGdnmPwxqP/syqPcIonfn23EYUx3YHKYvceXmTWmI22DfGvCp14slzepYpwyRVDGEKnh7Z50lz+Urpn8T6O2nFKrhsJeDU1Y1O/wTj7yACHE9e5cnRVuBjc2UNyWA8K0TVF6z1RYjYL05im8YVh/+k1P2dnS69dlQzJJMTGRbb7J/Ph8agGCJtkj9tktWZcHfXy1tSAHKFx16FX0sGnXZRv+tMdoP0ExCXSDRpIkmLBetLX2VObW+v3QT4xGAYdj63agbPQ9gkLzWIdeJ+pyhmg4oXlY9nABK0KcZCW2Wgxxvcl1U6RWSlgCQUv+kh3Bc/Xca7gQa66NqjFD+gk8YVs8PwCSUTx1CDaEo3QYvAmyFun6dwSWkbQLNSBcJ7xxjqEdNfIF2WNat6cPX/8QO4JnHtZr0lr9+NSF5ZCZN0MO0/2tLuVPsNOyxEiGrQy0YnTxgzm4kr+13mePcblMkD6O44ouaEwTtRrEI0/xVymctF3GIP1JV5qpt9sP+Ik5+hSuTbCpSfNv9tE3khx58YGD6rpT8DCwtlKSzLF2bi6J5tZkUukMXkSK5fBAVFaBFZnrcUsM9HCExMocpZnwuz5Fempagi+lfiw80KQUVu1Z7rJW7qSDjP7OJoqR7M0eHdnosLO8oJfh7gz7DqMz1WDTYM99i4k3pNxjkf/eiV/erg5J5OITutVH5SmCze8F6Hk2gEjAeLvhBjM+Awe2OcWM1vC+nU4TquycoNacUP75AOXXs8YWkUi4sXbnR7be1OUUekbDG/vQKZ1/lSoOXJJie0Ezzl4wk+45prhIX7+U/8qPR0IhJGRLovHTiB0oC33KHwlE2w06gcw7+M4HIHxD8ALi/6nFYrhADxe8kmNNiJJbiFfRrQflw0hyreX4yKDKNenAFvoCevfKh2VQ0tuqRcUI6m8CCnJDCkyqT3wH3b5F2OPCS6tW+7NrhuQC2W50lwMl6XqSbM0PS4CmLyukgtue9FcbZMuBsUCJrKtFDgddemil34vNRSUMTQ4ZwQ/4icRkQ71gmhClobhqJZRW5yHG6lA+vtUarFad3p3fZDoQvLnWDABVHDrbBZR/ElP3Lb9ZWJjo9qH894xdMCyCHKfzESd+621iNkJwiwdu7fSnVJRj2ocQ9yb+oz8a+EyMg5+mAq0NuRt78uVMy+Jma2V8QJee4/ZdfRAwj5wOOHfQIlk4gqkFWJxXtD41mbE7GXJW11YzLTREZ9T+vfsg63YdkoqtDAyrmPnL09ydOcI0GY0XgFkTwVuTAinfdfsWdkRmqR6UTn7o6tzbWImFiMmtCarOVAxe5CH7oKs9xBuvfdjTS/h7S1a4K9CzP4+yUwikgzlRZc5YD/6wVAzPBvRUgCrZ/Z3G9R0MLGtkGtIHLfoGoCC/9UAx6qsQr+T9tTr11og3S8tA6wui0jNSYKurorNw8sRp0UzBzxzI8LVuLp1RcTlISbolB2VBxSA1tqKwsh2ebmm35qIjNGrX7GRAbHwGI8ij0QSLyrfUZsaKIuKdO6wWdmonkTzhyDihwhZdHODn1wl8hSurDhtVy6OiIOMgLUHvnYi9Ph8hr66zEPcJ/+FyNw+KtiCxwtchiNrXEXWnfOW22eZIhmPCYKjnot+/fz8TZ3I/DXjDUmI8eu5ZOvcT2dvl+3CRP/yvPiFqGWyHLVnRDCH8nWcJ2Qfy6RTb+9Icu869aRmnU28BCFuPcgVtgQhoRmHGgV6MxAlUsRIzChze5zK4x4k5aF6uR3wDyrfzHW7KqTG9YREMLgvqyN9uPx+ByHVjCBr/66u/uUyQXZYMsobOBieqqv6suqrXM5nG7pnW32qvjaVLugLg+GnyOS0dRe/SuPUaGGae3EEB+6YBfRwL49JbZVxl2rcBkLaUr/i2PjhtE5wV2+j66YL+wPGQiwrWofAgRHvMspuU3dKBHE04RkScUB3UQZ3a0KA7A/qDLa/SWZqwedIgBIQWVqw1ddMhZ+aGuG9idLu5pfBck8/6S3sCK0pJUI5m35+YA/m+L97JiTNLPZLSKUM5MAfCLQc0dkDcDnBQTib3BHNs7p49GuFJZb//eVxUUK2VB17AjI1SR9sjITgSO2Xby7HnIqvCdibJ+TZteBkd4KaA1plWd3cNKJc0UysAhL2yAm02HXaPR15nskEeApwvZm+Z8nmoHGsjNmMOZBquZ7JSPgxXg1vw65nxc7Su6jPp4BQ8IShDPHpKXXa2xHSbEg+bW5LZoW5gkNBTneD49WM2y0Cu7FFzXYOrLwIUbd2kNImdB+mNDyoQh3kvyjqrAeUWuD9Rzb/acPwXCoIYmBmDyHjP5zHrRzgOz4NcEOwL7Wd8XcAPqFDg5OGkEq8qolaa2QQXD0m0kV0MQPa9uD0Ii9ciRNkiIL7w5+JuSdFTw6eJ2oUAsb5AQpETWLGjIum9XxLHIUvKtMvCaeNf7bv3gttpj21UBY5McKlMzWLl9aeu5zTcEQ7GQik3T6WINnrdDPjRDvalp18C1ZLhuPKLh3dwADEx2Xy4OutmxeaRIolYb1kSiNa2ZAwBGkInB2f/x6yw19tFNr6g9ZxtGIJ4XuhceVZGsMdvDzv2g/fk2WPBZW2af83bSz0wdTMv5f7Oc9AEdbtO8aLJMnqBTl/fcMACUjgGhabhiQ2mKfZhi6Rprcn/MM8Tc92Nf9ptco1ouKJNiQA5x1A7Bm1gvHgFZZurq+ys0p8HVcqShxkeHicw13p02puVP27v9k/sjcT5904BZgJhkFEX6Zk1/KYPAST0CzQlzSN+X8HAse0vKbFeNiGxETqnpc/rS1qaC5AMGseHOeW/ITCcRgaeiXlkQB0TZeiG2fFs6dXsDOqlpeNWVD9j0W/7KusM29MKPYrLSgWmoSSWMFiLF0cmmpVqiEzdAUdt/umMw/NZOGDY06Lbp46nEvzjKtI50ZwXlBWk0Pd3MXiWh9dbRnaqNJivaMxeTNXQTJvWmY0VMmAyB96yXH1LWGJfMThuP1wOO7/haS7hgmVbHnqocxFYasfPq7KS0c17dgZPVR60cqc9vfSpKpZivFZwHGOSPUUNkunbyXbINQNYZFPjm5UiZHB/bhYMCBNji+PSNnFCOGA3bonm79NwiTR6v+TgHWJdThbnKE1dPAHHStflC1VR9m5/+E95kDaEjoLhFapJUOQCH0kBNrlYe0gf9gZ18JWJ51ha5Ra/qA58AjIPu9Bf/MEC7v6zpDUOig0PLiYyemQtEPClmnQV3Xexaz9rhIGXTheovQCM40fvoeF4SsqgRYE8jqBghEYjwlQd1hr1OGQb+ayKXNm4tF96PHI9iE6U5z4o8Uumv3d804yjhBQDJwpVSCbYURpuRvqWBhkkbXkH2Uw9yXqKASS8pwe0EstdzzwGEUIdwjWnaZ/r8s7XzxM1Ja6DRoITRTb/ww7Ceqkc3O59ztlvJMJiue+kb/VypD12tFRBV1XKD7BHRB5pQpBW9o9eVXXnkWGd/RW7OKuC3BHWapPUUC2NpkmQmsSbkZB9qQ+7N3EjX0k8mjtdjuelh64FXVr17NM9DaKnwqCACITZNqYT7kFwCyvG1VW/qu6ywTriRSpVS0MAm9kv2hdObpc/UEPVyDXxu1xL8mVVfK6Tv8ENrmfOJESoBRYlLcoukdhoeBtTwJ/HCR/H5msAomkNUZAA1prvxXFN+J3K7HHBd4oTpQkfKJEzsgD+C02UwQ0ujGLiKWnW9V67sZ1Oam6ChcAVOM2ctjOs+9V9OJ9U4YGKA3s29KJU5fWLyYxoVH73Z3NahRBSl7NwxKgXJFc+y9WUBwgJI+f8aVdxLJwBl+iFLOoSdNWpPOqIv43aP6cikLOo6olddFlwN6IyUrGiw0Qbr6jys69W2kQsVIGb9+2R99YQSAyKZHF9EA5SHZQt3uPK+sTUyh3z2kcTGaZ7CtHcHNorAiQC9CIaJxKENPQQ+seWGNNKK7HJV0BxtGKgNqBi0c4MIqocQzWE/bwA1OctR5FuyB65NstgMxFyqOQ9/pSIWySB4heMC8DWTqe1HiomU/7d8tAjp0nPzddp/3I2ZQRRFjS41hWayMbDhPA/R73lQqrhlZ8Sc39YG6VN6fUte0WZyPVTqi3RWaegjrZbjJEFrqKvWHHAuzebfKQ7YwXTn+EvT9DWeqiBqq6iHHKxUuE/+0GD+woC6mrHtKBn7S/oXxPGk15Y2+kAUdMiyIzuPhLspmDlpibLAejn2qAl8z68/8dJiyoQ2LNqroEjU1VIi4X88nZF2fqy0K9dXWZTS4H8/G+2K08QZvGmtqDeOtbFKCpSnSYCtVnr661UjNjvKanLCEMQ6vKHs9AR+fV4fBDi/glhFB1TA9WBODErxUhqebQMdk7FaS/0ll1C2INjzzBmqeDo49XsLWISQH9A+16P70paoTK0boHo0SOklSseym/rK72HzUpZoBkIYP8LUy/b5HUzlH2hOTYmZTfmIoZcQCe3T1k9lkFPuhayzaWFCKxhqLuY2C+I+wMGhQcN2ijkhQkS8hUDM+jF40jtnCuwn5HX2ak5zRAHVB32gZvu7VQPNMzXu5geGp2IiZadafdnrDGvffAgNtiCxMSvGpS3a34FYcBH64SeSiGUQ9PU2XtIvVaOuMu2QwqbGj3JzEghM83C4Ry4Hy15uXaSsblcy4wdpxjZAY836QfMSz1sVlEBhMBiKEj9Hx8VppXQBEMX2ORhlb2HcittWXrlMjt0aJeZz2qnjiHU8PATFFZumg3lLfLHEjebI3BMlAyeNCXAZq6WPKd01vye6P5aGj25L6H5QxymxyYRtd7YNInzC0D55NTOQsTaIaHmcP6UOuGd1E7OXkdN0BBGDO0lNZjH53cZpQ0ZYWcu7XOggVzLG7wihExLrCGbRxoQOSZTKXEF74sA1NE02QxKuhFEhON/qWtLwJtq9iXn0z386woQj8g4arL2RAgS4ULOADrdz+tbNuscquvagdw1Jsw8PP+/5+KjUywdsipHuEHDfsifS/fGIKILevJA+vvlRTWv6z1l1RuaFkKm1fn3IKE8f/g1a7EJynvLZ/DQ1PnS+kYxUvphkaSzVk3OkqUZDHdBS8QE9wVb4jDUqTvFmFXiK9Rljjqi/B4fIIXPj1Yo2g1UUnoHT7XtAOTNMb8VAo5p7FTdMaJGNUMxo6KmEIhl/vLC3T8OYpQNqa8iG0bp1r0d9i8BpN2P/s84rg1Qc8N7Foz3zsHYMczFyFfTmLDt1lXMG8xeAZKuqzi+dDFUurzU3puUGLVj8kx46JnBcIc6CpG5g4LqvwUjDRnFgYxT+5q3t3Za911SG8drfiYF5l9t7k49j9iTf72AnetFUlcKhvdCS7JkIRDHExJ4O5Q1IB4KKbGrJRC0iuyzOGC2n5K0KvJBuh6zx8DmwmidLAm9qse5HjuwivQoEF0IuYyv335/XhZILO90PIR8SGJ81/wtYbaziKR3mQcAO6q1nzIJqSCGemc8kc1In94SZYX56v5l4Yjy2TPsSsNPqz+XFAHa4jY0hnuc/HoJo7560SCV5/QqiQAXH6ge601F3esR9mqNVbXr/PnNwe7RiNm/OvgWTwZ84RiVIBtukbjBrl+9s5AEoFnQLWJ5OXSkizaQy5H9O4+B0pZSglKCkx5HbHRBLnKEMUepeObE2sqW+af/bacJzwGYHhDUpLQTH3AoUrQfNNGLExEcTOnJQWHNuh3d6kBL5Qi/yD5b2gvOYmg+jptx99MJ7E2/DCdeO8cmexKKryoodDeq89T6WJby3eLpTFYCDyLsUYxbeP8kmB16zvJxtmIJ3MM8JUlt818wacq78mxVaDo1iGa9YIKg3i/DhMHf/aNAlnQDifHCpX74AhevVrj5g5tCNmRXCYjOxAPjLZUZrU+zqhCxb0XmypIvHmgxPjh0SgA4KyK6w8u+vr0UnDNRaD0zmtL6uYaFsuhyDFEg5Zg64mzzMiyQ8i0c+Ove84+k3QX1JijbZ3WUdfmIXKH+351C8ZQ9on8K7VNhHARE5B83QzhL7sUsO8p/CD5/2qJt8SJAJ1x+zMElJZxLDNRIWNkl/2ll8TwTALL5xwHY/rip48Ptdn3S/tfeUy3rJYJ/9bNZeLJHBxy81ovB4ulknClSEY0ehyXFsbrPVdXaDPe/Y0zk9AyQCRo7XENEgXnM9l8GE553zy2Jr1yq+wo8nbsD7vU3HdqUU50dNY6AUvF0+cHdC2Y3DwCjqZWURFs5dqX5D5oZSWPcLbBliCEyDICuYKY89LYKk3rFoZbT4rQCVkGFuU7sYO2GmNr+GhkuqTAQ17KIGLmpa10KdYCrBV5pHhIsLuM9II8fmJbjs5EWIHK7uXPeqB26fE+Io48b3uVpwJk4CL7mVjbGw83xBKmm9Wvr8qeTU+MrWIDfZz8hAIIcfnbPR9NsJ3SFt1Q3EJQTKSK38ZZpKaJNehBSm3Yyq/dY26l0dISICeOW6T6oIIWxCCrsWLJd1jKgO/YsA0oqZAMfH9GmgkVTvTDYN5xagxDxzpOm/C8bs64Jc3FHZ7VTNPz4nd3CYKEIMC/MtIUqJQQALQPYVHn6AXnGcrpz8uuY5CrmRHr6vhWGEV5yGUVjMzFK1Je4obeUQ882+wT1cySF5aB6y86J5VXVy906bsc/4JPlroPOPR2b/CyWqarab7rEXQlBXBKl7SrrTUrkK1Zh0V8/aMSfsOOIWZagX/DCnxNC/jjIAKpUsScG+3manJRuiHA7cTxujCI+yFSYuLH/VP4ibCbUU0iWv9Iplflg7JpMNSB7t8Oa07NAQGWb2nZiPYeNPScOnU2GfVs/DBl4U8iwUxYjqimaRUgCULdhBSvFZr8HmAlIYRHGXULuySasxIsn7BJxqXpwgAR2Phs6EelEFozowPFRYgHIK9XWbEVyFewFQbBW8LElTrPbR2fj2EmCdz2gKJs7MzR+nhRr3kv2NTYTSCT9YkgUTLqhw/iA8kIHOE7TXAzGmiMewU1JSvxzW041rFwmZlE09Irx7KedCF109X1IFk3wbii0OpJtxqCUACxVef6/+/BFTxROYC7iiIRQm5vr95ZugOnRx3mFOmXedY8L+0ztvG77CJqOVIJA9NK/A2us9chOpQFeO0irIVj5x5bXhWLuuwll4uvaRvPfwqER4fc2HZeD6gMAKdgm4eICr2NiaCFPvbTFgEurQKlgTvweOO5zXHSoieEglgUDn+XtkHdkUADjn3yvfGqZxniffqdlVDwtwRANNaaYPNNvy5o876JJ5I18bOTac83wxr9fsBEOQrEfOEBu2grG5QJo9smuTcn7B1Cbr/vOzp5WOIm01jsttCdzwsrDUU+rZ5XkFtYOHEhMZxCehCDvBsMsqAyAwcVgYMJ8Q2TsjuaxWGTZY+FYLmeddG0ZX5cBpm1dPpRTnUZjdGGI/+EQq1ZREYihB5yypnJFO8Rb1nuihUT3aHL8Zni9qitCGwHYQoo= - template: - metadata: - creationTimestamp: null - name: daemons-vre-cafile - namespace: rucio-vre - diff --git a/infrastructure/secrets/rucio-vre/ss_daemons-vre-fts-cert.yaml b/infrastructure/secrets/rucio-vre/ss_daemons-vre-fts-cert.yaml deleted file mode 100644 index 84958988..00000000 --- a/infrastructure/secrets/rucio-vre/ss_daemons-vre-fts-cert.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: daemons-vre-fts-cert - namespace: rucio-vre -spec: - encryptedData: - usercert.pem: AgBhK8bqrpFCRFUEL6lEIcj7sIGZsYonq+bwr3bS/89DhCQqRwpuy3T1BQ9tDwHlU90SeUNDZ9MqVSRHTUtq+o2RzXRpj+Fqoila6Y9ynbTf5mqNgYZjWnwsds143WCcVocUf4ZoDsFGSdEszes6qAzrQwkaPet2rfO/45ofu5qI6NMS1gejJ6zJd4g49KMiLfDsqfE5B7IuptLG5g60QqIdkH7Hz0sakQs0w/x11Ply43pc8LCl2P2E1+BP8z7M51q8KzGFfcBanPMU3Jyx7Bqd1+NqkbjUnAtAzNyV8RoPWQMsL88HyP4tEGS8cZ4eCTw2f9oE0CzCCqmp66HGYkozCm/sNhd0Dc2iA2TdQ002ICdz3Js6GnfYbrWUJ4+rS07b2jFtHRzNHGU4CEajCzCO2wQ5EnJwHRYHGkuGiy1ZGcI0M4Qh9XwqtF2MY0YOSbrNQZUi7m9j0lvKZU8wF4Xux0jFLzyxoElxL4u6hjVgImpN73twbN2HUKK0s7XcRXlwAhiHdtkooAG5zlcLeCANMs4q1oej9kH7Ivli4B8VOqERqqM48xP7LlOxBBzZaa+6c+bZLUMFgUNUAz13d6iQPSwCXEL+wbMakSeGL/untpKsLLWQynduLQWFg3RyCFpU1/JaUiatXE/kgDguL0mTpFQcIEhxO+clZbuG5mIbZKgn4IiUlh0EcztjsWi9ZcAKSMD/TCQqirsuIThBYchOxam7cZaVjEn2puc1gvq8q99duVwqeJUBEM8a1rkr1N6x3Tgye9iirkQYt0fwPGYkzEWxgP+znzXsBUuxd2qtOV+QZmZdvOmgPQhBp3qtmmgJbuL1VzqDQMaxC6QrgkSY2ojFwwXKpSlcHoRyBV38KdXgVFvhXdTAaOx9TE7Vcql6+5lnfL8sNCOKU6t4JGrdUEWxnzsbd5tkxBOSYOTp1d7HnKPf84sElbj04Ig/R3Y7g5jbux9SzlJqBnBwElkfWWYSrof9MY5VaMuH+8nm2v728MuDPGlBROZuWiFDdIqyAbS/u88UsQeGhTp9708fTbtAM3iIrjAvxgQ43sL5MpmNTDsDoAECg2Xil8sQamBBx8HR+aWI/iilY+Iz+0+Rmegs7tumJHpY/NZgSlrVH4UAq2aEvyyvznH9XPsh6TJ2XtN3tP6JjOp6jpPO4bjhaTPyq0Q9KJjs3SlDkZZaIBipKT1Yy75cv8OB9zqwEnVJ1YEB1yfyZ0XVBbbF9FRnOPhRXjQsPKATm3AA5ONmrDX3i3vvm1JV5LS/WB2mNPSxOO4ugdEePhUEtOicsmeeOYgjjdeHY1nuiyVydL57pqslc2MVMIyrVTsfi3/Sm0Rqb0a8lYHNw1NvYy8SkKFfdv3elPeCgryB7n8k/FfdpNwU5n4qXy+wLVYZ1DKy243CdE0KEIEPfJHmUsKAWcCYnQ3wWyST5Rfmm8q1wN64x/OnV1tcpFRPpziY6gBw07zZwm7npp1rA6y4FfyIqzssd7QWltatbOzGggHJzpzE4lg08BhHrIk2CZEs3T5zVA7UkfRW2MOlAUTwqwqbDXmNSFv3XXnKca+gCwna6UEAhXzA5pw4IplkVbwv3a7aQqpoq4Tl73Dqy0Qpmxk/chapzurNDrFxTmuEP1XJM95nvUM4zSh4+3ibDhjnyUGgdqWqlDOdg7/rlr17EhHLPX+LdUch39+6tslr1YE2r3HAP8R+kIOLjdpnH1bG34icTMByKN4DeJYYuHCt5QVQ4SrGq8su3yiqZSKBGONCGy3odsvzYqlbpeXFbTrSAhKQ4uA4AkH4mXKRpHBdX3Uh5CotM4Kz57+AybbxIjTJjP2PVZgNVR4YGFdQXXwdNEz6zK/RarJTq3+mPowAedZa+gL2fT3kc4D/Rth5nQJm3tFVeCeET/w/fbg8DppNpYuUn14i+TMEJGGaG1G37XFwn50cCd5/yfalp3lYypQ8g1UaZFuB0KUCKygq4xaXFSjmm1e9O60Sh7LrFdprR3ORo6W+JEm4ainBPkxwFf44XjukHa3GD68gjWbE4lYNWC/Ijv2jT/kd44R0wZ1NFLUTJ8LepM0d94+XMU8a13+pHAmLesJVsi7HpDBXvrI+LjksPnNrC/ABqpqMzSGo5zfBP4VmKnIwFmqaPyabUXXB95EFFjdoN23UnS6RFyL7eiSvmPKYPo47BBzhY2OAWja0+ufwzyPLxFkzrp6R9debXvg+jC0vVOZPEizpcoCp39luFI62YHYCb/Wm+7tqVlnhdr30nPPL3Ok3e2KAkaKxUVTaSHStrYhqeKFZ7fOitHKn+IrVen2EMe1uurX5caz6MFAgL1F/NNHMU4rxJ0BoXUxCWK7hOOIhE2YPSgbEc3JhPBlhu4FwhKI9qMchjqIzQ5Jzj7PnRPD0DK7oSXxtlcddzotPsjJgG9R3hWPOzq1BW//xp9heZE6bFXj6Q35qVSLDyYNh0XEzMtNa4xusfNLMYMRoPQ1iIrz3QyQquNWwgoF+ZuuLP1V++N4vnqPOg31Ie9LR5Ujpvf1CT7YJKM+mnerl+Qbbph7mIIJy7BHpdPNlG1awWTLds62t03pimKbvHAauaksJMnxhT7PIV+fSAei1+AzKJ1QU+jge37NTTqC/M37xuOKO9p3VR++lnfcgiuvBdvC4sDjzRlT0g62HU9t8rnqxXOLx4ioxNCxkDFXaBm/yh+KoInRWiH/m+Q3DBlwPdUf8kEod2Xp/5STOs+Yi3cwPwRMkalLItdL8fiVmwletfJyUT7i1brh1hEHz/Q6X7FnGEdbjV1mDGtx0NpVY/S7TPjBdC6GgVbOPqaJxf9fmeP/z+mS5OONg2h6bBzDmMq0FwMhFEMuBT0KxKUeoaiSGjLx8HpDoLR4FVbFpQ+cF8VoR55LNv6IHXTniT3+ci9YbKLGuWzdoGDEAk3D6+wW95Qw5JemWkIIdME7FXylqSeaoquSjZHf9n3pw7pSrbz5AP7yoilLsjTpMbZaSBQyQAnwk2lUutmptf25DqaJyeYXaZqeNh9nBXGL4nUAkVaKQU/G+emFWFA8p2aapWP0NkvhNclNmpEMxUjRhp3rRMnSxClbs/r6Ou8UJDa5PoRJmsYHDCO9TcHAmF2mdGznjAh9+UZnNDYmAbeq7mM9liBkkTAMDV6lcr8B7t1D3A8Ao7ODJBUlURHgR5zMnusrhL/6rkv4xneEmHIARbkRsxanwDQh8dYBjkmSeQ90aW43aM68XepevSaNgXIR572/n8BC1HvTAM+0ZP6wd3eAT96dhegowWPH7oIhCiEr4sktsw6t0xF0TnGwHi0j9pqaWVkIaQSnk6P5lu6USHAvS3TfiO5rLYpxtW87ToEn4Oh0jxdR+eiJD4fS0lUaMxhcZgne7N0YHsNPn36dRuk8OOgJJtnzYnHmAuu1OfvKeTHBk0stug4UsCAFWHQ4ZAcAWzVBBWhZaJpJ+ikj/SOj060sYVWK1Xk+vUHCvJjBBgGxkKaMinKwRAbQr02YoGB78uD4CFQfMoarVB+BfUtRXOmna43bCV8oiBueCTFHQ8TsZI1b/QPPtYyNlP6t4jFZEpyMhCU4v+4OB1j4e87bD7V317vGp74FmyxEZ7YyVIixDknCdSnkThMgT0WWPBRk7NCD66EBMIW34JyHR3bdW1p6xvKbJbPMlfAToYi8uk1LhAq+IIkZUnbQiiVLCfUFC0rNRwThP9zlBv7I2S07fL6A2JCUry8OQQU0PdOyiwumXPpFeyH0ojzSawojCH+czcxvf1qx7H0eBbAirK5eK89rCH5+g951/BhdVgj5qEQuLwVOOxV9IYL+LpPDTIlf/Hn1ThH6E8Ly5ELx0LaHfZRxjiS4Q/8yhltYEEM6iFhYG5KGUjjx8w5LMrHF8Ke/JumTV4DWlmUfApLbDWhGHrSO60GW0WqIYUVFWZG1b+nD8NnUeKe29d3o34tIWB0++JGE5On5RJJl98XZEGEqWyVqj64+cvsssGO4xVU9zcdMLPaXlCOL5lvU3dcSNyNcU075q1KgkJTqU2SZqR7ypr2UADDVqIXny83sj11ujGJhf6cqUxmwjMs4Sip5o5AHaEz0NWwsDmOTvT3/zPYLxgE/XTpILC1A38kVM3sqNLD44E7fEYaIj5uk856sGbsIoPpU7Kq6XzOlBv3FJ2zxlY3IIY3fitgXu+HCBKopzBA/tObji9im9pVMwHfOHhmp2E07MEl87cpdlwcJXWURxbmw7O9LaRG0r2TvAOs9zMuiUJ3H+HCXmufvUsbExRc+bwo9sO6tHKaEOI8/exJguex5dcaKhP1L9KfCk/0UM/gKF/evvy6zTed4KjBC0DGwoFXBBtJxcnb795wkEvpvjCCRkoNy7kMVx+I+/bzP2PRD3SU9r686qr5VroyWTXwxcWheT02BkMbImolilBxB71jDyzTJbL7lOaUvmUpW/V5tw2k+7928LsvixCC0JVr1k74ywA3whWuZivKSsH2ee9NveUpCokbRput5cVPfvw6rnm88DeqQcBjtAq1sQm0nxxr1gk20BRWCa9x/RyGu77CqFYWhtpjnGBq1d+zksGaxHYfEeDkA89/sowLAAbzyn3sl55HJvcOYsQEOJ53GVRvB+qcT+4fq4ubh0dm0BWbXgZWRXi6QlVy2/o06XJy+c4JtW9scfSN/FgbIkJ+MqKno77vRTlmPYG2AL1JzVybEhV23yDdgsgpWOJqYwxzFVGmGcmlJz5FRJopcfekkZMzZH6ojWN6ORIjeg2MltmzBWpCEXwxaWvel35fuIgTG3CGVDmgbEiW2gmOimdscccxjYpAl+8k5H1vHrSqlIeggtwKAnhyFu2Q3OcsWIpbjzgoxnzjTAKRBUPEsU1eGfahyeQ+lFcixV/S7J46rApXAG3t8ZkaO8/Mrk0gK83VPalnoFgtaKLffPM7CcsA+vjLF45oBITEH/vbsE2JMxFfd4TjZcp6tVrO0lKhufLxVTCORX3sqY4zgIdV1jR3awU0nR+bXMhw3YCQiuZrvXxCOesuBfIcWWGduhjisHmHwxTAM9xSkG90qQACjHdA856dfcb7fRdb415/HOxptTGRiB/5uSzrVp4lZpK927VhMMwtB9czlwwdZzW/ZYucCP2oOFUpOEjuS2ATmw7EBQ/YCSzupv8APwP0a+euDuNbSXcuocNxJQiHQn8nRroh4LUrMfCzXpxZCXCdbQqggKSfPrR8qrRoa0Gc1/pQE4jpT11ZdtAeg2VQjz4MGWITgxfZ+qhdRHYUyms9AT - template: - metadata: - creationTimestamp: null - name: daemons-vre-fts-cert - namespace: rucio-vre - diff --git a/infrastructure/secrets/rucio-vre/ss_daemons-vre-fts-key.yaml b/infrastructure/secrets/rucio-vre/ss_daemons-vre-fts-key.yaml deleted file mode 100644 index d17145a2..00000000 --- a/infrastructure/secrets/rucio-vre/ss_daemons-vre-fts-key.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: daemons-vre-fts-key - namespace: rucio-vre -spec: - encryptedData: - new_userkey.pem: AgA6GCzmjWHUyq49oq9soGW9Zg2KGV7i/3AImg9fvH9D4gYEjPwMT+a+C3DPNxuIfIhrdRzg1YFgqgCZN7yHsRQwhNd21WacOdOEa19BclDwwycS4rA3F4y3sVcTnB84YJZqZcK8ig1VMjOgbEsqJHLSkDJeBVdsAx51qJTCfvWSuujg781MQQSi1ht7AwWscjfvJ/W8V69d12v31RlBd2LQlATQp1799OwAXxjIcPpJa/pw62zmrFWwsXLrmdhoR05xjRHqRrb4JwslvD6csMJbFbiUsp3O+CaxK7CupNEmIGS6eiRM0HMJQcz9pBYIZAFrGU4V/a4wKxdZPXCBDDEXvk1D/UpaO+igyqY3rmQ2U5BLrb5NIcs7vNFOl7OmxfvCGV4tVjDLjcMxutIhMomqPJs3u995kGLcpw1xHy+2CPqUh9kq0uywg/jYmu9fyEz0T6O5fIwJi8Mj1KTeDCpyWNGnvGvOnY45BxXNwKcjHrkNZ2XBiY8nzsllnqoujNXT7Snnf4pOI1nA6Y5fc+EyXX4Oq29hAzn0+Utvm/BaNLJSVgPo0iXEdmDhM3wJ/GtRIHdcyxCNpcJo0yx/kvTariDCsjbvaNwuVf0nS3hV+qBb9K6E4ZeaUMVr9TfORy7gM98ZV+FcXZoYpDb7EcLntsi+uHmBChzdl0Yag8FXrgHyDNtDJgEvh6u4gMzCDm/yWivQ/vuv1mwc7BtXJrH0UK6ysWks7TIkt1x0Cuks8aYskKCR8bRdlKHECdqqLBJIA5OEWzMTmik6AzqE5NMKt51/5AeQwbTUNrr3h5niYpm0gC5wImVezJyXYCPHJM+T5FRbcDoGtOIcESEy3ptMpOuPGkJs+WsHv0e+BdllTc4she4DdApGPVwWqOJ1tKHGIXfcUuzPlnv1WwACm4gN2u+A5ZcPbfovMp5p7TmKxYWf5ss6lO9mMnnWUvAGPmqVB+ijNzqWXSFqCE7VnVYhwaXYxirxkd8bqvDRrEly/a8SMayBqo84qnTdqcuuTcOIEipKWtXn9vIzoDUKxuaJARn6FPumDyoPGxsS/t4bBW9oxI8UhPh4KxRzl5huUgTsqmhZ1Ogzib+ccd7xzH5uJPP8RnmrkxEiUSDdWxyvntV1763gUfpCOjj77+zbiu8K1gTNwZkiyg7V9Hl4YRQLjAebuogogUSP4WNNK58OpX2gFFYlrxRqQFBkbOcmLIj5oCQbMg+O1jxODiYNbbhUwMfqgo+4Jjff8b88aXkgwBhijKek4PHdctexrDeSvAl548E9nhiiCsltZP0h7SRRz28jSW8x7vcigjim4mSLNL5YsVD4gHqVLB4HFMrvmy6bpqUU2dxV54RSxla1GLWcg0yZ5TX4s1Erogdm+g44I8ALKrEqIAxYwcozgOruOxyS96gw/+4Un7gs5hwRiJDJSyfx19m653+b0AjInyBiYbkwmyzgJhoLBTnpx3HpStX6JJJ4Hm4IR08ppHWcqBKtT3mSfJnzBroIPbu6iHWXOFKf+Esmw1wv9mkrOxNrIC2Hj8ZXU/UiW2kYQZYKKu4zN3wekmqtxYldYevKHDnr9SYLteToWwPelz2z+OMhC5pd+44SXQhrKWWoLgyZjiy/QfrmM2Kl16M+XM0qgvE+w54aikw/7CZr96+V85bOyYCxPREFBUShkSSJVDG8sIYiXpSm2yhdjqPmqdIy+fS/DRqgOD7BAjAPma37l39/yvG+vyEDclc6o8qI/28iAfWcly0gr2RNdjneler7uOoKlOK3yDO5m2AX8iUeXoFYpZS3QDjSkQErvN5oQSPGPp256bkBy20HqeZapgLBqxmtuYLLa8yb7/jA2ewXtQGiEy5etkrC+H1Br4mWKfYnxt5BVJyYqOg/oPqzlBvvtTKQHEpXLjoQjgWFUhLirQZ3n7ra1fiOqhtz4UUOOx4uQgDrxXLfJIExKpv72Ba6gVkbDjA+zaXTC+8ASDoudv1NOkPe+RcYjz8giFNrar/uhCDwlxvgWvCTseS2WpK7LGg7rSyDRs+V7VfRokS03laPZADhhgRj07X+iURYSaBIgH2DHpENbtrScp5MQOaXG9fgrZEE0epvvz+M6joqQv0Ho3VZo2V1bSo1+iBVjP5w8Rs+iwhgTCmCEsDIm10bw675unYS184j2r2ZWjcrFBpPnzKPd3BHHAqBIc7YzG8RUxc+gnf+su9Kb5fE/JfRmaq5b3HfP76wEAaWrVNRurU5x+UuchGlqmBQGryM3eeCDdXA7e+YyPNGYsRhv3eGqmSpaaQ/EluMbNtOFZg70BdoroZ1CozMnTuiDNJ6eCS/z7G29FcJ6nzRTbLocmIsCTY7CLWzoXYws7aEyCefGHjKkkQ6mvAJq+jL9gnHtQEBg7J1UE/KoQWkoqC6IsP14RaVCAb3wklqiYnAohhtDg4PCO0EpWh+ALK4CaPICmoSKbEND80tegNgNSWBIIVaUVJWx1I7uXojy8wKvenQz2IYOzL30+2UTSuZEe6/bsnaUElvtPzqaeaPxGxj3ky6+byqSKFdmvksCSMOStEtTOztVL5TIxR2v6bB3nqInth6ffRARDKbWEEd6EZeT/EiGcDC3puC6xDxBkRnm0pvRBpzpm1dRUqCa+6IERk0pWfLc7CRMeZ6bblgRUNlY854m9oi2LvQkW/UZDmQtIuTjQPGcpDZCKWNK8hYqrqwI69RQ3/KwmcHEo9V29pMdnyTw2KxnbPK7CaA+shfVvAIe12LnP8nqouK1L4nPsguxDm2nh0ybFxK4bnGPfGTnolq6hhiETdppk4LYu96hq4cfKns4SazEkTj5SueRkIln9N2v11HY3ffA6kwYdTzYkFuQ4rtUzV8JKSEIxE4JfXVhzBdSvSWaIiFrSzcbOPisOJMMt5jG2p6RLcD4O85ESUzKtLQBQ2bSlhZTjqHzag7E98mvzsS01KZGii1hU3H1SUNItKAqdZY/YQCBg9yy6++npEEr71/z9UXSXWeT0wFLk9Daf+laF4YnzeKcrTnfsxrBHd2OqdfrhKDgriixBYGdNzhwMNlGsz10Op277k/bei3MCcekZnoAkrD4VtYQtm2fhkKoi56gz8bYVTLuyMP11wIy6NaHKkJW78uzzJlQrabBQ9jMACU - template: - metadata: - creationTimestamp: null - name: daemons-vre-fts-key - namespace: rucio-vre - diff --git a/infrastructure/secrets/rucio-vre/ss_daemons-vre-idpsecrets.yaml b/infrastructure/secrets/rucio-vre/ss_daemons-vre-idpsecrets.yaml deleted file mode 100644 index 7187bb3d..00000000 --- a/infrastructure/secrets/rucio-vre/ss_daemons-vre-idpsecrets.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: daemons-vre-idpsecrets - namespace: rucio-vre -spec: - encryptedData: - idpsecrets.json: AgA0Jc83htQsEsDvXqIA7hoZv/AK3Kq3ytW7AzPmgAei5LSZPYOu4jvpy5p2ButiepLyEJ+x3wL6a7QyT58Ezz/92lsedNYO/15j/sjn1J5oXI4lcNvJm4ynFaZR/QFA1hS9Gsw0QAqp8D5Bg1oU/NJVfynYmU7FgbFMP0fGu2J2Zaa+6kwCcySulYACKlaCK/4sGxYlp0uu1SoT0zlBw5qVe8csRZaI6FfmfFs2Igma6yN8J7QCNESL5ZsoUuSmtALRTAPACMLwXDk9IrZBlpUMf3RnrLvA1zGEJs5HhLQXWyk6XbLUTDLiy3TmZBM4G0UaDxZ5k9UUDJ+3afBT9tO5LYmQKGGRyDUeVIfoIfgKDkTbzU5igHTm528hKMV6i+wheH/VZ2cA6yQ0+a6Fw99AGD5eZPv6LVJF8NYmuwMtH7PBdcvMKavhLUuhKdBPKvqjsQlM9TIn7waoQL01Nc9nhNy92sCqynfjxiOM7YjUtNjdP2q27XyI6RwJQAFuAZ7r9gfUHCJbMNBwpdXNm+Ujd39QZlhJ6XwnhevYaRVuCQ4CWrNMLIkcqUl2GPIQcbjoC3BSZjWNHASQnAe5KzqzhVrP+HCRu6uSjcwPt7mrhrv5nUgSd6w2xj4kzH5FrNOW8L+Fj/KcLCaMQDsBq3wiM4B+O5K7KswtuT02q6pJggSWpg2IJoRDmShpGpa2+SE3C+aymkMwDT3kwdu52gGldBbLnZ/+d0ZodS1HAYJMgahLUGV/zTXOPWuZr/cfZQH4os7m5xW9l9jWGuyzUz5ZOjKkdz+MCicx8YfsCEZMYi7IYdUxyFQQDu7f48l2pZOqASM0f6mVNHEEOpotc8JZsWiSAoLBywzDhjoSjhn5zPf/Q+r+M+t0lHgO+3y3euUrlfNcKKeb9X8y/I2nrRWPlPN/4QGxBNFo2WmEnKsMZO0ugkL9oibDomklDZWXLkIJUYEQAgm+RRGXgGCIzXIrVrf2+HbkVubFzYwDQpnEuwhgpdgj+95eRm9ni/l/3sQ/gRkdwwhQNwtlsHwBXEyXS54aJmywug6lTP4eoGFro9EUPBbh6ourt2Q5gaV3f96ZCqK1Te+3CJu5mPyoKUR8NvU1U/nOX/FkL5ZcoeJ64fWtEynZ0ljG8WKhaZjP+mF8rMZDjqwj1VerKqj4D22qLRv3EqJViv6Q17qOuSOpI5uyWE9rSBb1+8SMl6rk21S/3gWiS7z0eZ4ckTYE5zI84pvz+MFJSg0ldoMvyuhOgeK7rmHzs+qAjSWNdHEjaaOIeFAvnECeUD52EyjMUvnrUmQAXFPbDphC+MVNX4y3rN/q1Y5r6/G65yBDW569o1sxA0iVtuW5YewuagOhEBFO22rLm1MzAeM4dR3E0acJywDPgS5QKdlBQ7Ltwtz8uqtKNmGpqv2jhAKK8YX5BdrmE2FdneVTk78N5aObMkrmvIjlFHq/2cm4+C5ERboFyrDWcExN/syeasP3ZPTMEgP6k4hc9gCGn/xqjZXf87aS9R+39veqtXOYljysF0Y/Zng70UyG9qpVUTHJH2Iee6Fl8IuTbLZlV/UZr0x2w8dadvs68Tr9OLVCKf65uJKVU0lugZQGUDLvDkOXo5kc3UTup45EDUnUHI3sWR4GTmHCVGVOs3ABy3GrevggkPCvsgUwZXohGl2iKlAdovdBDFXCYRPie5GyTIGoqI71egOCnRB26rslkvt4n6NgQ1RV2ijTewpBRomCL1PPNCnTRnuKPyuYbFGKcm+yJtaw5XbX603dN+WwZJP6j0EOdbG/SHrtckamkF0kE2uLyDkiWABnUIiM3InvrYHsGZj7TDwd9VQ9S5MsDpQObVXHdgrM6/MpoOjeifACSyWHjy2Y282LkF223NjsxcHRFCHN7CJqCFAuNqt78o5SrDhFELnC4L+z2XWzoYCz0to1z0kqgihpOKQcQL9bsXzKNf+jZY6Sd4cB3B8oW8Npteo/4z+cepXdOgMphGwcYZspnnvR3yatFmcRwEGRkDD4t85/4xTZBuJMyL4yQEctXjrn0yEKAgJFWLCwlZQCF06MGQNgeLIFW6CcT5iRtBzR2Qx34e3nAr0hrJLXsH2aZdIC6uDLmoA1Y+j1b0Hl2894GcIKM4U2kO8UApzDjWRtC7HeMb9tCfL7EjMVyu2PlNxAvI9PdoBanoClTK/LFo+IQ92o9vas/yyfo2ppJHJvDHI0gN8YA49rill6hNhYMHqUzEoF27mdWTz+o2SN8ft37gKzCOuCoHQ3WpLQ/7rJWsqd4lqw8vWQ30JH7L0iCwjH0Lbx8H0Cqz6va2YLWfGxwz6huPm1HHGtCHE+rcHsNTlGJ1KwR2VFgLMMXGjvUoBHwz7pzu4HCLloP+Jiff10jqLviBPHyuYlcgbl4YhFd9V+YN5Zg2/dOMTMwideVfUQ8KsJRGp5nWmpklVS8fFOf2QDIJCAlukr/SY4Y85naWpI+CIdwgVGejW4ijAmoEVbH1Qt/tze8AkdgI007uKP6BJ3QjayD204w6o/f5NNeu0DaXaITQWfa9OqYPDKyICMEHOrKRvgoPhgA/zxOd6E4k5sbrFzTPNHml8Sgkou2tWBmAVNIoEhKm1ODpNd51gbzR0RULxaGavo/mgKhG9KluDtJIvH7T1WzA2OuIH3mIKZThOCl8gnUgGE/ajX0bFu9/3Q//BFHQiwibsOAtFb3Bmlr+llJ5driwtmsXTb+BuTj64f5beVW7WpcS6U0Xe4dRM4dlH9iBbGZ+7GuvfvuRNQ7MhspLJ6VNHhnfiE0AbTKj0TOYfVSSXckHH7fnO96Lq7aEb6ml8JNqNPDEGL0mmQg6ZN+zf5GZepuksRZfnW3ewfHoh6MvayTXIkTzKUKgGbBNn9eWzr+wDt62L8r+bJo9YgOWaV9CxYDU0skgIDQkq5kL5TR95ybPnAMA8XadCXTbCkllpaqbNWT2VEnvBxnmsPN8d6hmuua+wwHMvnqRlEhOORdVB38lsXIpzaRZGfMpBs2reRSIejSaS9lIgC7GuCrhr9G5dKsbZCvKjp4lzLT0cy4WT8dO/6dKWJCbV5XBiTJUvB2i3++BkAKIQGdwNdb9GpqKvQ4m9Up2Tio0vZ4CzvO/M9NcSsH4M2ALJuV5EydL/yTpxrSMauuvICYBo0QaqEdxt7as3oC/trsTEE/yOruTxzZV9AhUw7zDf3aXiP6DVPQ3f28n/lt6jz4tUBgR7SIU6tzHR4gvgLjH+5KtYaODCnNKDJTyxAxVwumE7hBcHl7oxTke3IUIpS3iT4vU1W+A== - template: - metadata: - creationTimestamp: null - name: daemons-vre-idpsecrets - namespace: rucio-vre - diff --git a/infrastructure/secrets/rucio-vre/ss_escape-service-account.yaml b/infrastructure/secrets/rucio-vre/ss_escape-service-account.yaml deleted file mode 100644 index 46191f34..00000000 --- a/infrastructure/secrets/rucio-vre/ss_escape-service-account.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: escape-service-account - namespace: rucio-vre -spec: - encryptedData: - rucio.cfg: AgAeRqRJOYT1n3dRNAnrvndlj+wTF0jy9qjhDz1k4Pef+hvu8yE27Cgt+x53KfZf2sBRzju7eux7zRwCoIHnRxBfh1EUqmPlFxjRsrovOXX88cAFvEQVM8TH9b+KTN+xCfjRWlbGUe8/cB8BHPF040Wor+4+MGQraiOtU5aODuCJyBg2SpRJcAzTI71/lsQZfDvEJrM6+CN2x0mdwNp1rceUEFVEfNSUEAAJJnXAQz6+cGo65OHPYtJjhTsoYmXfsR0PaTYLQmqphdBxj64Ik9Aj48fYKdV+hvOyCv2j4myh9srO3ixlIUFTTAy7f9Y6dPHgCYRJxXMrw+6eiogawoqAux79VaxEJZ//6BgSf5D/hO7YBM60McVew9POJrw8R+sjuhUZvWXmysjTQTnlhuRXG6GouOrMkY7ZipOyDbXeYQAj42JZoW9QJ09fldKg+yhXJ8tNaOOiUQ4gYCGjkM0cUK1Ck+dKTem7MRqgaaj5xnq96I5ufQBy+D/W8wKBg4ajcXp6PXIS5sZgeHHhUj0D1oR6Qr/WOixlBSZ5UgHjCQUiQzM0pnrga8+/wDEbmi6gsnKXygiiv6EleKdf3G68zAU8Bds6gdPuF6M7nHhMgpy4jGdxOQ/P09zAJfthCzMb+DGwFpaKvi7tus9MC47qe/0AR7Z7wVS7b5Uxkj/2PIywCwMmCGsA6iU+ubNPUdjcAQ3uGAKeWDiTaj2ij5z/MU55C1bjZyE4ynQBn/qJAoVJmvk6zmONO+k7s6N09vkHhdLz+ZCKq2mceLw8C6QG4yyishuH2rMm/LKr1Budt+3h3/5OJZU0FR4i4Rb/WkeTopL/NLhQbiin1npRo1DaFmrwktDsqCBoyCQxW7YrxuEuPgJtx3wHIeUgT3qFjzl5FjfojK3iuFc1p7KgNSm6ywRGeQgyVgzdJG7OLtcpZPrll12VKZEsKOliqGyzgVKZhjA4rbuwq3GD4Bpw+GQqeEtg6eN9eMCMICtexQa/I0uyXj2D68k9onxLZLOaaJ91BnJeIT71gKybusUQf8i/fbkPL6DEOKPZjWthGUgihEHOLaXiNtekhf8SAjH9a8ChTxyz/G2AKUaqYjT+2Em13Ah/MN3gI4dp/PiLawsSO0ZqEr91m6mz0KP/Su0JO8ddkmZqZRdRE130syFp0JTO4gj4iTUPp8yxfVQsHpyxe3HmHfUJu16ops/qWOni4mc0qa9Pm1U5ZQzBOT9/3eV7Ad1DmU6HED1kjQqqnd2QqExyL9E3LQMuEEqzUZ/0ZQwv259D6yluOVzgl0Vh9I4pcFciiubN8BdTcLN4XCkzpfbmklKk+2TKbjAao5unhJTd+qDGjLSoDj7WnO5UVuAJGs2PfhVb6G4w2tI3e1PbR4epO4MMsrAHS062JnMS1OgH7M3uQsucWrTKziT2KgM30t/QYTqGrkjO20ywa1/qX8zg7r3gu6wrPIELb8iEa4ddHAuoiGPH298F34zersY+19EZ+irKdJM= - sso-client-password: AgBUsJalUwnhG1aH/2ko6oQ4qFvW0/3g58ZNLwpejnOeIJ1AG744ha16Mud7g/MUBznxExkb0lueNWsBcFK2xopIdssRqhYwxXDpptsHKmXvoQGNYnYx2fdQ2+8dN8Ah/1Xjsv3KKfFEI3RIgWnzKSjzYHf7/+30dTGyEUFyUO7PbJrQHWMoRJObH7A8pBEOnMmdIHqGhv7o6qN/OdIw1aO0ucgm+JTro/h+yA7UJScb6ePlX56BOKiaz5dm0/r2xNF4IDCtKm946WFTP65kQzDAQYZ34RhCRnD/GJE865OnpXT16/f5iXzTdLwe+ASw7SOsHtFuk4v+7EPMTOmF/sK/Q63IewhU1bzE3MAEMw/NisrAj8bm1gVTTPGgE+nAThmbfkbSB06ICMyg7vbDPfMsCwX0Pyl1kFhpM6FhMm1fZ6ie7Hx4ot7kGWsEA0J5W85qjHpUQtdWOlP4IfSGOrolXx1hyR6hAkBgx4s0v9oTnHXqOuMS3HijXr1d2YgcdqPxZkZJFVC99e1gioDpMqj8/yM7uuwz2Gh4p4wPhx+E24Bp9Og4bMl508+JxsJL+8QbTj+2qr262E23Y8+O11bMSzEg3NXG3LQA85ldBH7co94nD2GEZ5cb72Y6dqdtndr0+wYvoAeu4d7RmY6lgVRv/uwgxm1Xol0OzHJZ3yP5nv0j48L0OfaloDpdHuyc+YNrdwW/fyWdVEtVgRHm2WlPAZhuWA== - sso-client-username: AgA8R3QgDHXkqxywO9ncYMWyCVyEhUHyhZm40+HGMvcQVGEMSvPIaFw6gzXAIUJ6aTyIWvGUmeHncM+BCVFp05ptgzisZWkzg3lkGeL4H6GU6A+tCXOhpxjAC8HyEaPQxoutpUoHoTkx0582SIx+lWGABV//7zzKN/QFlD8CS2IWt0TQpCLIY2ouIP2gw6P9ZAH5p///jFqaQwAUQn0WwK1siceMDpTHLPC3yPWoJGlBKWxe3v90fEGqeKpDvlrh7FvvVWOWBHew0E7svtz0xSAwXr3pd98vmzZrB6xIxx2Q3+sf3XmMmZubPCch4ikD3f0hafI6XjmrS35HuQcYP/eIk2NtuWNKFGoszYyHQYrltFElqjD0praOvsGcJhmpZFtkfFwyNG/FliHMyXliO7jGL20yVmkbVX8oqP1h++eA7PSd+Eg+6n+OY2Zt0bq9C8qMSD456LACa1G7MBZJbsecAdM+CIlyH7ZMr6L8Yi+Bw6NO1BTOpmvzWL2CcW0l/0rK2R12H6lPtS8oGUF2jXtXoEPhgELr1ByE00w/qy7fJUjCn26LjamNbzfmc6M0eEApGh5EcsdyNFp3Y/34LQyhxExb8fjfODn7cuDVeNoHs0D6kANYtXiR6dGD6QNicKv7m5entOYkvHKPEjmyjx1IpZQTG1nGreewRzwisUY7g1qEC9aFZjrxACrRHLMdJZ3Z2B17ErKz - usercert.pem: AgAyN28S/DECks/cz6e41j8jogy7UrAzhGh5XZOM3pRmtYZW/FQVXG7sF25CCnM9KiVMUkKIMw+xeFwcP9WMxvDqeJAi1Z23a8hNjQBCgu+yUjAKDoM0F+tQ+mpNT3UkDPNk1xsrCLofUZa+vbubA/jBghorrf+jJ+MTYxwFjXWVUq/j6+mWw2+26FeYj7zmjdgcfbzNWFutjZOb9N7uYs50t86TgEN702ZNm0+QF0kfSJbQoJpWbB1r9Zf7P6Ale29p/roX73h24XcmAeRuL3JRkDenrtZzWEfQJvrRIeHpe/I4X8xlTm/BifD/sdqQW4oN2+nktZ/kzuBABfZtdXmsT4jDyJ/nzJ1oG9dVOd99b/UbGnFBdJ26d7wwdZ4OGfjMkX5Y8n4wyZyWHUqShTVAYzmFMr7yegDy23CVJMnp2bDCwslwoWQJD6CrnbhmPy8rmQWrdLrl/YzEhtMSDUzoSggdvctiBJgXuA3CuCsDT8HkbGX+H4BC6aipPUpuuUahd48nUyZKFBuzTSER+7dYvTPVTLl6hPOQL7tFdGaqx9bv0Q+5O8opMt+PtLAIxsh7GVgz8GuZ4/IBNI8MFJJSJTs3qJFmTiw33L+x3LDlQiUTjuYtcy8LL/qg2ydurSP72U97LbGIvwEMEd8QGAs1k2OCuYow3R+sq+RS7QxKSGwKhox6FB4Os5ch8TN/EO9XrTXU8cDH/FvSWiGoRml/hn4fNXteOq4o7heUGuX4RBWVBW2Z6yt2MKw2jhsLaXdLcpvGv8ihJFgHZWb4hCO++Vhr58p3D7Ez6lXIiZhysSUsE3QqW6GnCrohTVwlpGXRujlowJZybBgkSn4+xiHouuZU3vJBR/Hpwow3nChdbhbLMRR8jYntYDy+gjNAPZ1o2WWBcopldRND3Pl2k/IfYPBYrraGHEvxR97mikiuPLOhcgUfEx6naQ6X7mrg6dywWyosNvqe1Ypm7IM3RZOqPt5RD9MjpIbIB+/6eAOcRl/Cbp53+LUnbGXUhHPTBfUQgRJQviPR1tKqsL6xONBA03RjbIB2ndFO7Ub01SP5vSLKm3RDrkmypc+3HchgUWA1Vjydb62RclgleCRP4jdFt6gM+36oruZ32TmejuB1TrulNnW+HbU7ewGCUBQdAfsn2yEwbDH9tXPcbWKhDJcJj50f5Wmc/wI/7t6zsJzOxcB+P+IrXxMxVJtElghx/8vDQ4+53/XIg10Pzm+qTbkTZXV6yRWjTvToEYkV3k9ZbcdYRogtet/zjZeT0BfwaWyGo8klcmkiNVxQDBX6yuFi8myGhVu9XqtZsEujHaPDzLTEhVmLpEAsiydT3zTsElyI7e2AWd7hasDGCbTcAQ8erA2VUgsllggAr5977zW59ch/P/TBiSH2UcYFFxTET9yHIESdVz+TE/U/SrjbKxuPuHM2dtYYRX967Y4Y3jIRm73aIo6KUHaBrhdhFeh1RcZklFQhvN5FSKp7VHDS67uEXKU27p7598oq19aqWk5g38OpO407HZuIm1emp3Uso/Lpdt2B4QaFE5j3JWPyiELDoOQv1zoaBL+/0XXTnLPYboryJSF8Vr8a/S4FJBdTyaeO7p6uKYeu8q4j2uiMRwiH6UuzJeR88rCxr4DYMd7mBrRZUmF/ydA5orgkMELhwrDFlwOzoxJgXJXNFyitj4dkf7FGNHz6S0laF0sg5SbhvyRcMeLyFX4s5xKJYxv6eZIIlE/PyyPj9zBN5DNWzd573aJWLv3hWolFKLVkBl7p9nZ+hHVowqNkoMoKoGeHFTftHnwMRquvCzYHEuHYi3ry56ySb808TfJ4db9kWee51BHCRCKdv8niAg1ruv39iTbYVx4i1Iwkwqsyvxw918W5a6Ll3fpq6yzVhI9GPNwxOfzk2gwj9yotfs+4CeE/9NhtgnnXJ1UkrmnmWRAs+muIF70CkqtcyocvvEDfQ/sHaxdAu+QmOsCMozBQH2J9zZg5N5MUW+tGrUTxIauxX0UPXXAbjREHuVnQE/G1SAjRU1ZwWmeI8AbAP81CbYKIxB/nsUD3Ycc1zRl/F++nThIQrdBmSGr/+NjzjzPCF+wRmm47xKpNFXNhq2KdqZioK2oZvnTWBS92xPonJTweujuhh37edyFrTpf2cGAzgWA7oYk/o65pLPJ1DkyQVuq0ORtCiVlkPHKXqvExUVTSio4DWUIKxiQezf9sf8C6m47XXnxXNCpLvjuuNQMUTMij1KbT8+DXWDwwe1MROQA1uRuXerT71CEGUtEv4i7lDzvctNxG3DrFuWXVB7VyBD7f5g04oIuyvpDGUaolO3oB8YEVaaQpGX6nmesYsYTW/2bdXJMwp5/0HDbqjITui9mORwA+Mdd0cWZ4OegC+lYvDyTH6h1itPJeSBJHLITRoAOsXbSDmJOYFgaYrzrVv/dOx98H7JZz0coOaJtmP6csElCWD50iS+b92OzeuLCYOtxvjKWUv8Nkzw2AllaApGmVVFXIxt9wzrfwtF/QM7J8iI5eJQLPCsqBwm+eXuASZUE8f/4wWOjro4axajm2E2yvoECS0WUFZpyIttzuBsiQVpXp2N5mXQQI2TP2XXZ0N3Q+6ssXBFuzon7il/BCCDnFfBHaPoyznC/wILehsegwgTEJmrzL00t25Odc3+s7HrkWz04Uju1kgXYmqZTPlGfFpMjGB4kSt/lcwCT1tzh03hnUuxkqvEys8CMA8p7peTp51MvArKcBb8E3b4ZySgES8N7uH1523Cc7ba8aSrZnZ5PKlixAlDBicoD28h8DgrdGgA2qTQaYZ+fL0f4ulIPCbSOYEggXqyw4MlcyQBYpOcn2fJ2NWM/bgDFIr+uHoOVROmetXgMCijJUQxATcZYsfSQqfZQxKeuIIjnKEp923956XADkR7wXchrg9I39uL0RHMkjqeq9pl6oyrkWcfMAJu3ncvi4jN3QQtDm+gSC36MncJniG8a22yGXVPa2SvP0RKoeh/jWYBkpbAdMLRwP1S/vUzOl0kGQSHP8wNRw6C4lDn5+c94hiGklt1IYfYmgv6YDWUei/Dh7HWgzz64HxgId4QX82jcOfcV3026d7ifU/qNu3NLSdzg7ywTkj4Qa/jYTcODIagQIABRhW9rZ/AEbKyjB67NXWlXyq+ilyhb7tPN04D9VGU7pFOXPWvnJ3q39EN3pSFF0PeW7Yk375b/qBOjbD0ntrlH7odl4/aKF4cPTLtBkq76hLC1a8LXqjB7l9wvPHyewAIwUDZJNVufPhm/WiE3xer72toOuUDfdM11TSCA/3mYNi+xt+/cvZ/tHMCwVMxlC3QDpB4NhCv9CTlJfyRmKuo4S9AjGHvrPrWKo/6SKNtEv5qt3mGhx44uGsQu9ublN0wHIb29+8n8ZA9LZPLmlmvAJ789VcZs++4F1BVTkuDqpL+TEWweZt0fGkvLWCR+hHKgCviNoOO0JahBe22OCrFv2zqBxvf8NsOGZ2Km7LSRLe7wgaN6tNLXUhlWJyzYfcWX6aK6oYx3wiGSFnpcbM4uRyjruu0MUUBkXhnIcTpoxP8RhKk+0C1TK0LUXF35yi6ggKdMw6jqgqephNGGLougP5zh0cdTw4Z24Sr6GMj2lTpMxXG7iy3MJRAkUhcvJfaAG46ND9heukGgSWXlHb0tv3EhE3Ma0mGL5ENBAa683HG3oPWRf0dyD0ML+TsQGEw4O6CIYaXWYXjHl0j27MrJta8yZKXk6BIflziH/suA+LL8QUtIyVv5/YOprvyCUJDw/3f77LfvWPb3DXUOHUwiqlpDuDEggLdrh9qJXu6tVPGioTdsnJuDVHEipusi1FoWeAPZOgSJL7YcijBVONLC6n8rqTYldIIV/2Xlv/7DrMZQCqyJ0jCFyEhC6Pb4Zf3BF4s8okehCB/7/G2b3N9iJksyRx0Ph2/Y7EgsSo41F07mLCrOeDviN+3qNbU1N5l0EBZaVicfRbFVdOf2q3xE1houq3MD1d1FAGcAUuON5JzcmXcIQnC8GWDoAbDmuJOTRX/jCOZRCdBkJGew6I7yHou7G7BW18/KRgN4id16W6dnmGjhymFEtf+1/lt+3ORq6nHtSWKgpVtHq2NGvgGX1MXNAP0F0h3O+ZcFarn8r44DByJWnYqabEwk6KZ14xiYGH+UR8Gt3XHsjaK9txI2Z12/MP07mrMCU2zMmvRJlDGwTvbKCg9puH89B9t3MOBjp6aPFGOE2vylDSLnepOai7IRnx1wV39rixUMBdiMLUhoV8ulZ4SROf/eiA+TcXE+uZOg1grHMpTtVIhhx293EvtwCo2LJ66M60I0NVJWNpQHEA9D7xGdIq9/Sj2M5IxhL/nmBiVyma/vS0FUc0mj5ZKhqLPqJiT6zBBlJbpB72Qp6P12VET4qSjr2YptWR/QO48w3gv84wV32vPzYAM8k4RXzp8FWlIkIkVVAT1JeywyzmNmUBVVo2Y/BOM3jEabhYz6inagsHh3sCuJZOXPCNLXN6C8ULa8snmQanmHfCRvPaBiyLhaDpOOU01lM/+WXRRjRthwypcrc5n6CQniw5I/fgMQTVA/qEvLX4Zky/k3Lx2Hc6/XBnr5mAc9YbpmZl5z08S4sKAk/HqrVJKlTtwJk0IykKTxAKf3BSkaW6wAgc13ukG+l1OFoOfMUK1P5MqdjNMk0hUQPhmAAh8C21q8I7K1WbiSXnZvYaJjQtXobqWpI3Hpv2TzHYSnnNsMNf6qBdYb2tMxxqqtZOHnTmUJ6j9Tv8oRpWvJ3gR8VRBtUupj07cTVyTrZl+j+Ot37Z04Kos+o6pnv74JmCcShJn9EXG66BqxKItOu2S7xweDGMXPx3lz/woDO7r1W31uW4s3n4rQRi6gBPSDd6WPWjM2cXJdJs6awxRXmLbeI6w== - userkey.pem: AgBRnDxEJN4vYzdNajHk+EQug/Klsn4s6j4PwH+Xw25ST8wF4PtDtHMM1imKhjK6hGZdp1uVmy5NJ4ah11EC8lA7svLScY2bkH+qcYmquH+5ogGAMW4Ic8hKFA0lyYgaFc4Bk8Hn2bb9yBHSBDZBFSxbYZV7465JsgrCrWqXlVBiVQXAnQGl0AQ+2JNotRBscCuYEHBEaFaFgk8OGs6Ca5Z2z1NATrQSSDDMB34vtbwA7nkyTKqAi1n2TWZhu81h3fQ2O1M/88chayqZXUuzfVymJ2xiY2HHf3eYLTsSMEzymeW0R8E+uepvhx677hpJ83eKDNye52Fs385ZsXvtxXTJDCodHTdRrbsyKPTIq5OzSCMX8toXOy7mKk4W5UQKdUmrj1i2w9AWGTH7XVCaATL9WEfF0UY7kMCTCiRb1O4RQvx+8+5sunID2b3x8/JYZfEjSueDgPwnB0J4lj6384YccmXXzIb+4cY9zzF1TefPahdPMhBEiWkeGzvEUGcug3ebobTue2wPe0yCdAoKaxs51l8jtat/T5MmBFQXTOA5N5ArGC/ZCs/o3mVlLm7dZvZd1DaK19AniH9jOf4ezWGeF7Qn2OSSWFPHdP8RpnZdVGwEUMLuilb91CMfwCl/pKP2VGOekEF2BQcjiHyim9clplsVXd42OPmc3xo7qtf987oRSe8y6PlC/r/ViLN82hdbwzS1G82AajH3RErXWzcRnfgak2YWSndlOO/6MCXE4X9O6MqPFeQo7ivpHD3GfvCjZ6KVZmQQ+aWrXTVwZHdKk3SMJJm3Mk1plVapBtWl/hMp7+38dl5T9unHEF6kQ9ZK+QJIbJVOQYOr346jXGHrar0+43+RXBjA9Jlp/Jgf7oWgTc5e4RoEplwjrwyqgdhR08Shw46gL1KAz9zvQtTmcLOTx3G8jt5+cwkv9SM+Q4F/4lIlge40UHkch9wrYGSosiqu5jC7+Ggwl7USBOhzBYdXzpzrjG24hH+qnCqrIQCwqfbtzalW7lwF05YsUjPU3CYk3PFwWc3wnoVoeKGgldtv4y4ixZmzZikbmhgmI7/qQ0bfhuKtStDr1WGD03GPJrv4QLZ8yioa85k0E49016Q25FL3Jv5NHStNHQYRx43p9dkyiBRPO3+yc4Fz2IVV+MqUxvegL0ZxuqByoLq4dzD//z9dM0k8pTH1PMzsxVpdaQiZWnb3uWPVr30s2bcI/5eUjRpTEhU07huiiJVCKLQ54z8FAOeZ1DVdAwJ51f/gqRa5oyA8DBvVlTn9q0azON/CkCkaK1JYGwFPEsKxZwTWkK1OzuBfXJlthRHiCjMR5VpU8e1nmfNI2TkEwAa4i5ysfsTirFHFmwAbquOt/SaPfVK7CdVfhUR1gnNhFwHfSeA3bru1obYkUxWJj5Y2MbnLBtOYDpck19s5GaRQ/eUVjaVZ7PmR6Y93a4j6zczz7eP93RhmYEpqka6Cph4sVCq+Gz2RwlvKn59DPRBfjRnccIhrWck19AtXy7NQr2DVVEvPiT1Li77kuH1x2iVCdILWAr1YuITptRonZBLwWKgnqE5JbFJOA52UErfpQyvUkc0eHR75JIIJmG6pHSubzbSTPLR0gaoZS6buf8oeTAmEUybPeZHEhoSBK9xPv/ijdbsS6R5A18W11LqiM4WULKbKgWEPG8UWWcOgRbcoJvLOYjXL2NhzlcG7jMpJ667PsWqjhuDkETga6aOBa6jsfxqE5JEVEgsqbbS66vYswkBBsxNZmP0AH/CWG3kfkzoaMCOPT54fgzx0cqkwXMr5kMcvtHtvFWMtLUonCwVtRyIqDJmcMvNeahdA89FTt0wYs7AIDasqABByPp/Hq89TFpKFg1MNa8IPK0dxaPplZMcxj1n4x/HQT3vyivLfweTHO+mqKaVoSNdiciXpKa9hBoTB/XdTvcjCbEwX7jczFL21LNfUkwI5kz5G8ltU+tTdop6NFfqVEm1qr0SAWxCu3QgujTcROH0b2uvRjtTCwqsnbcaGtKi8J9JX5Mo9A/w3p69TDU2FZDFFNbKw6JI/CexLPc2pSjO6ShWmUhpWE3EGgZHImEo2AgOF537gppZsb6TUjwozFKuY/wGXavZoYqbDprIsYMDzyRCdoHXrMwpaEulq+MGvqORMC8hWoWUt4ceu6YNMSMBytuaGtg6rrgM8+r6WIBGFaz+mZGS0MLgfCJ0g37kP6M53SmSQcFjR+QeCFmwW8hwe0P0MKmGWb7YKyTHJsNce3BeTmWApvYg7scYi9GQZgj1FsYztY+YD8dL0WiDmpYzV0iM78tcsMYrE5Oj7mOMYHqedhh10/oc3k/5WQlmV070VnYYofW5Rsayjc3MT8r7Sv1ALK7G6XNrl72Mban44ogd9ylodveL65Uv7lc3jIMhGnnLTpXjhlQNqVsvOC9DRt49tcw20+35toZGuupVkKrZsekn3YnKf0hAIqPZph3xUg8vL9Ghrn7lSUBqoXdiNSUkp9kpbUPM2GVFaelIdCCzws/u4C4/rA88p6BjZLZDudzmHSQGcyAuKwbLL/Y7diFzKpgE8VWk5BHkLLtbXEeIggx+cb4jCCTpELdKrb2LGSt3Co65GWQt/Za66/H4gcNf9RP7eyUKhF6ktLbmvoXn/b/wGWTotc/7sZN/Yqv/+8iXxu3o7Tj71fJA0ktWumuwZDj5decARoMN5eze0oAL6UcZa4/b4lAG+jvQzYlxWjHX8k5o7BWKPuxGhM6ZwgfZjxpt2BhGTU4ZEP3IqAWT6Q4t0XOO/jxsIJAWo70bM7fs8RX2BdojIrZnWkc3TVk8cukUUiY+8Bgd9YYuvj6426FEw2t+OZGtj6J7VAZ25cqqsLMszyxENGVLf6aVsUUEoTljX0EfOB5N4UWmkYgCjxvP3TpV7cqLewkxeK5HFzzoPFxVHqBifLrmOp37OqzAlccV6YB2amqw+g13D0c60l6jjFg8ZmQnV9SQ= - template: - metadata: - creationTimestamp: null - name: escape-service-account - namespace: rucio-vre - type: Opaque - diff --git a/infrastructure/secrets/rucio-vre/ss_hermes-secret.yaml b/infrastructure/secrets/rucio-vre/ss_hermes-secret.yaml deleted file mode 100644 index c036a684..00000000 --- a/infrastructure/secrets/rucio-vre/ss_hermes-secret.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: hermes-secret - namespace: rucio-vre -spec: - encryptedData: - values.yaml: AgAoCifajWoMXJkuZyvd88X09LrHX0I/TG9hGtZ88fmm7ttvNfXOSXL8vRf9hfuFfCHKU5nHOlRR5SL0Vq5MOpvmpnpo1vsH96Xz8W7XoW9FYxbvENg/sJw7tHByCoIXKJjCJebKOlbYl4lLZlPaVzom501IbyWW/a/aSbOYssrShPKbG4/r0ftcc5U/ONuYpld8xrAEznoKKY/Fwhk6cFupSzjgpJ+E8LZkRYxyoWICX+TNfROHJCkEq6E4yKJVGoTQ0OA505Zku3kdb6Uj0Yl6+JTmGFe0qPSATkkrtnM1ao2sV6kf+rRYmiR4QhVsq3q+fvOyHJdNHPuVgAKzf3m0Z24zft2yv0KGqFT/1W63KXIuGrZ3VmZVKkQvoWWGxlvXTXhdtUW+ISfWbRmbu18CVqs5dNuVkUpka25HYYm1tHlWLPInkLoLvK/3SlYhI8VubLnzxFn7re9PUdMnC3NFQOShp9BjbkKzI3quKGfxpPRTlGWyUTns3S2r6L5454g3yscu3+SUVN0Py2IWAoX750rux4TrcsL5ZGApr4gW+rGlsXxU8ybHfq7iSPjCzMujGzoDo6ORxT0j8G/5//vJHVKxVkxIoa7ds619ghDvwdMfgVCQLkTvjQougf+Q8q2Yn88WRFIMfzD2jnyXr9LsOs3JJDHueoufEEVLgtHR0iZUFXO95Iq8Pi0Wdfcmd8/NcRc7d44O4o/Lcw2LNG5l/0scM6M9xw0XyCTsLhddJ7/0MPdAK8xG4JiYdigcPHop7qwyfts/8YdsKntOt4ykz6URytQ0MH1VJP6qs2rTaAD41pRNt7VvULhIQQEhGkyFAHPgJfpxjdJqz0JYg7PgfeRrrDZQT8hug82evxOfxxSrdbsPsrbhSwpSNkNGaOmbGoEIkwfEtEqj/DNu - template: - metadata: - creationTimestamp: null - name: hermes-secret - namespace: rucio-vre - type: Opaque - diff --git a/infrastructure/secrets/rucio-vre/ss_iam-client.yaml b/infrastructure/secrets/rucio-vre/ss_iam-client.yaml deleted file mode 100644 index 82b6ec71..00000000 --- a/infrastructure/secrets/rucio-vre/ss_iam-client.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: iam-client - namespace: rucio-vre -spec: - encryptedData: - admin-client_id: AgCtoFfleqTE362d+wtKFis/2qnIAS/1wcX+2gA4erxyFy73rYwvn1GtG7CFwMYARga8xSDbc4IZ8YOMY5Sm8ZAvigujYBWbFntEj31/V/amhel9E8FJ4qHZUvju+J72GrqCl0/nj4WHIsEHTgyEKfBetfRyVUP+vBbKCB5r8nOBzyV8xFKVqSkMFWKIwiinIjKJSk32fFFhIcRWUE5ZR8gL0bnRxorwmVIX3nwsvDXuNqhjTd9l8Ca0wS2NFGNW1HYx4vpKeyx5ciYAH4RTM2OsXP4GPbg7xyimopZHfcm8srHZkdKZAUWhOM8awPbl0OlaP/XsGBUOwfeM6eiQY1Q0J8a+C6qO0BeqQIwYWMW7wJywSFaHIF4OKWlCN0Ud+Bbu5Y8KZoUdb4joi7C6CY6BZUC5bVSRKsyhL2FurM30FEoef5Y5aiFnmf2l4wuNIvXjgivoN8cSVt6fKInxNNow+QM0hepYoQSnsHCtG7nYO7rj4+bhuu7Kgljwc4UrB6Y3NGpPelf2YQhYD+Jwvh17BIhx6lnI7TdbzS0X0OQAP1EhxG9cgpwra/cuQT1bjysUiKWkeFUNZij4riPZSYUFAOZajdHDEMC189eh9BSCFeXvzx+O1REdxB190AWjQarX0Aq+eIMEkQV157AL2cJ+oq8u3ORnizCLuZGNBY55Y+mJQii7h0jV/UScLsrzKwIQWs2LWVlWQKxL+IxG1x0a4nIVRaPBX7CbyqqJyd7CivBLhgw= - admin-client_secret: AgAOmygJ/wlVd4NmsQYVgOtvu4XK24QQNVAtst11d6K/20d9ftnDK41zk1qIFCuzC4rreewiDPIV9oyAf6LwJ1FN11u0GQHdEybgualb0VxAGwhq0uHOgWnIduD5tP8cfl2H07EPdpeNSgpN38a+cKelabPahaJQ/MQVqsqlE52KxPTJZIgztrWCuhC7yUhGj9gDUDpyoRGoj9CD/Kg7yLBjd73ILNFM2l1zNHeOZkpFqEuK+ATR1OqA3bQgejgBvLaj82f82XQgWjAj1j0GAdmVAeSc/mDpfX7QwVKOoTEfbFJyLnBOyetD5rCawdbkb6x7LQ+BjtuCsSMpEyiLYjeNTSfFVDzcSgRHQNv5HsPgGFvqW+XqM01EJOt8Ha7RTK6Wpxvi7E8iWaHgntI5FoJOXnTlosi1KjHWUoYCv40FRlIJCkxs44R8wLxJQqOSC+Lzo+XPdg79QmmM8OXPdCKw0pzLEi3Ob85mfGH+qfpD49WNiZ2BZhj8z94Rvl3XaBXlsiE+9wbfgxDUVOBb5OdVurosAsCUBpluQTtLnAP2nGrqjDxnexm0MS52fYa5IrgbPYUuiVV3NYfgxtiK8iGLHVcBeet8fl+GsgTpPFDLf1brfKUxY7yyylAmlncySWM0Z1aVF0P2zGJbuH7KcHFV6ezDLutqRUEfQavxBotzkE+lGz7UYkzHKHQ5O7vIUgl8g4LPf1MTD1S5V7M6P363dvUCSQWl3WlNa8t2g77q0ipE/hHbISApkHFcJkJ7bMdDYwrhRO8CaQm2A6fflvnQ19a6U7nWbq3lfslWetScDx5mQzIbj4s= - admin-registration_access_token: AgBQeVO3k9pa2JNMSJJWX8TyluBPM1T4uNJUJmIDa2OS8d1ZwJE6f54IutNfzTn8+SPX1QBt0lS9wXANsEMaInP01hHD+ROGte7iFcsISSwyPAkmrYytLVzUN4zA0HK/d4BD88FiXlAR2hCLTpP3jOCk+ta8jdWhUF//z2fvMiRuw7LfzyHKXVwerdgLoIBF/ju0gEAlc1/YI1qN2zJWLNWHa1+dqxFmO6HV22Gx99t1DQUHaPpsjZYPbpPZArUpgxz1i0D8wyv5HxFme+6cy93mgXQAoI74dUh6R90/pSYOC2Oo90Q8J2nWqc0/hviuxG5EBgF/AOcW5xUuzTsAsA/QsCSa+eGOt9yv5KxY1+PNFrOyUJ6MQLu1LqCMBi0Sx6AHPESP09PVvirIdhVLOLdyZZFcmxhRwK2n70Rk40/5DmWe/wLKyB04U4yaETlXETRV3uJldolZGQRQ7fI9RGO/ZLvyqeIywC2WRcMt7Gq94wFoKbFZy4vERDWDRN2/6NOUUEj3mSsl7IT/mEfuk5DdQPJM9mH2Gc29qDaKqdfhtTqH0590ucY9RAmzjcu6GeRuoC8vVAANunaR8899qKzlE6A3pEIxspNfqdCJnCuph/EXvTOb0zfpdpFw0Q0iVboB0qt6dqGXBEpU3SQVqbH+4eu8GNO0+CKAcME8h6wD2jEM0It+SVT8x1Xp2g74w1k/JQLDlUkXhPA3lnEdw6LN8rWCjaVIFqC1qHCW03mDqzPAXMx2EINQm1PMOzLY6pJA9cmiDB1q3N0IMYL6rccwiGyEY/P+WYR6hZ7vzJcTkvpbetrqF2GYlvl32Z6kuXF9zY86Lh9NsEscx3dE1yWGogBZL+zOzwAYyD7E/5kni+kC/03d6V0s+ydAVZZMdnFCR/kldZlUeCszKzhfzD+vFgWRBSCpFf1XBm25m5R/7Gxp+Jq+9/CZ4vI8Tl3M7aIkACZoSBEU2u4EKUHbFvfh/zuLYxl9wgDOr8k0ZJt0kL05AfFQCycdlzHO/aj7300QHPd1KKflFnQCZlyrkVloNaIKoooFF0XCqc2fJZoe1siupprwv0tG8W19HqU4glaXEb1XzTgcd/fhzYEZTDcx07v1p+joM04Baf6zAfxINX9u/vrNJ+7pfWL8mNmvKck/ri38s6aFDWl0Twc6fLWeOQLxTghI+0cL7bPiW8zF4HOWlQosKoLsDhBq2qT0ZvsY1NbBonb/3xDe05EyyB3IKnFblT0zz33ZGiKESYpDwq3rFZVTGg== - auth-client_id: AgDBOJhV6OxWs2mmVksX9X+4mxDcEasK5PP6giPkBug2vcrhTTMMUVXg1Ik/QvbF+P9sKeLET0vtGmB9G1Jd6RVaB6XZc0fzT4FSQAiLBlPlBN819E/uLcEuruqyg2Nb27G8ovyPkIkcqxO/sWFYPsUcNeJq/CE7vv7yOzODBTk3mUA97ftmX7HdYlKiNujySqN44nMgDIxYRaODTCfqa6mfn7TBYZXmumKbJKw51LfQxMr3qYUvLkaC0TBReYPklOq/n17ztJScjmyA5zFaMjaeQTkJ3CvWPi/+o8El7Cd0nGSE+flQ1RY6pX1k6VXoYc+Nt43RUzx0rkuB6asl9SUzsDJxLorLNnJYuDeuMcfod/GdhxIvV1EZvMAsimmN7sW50LzCg2YOCpJQ9XzgY9T31Gxnz8ReawlCs4Bg1dFasijd4kFnET14mb3DsdzvPJXYgamWUEsEp3N0G0rXzPJg0/oDHP83EnFsI3QirCN9hECPLqgBDtrpqTxc2B80lojx3RlnT+Patj7i/V8e9RNq+XYy6pA+FqDPrit0eprlc00lEXKhROkRoGKlIfr46AgBP96+yQ8Ws4uPSpVJW4kKW9htL7CPgbbPbXd5Nxbq7mu2kaNz0LrK4w6V2vORA6vAeJoGxyMr0/rZO+4szTnoyOegrmpnPxnAiHP++gjtNfh0UHknoKch4cyWqdVxjb2YinMJb38cpLyK64jB7MWRyX2RGdt7tT+vcXeH0io1D1/fA0k= - auth-client_secret: AgC5hqeAmHbZNkj5dWg36IFFezcMT2GgTLCRPD/PgAeQopa1THjl+mmMQ53+bMftLZhNYjz0VepWD0bdWn289kZd3mJmJYN/PGEzeDkrNWlI5vZc69R0Mdh0Jqn/T2egLfAavDB4VPh/H0aBLWIg+F/cX9Z0ydSLqIO9qgVkTuC5tCGoVKCdA2VVOu/zUnQHHjK2S5qdz3Ty/ni8n2Jll+KwKYqefTpo+AD84Pd36UjcM9uuHPTrJbkal2QdBnEz8n15x3hq6BbR+5VuSC6kkl+s/dmj6hK0JBoaaYudmcv+5o8IE8/pTipC59yx/yh6CV90CwcbdpZmw4VH/kXRt5H/kmhd1nwczpgdaxNUexe8NRWopT5pJttmZ2/sOLKUIKprLFrhnbTowzLykJVAiVIJDHYsjVI11fvEJ8vqKgKJvQlED87WFy026XtS2vre4KQNlpDoF2+JhxRTCkh/jNmjqkoZ3cyubTf7DshF124zrJ4qMmbogZR8iW7xlKXZA9i1tDpVHeKgsOGFlQlCJQCkCRurL0R4kTy3mk6QgvxpNgH97WdGih6rXinI36ETQxaYg/mVVNUsv+rSRontOU7u9mEaAcqP0U3HxKkcZG9ggD3blpYW6OpVYMwNIHDjQZMVyfplt7XMpBXgGprL5sYxB7TSGeU+7Um49PFGqoLF/0F5KluVoFWYUtXveRU/7WZaGGijhfojR39gNdy04rYUu4nPffpKw91MCUm1c0lLUHzJ8LlcO2BQsvwU993IaEzpL9n54+mXiaxKq9De6/tohNWvbHfUkFTlDHz6JvY1EsmOEpEPPw== - auth-registration_access_token: AgBSkhAMnl0HTsTa0D9lUHZlir/ypGIud0fQfVmKCKANIkMPztbLBbVEqjTLNkDwXoBltSB+k/L3qvsH8exRz7Ogx0iGZ5YrqIqdsHmp6hPUROAPYtn9gxWaSqiJbGxYRNqA21fvh9sKqQaFcq4Vgniy6cRUBhLjI+n/u21zE94VXam0QDD/rTo7i+bEAKipS/j+Q/lRvvBv9b9t4YQLHk8XVc05vsg6/Emh2bsBAJbcQFVHDt7jZMYufV2yE2yZli4HsgZdLgFeVxWCCnpsbBhkdFctX2kgUckMnRLMppRf5CzerEDT8A2Gzakz8gbhMdxL+Eace8+BU4sMivEBQWwWCPkSacK5vKPj+XaPyeaXsSDf1BhSP1/ml4Akik3dV7GBTceMjFiBGeqthDnm+9ANgb5lW3gP3P/ZNeYxNvIGbHMrTYYc6cGQlSa1FfMRzIMJ3uzLx1oPWk/fva0cP2daXbS+CtTNcNmpy+bRSITNGup9lvZ2T9COw2GpLCK8kz+dRc45FYS9uUPiIk0nhwztDIOYSgCsR1vX6Q1QsIfPiF2nJVmEuXnVAs6YfGr8Dt6O+AI18VhTlHpu2zPj5RzxYu6q8F/foghvqjRN9Nj2BcEYkEf3Lhq6u9sEKNgsKV4zoNz2jbtme52+389f/cxKsSvLdH97H0x4tmOfp8CwdW8i/tsx5lxTmVc8kpyChXsWa32ax88DDe0PLaAuexQNJt02+aYN6s6CutgTqzUOEo06NKdMbrRD1kFhyrlyXKrZYFI179ZD14TnAvETfbW1LxASV+UBjaVYRpu473jF1LVZwc53ky6ohCnBNEBgce7H9AE2MF6jfIQzeWDrkA0MYRvfchWTR0se+vnymHAyE+5iVBFj65K6JlNXGImBBCKKu0H257DLCFSozCrKbfBbv3sulTMEvZRR0IAe4y2ZJgW+9MdCI9MGaucayvj8pnIMm8oV7mBr30B/qT9YIQKbtBpe8H/PuQWWbJW866L+0+du923UEUG2qg0MgPbSk3gmc9AeAzSXZmDyaiTA8xuyRnzxilzChSlsaqF4NpvgM3B0NgK4B1SEkiPNKSIGHDk2rdv9wK7ruGo/NELjPRwzI6xiwkWK8h2MUJ52yIyevU7Ed1w4fhC0FmeEo91KftgdXd353kEVYb3oq+ZSXhx0HL+RP0BRoLt8H8gli7VWK4K+4DuMYXmv4JXYqf4sCU1VKjh0AgNAtQwFRMpiTX2k+AUN1cSK18Bin/MlE0ZZrna6IxUX9GMPqQUmlNe1iodkZCQGydI7IaOfnEM4ZuDyR9hMOIHWFEB+H049sjMvd3hfeYZpbjsQTOeR4MtPZqGK9+SMF0eG6EUfGLsjts1VmPzkBV1WZL1+Ic+RGUixr6KXAG+KnvAONLdoS3/8u81H6ol4BENRma4V2Y/lA+idwBkCaSUZzxwC63PxRLqDOuIqyRhzge22bOtIK7rIsF0bu+yqmLPY5WaMQeSeKlfmtg== - template: - metadata: - creationTimestamp: null - name: iam-client - namespace: rucio-vre - type: Opaque - diff --git a/infrastructure/secrets/rucio-vre/ss_idpsecrets.yaml b/infrastructure/secrets/rucio-vre/ss_idpsecrets.yaml deleted file mode 100644 index 3af68efb..00000000 --- a/infrastructure/secrets/rucio-vre/ss_idpsecrets.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: idpsecrets - namespace: rucio-vre -spec: - encryptedData: - idpsecrets.json: AgCaKeZSaGI5XNwv8OA11wrxmxU9EF2yPo8AGfKvKbw/caLDs3NqI4HuOMSLGAxgvJ6KNu1xewWSAKfKaNh1yPGVODLdZdUrR/Q4RlJA3NvD2qJX5xuHzOxKfqLYwKyf8eGn98QoMFx/0/PHa+d29ShkLJxCLw8NOC/jfoJU4M+IlMEXcywZpol/7bdHHVqKVXaUX0eYpjrRSvr6ZiNZQFYSQWRvFfEJSB4/CLvgyBRyBMKQmx6P4OZmWLZbOFp8HSmnmdhvhIGWFFj8nS+gkygWGAWyeNZOBlavBk4IaiecPvJR2HGcomngPnzkSCVKvS1RccjzK80nm8qIMlJY81dWujNEYwaeEPIrfuy75+Gk5cFXgU+Vp6P+zU0G6Cjo9YRHeSKeAdnn11U2Qv6rRzr4m7SdEC0jCfPfQ3FzUkJfLNp40efhOvVH7ci7XRpEJuSjlexgedsTYGNUktkprnacErwz1+UZiKlsKF/xFJPkKKsfESroRfub9Y0LdWV/w5WaLiXYH7KHbbmdCtsN5Ut73aD/W3QNjyAzche5bmXvYca5YnrpfiYs9649piO+d0AF15oU8rvgiL3QLYz8jVaSc69vKVzlMv0LHAZKzS9yqOYxcNroYrEj/ZJXFrubHAhdXpGGO8cxcZ273uEcuGiRa3Aw8DWS/7++pOSXWRXro/yYj/ZGL1HUspSeoEQWdeFzg6oa1sijvb8v+suPEdI7XrKYshLYHLEEf9IfnOxrcNckpmMzxtIOGz5Vf6t7iuVVCp8Rq34lZf5D8GuPRKzVAAfrk6s5KKUYst/V1q6Kya6/m8wP7MyQ8bdW0/CO0davHO8uQn27LDB0i50PS912OEfaBzarxnGUK+H5HBxrymT0UsWFJ3ffA6SUrH/iX8bk+iVIoke3bDnWfJhYWhmj73ycBlaxY2FFRIJPUPYMCnYLlegtEVsTyUs5NfrovONDWDhOb23UBkNrnUx71BMNkWbd9w4e6tRRwrtcLRANYDj4iSawWd/braSiwK1ToL/ERJff93Bnp0Ih7FzRWMSlmVm6gZx8qDa0umUsOfqtI5lNsG8Sb4qUaoN0DMaOdzZz4u4CqHf0SrDCpoDaLdPbumGL57gZ26vtoLIEKYlDSh9zoQ7ZBkXDyc4NRZeOhA6P9HnzfvSRjryL7PrBHp7i1V8XyWGP2QtnWTES17n8B9vHjZvLpj8fXhxAhBmdFNrQEn8A+uAYjTxxaBgPE5xa1BVKXlq94PO+XzInMltqVkhYcVdIrNernoHQb1bBu/0oOsDGA97cleeAJFQi+o7CdZGh72jYV07WITCj7ys7JIXUGOvOLEPVt0+7ydDI2YfU9hZ8kdMT/LTirglYRqjl0V5enqFo9Qk1h+jUITd7790VD4vVke1V3eEKM7MuTg72Zdp3F0VXx0OGAXFoCx0xkRD42vrG+21QN92t0mm39oDL0qmEvLazQSh6puV/iTVsvHA4TAYASp5j7lo6Bt/oDhVRWVfZoxLxiuHq4lhcKgmjNUgU3ZNpOAViC3NjVYi29Zg2fOwtDOLEyYRoh3FeK2qdXoM1XA5D9KDU9ku7/CFl/3DLJA+QT1/rTLNoDm1v0xfysalRabYlctYabvDoUcluJJ1uw7H1N3gu493y6r9EPcLL4WN84gftGAddFXX+K7q5My69XKC0pneylfWoN21sp8h3FZI9fiEoAtAyO7z099QZ2Si6a6THEWvaBe5izmAdKStG6B0snT6aGbm18Nf9pWXuHrYrnbZdXSJCiUZN+nPM5F9aDfwCFJf23Yr5LzBDx7gEAP2YXyh76swxt+0zMKL0hgtB1lL6lg/NEhgLIBMTY6KzPa0h0jPAO2HJPnWXBR1UE9hR4vaPQmbRdYpeX9NI0bIFVhdXAuD27y9VQW6JPBd1hNsFBZa93hc0M2Eoqau/jQ3cRcwq9xkHyf5ZQxfcCGdess2L3nOfydkwyS2cYPvpp/AQ/tXL9eeixsAOWDkBI0T9iMY5NdJ5thfY5heR+EPyeEo2dAQgfulaHHqlzrzYDqJ+SNNw+fXVkEQjaoDleiZIO4yD+oa7W0FpiaXPFzKe+uhEpRtGpDoJR8JLXEFjCRmTG73JXLc5UO46mWzVjBTr1IHfSbpnbknN40kqQeC5OCcOwlSJQMX5rxE7+phg9tDTxB8iAJp5pIOTdvUtTnJZQX/Tn0iNdjkbxiXfWSozGvvlXFQrY66CyNnJc6n/pWpjxtmmg3fhwvFujQ/vuwTyrECYyxdQLvir9ejuQKh7TlVI9mquX4JVYDMIvegC9mHEOgLos7du/C+yFZb/1lkjW9sdN9XlWDBjNaBtUJcnif/pDjvzTGB/2K/Izx3hYPxiWh+My306aTQYtW4lG4J+RhC/oIhFHTGKCibVt0QB+2RSjp0uICXM294yTbZCOD7pjGLIHiuak+OqeMjToX1JL/W7aaY+sT2es7aGWlW0+XJACN0YgYWi6NfZn+dDEyfjajSoWuzd+0Yu09q1TOJjKWxRDUk6kFwT2VXOuZEKjjOMc3NzF431G4MYm346P64Wqt0e4Nt28gerjTejJDF6cMB1ibq/pSTj8KPxW7O4J0YLSgo2xmN9BoZxqrxNsoVT3JEE5zvHhkJtPCXaLndXHlGJb4kHO28I6Lr/8yqYgTueDSi1GZOxm+vtdcHsHe73X/VFAIF1K/0uWSJfSFyRpxDtWic0fkVICsgZTW4KNCZkzKSp6X5ZOaI0rLe+7JFmJsWpLkkGM0BWZCAUJXzEqj3gMyXS4HhIzJGcmSy/Cu/D+aMm0ufXmUIDxDdVfUtFIX7jq3dncQWNT7RuFxJgU5Qo8DjnGrtQ4Aizl9oyvbmOJmn6wYEQJdI0TxRW4eWOutarTcGyFvMJPyLR98Gw59F5FUD8AV7ukHl7KPuwRqYmVH3s+3DgDw7KQ0LkyVMAmjQg3D/vayLIPSeeb0GThK1G2ghRewP/1x8AlfsYJBXm9UmbECLPuf2SiNCvf7oq6ZB8IXiAQy1p1E6Ggp0Cs3dqbYtA2BuNAZ5W8xWjgbXixKRPQ6P2gfgpNGwL - template: - metadata: - creationTimestamp: null - name: idpsecrets - namespace: rucio-vre - diff --git a/infrastructure/secrets/rucio-vre/ss_root-account.yaml b/infrastructure/secrets/rucio-vre/ss_root-account.yaml deleted file mode 100644 index ec601af2..00000000 --- a/infrastructure/secrets/rucio-vre/ss_root-account.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: root-account - namespace: rucio-vre -spec: - encryptedData: - root-password: AgAN2jlGcd0aXW1EEpAoy7AXI1oPP7nfC7A8KzNoKglcPGLnRSpAmmT1zTyWrBruZYS7ujIUpjBjF2aXsbDv3rE0d/nnsVTaDTFJMuRNVmYqLXuKQJ3WjmEjC7i4MOE2YpX7CAm9Mv0je07txlLGwmMu+GJVkOtuFfhyd9lO4DGnjzwt/PowPBU4FoJTtCJoF1ZeCkZTiwmVrboWCSHwFIX3BV+C9X+/8JsAbEkiixyWCmp1h0ZEysH3oY2MITJQnw7GiKJzjS9Xk2b+HtDgCgWlxboP/YzrIl5yBngPT/JfXfPmrk+DCLwcEaJgZeENWcsayqM/9fHuM3Bgdtnb8aWltRr1liEeOyci1XXfbHTTZfgPUzPFOyl3G1ZSqCH6h/poP8O3JH88PE/J/6w5X2DdwBUPBjLwMnUStof8GYsftxpd64cmk5VWOWT7xu04RHGnsur40Mq62B/iOh6HBJ3L+KxRSM7puO3vJ9G2G5Ui/TNDVIO03okxeOpeToLXL1+4qoNwuVeAyk40Ax9s2B/plxM/GjgOlyPDLJpw/RMi7O/f/rGTGeMrRl4VCG7VNGqiarWbVrMLTfrykQ2k7xRN2TaMgE2den1JyYqNUU3+KTCJ++1MesBYNbFOyRPan+gola97ioSWWnDvfuP3WKuX8hGih4HXgMXT3dqEdP56rXdUEjfdtDZL1hQszY+iZh+gPpUUH+b74i2ntH2gHXFGR0vTwE9AuCF3Dg== - root-username: AgCgNsh47oOncynijgycFHW1DbmOY9tp9o92vrjwzNntSljyJQ2kYqKlfRei3U2DmwdCSbFJqqdzXCn1+Ngfxq/AdrWlCLJnp6OqDpUFp8gVBUq0wHTC4UBIhcFiph36R30Qeclrc/KxCwhtwWr1b0l5Mkq2jU93oWFTI2Z9U5ZA9aaznVgvnwf4EO49dupXiiRxwgQqcZ1Wq77C1GhBP3WotWYYJV4O8TrSwcelACbUzEKF8DKV5DJVxqXvgqoWhcVennxxnz/ID4uj4Jm/qRT0vffPHBHL7LjNTgxH6TBPmPGBSiIE4gck2NOLfknfkg0zV9JX7aWOC+hsveVHcWyjsTuMrnE2bcI4rsWtGzlyVEe1jdHkVQO24yxuaeZsn3PJk6v5Sc86LOwodfC8gs/2zNUL+61cHZQeamfHmr7+Fo30012Rk+F3WgviOAKhb71lb/sUS5n4VNLg/mDWqHyZsyaZ8C72X3/yTn2fW8t5/xkHAzwcG5+JxmtD2vcstakSZLn7vsv5e7x1QINdbmsBFDDKM3i26Rp4Rh7bHn1rrnl5KDOCt1wIa3EooSDGnuFn6BTgRQBT1KVpZLo3srAiWvNQqHrxlEYdic8vWRZZu0bW1OybIXOi6t915vta7qKLk8p66+wWbuf4wrrz9OHKH3o6wJKj4WGpUDow57oNpYjjN+Nf6rX+qMZfDsGIC+5oY2VmVIk= - template: - metadata: - creationTimestamp: null - name: root-account - namespace: rucio-vre - type: Opaque - diff --git a/infrastructure/secrets/rucio-vre/ss_rucio-db.yaml b/infrastructure/secrets/rucio-vre/ss_rucio-db.yaml deleted file mode 100644 index b0bb7e98..00000000 --- a/infrastructure/secrets/rucio-vre/ss_rucio-db.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: rucio-db - namespace: rucio-vre -spec: - encryptedData: - values.yaml: AgCnZe1/w2PjbkO/n5Sc+o8I/rpUFZceLI/sRRw98lJ9ukUS9A7WX8mEzrGeEFDM8gsuir6yvNidowhk3ubreECPbThiRQsBSZXydkjPXGKQ+GgbxMqdGv3PAJJz4eipCK4UqFxMr07hKRVYNbZ+2Hhw4FFX4un0cPW/G4LPwaK8QmfTQoSuxf9KpsklU6b13Le5pNOz9gzPjHuo1q3x7IeKdar1w86lrVyHg0AHJJp5cLS2hK7QfScpjXUxug2OgvQLzqcn9R45f8TAxNhmt0EwtHDgfYbgjlkHO+x/7+OwvV0OVZlXdNN+CsxrSa4wSbA+XP6YpqXAds34iEFKMeP+3oRVor6LasuqiZLnk7YCMB6rcv7Q9WqAg//2HTJvEW7ad793oFhV23/s3NBKC+Dyjpsx49fYMie5esy+lH1g3n/372pwUyl5cTpqUR1SjYrNivh5X5V/P3UqDHh92tB0rFzGz70vAa94bCtG05M4FYHKhMeEd/9OW+yDSvWANBI2pKivnQ97o3OifaPcK90aVbiDRMphzS8wg8yTZxTDz+I5BBuRyHtCQjY4+WSXqfhwaTk9dDft/DGdEDLR8giGvZPsiJ6wFefsxsIpR7xc+EybkaLFbP2NfsSWllLdpBVF1JnaNT7m44ly+WabZsIQiGCrp37qFX5AHYqcNG47qmrK1uquRK0uz/V60CzD3T+yfSRFB16coDPSji4ojvq12fuMlGlcIBD6x/uZA/Etp2Or46HZJQZ5Kr+Lgwe4Fcm7WCCiPpJGRskefJTBk9UwmBHHdc33UjZfL11+k5tt6C1R+5484yiTSb8ZEFacP/IP8KacCVfa+nbA - template: - metadata: - creationTimestamp: null - name: rucio-db - namespace: rucio-vre - type: Opaque - diff --git a/infrastructure/secrets/rucio-vre/ss_rucio-server.tls-secret b/infrastructure/secrets/rucio-vre/ss_rucio-server.tls-secret deleted file mode 100644 index e987c702..00000000 --- a/infrastructure/secrets/rucio-vre/ss_rucio-server.tls-secret +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: rucio-server.tls-secret - namespace: rucio-vre -spec: - encryptedData: - tls.crt: AgASP/3l1QwMQ1Iq+iqa7VW1V20xoe9275PAR9D+HVUYG/ZFm/S1llIKpUf8F2WvLuy65uXCcX0ehNYWqqI6dYiDJ2JIOHpowsPoRuLswcSANBX6lSXxXjyrArldn+gy0CyTTpSGa7zgzQGkFb0QV3Nf0MLLHqRbzBr9jn7xh+O6LEFpuUeEZOJCvarFMvtFMEuzLRBNk8yIFZdE6t08oag5Hj+SGVAi21Hd2bONzJrWhl0baFmVCZOeanccHfT4jNQ8QclIv96+3WS/0EjUdU5ZhuScgXPGOlLB0dYTPZ1U2EzMQVmrn6hBiYEH2CgrAh73Sjm3QmWn+KVmj3dJ0Xfml8QB6cRH3sBtmSVMM2BWi4YYwUmUyUZv89O7y/wlB+XwWl3NrASvzKqDHfMLldoZ0NKqpEVfAm/gwcwX0r4FTb24h0l39is367ECQS+pp+rnk9FS8ig2G1dmsaQrt98XwtnoIDcZ8zP4t15I9p7cyJ/gxtpEP2doXQ0V8t4hhvAGMQ/duNW2nWU66JWuVibIC6xUA1z6iVb+L1cUUti7nRRwomuIQPuHJ08zm1pO+ALR3DjepJMnElvdNR45+nfshZM9ehXWyX38hcL745OfpjU6p6T6sjUoC6JYcnEdXun6zoUpwH57P5szD5PrNeQoXP5tGzpL9SKKbTJH9Y/1Z6I1Pyy03d/UNKTNsUQR1uBT0aAmPjwjfk0MWwDDZNMbY90cBHAWJAWjxojaNvf9hL/bh1jSCej5HDskCFxGxsnegLcyRa/fXKu+4M8Zpzb8xpVUDgff1c5dTtbF90M1aeLTjE7Pnh+H1csXyHIEoCWviM4unz14QsInRZFmlTa/hI/5YFzSoj0+rCwbGlM30fcQXKPvOFX9+MQQL+zyX2xosSyM2cClXmukvGjq5lFIVbmHCmndX5QB2VJ1coSw+3HfGC4sFgPUa31ooxfrS4LX6u5sKcmEWoP5x23jkBPtIcXAgdt/Dp9D5OoEziOqO0tNOvseR8SYyBvJhb11mVIWeVSrYQrpQADmL4ySxkkJQ0nTgPD8x5TSV2ptXyx/JDed71jpKhcqUzzotj4Y41kjoWrU8tW/7kq5MijsVZ3NDB+gDqRV9iOdo3iGo0wXORKtjs1BnxM3C7Xho8BIdTW34HR1A2Dz/NB5/BhJqQTT6XJGUg157EGWa+YVcHcKhXzGt5xNyCegUd51jq48ea4NRzzjQKI23ljl2okDaAJ7Eg7tQmWtIEhu5WmXdjvwqWfdUhGf+HV85mjLlGWWaPktJbR5skh5rylhOTSvUBMQiPKKPzWIAXlK/n/TfONdmh7gi9AeXXPJrzCjVzjXgvWkkt37zBJZUvi/DHqxdXDdLrTjMIFNz8N6E/V1mJj9l3GZiK0IdHJzos5iWaJFxcUYL6KvLF4cceODQYDzYZH0b3UkP743GI2qmAKKNzBZpzbqOp36tvw3MDt6bHsc/tQ2+KYh7apTOBjUp5oP6ORPkGJGobGhO6TTXs/qx88Xczcpb+L2RyBhj6zJh7RFDmtCUTk+9glPYcm1g0kJQV6JmaxhFxmo6r4GRvOLte60HSYpxIqXUOoZMkhVANnQDcxYNWm+3R5xdJ6wgzy0xFMb9MevYuM/b1tJmJqFpAp4iPQBqh59iXXOxZmnVGLbQ4G3nRpqMw92yQlfFpNdqET7ui2ENMV1nltfDeKkESqm0GtAORylKAEWw7+qqv139yvyjXfe8vZeaCxn++JTAMMec84TWKUqwJl1XQMhbMTzLoftrHC1SFstiCSEUomQ67mZctd+9hSmeWjrvhsvpo7LITbIYiAuLkg5WmSxj2MG4dSKZ7mwcBCu9C7nHGhy/gcKp4fWbnlfyalcetUMkT39s2iK8RydjnRcyXlnRoM/1oDJz7Mhan4jpcDgNt8Hh7+JgTEYjaDPL4QbS0qAoLUk8/vmBnxpAqXtXAcP1wRr+H3Smuxq8Z2W7d2yuQq8pHqmapkRZFM6lgOmF3qBJXVtQK20BJUJajuJwM+nffrRy66qgVCG/ClFXI2Y5cqNzNHZVQbAW9Y5HjTMB85Uq++jt+Wh+WsSW8yNguUsBOhGdwXvPG07TseDEXX5tZX5T2U9aRi9vhy583JvMAr+GQaYwh2h8eLahBE4GpIsyMVeHlSvuPVdZ/TVgYpsBdPN1Zp/t+o3MbZGOQ4zTcKJitfGzmy0ThHdpRoYpLWI3+Zvr+hZKQ7vPrQ9tpToMDkeFlXD3+hLdRVGWqyHzsWVX9VuzRfAs60Ne8gHbnaCP/ZW1e6ZrknH9PgIEdrJC9N7mEWIlH4rOYVLMS2O89l2aRRgCrjHdt5AKhoAQeae2uXGtrxpsJHKPUuZzhMfYM0QPhtc2MGZhqO7w7/VFA6/7UD8/PxgXs3UIVvWNAZ1Q/xRDYKinYec4nKqzqpnL01m/QerYW8AuYG4vwJOTcHotNyTJAQTVHLX3ASgFrKLAIikrJwoqeb/vz/f9i6gO02UN/SGRLpxiPXuHJw95bHUbZK3Ou/5JBZneDdwOKvkn7EsCC2uVQ8sugW411TC2MsFWnOynpjcQLcsB8Sv8rAUF09jSIxGdhwBDYreVZ5yEvJuRja0VzaAj+HJjfC1N3SWybe41fuJ1qyScoQ/F5oCyYKmGN1d9sXu2og22+5uUlDveB4A2b5kgc4kyIhL9m4PseYcTKzyXTz/wnmbGG5GZH+pTiHdDIadDBPnnGv6Bh7yxASlrEuUGMuiOQrDkuvFfC1iv0SE5l0jjoJanAqCFPBC3igv0uRiJ4dZAxUwEyHyhF6os9IkTvaOeUH2FGkwHkSF2PhNEVadxn2rtLiYNmAN4f+l/9k5QiaJg234HDipKpMIfR2wDytMGa/sEkF86zHROwmJGLkhe/p26N8KQU+6ZcWZrgwN4z54+LTIw2WmFH3BytNmA6JCYuN/Y50VH3O57CUkMrjgxuJNOqxlwcKH6vn076FmEGkNZYR+bMb83HOVnI4Km1OPkq4hRkiQK491lPPWVkIVtn20Lr82MCT8MuPLP9JQgEObHkfHFQt0/V7zYqNtZgOdQQ74KYGLVfU1EbvpMzSgfRHb28W4FHYrpe44E0pyWsldwkD5Bgcg7Gi/woYRn7zAyz0+H+A++c6sZVjSHA2KOEtUFAJj+Rd1W4RIN0KaCRQBZfF+SwnyrdwAZ37u3F2J0IJEkSTH06Eeh2kOpIYApUVq6ywSpFdGTBZPCDyjfXz8+5HoiIYxb68QG7YbDyUb5eOlRpDkwFn31AjOMQaVW2nLuwagNDoRhL2PSRy3k4bTmaB65uFRypNjNNfpEFNLuAJqWZ+rM5FCOpbVKshxDYZpJbRWXDDJtvdBTjSbe2KWEIXmzGssYl/HQTT29Uob2vIKAtDvS8mOGFo/z4E/PmeHJJgpLlCM9E0fGbyC0Lkh4A1dPNPmHnxcC1QfzRyLY4XnHp4cLBfXmx4iwLz1jDAFBBbcIP5asmsUZSYYpb8Syxp8DwvA+9Np3aNTk5wunMpTemjugP+1gNxQWkCC4xvOg9hitN7+Pyo+Aec7Uv9odkNctSopApbpeP43Nbm6k3o4+BybuyCwd84fsV52FaZLJD00g7VGCQ0Oi6R4VEmCZ2z9HsiX7RMyHCgzDJ5EenN26w9CJAx+eqmotXt2yEfBFCIWBu5Fb0Dl9aQGY5QRGB0T0+zciVsmghX3uAQ3Eyk5BwYsz17KQu84H8oyPZA1nAr48IWiqburFh95D5QibzBdTne7aLEwU83DtqXqkK+DS4XpyKObKIn0E8viWOzIkZeinaQlQyzV7GD/85WydmnxCDeLEd12vKet1hmLFDelKbBUSRMBzh46ACjE6xZ6dwk4KE9MkPmvVUed6+QR/yO3L05fWIiardQYtvyRHJWoXLaxELa+zv+6ixu/kixWK8t6j/emXyD3bs8aVuurivl0eo3Hb/r2yi58igYHVjpVAlLhm7uz8ihxcJNzzUDMEuGoRg7Q53ENR7B92Da1aASb6XQvy8emjLFU/M6k978RqZq7U+H5yRsMECNbLgrVZzEQ4jFXSxP+lu0NDIfI9UMDtIbltYsw6XjSHs2NlPSITU2eLi5TRM4VJu9F3b5T0Y6cRGM9WeY2+UwXA/mz+t15/RYeOz5e3ZUxhgakbcbZ6nJVLEmaRx/wq/By7N9MA90NlcKYC+xT2CPJfq7SiOMsj6Do/XcQXiKmajdjAcb1BqNZT98ctWRnyakLGAy7pHhi/xvaQ4qxGuyb72kGk9Oqtmt9W41OG8QGz7SKNqMsGrhUF3a+gmLlROXB1eqlYC0vrbOPxuRT/BFmySKybIn89tY+en3C12VOQRKfpHQrPqcxBr7kTcmqiOcdCHQAO0iswRJvKOC5ftMqFVE8Pgi00RWHybL/0RcS6j4Z0XgDmFGXOCVFxQbYh3dv47b48NhS+0LvINW6lTwb2sLuTPuIlo/EiUZJnxLw6fNH0arKPincC1MSlc6dfSAcM4qt5taVZAz/zFyQ9ej0vn0sJhxmOCaLa42YFbc+CTjKM0NnHHNFV9N2EGR/q7troQ/7qxeTsacleJ+0wXSsm5iIeldXRF69g2ByBigfVcQJnD29qcTYxBGSV+Rxw+pFpwS4vRaCKVhGYRylN5yB77EdsVkrS2xGxW7PlibvtJVXq3MWeKZkThXP6Dvi/mIc/C4IAB/Y3VoJSem0tJi0C5GXsw2phGq2YpHIQL3f5eNZnKz3vRzAkxA6KVTzoxOX4mzr0UEJKLqoPyLZDPcIkOif/dJky6ulCrJMXQlLIp5OgpahsQ== - tls.key: AgB4xBvzNbd39xbHHvGqvGFG745lJDEr6xCYtxDDp55e06O/9Dgk+wZOOPD+WYXzAseucT8J4P957nUYgU4pnbRS4N509661UbEiS9faE2gteIY4AHyIdpZwGBRzXMARcBbstZUbnVY+AnRdHIR0HrSLDd1M5n5bkEFNOazUyQawxSQ4bjZmz/KWlS7JpRgPdsgzadJ0yzfyNzpWcaxZcIhjb5H5n27u+LU5VKBLZrz2OOsAh4SI6e5LXwUp2RPkxr5ACAUWbJBHhuohG/UIyORpYu4tY0h9zrj7gJeAb754ANzXcf5VuG1du8kAKDqrF1XEcdMJDJpTy9ysXJTpOjcLCYKrvtHM7jVrFV50gxo4GFPK4RMgJEOpdouZWHnH+U5uv00zK5SPlh6SYqrXnOvdzGiP9u8sZRSfwmQIH74BMhzMw1edSgB4aYQogodPqRm9dt/ery8UD+hh3xCRNfMKMvs19qC4yKX/0U+yjzoWg2u4rOIfu0C8JidS7h2G2G4PbaKoBMF2AJbCoJCvKOQyB/vPIv8wHsQ7fe303IDhtziAKF6mMGt9/n4c1nT9w9T7VnbMgH7GcvficoFdByj/3wPpWRdGyV59oSQ1qkJH2lJzblTWpX0Lvd951DSU1JY6u6ovoQF2RZrXVuDJaKe3ILRmX0Ybs/w34rrTj1XPxUceCKz3ymNoQafln1kSg8eBrj6EoR44Ar3GwneBtAkEx05tGiwijVhXaeEixRYD8BqL3CRHDPri7cAxAv3q5MS5D8nKjHbHohBgAs/OfisY46dQyKkCyldwGK3d7dK5I6yoGQY34F3jJRS4He9lJ+E7sV278+BEJl+X/ndCeUQMIOTy9IdA+BbXFmwjJaKSwrJ4kUZzHr1v1Z4kQxBWfSIyjir3c0RtmlnjUbV7BrZAHWdBhF1BIWJEDvvAt3k8N2Zr88dpjgRQs8DP8ZB7mVeWZphNm6QMnWz3QPNQVntBQR4jTjvY+/yDqYM11BG2dFrYziZ1jbBljMmx4AIwHH4uax0r4j+BicWnufaXPDkhd5YL+OuuQSNVkjNT+sAfnmtzHhKB6MsmX/HnSSE2rD5Pme+l1lKGoIro6OoEBWtJTEFgyKDDA1i0pv6sXBftXOxPsmWWipbdjL0JB53aTwwwtz15q/MfkETR3+ay1SOGtmTf1pchOtLA7DpOSdH78uIzgw4p8UAFYMjCasENzcALACDsAjIWwWJPrGCAtG5VBUgWmK8J5P3QzQtGkMR9Bbhy3dZmIjNWrIUqDjARi3G+nfGPH9ZCXGw4bH0EgWb3YhCLrlqUdPKIyoGMY1S79FIpoFugrod6XSMvOlAxwZrQBJ50VghtpUFSUE46YaFneN47nBqjkfSQcndUz5bxZgqVw/ugERq9mrOQdiRtQ0nWlJzyZhPY/LlDSklRwdMjDbvGbhfnD/mt2DJ0OF3Qo273hyruogQNmcnB7eg3qup84rxEQmnP/RdvVyolroXMtp2RsEXt8L/pkBcj7vWZNs3yImBwFIWdfTzRCBrjoi7qWX7aoljBxYpJ1fuLXc+3xl88KkzVonJPp+IkpENTBNaDx2OsS9b4x2XpbHn4h1/3OAI52z+kXiYAU3Nen6PzIzFDSoYbA1KIkIqvuR64T9A/YaO1FJprKPpkLkK8v0kJyGF1Fc9XIf7e3LlpbnGUlem7ott8ZjJQXH8aJQmgBClsqohDKHOGfIQlEI93GEXq2ScBbNzWx36DGly1de5BL2oX9M7mQwg9584yBeBjJHLAWQAJfM6xRNET5uNMDVLhI5OeDRjtjYhMRu28FW6kS/1tQ9eY7TpzyKEhcK4nVSz2tbI0PF1Lde+Xn1aLQA1eP2z/U1CnqohZoAuKRiBkT7eKzYlQinUskFhzVI+Cx0RX/JJCE+15Y1z+e3/VrXvxCjlVpd/N+TA1Q8x62YLgK3iw/1pa2sVTqG83+oKnPRE4ZLqJblPNRxOYeGCTL9qYyzZSIuN52hEmo4qtJ+8Q81s/AeKvEiC01KFNE95E28A/nOlUGj3L3EdrWWUFrqI6toE7c7aTnLNZScMYjoujf3Epn7scDtQf8yPzUjy/+rFRkxKZg/CYF2ChqG7/GSnpR2APfzjSjJJq10xo4GCos5ov6aDfep2bJznZsuCK+bhed0oTzI3R/GVeiyCkhUUG8PGgT8H96TSf39BdiiNx2JBy50JUlv7KG87YTCUDUmfHqpMqLu7PdX97Y0c19RuPFn81bNAqSSdVHeWmE9F5qu/+hDmzdmbfd8IT50La+TpjulbQjmCVFM56KjS51TcbRN4n5Y3rV8aFXcKlwZuXlf5gI2UOv2x4iux2MnDlkSgr7CRJy9gBTsY0JOlhy+BfQeu9EWRocLlHZHMY7AdyrBC1seajzyOhURb9CY+k8g62DKwNLIOPIX2aQYv1wSrrlzU/bwEatxzGb4/DqrelVGD0rcJ2J3A1cWHFyc6EjM0X0krHuWMJdurGxNlINjxiokfCfHPcsULqkcC/2fzgu75X9qZ7FEx1TF1kmYM9+ODXKDhmMF/Ie+FF8kDMtBPWyG1TXv2T+Q0FnxjbIUWpoXjLEuO3AVCd5Fl7+gJI0rjZtPJk4uTDt9iDhFb1IgjUV9J3REq20qh6HJZmIwp39hG8ZTYDdpks68BrTAwk1aB0HuKcfmu7Ji8XMVlKNS4M8XakFcdg6Ehq1fmOumkqlgOVFUcraavEC6vlpKjhN+p83x+NP2gox2NP3NUGW2FGSFiJoKoUjKNEQSuPlUl/+HcWnUvTr6VulkOX7+kfqQ9PRDff2oONuOPjlBSj5kMq0A1cCeh/DrQr8tnjMo2PiHaGE6BlbBZ31fdbC1po03YKXnB1U2phF8eIUfxWDY8qjvroIjzgMGL2iivBmK52CWJBMK4aDhwY5zpHZyMZXpioxbZtDovgPT6t4KtuYRMLXt9av7Zps+nRH5/u68xSKOfRHOyDFsfWIgYuMP3ChLGFCddpBs+PMdF/GERvsm/C9/Q4Qgku+yrzrUz/v31diFsOAtWDmj4zyE4VJRIqeoRmHy0W22b/8iD5nnCXo5PBK+qyVJIFAFe8YM8eBW8Tr9RaWFUYVAV8Vfkca9IaxdoNgXM3G246C0a+l/xjN8ytfhGM - template: - metadata: - creationTimestamp: null - name: rucio-server.tls-secret - namespace: rucio-vre - type: kubernetes.io/tls - diff --git a/infrastructure/secrets/rucio-vre/ss_servers-vre-auth-cafile.yaml b/infrastructure/secrets/rucio-vre/ss_servers-vre-auth-cafile.yaml deleted file mode 100644 index a85920a7..00000000 --- a/infrastructure/secrets/rucio-vre/ss_servers-vre-auth-cafile.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: servers-vre-auth-cafile - namespace: rucio-vre -spec: - encryptedData: - ca.pem: AgCuIB23QMlqfgV8Jyft1SyURxQ7t0TsTVRy/4k3Hl0nqUNZOctoteCkpq7RT/nMt43bcxUThIbv86I96G0Qz7l95AStYrcGXqasvRCVEI/p9OvZjRTebusLq4OOaRIPUMMX4t2FrWibcNXX7wPFjdZWOvL8Peqv5JMHQMeFK+DTu0N02QycMB0Z2oXHANh2JM6y54lu+UeZzBQSn0EyE7A+KMayR6a5JT0gLUi5ZqpaFtdSTII3dIENHxXTEVcQULfW8xsBmaYobv1thSSEfBYlUYOLaOoAlrsKa33Ql7ECuUNxbGjFJ+u6VnwRxp8qXAuyBcAkZj9dz7iNz7SWGXthu2bsieb1jtNiOKyN/5gv1Dun9xZwvZMq8QSncuAPMxo/f9M4khqPMq7Vcm2KnWVT1EkkRRYy5ZOhiO3qkWtij6pXLyCjdPLf07nVg8ZKPABSDCLml5sCfpZuFLoA1bFQFQXRPHe95foPfX75Lj+VjelLD3RzPm5lEoUGJFisplGtC6PhCLmgeSvDJV90so5k5PpstzoG69r/9M1Xp82l/fBDmApSOC3cwIgHVC0itJSw5IhSsYy62XABnoRPatHMd/dK/WIAWdAkej2z9jp/M2XNo6FLZFkqQ6KymsZRJJZI8HlHEXn3W3OwK23sGsDf0bVvP2bqWp8u+/T89s3/Qlwwk8BJOcr7iqg79lWjv4RBOWod5c25Tdlhg7alzLyJo9L1yzbSR3UI6EXujX7gjip4vLGbUUCk95oJ74oaBPDqcevJZUARaVNHdVHt/loY7r8IUIPh2e/J7tak31MRTq5FEo5qNWaRgpOrA8XoYNURg4hzzBwd4B8Az8Scc5WL3ur6GSOcUvjt2gDgnlqAB0fyjBz6MHhpUp/4mJ3Xs+ksiRZYFJ/bGTzGazOd7ibhliO2NW1I0DfwCmK0xiFDoG8GxPn7JOyB6YmEoK/GHC+ve21SVytxJ0jKcvM9ML4ak9AbG3I1OP10npTofdtB6hpVVZxX6lfR4mJA3Gpm0UMGW+5PE7U9RZlTquyhho+Kfri+UYytfs8xTy+3dZYmGkOgHC1YVVXCsk9nV7MIe+qJyp0vBUU7RpmjNYX+Hiyeksny7sDkELlPqvkiEdkbDdDsrjlAH3S2JAC/c4R+FRegDjJz2uIoyaBhyTcDlNb+LsDazY9pcdt1Miz37yKduE416FULBHzJ8d304VewhW3YMioryoebYQCwI4Qec3ZRD+1s9edIUapjaR6MJ9LKBmZ6gd9rJX+xSUPLp+ewj4ZVlmidKvvEQgROLzQMLAlj1ftAAskDIMXRnIKiv7OfKAj6nh/3rgfVj6PE4KKssnedbmWv9Q9NM5pjZhB2yzPuhxxM3MjDgOUZ47V/4u3PLnp1l9NCSCeYFePlPk8F1jzu3vEz5kdAtFB4tCYZcWhRj5FQtBRQSCk+9ORRrmAk6panuLJL6M021J7SjESRcUvMeklGPeNmj6Gz0eSWAdJ0JlUDun1s44bsc6a7QqEocayrYN1FCVs6InXEhk7ri2LWJA1yrDnMQ0w1kTMG8v/CCXrIez7G1d7TizxiPJW829PnE1vInBcrxsVkKJSovqJSdaHHU9KmfWyPEv6n4McrqVLbwPlCL0Yx5GO/AK4zX7nBsD9PtwnRyTw9HNObnE+5eBAuqS+bJrlJPPfv5wSKU5zrj2LQNpBsUTIxux9oswCmvjFtZkfT3pwqhnXXVa/CCM3mGB6HdLrqzSQ7emZ+ZOgOoJWXshXXEPPsoVdqobfcsB4wvTUt3oyXmoQ3YrIBghvOssnCG2wrQ1WUe0HsrhxCQn6YDiejcRMHSQNqLbYOCywKe1M+/OCTHgcJnPoZpTrqhW2SW299tiuGnp9GCuVm+sczNTRV03HN+XSRwruSOsArYCCGbablbeRNt5m5jlIGqbO9dmAi/hkcQXwbEwtOqDuWiizVfJbKd1JIZcrE0qhKOFzno0tqo8AGoXHoVnaDIxO5Qa6wL4Ca207IlGEtUFQkAtPE0kQJaWT5WbL4ba4w0gRLygGeGycVUDnICUvLqps1pIbnGTf2kBiOhXcIXFreVfk6xgq3iVsc+b6XNLj9YWLLBbyAnzzDiKTPdS7fKX993Jhd4GZ8vfGi3TLtLXJvFYIvDrI+dIYH7pT+0iBbC7S+56HZzFjfnJzA5eS46wQtmRffL3/Hq02GQHO9qnmP6u/D+QqKOPRieMlxNaTujjqIM0AYVTEk4hykD2ohrA5x1l8qctPloGPksenVKxFo3Dct63ByJXrQUWNcI1RlKxx+nq9LbbelT6REgb8vIzrTY4km1M88Vh6z7HGpsVGqdD9QqVMmi6ocxS5p8Q7cGJtI7k3MdIPpVmFSkVL1O5uncw99w4tMPxzJ1w8zUr6OzFZIwFzyIp9lKWX6FPfrT+BV3GQsgVjvLVPlNh9Jbgt6wlCOs7GCf3fl3ip8nt9TBzgi0x3mal0ClDCbC6MbH8ts11JqLaOD/OQXHmEy5eycl0344mQd59O2bZlbxhV2U4R8EpmOzrd8UDwsDIAIjrr83DBnizIvsBocOMooWUOj6F6UsCxjT/zefofQfeO8X4tVvb/q4hwiGAMzxleYh5FnHlCMxHwdPJZus94FY8YPVFYjA9C3PEbLrl0AfOpCbC5dWbC2kZsd5fh6Tl1ER4HFBCE/Fn3afgBIo/01vvASybES/N+oGm1u/IFzf/wBAL9ZGxNR90QQAX2EUpLhS4D7XhqO6Alt4l8HCqvSutF5xY+IIBOI+FUdr7RzVaMxebi4NvcLuORfIPlrWwhiI4E/8hH1Agk6ZOz3NH4Tl0gZzXkGJ8b9KtpCNBtG/hn1/td2xRBo+NGSlOnFqzwJIPhebdhkD2553AcVVSxdL/+S2INBT8hn+CCxqm3I6OvqUNDFLDnq2ITuoWksq0AMtEL953yYhY4Vw8wDR0MsAKmOg0S1G/RZqwnR3uSTTFPP5Tqx7BRdd+PAbONRN1WH+U5j2kKtMk3ydh65/ok2v3jRc6PPqh4E4jbicLwCMNGoRnmYAxoDAdnmQLvcE29k9C/B3QRlWQAjpFqUKZDc1yZfSdlGenGhXiKwFU53grAfa00cndRFkGnNiva6WzfsX0tFpKVAFxA0FPXTRoWNgF55dy9V2wD7tRPIu/OGbDLrpBXteyLa8YH53dBeLJRgBkEVCb2Cp1j5NI8StZzR7Gu6gc5XR8wUVbg3MaqCWfQCkfgESJoZICVHxznRGO+/v0vVzeadfu9XI6abhe/6w4ODgsufik022flC8EEezer092zL0CpS1VVLdtg02jNCC1QnBibpiCzY25/d0rJMYk3krKtxEWLFXmwBSjPZUSb4/aa8AJK73fbb5Tzdmc7S0HUvFx2EQ2NC552EqcXeHQQjzH9R+stQZA7IAIHLLGiEoq+v7K8VvLHoaKX5EWRN6dZZr8Xgx74jG6akITDn1JIyHJqaftRCa/e4ntmZFJg0iyiMIqWEbPUMl26Ey2rxzq6vjfVuPFZt1yRymrAT9JhOpu/zzGb7BN0I7/UCDsFiPVLzwVu51cWctzuVf73O/ymJ8KsIoY2/DgZsITgTg88uSIIlMLMaREjfAGCoLAs+7xTR/9ed2jzxQWqHzjD12FPeoqAvO0Hi0fTiPILh9N8+tsfj+fX3MlyNzhYsskVCB1O2gcFrQw51KCUDUyNngHwDzRqArOulCWda2HB99AX/fU8WwZFB2yEtMLM8zGS3DMHczdt2UBmR55HUzMN50rZNZ9lH2vpe07NFYn+m2iQfuEFNkayqR2qnwn3rHY+Vy4Iq3xb3UQBFuScUuHLwaK4se0ndOMX3w44EeJu5xztm6qEIuJnbWWIZenjSC31QFHgeCjb1RuehjnLN3M23nz6oJgQHxLBTAVeRzp7mAqUx7Y1Yovhf/4eSu2QccfwnoxCjz2H//eKtpckdnwvNXZxkUyE2tNxZbfqgMAeFwdSjkRLffiqSn337OLBqD1uCGELmYnjqm9Q+Ap5Dm2zBcZ8YICfwB7uzxhv6jOzJj1fuOlxnA7lFclLSBYkILQj5Of9HACBpmOG6SEAma0IFLEJH2Em9cJCxzKK9NSUpaFeDff+VfBgB2fZN08kLwuxbNU0qb6vyscpEbBrzqrhvZcQDVmwjFT2Mv/qV1E45lOduLmKeo7YchUo+qdH5kte71jU1CrKziAH/5kPQVyt73evp6FJxcddQ4h1QM8x0obWthwi8JSm24fJdc5We0zB0n++50eW5XEcuQnXCv8gdM7uj8bl21B/ERWufKWXj6yqCSh9TpWkUUJ9FCS0ovmZaBMC1h9zchrZgbEWdl+DduetK90HZJgjYKnXrQ8xk22OKANUWt8dZi0bGgQzph2ssA/pvo9cNcJ2RpQiwhJEcBvF2RlL3x6JhDWbpIie8ynI4IIn79LkQyCUb6hDmarBTTUyruTgd6AE+ea8VkwuW6B6libWvk9frwhjH/7uhDmRGBOYxhicJ3A78DZ8ONMTbC3peOHr0OVJFodBoeCiZq8qnxqa1N1hWj3/ZGhFxGhKNhUyZ3SzdG7aPyuZKShB3lpcbLB2JFNEJU1LrdmIY9OPZMWO5qBm/HyCUEsDL95k8eN1flYIfMjhSkjbHF1qozndrmSFxvJEqCpaYxOWiT6/pV0e3QTF66xSIfJJVDuMNeVAtVz6XhKktv41dtZV+v5tJCg1qipHjPG2hsvaJIs4gqGRjMRQg3fXcDiqtgRT+aoluHUYGqrWNqKlMXir68nNZngrf6gp2P+EuvKJp3Qs0c9d6aaPPJcvD6ktODM8+CGc4xl35oWY1UP2axg9zEh36vhcX0sKww9PTvw22I0XQjaaJPU1aSrqVxWiQXmBJv92ShtdNefEef33EsGMlLUnfYM8P/cvMsAxWI+BnTck/8So3lQ4snyZzDry9xicVGcBcEz5mdKxLkWBy604HESP6B4WcjMyAfHBkdW8ucwhLh9V6LpGDwNGenLWWV5U6LJOdaIdM0H5cv8pdSneHVAOwgt+Ux61bs2zFoEFXpehXgQH6QLMvM9NHYNwJWEW/J+58fQrIopHmFGDoBSfyzBROeCyb6GgmOxCzcSJ3xJwwuVhELUoftwdz1gV/ENKvcrROJYtIy2+5QvAf5l4U3T4nOyS9tNQSBT4UnvVT6OPSstAzdJWP26tERe0osYlgqtEVDffoVIEucPxBSqa0wkIIUJlugO73MMqxW0E9MvOr/pcfJZo8GvPAr4UDtssIJMPPDfP2Z046oyU/bZA3uPaTJfri2TQE45gAH4R4VlnauqbtudjTZXQh8yiJAEbrsKfpjJDW+vEf2iZKGDfa3CDI1YxrOIQ4CCZctfymfkzJneUNB0IMsY2V7W5kOOXM0UCuW7fcJny3NnlFtCVEYdO55pP1kYHXZBr5vmfBnfvxj74IGzc0rjpYNtMdnhxQ55VHqsdJmBI0IUks7wiYm0sIofhsea1MqTk6ohOju2rZGBR4638n0fbWdeWwjcRnPEAy+CgVgSS+jSGK/I4TP1RFoVHw4PvW11LfMJIpvBeajw6FULQIBK+Y6qEflRk5w9PwtVQORe3gXQQdqJnCiflgxb8yYGdEjdRSDCHZEE1pejm863rvzxk7PKuQh+k1EpeIcvQY04FRQyCuwwQtRRhLLefpd3fWq4SoTf+t44RGIfkMy2keKNevVDPH+Sf15Q5JOa4mnPtMrRjtbYAEz5H1sh/K0S6cYOot2jKkFQ6y0ifMg1REklEup1nrHn+0AKfKPpfum+MDX4zyr6cG/osmYrJhYhCwRbT2FGAUURRGk0eQiZqC2BJYrG7RtipGjmEvaT9vrS/thUzRgXs7wi+WZagd6XChFHubQRoizBs3ntvB8xJ2vCaL8i/+9lxWNc+/1gXASbbrt1Rj7wAcx+9BOJvgcbs/M1p9d/qssfOdPlSDC47SMhrOxsKr6FqhLGyuvGic98m21ehUjJIn/m43Hp1TrTnREvWoLi67BgR8InAg9tZyNlMm32+0CpS0cZMQkUUpuNa0Tl10RMqGNbRtYdVi69D+DdCzANix23Mz8oYSAMDGBQLAQUeJ/kPq9Yr3evM4kzuIsjvgJLkMvTTMX1mrLBSeIc/IXulmmfYFDH4Tdu//ySR9FwVPrio5DdeAmubOzj85k1uVooT325Q6lLO7kZEIbEXBjTREtrHzgZQQc3bpFbATS2ip5G7fcQ+oMbr5jTrgWGrkSMluJwLYKtUBAMGU26sghQl6iyITYrBiUEy5Gt4XPCsWR4MvwDDZDxmQDBDTCKINMGCRwxCdkXTY/GN3zpZOa9uX9YWmgP08OWS13NQ/sWdbt/rRj1kqkqv9GYcJ2pgTp7O18oNDKegsRnkp47ahPA/SK+49SpoOMMxQ+J+tui3+vLBYASNB8WrXRC2U2qXjCZzWpk/tKdT0GDUjGyohqme4+SMu7Hz7dXERjFKyNObTdLfuS2XWVsqLrPOJzlBJJlKTiUceeVp+XIUjWZwdL2AH54Y3O0dv+W9PfmcoBUVuVKTgimmtEddWZV98r+on0AGwzomvYBV9YRxFhrWwvbsiyi+p70I5z+LnSSDqUAD6qj2jorWfW7OXNjrTlMsV/J4+O2im8eLY48dWIO0LNz6HD4Yi68q3Zj7befEC1mtwysOeG3q4XMt56toA8iugkgKf+Bd6G8P+wgYZs2p4oD/uv2Fg0bjAkMhoOVTrYHjltYJGoQkJbqS7msOj+Sxzjsfugcxx4t3VwYnEaxkYDJ8yFKxjMDOy1RytPKrbCzxQsNByNpNaKHmstW3QzUPVnq2BikuTEty9Vc91TeYo4yM46E/5JgS+2DXCUyybZW8xlr/zLkBX4T2O5f6AAZ+Hsa1lCKBUrrhv88Lv2t7M4ujoKJGLKkSXnI5mh6Pdv4W+8n3PzGW2ZWnR0N5pUkS5NdO1Xh4q671h6Ox7cYjtO3+YrYSTlGvm2VutfF8Mgd0I2wyoWJaCW744piLShOz6t7/BzZKNK0QyIdSyUAsQasdtPOfm3MAFuma/2H3tNHpAve5TRmmo2N/V+5HuEAFtn9ZA/JFRbjuYxN67Y/KGIVWO8u7AN13wYtu1LVxuV7EC9Kwwj05A07Y0wRPRxB8O05MW+nyb5JoBqGpYmqy4bzo+yUK2tD4Pkq+1P2BAAKFJd/qg008LgOKxAWqt45XooS3IQ8wXzycrBAr++nNKKn16DsKIQuIrfThNO36m7/6vxaNVC6btgSJOwOB7EDZz9i5bDYgLHopFk05fy/sc5M6pyFGhcPpfOHyQZPpU0rfd5GIKG0F4OFVdOgRjwQ99Ih6rKXu4TrKWgBO13mtyK4K4G/gkt7rCurgHAxEvjAP+H35zrLLGTNoLDlQCIQutKB3PHPtPPplLirUvPan317qGaKa0KxMVQTzRQMJghDliTDcNW9BU9kzD8Dg4EiAIoLeRbqMdSLwZTbAl0ZwVIccb8H9ZcVUjFpMo4wu8AvIOuvSJgWi2H7uDHxtSH+NQsJV7dCdv7gPh+9aQxWYEmxUHNxC2Iqxcs6AgCalenb+QlrwhAtGaKeNtNvfS8I7PnRaRskaC1NZX2IHrAiFvUyDmHjxeoMANClQbUMHJL9ZSRUKKYjeF598PcbwIULFbxCZ8cpvB9CLUM9DbTsagAuPoE2ZE82Luy7JkmkljdDPTh+s1LYBQa64reE9fC343CybUjH33S2nIXMkRHX9e7rX8Y7ZPU3iLxxLV8XxEdyXKmsUUXPuDolJTM6wD+IdXPFoYYWxiGm6/FemG1+pWdfpP+0Z3WbgSwJ9ez6LaVBGMCuMN87aAlkBUnuufaDW0ZwYBlpcDFgco4MPjseg5eVJ8aWmSFq9gRXXOInge1ajnF6S9EfEC/Zl6cCEBeTlEmZRY4sHeg7rsIhus0WEg6TKM+gpoHWoF/lP9B+0rzIpuNfiUnzd+Iemnh3PjcEHiMV252UgNdMcF4G3W7x3JXGzq1PUY3PI6zvKUH8YQiEHHSynu02LdceMHhrepixsCBLRGwGZ7wlCyVjsOnMQIWnb/y7m5kBa8QRqJlKU8EsO9mw/GiM4X+upEwq9KwphqcqVyRmm0RwyUSJ++9ZcWo+CQ7F9VTb12E5QON/ACMq4QhGFcorlAbff3KJdkA8v40Bmkfa21lilFvaRMhDA/X4QH1L5Ks28Xys96z0YEgXSk3Yc02nxhr1g+8dIhDOUm79I4S9OO598sGHMn+ZAbYk+/XM3+uRntH6Jvjhrn+GsrNv84yOTqF39XqKCTZ44xaaOV8on2raD2ncdyYgFztBtFwadvDPtMlfTumv3FbQis5m5161Kp8chFyxFi3UkRqEvfPdch5cpae9XvXD7IW1VL+iCq/6lqNNZ6XPEPQ5XdanGa/WWf1gU70n9WtPoki6/P6+gUURWoLBQENQjoDLd+hL2oIYUTUygLA5YdkGrZI0j8EdmcCFgIpMA9KXZSW+BNRwuYnQrZzYw+uWhCPiSL+ZhbxSvOm6cfCTM7SzoQ8gjY+EzErWfzPVPSpYsMGWiFCJz6gFlusQOFCpHiT9fLKP5kKGrFVpKDqyDKL+eKkPkKgalQZq5Qk75GsC18MzY1cp9cc1RwP5J2OyqNEr444lR4cWeY72NXnmgxKiTezJcYN+qmjfwq4a846cPnkZ78IrRvMSGFzrU/ICG3NYqHM8hw4HJRS3bdjt+B6De4CKE5+II8IVjlkNe8rYKuyNbOuQ+jlGkIJIoULe2wZwB/sBmEADYeNedeZ6EuIy/s9uMHUj95GuDYzV4JhedPsj6r8ccH8wXpxYtnHkmqKCVOYc2ZPwSNjI727nbnK38xc8VZ3EOU3s3ve/Qx7m0OungNb0HQ04nj/vXR3LY5D2jPXghfDxiQUdb/q+GcdF3c6v85/tNmNpkb9oCNTpilBuJv8sXMxmctsNwE3HhG2MoYXOTLp9Ug0hDi/itYBxv2t7EyXyIE14vxV1vkr2S2l668kizqs8akxklP6DZTQBbOtzFu2qc7/Wk8V0m8WWGoO0nQ5cojcgmzXMa+/JX7qsY5YnU/Ms7Ee6ygbHqW08M8qmUTJv7DeMW21eh4XgdHn3NtBGBN6vIk5+0MW2wr03djMTColxsQtLAlANWcB1ZRrN1Ax02L2+H4HxYOjhtFdnh1C7M2alSNMxC5f9aCdlb04Qy/75oOA3pjaoy8a5XIfO6mPfHGahYfGBwPdoH11zcQA7kLHOb4wB1LFZOINEU6PQWAIgJlV/AZu38mZAWfZHssIvLMaTVhe+tsXoZbuttsRcoYAq35uVIm//42qr1vmveJrRzloJz/syQWPQ7kIgRw8ye8Yi4EmkF2T0KdmcZVmBCLabHy/m7tqHzAcrjTxgMCc9DbuelN5GagD1lk7mbvw+UfiLJKA49NCuucsti5DZUxpxpVaPPuTCxE0muxFO1WDMo+dDzEeMe6HGEn5mQNCWkoamYGke2JBBGnKbr6QBI+9h39S0G1uycaEYACcztQq/wibzA7VYkzzl3P1VkeiyH1rl7uempeksJRQRiQ1AulHa8JwYC0GgDBsvtpW7h0Q9Q08u4Wd68aAxK6tyECYQcoOKrIuMPqToizMEUcQu+Tr8nn+6XrU1k2z2Q7TXLRu+jwqZRSiDp68hMnRflJQZN8Q46fR67z7WTGQV4W1smac75QbVm6VdB3KSQHtVdhmWQncSPKFdQqxn5oy5zLAkIUgQ2BBpMAbyEKsxctrgQqER1UGcB5EItxzX/Mf9nLsct76BovYBV70d4sAQss463aw4Ag0Cx4Q8FevIGRVvLBaX6IBAlw/xtrqKq/EgPP4dCTqu4zx5R9sh69omx3ElS2sRWLI3gDGsz4hhhYSW/wM7VZTAhSA2s4sUlR4fUe2enTMhrkrdt9WheqH/tVUQGgP3kHT1Ju3m03IhtgwwdBAkRsIoqJhPtG7c7kja7N8uoAB91Z7Jvk6uBEM7ZOhvD8AINtR29JQPZm2Iwp0vq3jc7oZaLz5kA4zVEXgJ6+W6Ds+i3YD/hBPM0paBIpeOPl7egPkR78Le3hVUHaTb/uMC5kNAA0eXlmr5fuRwGtTiRyWOypC+kIqV5Y4T1dKDYWt4wvikmhTd76s4crGAuKlMYeAsyhd8f7dkLJgqKJDgIMLaaTEeA0vrWTu/7ZTVswwtmTerykifuhYdHQEwKVCpzR7W7oH69BwGebwIR/eEkedzz99iyTJObIoy0Vm+VGeagmy4jvhGTEJMYOpc+WTefF6nvoG0NAqC3xf899U4S5y8NBkjNq439VAxHYJ8gjKkxNi49pnm2G48drY+QtFyHCyf1dKCWPGULMeGg8GGsMCKByRCRcHUZzvVRCMTNNtSk6/AblIVtDHZo8hRepJi/LIvCY+fZpB31sexk1ANY34mQcmEydEs+j6asUjX79MtqWkV/HnlhLMgf9rMEf8E6gVM0eI4A7PQ3sJGjQWLlorlKFbyeIzOi9Renpq4cOG7k65pgDmTI2UGyTMQlimRNxqpesGB8mpFUl307P2Gl2oHQbtnyVnM8KGhmimQGjweUmrAAA+2t6f7NlaGOEnTFcQzAyfDgdDJDd9iXtrtTxujGHoJbw8VdrDMe7ZxcX2v3rY5RkEKqMXcneMzFx7n03Qc1N5KJIV9tiK34arwYv4w3ty58FMbNK0w2l5krUGcQrgLI19j7Gghrsi3nKdYUoCChZWeVtEYLgk0BVXBu3+5NSXp927nwCLOI+YWhdLQ0FPgOITenJVUD8cuZIc9Wm9w0QQffaLKpPePrJmtYVxKqStsCVy/UMgCD2wzsdLotha+oxRnMAHxfU4idTDJGv/vR7GFlrY13XOjUo8bIA8s+c5i+9YI8fnpYhLYnyR5Nu/6vL9UQw4NaUatiJLQqpwdISMilDHNyM6SOTrfmwiscov/KcCHL0yD6f19v+z/CTHotl8jlKTUbJngcNHpUexOTvqDhE0BIp8eWIJg5069Ynv4yAZab+2Ptqnj86ixOz7KNzQ6L/XzrPIp4FZSbl+RWEFIuKUc6pGRWYr0DiT0mdL6Hi7/eD/gXFnuZHdOffutnqePiDa24sTu6xj3s8/5lUFcqpGNWNR9tMckF6xHpue7kEc2tnuAVhCs4TtCjbU624WQqHDWAIqb6Kgh+G/T4iKGwnzvJxqFjb1CTuonRL8TtD7O79SHakgMICZOx7OqkIEQLzqyhoEYmulrBQEMbsgfOxWm7DuAI/Ez9/m0RfuvI8T1954VviPQSoGu64nCrzLI6XtnfLD+ook9tci90l0cSPUQybdn6uybHO1CYu4dCwuLgpJSibXBC3aO64xlLfs7EBgljRfPrKey5jMGlw8LytRhnnXX0MqXKahP9yY1qJuVd0JP9keIH3ks/nYo6SCkaWUso9DM3kXWSlGeOwnOcP+MiSOEM4JWnJIa7NZgtrIcgJp5Ie1918Wv+M0B5m+tGqW65VTA68cqcIAZMiKOVwl88PBZRi10eBWvlo1LOdksjwQfQwVFfFLAzjY02tZcfalvbcmxIHCkE+hcz5zeTug+FcpJ6M0a8uTyzlZvO6y9sl6kqm/RRArq/sDCHjoWQpxbFibfE6SzOHUIK5/pX5A5vjEWiis6E+1DwEMfJo4fcbuCfG/TYgE6XQShEilz6Mw7mqZtMlZnrnmVdUdkZrOGEmj/PqCG8vtX5TLnKWsYvBhXWZaZ5qhYb3JERlHb+USTCfn7NlqH7w44707e0NxxCovTuWAFh5XzNgcXfRG7rTCtEjOwOz2e78sCnSDxEqaF6OQ0BT8GAiBEcySsSGVhTJ2C1nRKm2R+kmE0Rw6s+4mj7RSWGw+09sv2RvaGitooGraUS77WM3KjSBxkCyrZbG1/5CAaNtZRDo8E74qrypTqA4+Ju25exHi82JTJA4Lq0R1efBmtYEgodD/uDnXioH9o886QMdH8sYJFzjR5K76O+sKgjOYIhcnsY5pVo/hVoqoyzGXCoiElQQwYDUvsZZgqfVVLWB0FoQv7aYdA3FDzYaVe6jKKPJuxGBoo5Hq6WYvyBVBSuGh7mcMqNBJ4O63uhbc83+YuGFbYdctywfaM28J2poPxSUDoqZhaeo7WiWyZ1fKwhL5cKsltCfr2PN+b8aXmpCuFIMVGCpeU3iHi2qgcRdiQqQyRoRo09KuiO7jJueCgkyBrzK1UuC/yC/c0avTQOxraQIV0P9BydMS99sVM10DrTZEa13wtIoSuzYWlebYBNo2iJizurkj01+msqyNx2qqHKCrxlW84Fy/mWPwwp7ZMrCulh4X3uYBV4OQ631SWTx4o7B7pTaU6+S8hboZ1vKyoMkNkKDT1x5avI06wsdTJ9io2f75aGMsTrl9yEQ4j5f0KZMZmsEWaVQ2J4dcecJ61hliOIX2J0IdhktS73ttW2jCaL7Q5JEJci4WCezdnL3hxZ4bHkTc8gSGi8fKqEmF9j7+GebuqCbp26cHidlxzSIjP7TTorX8XEtZSIilo9WkVdo9fhgwvnbQYtYWJKQtQXfKsr+NQNbbj10hzHDSy7YoryOzimMqKFo1ZLpDt3mNPFyokH/z6I9EjSG6T7YltC2I6pSnm9A5qLgGU7jhE1rvVBf/a2Fq6Ww/2sIGxtWMwxmOBkOz71EgLKaPQDKKqCmzHMVR9aw6b6ONnaV8UNuSVdDaUwUmFY44rBHgy82PqCHi2Ic23nFdVcyoGCZzbopK2oP4g8HXu4zuhroolMg6rGEpvcR8WBquw02YqAXIVOQq2Qm5/RUKixkV1PCOsebd8PiHHEq5wxSgQoOeATU4ybdXDx7yNxh3cIxycL8FtW0zNER65g9nZfYd57LIL5ieuWO2FoafgHWEnnQtF1phWjFBwoLytSdcSDDHheFP4dGDC97BWCKg/YVTUA0rchsyie3KyJqTQWT+c1dx+pX1nzJyikzCpph5RaFfWGWU6PA53SCKT3el74zUV1C9ZLshUq/8vzWlqia9hikR1ruNXq0LL1fqdYh/YlCo4NM6FA2yCbha/49J/Ycs6LFvaRnYdwQ6puZPafGJ3V11/3FwuTCHh5yDBIfyPUvfvnUZu42+QGRwVUu2bCGxjmI62w8/0SJ0jw0nNuBv/6kGsexT3134t51JlbezfUwJJPf3+QOiInG8gBTmLeIozx2TfCK9pHLM9R9BHCA+p18hGyDjV//EiyTou1p0PVgIrJr1bubs4+XHuc3CvC/1GK7ZIPGKWTgIhUT6F3KHopjX0tlfLzJxsNcAWsY1bMhUP762rs4AEn1Ubl8wOD6oVFgBN+O26ISG7/imaWZGiVbFh9u7sk018lcBXgRO7siIk+2y3udtj7pJtbQTVoa3r2ZE8t0IcAw7Gs/qbGoBCxtH713LT9AEEthP4+sfEfjoia7pu8yE1H1iWTu6K8r7WXlbHyFnAVwlmNgF8Z4Xjg8+8ctRpzBMYCKrTiEC4lTYx0tpdui5sNK2zFIXzrSzCePmSy1LIhCdlRNLMY6mSF8bCcX1eZk5PsE88A+johbO9nJNKz5oJGv1zUVr32strFmJtxzjVQS++LpiOh/JC0c1qG+8cVwJZqaRv9MIfbjVbr89ICaRA+h21weqEA1cQTE7X+Kj8TmJbU6qzdWtrPg64WYPFz0q5XS7wF6CTulvzXoRWdZYE63KYXgGlNugh4tfhBLNhey2IkC0dR2gwBnKx2+WptMCs8zob3ZbSudm9ek9LAhmR8zTSTI57wAGDXz92yymHyCTF409959z+paOxUo7SJKevwmNlDqYkXzv87/SfUdjn2y16x7eiREI0IgZVGxBDf5LATch02zZgnwnipq0wyJeL8RchAn6ALW6GlT43pp9HyC8GtnvU57Zdfhg8YzUMBAMzfr9l5hdF5SOJGruDP49B++kMNLPN7DN06ChZeykJqj8Iu6qIRCtMfVOXRpqPkT4qjRPigGgXGxDsjL3sfxZVi8weTqfYkHLbgx7EDN1x+WHK0k2DeJnLmVyuiRXhvEAdiTtTL4kgALUgY3i0gTgk7fk37kyzOQsye1zOVR6ilcxUvvBK3vqeoCxTP0lhIa6uWMdxU9Po2SzsQM5SYaqM5xDBknene6htKPZ6t+zPGvBS6ZEAlZ4vKKJl9NFJ2NSFN/U5TIw4NTzjrau1PXxJbBLCVG8bDrcSWwVFLSROqjAOH7X9HaX4v7ZRaoG2ZkZVnbEZKgyyav4wfHUEL/tMIyTWYxSFsa5DpRf2g9Z4IGF/0HXBts+PtlPDbQFxRpNyrFPEEOyXgB/FjpKqaJKrtHUpI8D3towBnLKhn23obZ17uNnCSzXjBIQR5q5zi0oUMM665/itE4UBvFcjPPt2IoIO7BQMHuNNjWIlz3fyNxwW+P7raZjuLDDVM3R+3QKPLSsG7d6+F2jijxI1ULOSSZN23grbgM16rYQGWn1LKFF+ntJXet0tI0kupNW2WqKOJmzRjmvgDS04Od5Fo7Cnhs+1YwVh4RjhOx6aYl4GY5Ph/AwXLMnM/m7t5G+Ohda5NHzJ7jy6zLZgfacq/PxOLHJfd3nVUfyAqqVSNxdqjIU8WwDzZe00nzPEHxh9nN5uZm/k7OLnMq1FUGpgYvZkNtKLl2I6rdv0mFHVPUiwSYPYLQYLwMetPaQ0hDeUWkW7zZpLcEiGFqm+KLJV8dUyWl+XK0PnxOjwthdx4= - template: - metadata: - creationTimestamp: null - name: servers-vre-auth-cafile - namespace: rucio-vre - diff --git a/infrastructure/secrets/rucio-vre/ss_servers-vre-auth-hostcert.yaml b/infrastructure/secrets/rucio-vre/ss_servers-vre-auth-hostcert.yaml deleted file mode 100644 index 5cead69d..00000000 --- a/infrastructure/secrets/rucio-vre/ss_servers-vre-auth-hostcert.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: servers-vre-auth-hostcert - namespace: rucio-vre -spec: - encryptedData: - hostcert.pem: AgAgneQ8cXc6wi0DcJcSPiIx7ZyPbS6w+k2jeUHljZlS+3j+fFLDNgYqj5v+BrzFtqnEJCSsPrmbsDp735aogPj2yu3Or6vx2IJmk3XpWYLq8wXRe373nOvZ96ZWXMZzOtXEsGsU6BgPyq1h9ZTrgoz9f3TbJq0hSxFQ3r8QOl0/iCgIlpgyda0QfczHNWZR5+Mlren0Afl6irJFO8jVhvSmgNMneGTaqin4c5mvAyATrm5rXZkExpJnFwoTMEaYQ48rcW/mqpIKo3+jfZUd95uvk3EeH9ZE0f9iO7Fr1BmI53swg5+K07EkHgu2d2QY4yW/qlH1HuC7ZTQqPe92e3dl9A5OaSi7E7gwiQ+28si2NcCUJ256+19hRE3RYMOeRIOUdc4peytJFLQseglLFvcs0BrF7DP/4JV7oVf533plYwN80UVchywJ+jBUfNuGdJ7RcvosOF5NGTr/2wQgFm5JDS4fv1Jl6p7JQh6Haqjnz1nH0zTygu6NrzNFPm/vp1x4ja5jG5NZl7J4dgjr9IHE0rUT4cyBmaYYlHppWaoJ++Em9AODml/wOFYZLacMWTpQPIRq+Q7PSV4Q3z9mQeyTNN4EhQwaRM7/+rI4uBTP9Bnd8QPYi9mE9gt5natoleRJ5RVw7Iwnjv0iesX6/WflkCh/0LzsB9bnHCPaoC53pmLWhWRZflCzWJt6pi4o3BeBvTfFKVtSkK27nyW8xucBJvBWIP+QuQWZuoY6KKfDtHM78EtjJBidKALODGy56cyFT0kCJ0CDd03P+ONeSoBNIBH3qVmJx6nC0E5ytVyHtx8FKCO+ls1a29Q59w6xRA/U1alQoojaAFjbMcZSyRVHVahPTKnx8rvu72jZpPZRFcmJ00mkFzqr1W4cy50gsoOT8BdOmWPhmpEVeNQT+2WDA8cCi7xnlbioLeD74sgeu8xaqU/8gmDNBZXw02+GGZVQH8ybyKF0spAeDXBBvNErbUk6k8GCllJseoz8bcUqYc4jrVhCXFQRzAziH3YqE01UbBH4/8C1dT4+TqIYcOJZJCOJcuhqeHbSrE2iaT116a+r8i+G9M8xUNsnuf81yS4FLP9prJrvC1DoFozLiBXbF551AfRR1oYaxLo0kW9iPHDeOq/4yYdDFnc1bDGVkqPYBVQuwrkln8c2e3f+fPVs7Y/xQlH8DjnIljCJpKeMwS0YVrA5PfAqFjlC3JRjouO+wu/FWcxxQgxA5FI7c4qFjJf8WIkfkMJc/qVE26OTV6Yx/qgrofMPAAYksWDrvJFxj7e/CpCB32gwJHC30Jzncres2JaVcsOHw4vi/9uv0yWNbp53t/GvQLZfB8L1hTzR5Fsk4o7Hn6aYTWeeaXuWORpF6sSS4e9nC25My8vPSsj0kSfxqW05bInV++zgIyMb8gqHTcC1H042NutUpWGhLro1xQrM3joptqrm2S3SMHfDR8ofRZ6POLeWwewvHD/dEU6PkiKdlQUneg/Ucv/Dw6uNYNBeKcYaG/xAX1Y3voyC6lG3CciCh1YVaGoMAWsSOMLUAsvHk/COnzk23zAcpkqoUnpQL9eFdyPHFkAJKt1HAs6xwuXvYI1YxjPxi9UPJPVUWxjAnIqH33oGvoD4ZYOAfy5Ozu7ZdNt9wyMExP3clSQQDtFV9Qqlgg5owq+8zIA7wJd86Dru7nfI5fop/KCWJzwRUUM2iEG+qel1mk6aFR9eF4tInhbTF2ByoLo2tvkBmfsf5ukksFAf0tkKnV4yZ/ohHnHMhDOxn6SGyZbqr+RFcS3/8exLDf7Pkv1R2FFajMrxkCAje+DBAhwyo8cLbt4btGGmzl/edpHx6gIyzY1UDiPJSFlangUiY2oiTxba892bVwpJ14x0dGFljTS6tIeZiuuM0wDiPB/cRRN1ulTJ1lm0zzpcMraldq61sEf8f/J3HwzifMI8NDGPYJIUS3jvea2S9He6t5OB5rYnJT6uZ1Az2KY8sEtFvRS8OotcavQYhmxi3gJe8xR4u5OOLRN5tX0ddi6wrxwQf+BLTfxy9tZZrWDyFt2l8/H+K3gyl55UgKaK1C9pSdZd8WlNAkEzLvmHs/CGB20sMfjdhVM2C4lBPf7ObHTlmi3j2+oI+R68tb4tjK6hGWVVsMbyu4d8PpB2U6QhoPCyygKZQA2RgEEOABQijYtcahd7IWIPxfNK0MuTTZk7w4NLCIB8+5C1jETxStUsHPI5TrEpuqI+g9XC81BsyXQg21AZZytyY6QNgkdsNIL2r2Iq6jdrr33DqRwzpl/YDapECXOaKGtsaHksWuWM1mFFg5MPkfMuHSnXo5ljTfNkxBuFyDoOjq2tPjvn/nnuCZ8K8YwKCKlQI/3rlNg4GF7SxxDawXnwDQ6AHx5HmyzFedKv9dmqF8ve2tMhwXvvcJVFssk7tROSX0iM9mjOROepLRHXGXJjgQM72nveg3rOw27KgWYY7wC9TmU/dk21ik5ykM3Qq8LRL7MVE7rXf9wKidT2gmMMU1oN5i139bF1yAAn6NhN7JBfRj6HugL6HCX10cg8sWPmaJoNKVa+HGl/imc0LaBd0s85Q1uOWwd81dUp/QzGD5CDitv+usE68WSSWqn5cknzMgXkC7TSNNuNZ+l23yHnfb99ZzXrm86uweaztQpU460QEAp/D9I2RbMHw8DCNTUHffKuik8RcD0bxWqaUTdfny63dkpXphNTAtMkBYniKtfpiWM+pbEgZP+t0qPjXG/i8PvIIZDfBceAaxjOCqQihm3bLnMXL8VBpMvGqv4gskVSJPhFR4hhgSPflwh373n2GXk7zchUz0DmIk8/uYzzPTdlVbGPqyIccCQB1QDQ3mw/NgHnbL+VsZeIaTi5LO/S7pgzRIEmo91K5oKcNCI8hGyWQmveo8wU9hvZnn3V21Y06YFDpKzIebsSSNVFqUqg37//GKA+ewmJzGkF20x6zl0wwSH5mIcBmB/jGT3/Kc9nM9K3QiIYD8+EFEa+tJ0OtmgnS4QxmzU7tSVTUZAzvJ12yeJDe3C555B4IdRUhf5k/nS6ZFEPsZsrCW+2l+fU9kNnGlFnQyM/rDq8dbn9tlQUfvGCLO9XWgU6i09WcH4QsBB3CZnCMWTACOAy/8qf4SUHwg6l3XHdGLDhkd85UsH/jxl4fqov8Twjj/2JD4qmbphwV/p/d0oYSsfmUjsZHxb8k88ed9EwMNNW19aPjbgs49xUZUBF3vm+4wWQ+6yrBfSXA/Satc9UJ54tXP43y9UcbjyuoGbqhPj+z6IJE+AnN7cWdW3RXIFnfKNi8MCdEkEW8KxHpFDx3MgGbjQPW+6+wsXgUbD6FJ01+ahohVV8SfadgLocudNP2R7y2CFIlUQRuKFr5/525qxiN82d7RhYWpwcVpHsdktubPj52b/uXxefCcbAxTS58tc6QpMEr25F9ERS/MpakwPAOjNnxJzzV4h/ZYFrWxPpCmoe7q3Wk5Yim7u70qlQq6Nnu2I223y9gWbFZ/IS34PtFNw8KiThKuD4Xb1y3vKoq6OmCSQ7gAH8SAdWLTMmWaJysywyYKqa6IeYerX5D7nGe3Dd06mUmmoE7l4ED6nAKCz4f8N98kaZNpupfvE/bmhbccJ0i6BPb1B+62XIig16KAy1nLdbr+j6Gi34Nj/QPT1KKvAVGO53tC3DFp+ZjO/MtHo9CIRm9iIH7Jkz05b8Xa2prRs1akHQHIH0CzBnhT98YArkJg8KguniDBI7B4VY46t1tdUkbMz0MuJgpptAYQo11bN1QH615oAu5L8o3J5xbo2d3dqCyjfOLgOMK291KksCRCV1CISeVMn2bzqx/vqufwXsavi0GJjoKhKJ81Ucin33ojNvQR+w0tOVC5K5PnUgFgRfikSVqSoEUp5XzGZk9GsP+T2Ttr74Qa0ooPSsjpTA3DBmGx2/MTBolBd+GFq7EKW17dgY9ixvJuA4CLPvbMluNEl2c0VxLINkjTlwFudtILfZl8+PK2TUh3CJ7VhUa0BxNjoU6CX+KY7m1OKoJLld1G7Xznf5Ys4biRDbqN0Y73DXualhuGocsbBhIRzm12zIR6yIXK6ZFbynMSuVQN0Ta8x4jUELuUzFGRREYi9FJnBZA0BR8ORyXL6MB4IMbPkn9bMJ1KKZ/sJ9nZgwTLcqBzZEwlpRPmYMMbwCbVecAjLU+vVVTs8s5EgS3qFDmfOccwx312bF+PRpUQc7WEPmKxI2dTtMYJeDoTyzhxBc/3UnNTrtJpKs8clIsxWQUTHWwyNXgK6Qxb7icl6fePvi8SpsZMGnGZBkUUtGuq0LX8bYfBcEb5IRuV+IXeQsjxGzKuKZuoKtTPvSlsP5Rlvv2EhJj/Y5dRp995N2eN6w409KKZ9txiwOy5JsRQUnMNX2YZC8ODRX5A9veMexbHyEbFJnVeIiyS8Yl7FeVVcuQLwVaKDLZpn7xf3n3yUldN+iiinOH2BnqSITmWuY9FRQSQTJ0Zyx11wzgaE+kfFXcmXBvlEMtcp6vpnQDYE1Y0ERZxMR4tjGztNMxI488by5zPI9gbW3wTWQBm0DfwjnHuIbv/dJnEQlWf9C0t5D+sqa1kJXWdGYJVot/ZZFdpiMwiL92Mm7lFVTYipEZFhfieFaMt+i0llHQLnpRtlkIn/Yz1uAAud5Mg3f/mQ8ergT4cHSIWbmNFdyPzFeItzjVuiKUE69mLpvszLmo7mwQF9joQDFrjY6jq4R9sR08ZMXxcyYQe+y6/S850b5UlUdaFGjJAXXcKihDnogeUC51k+T86NwjV+2btiEVK0TvpEQLbM01+P4/xxoJ3Xv3BM/9igv6BFn8A== - template: - metadata: - creationTimestamp: null - name: servers-vre-auth-hostcert - namespace: rucio-vre - diff --git a/infrastructure/secrets/rucio-vre/ss_servers-vre-auth-hostkey.yaml b/infrastructure/secrets/rucio-vre/ss_servers-vre-auth-hostkey.yaml deleted file mode 100644 index 91291d67..00000000 --- a/infrastructure/secrets/rucio-vre/ss_servers-vre-auth-hostkey.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: servers-vre-auth-hostkey - namespace: rucio-vre -spec: - encryptedData: - hostkey.pem: AgCEqotSZwsyJFAlPNemZzyyF0SEACOQgE9O9D7pVO7PwoUUhfoAsaFVIKCXNR9mBS5gd3JCb/qEQAroD90OoCme7vhN4cRODx9Cr4tvmNPNCZVzL0CWVZ+vVaE1tKHf21+1dfDsPlnxQ4A7durH612sOGeUHNAS/KFFgY9uofdUNlFV37uGCQ4VFWRrKbTgpW8LTMZ9pU+qoGd3RM3IOTdevsSq09govc5O6TPIDXKnbFu/WAGaOIaOXCWcZ/sTnnHKbCKdXWQcLrJG4n40sMI59OyLK4kz/n/4N0MvNSRw4XJse0cmFIm3+K4ODURP9lDlyD1Rb9aKV+UD3ThOkvw24QU1g4BVRBoXNHfJiwzXgSjKWvii+MP97eSOXJiioFtMNfDiWiXKoXh33bD/L4CClT7lpIvS5sMZzud9ir4j3S8qTOWyMdtWGzzNgnySyc2X5R1fD0Nl2RKOyrpgXFjALG0lwWXdcpzKtk1D+oEa6pV7AJs90Fp5dZuSkZqf5nboYzMiB0EMeIW5mvvuCUnS9ekoiQ8niQecSj4GxlKKeNhvd+DrniZJWxjcCL0wYYn0vWHZ0sGGGB/ixZ1he1N8WeX8atUtCiCyXODSPzM7nhnYEpyhpyvvXnLpa54z5v+vjQAps3Ru9Cp0i0seSDwtD8vml21bgPf2yuy22cc8bPl79U1eypZlynzPvU6+xscSbC6S7urITloWjR7TwoDQcRL9LDwCQFbYswQcvAmFDrotJwAKHdTQsZMBkI7F7DUFFxVZQENDsd2WoO8xbikcsm3CCjUr4nyvvECApWAnp8QScut0snoyhHFz6N3tfTRoJUN4zrtkcumYhcS3tBibyuAC/AVio8azUJUbO4n5Ij+fFoTEh38ghIhOlWV8OqkcvG9unEQ87rUWHeJ7G9AVgy6s9JaAgtEC37QDZDZ7YRnfucCExSBZcRdEqSD9Iw720Le1Yqi2INwIe+YVCeyvoTxhXc+JWwvu/b52YK3l98CtPH01jxICnB3cdAlbvL3Rq2oEckneUfpgZ3o+vaigxU2xSqdrkDD16Jp40GRpSPxa79VsjJ9AeKsMH3LTuV9fSjP8HPnB6X8iYP7QLks8y1UBRF6ZjpUOq8cMkVj3fCgDU7c0V0ZLVMwC2dwIQ1jQ5Kwqb/npTMSmXrE0DLIOx9EJMqhwiI1ih3aJsPJr0J9kLqyTCUk1JNClAgLcqWGhG60DoSZlULu4IdM9QTS+U2ZyRUgPLe++xOED3xXEp2sRSpjsVkClWMmub5SyAY8EYZoGCEMqrgnGa/K5BDgOaYuKYPCwak6eBDK/1rp+J1y6I7OKAn6lYuTiz7T9tecFEvlrv5kPYqT/IO7OrZqqswQyfJAQxJfH60Ui2E0Tm+iQ9HovOxFaLezX0hRkS1kEBCRhFyySbMQC4RqLclw182ElCdQ4xyGFFIuIyJuRjf0P+2syWXDWknWYEIWgVavC9nNZVWRQzgD8ljd2T/e2he8A5DeMK2quiMGYxCUteL74VJ9WmFPJ6Fcg9nPK6gxFP01wrX6hdFRp+PybQKw9D7X789ifmthud+9mjya5SMlnhBIFSfYC7+jvgTr7ZPW1mbgdYNcj5S/ATRNYylkraZ6ub04KxcQzGYUwHlJiu/gZvtJDeXSYrNkCIx+lF2rJZkZa23EBwYclsyk8kSI2lU+O0XTmIcR0RFafD2J4aiDabGhxlhTqxHccS7yQJdA1mh9bTinUUj3rHODg0/Z5A6Q5Ut3EgV6aMnzW0UCLAywgQksF4Me6outzAUeKp3mpb1JbvOg1t+bDy9Pf73dAmVYtrVgM8xO8eKSLEasDU8P5/HxQTQjvaNxMAD6B2qJmBdUFUm2/4knYMd+l7CMX9GMh0uQUi047dxfRrEgVPfm5pVLyljQhxzRcdWDjJzkfxAVOJwWBpckYJaFFJxJvExHpSMRGqDItJQuacKWHRq3Ts6iePWSEPWOYIzN1c6F80t3qmHwasxu7fTBIIkC+uvpk3lxWmr37hIZkEAHnWh/Gscz8tNW3H8tSCBg0o6rmSKHyTwKzo/295Q3fBLPlHXO/E3lNoowpgEM74PNdszOhkjKNr0rI2xh0p26LHFD/ShoMpBOUDLUdhB7ShEYjeOfjXR4GWorZMcMsKXGB+3iiOcWf35YjjoP6rnKmZkw+NLUd2PXba0FuFkpnsDgnN6G2Oa6282Q8tL8T1d2CU1k1rKME++qVBqc0wTQOSS+T1AY2uqi6CsHgw7Ai4vcs8qCtRX9EGrPZaHRPZwqXWi4PpFRJasoP0KORe1aJbKWU5Sy5EK5hwzxsgXi1njsdl0/n425mTGoTQepR2Cim5qq798/Q5HqgaLPmRCAnWpRu4E9oPC6iACYEbAcVJbQYEFTvvykKqocQmusMLMWiNA4a+8aSe84HK4jeHCMtZtckNW96cui4GChM61M/WdbhYqGJUuIpEusaxr3fesGp13c7rPVScHsaf4eNK9tRed1SuPF3tyZDY6u2qGHiCR1HvUdkc7UBv1fjaonp+oOR63OP2rmVpXePICZpdL+GigSVUeC6Gu0dOfuvBrXS8L+VJHci56KBBp1AqaMqj97l72Gv+l/NViHbKNNWKCP/CR9Vm/NrGoClqYlSzasGacsy+/6HqHYeZKCaCNYqEzmoaD1kTR2ANc2YAg1Cz4GAAheuvaovf//hJ9ZzgthHfMu3qixhiawPo9ozmV3VWgNy78nIcUiVqAghMcoeYHF8Z+6+1YSGa26oiYKdZX5AIRIVgGpGcfcyliuqkBZpcL2t53G9y/ALGHeXm5GZHDaeDOxvFjw9ojcjSrohjtmnYvEBIF6Jj5zN3dHjaH0MwbfiwH7h1haAjcz76O2uGW96FvXkmNnbKoJT7hu7RREm7H+NV0N1s1SQtL9Sm13/pD7ONwdID/ObwO8vuCoTBTFYZst+AtujYCqm4BU0Krj1gGN8gowj3VfBY9RxBAl2o+qfy99xKXXJhOrJ3uCrjG4EA9Rd7aYzPF65A1aQ1ACME4dD9Fa5822fV+WJa6LSSyxP+u89585u23Q/3UaccKeaHfCmL0sT42YJDpLSqEtkB/vfaTTo5bxD6BDiWbP3FkMCDWIu2FAWXvKqLn9fCRcMCssa3uHP - template: - metadata: - creationTimestamp: null - name: servers-vre-auth-hostkey - namespace: rucio-vre - diff --git a/infrastructure/secrets/rucio-vre/ss_servers-vre-idpsecrets.yaml b/infrastructure/secrets/rucio-vre/ss_servers-vre-idpsecrets.yaml deleted file mode 100644 index 4d8a3c07..00000000 --- a/infrastructure/secrets/rucio-vre/ss_servers-vre-idpsecrets.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: servers-vre-idpsecrets - namespace: rucio-vre -spec: - encryptedData: - idpsecrets.json: AgBZ3rkhc2ftkoHeuKWSOP3Hof5JgllKU7cLTp1FwbqV7VS6cp50HFlqEDZcfplFTSme5OOU+FznEsla14bXZi/DKf92N/cpsfFH/gMaQoCTZDZ9JXDLj9QuEqEzRGRxc0vchfKKAIZXTzFWwNPPK19kFzqoHBQUifzQf6R+vFMtR14eGtuaaFhmiFbK80W3Gq2eQpZibdc4PcTM3wP0ytZDGka12hrVxFu+azcQPG50R1eMqpXux8x3iULSCjeCA1TNWhWNTcoC5z1T0A82X6Z0lzqyaQkKuXcOWGHLn67vcZ+LbOCJgwMY2vb7m/EaaUdwPKwf3j08tcLObD9FoWIsf+Cg3i4zpQPITvUnjVHVP2aB3gRJQGYB5tVTF1m3twDOehG/Hew9276goB3NRBvpzPkh9nv9PSCp8pkU/YOaxwyi2fzXMquOxQ45GbOGZSSeZB3HKlxAEDtpQbWB7NdRBecVavu1oD8/aO7pP+SXrbaVQj2UjPFiZwfTPfC8JH8O88dbeJI6XpXsDuuSMlr6FgLRZX331+RI+HbAzR4ji7X82VUNmdW9yd/6Xa7IbDgQk2XIroWw1pxxjV/hOOMGvFoSAn7yUBtpI8vurOndMtS/+jpYxmxzRD2GlAovXZUJjm/fO7upZm7zt7oJENBh54WxhOd9/jeiraBVYxuWxxpu9t2SFFUVkTtE58UU4oCEgrSU0j26fQJoGl2alXieT2FlhkH4eP8aZXTIXarywFZ4TvWqR8gMqxQ9ljCZH0Ooyq5XHgXuVwXvsnmpzuvTXqXMcVuT6ilNLBrgm1ht4kGjvg+CO8/tck0P/5xH4d6FM34GKuL3g69lp2L6Bl6djU6XMAlWKlD9Wl7m+4vu3QaYMls1/pJOdooLZdcaI/e9gWCqNDRxQu6lQZJGsqZxqpOlzfVxH3NRmdcvbEisZrcmf2vU/z8HrtzYran1BQvpFNDU2rsE6rNn0rXuMA/KLx6NBPGKigSA3pf+e0MQKYUP/QQqqI7FRiPUixDbccY+7a8243qz2V+P0VAcvdY0WA46VrVtpoZKampzRhkSn6Wt2mcC7uSu+2/BsSPjB5NKBU+groZe9KDm0OLgcwOJXD8YhAGYmRuUUdTiXu6I8GS3oBU6qgLPMldoE9y7DxRxTDzwLcHWJt+0cyHLx+NjUakI1gezD8Ez032jrWd5QN9gFy1eBneCO1Cy4EJMAbwPCYRuznUehEkEVOILWdKrqWM2xRVLQwXF/JQaOhiCYsnD1LgHpgMsbrugKies8dwNZXM3wiwwErsS4mxq22SY8uLbEpwnf2pYDT15i9a2NNgWnPBWgTsU7EpGWXPSsqFNnVWX+vRCrlKBgK6b1lsfZVBgtuAQORpeyM54mRXnP/2RYYOHJlPJMYHx8+eCIJRE5x58nOsgMEsVQJjnRAXA1/Vcw99a219+6qoSypCWqPeJhLqzMvCPcreWNdE5kFnCpocGbRQOSMW21ZTq8R/AaPOp/f+MxBT83wa2HfDp8LRSy1TbT46/BQIW+xAePnyDpLgMag/M6ARfn97zrmuC0qeXKoGp8WBGIGqxeyBo52CHTtFiR+iWkINrBYL3lxgfs/BIHujg+5N/YM1FctdtmNMLmGw/M6jRfhTvAz24GlOHFUL2e8w0ASfxc76cOcFKAzl4N+kiUvJ8+gfi97JUe47y8SBI8B+SuDR/wXyuVwHx6Ss31H3s+SWqSMU2Sn2TYNdmVr4+NpM3HIrXv2/YMbv4u59XwpIlzuxiuYO+YJ98KzgVNnXQaTuegPlxX+jYoXPVM+JnzhXZ6KiiZURPlAwXRspciZDSrhLiXNV7G9lcaxIecg2A3hCjMcgU7ZG3MUHbjOUl2+EssTtdgHXvXAl6erRCZzxBBHEhXa/kEXrC6fgpTdDc9JVznjSwnbQRkZX5EcCjUC0KP5eh2Wb+iyua4YjlbtPTWBb5zIcYXie+ruLpl7fPaV+yyHQaqQh6SXAuG922fTrDV+JhH2InxhtiPzCTal7EnM2ZxDN75Eo6V0aag7Wo9nUPagyq+gQfbQpKDw+Zf9dW1zw1z1v3bBvoqewQOUO0njWBkE9HfCTRf6FvI+CcXHm7OcYp2HM0PhObwHB6x1MQdealTtG1E3F2TjLIPUusi96neTWSN1y+iLiYlpzQrq1w4ahkX/hRBeVz+QqfeWeVJCGp/0CMupH0jr1o7w15FWqg8AqpGtMJlp8hrwFdpmHfG7LwRYXGTOokMTdVSD0OdAWwm59QaqTPCnESv/iMMannt1mNnoyb0q+vgz9sK3mJlnpjJYzHucq8SRGmqlso/LTmkYwkJCSt+BuAMDXEyEvnUBk/9b4NeM/4+34O+goJpHMg/idz0+gXQU9jy2QpSPmzsxxj+hQ/r2zlH6Eskud+eieYUWCe5fyS5d0Ellmu6++7yhhgloQOOesQNoNkWf/FS8jwA3xl/ajOCnSHLcrrMn/EoXvIG227znCLsfK4xaI1R5qhlXHz1f23t5lxnped2hM+ZDuok5a5aeq7td1GvWMqZxiQJF6fxCQty31eOW4pqonOWw4nmlGSATqeFNpVKw9WMkc0EWdPi6oVMlavds73NcorvKoylYAF3henpr9othtpj7lTrhsMDLfkYMaGpnCkzYa3nSwyp4TFSabNci3oBz367ZrqQybBWx/zKyvEJd8yG3fJkDtql+JttJKkquJkVm30lWPEH/nlqq49sBIWABmvWUWBtoYXP7Zh0MTIAWrX9Y442K0EBqKWClefQUw7fLDkkvIhKEb3yOzYjoKvHuwZ0OejMGAguuW4ZIRSvDXHz9Y5H7wPreF6VbdPUzqftELGRd2QCHxoAzwUUAZxCPY33t/BpiCA8W6GQmj9VQujZXDY05ZNFmAfmaEgxMy3qrzI2Hu3ZigebWmbrJzA+veEXGCkA78rOnttrEz6PwR4AK3t9Yq9NntPSKayvh6rds8/4HpDLHu2NJ6J37QEDQTUyaUeLXvxOKn6PRFKP5LARebbGHKnaw0ywFzK1Oyl1faJczHGkL0h+Ewp44Oztu2HRQ+0aLwmikxXMziKQZkTah/EztUqQzeUi8fUbIEjafBiCy0e9tJMiilARIX0gBWd5U+d5+4Zg/zDXJF+6ib+eFT/YreOLniRGPm7bolpTigmGGKdger815DxpIWEGgLOUcRthhToZWejXiiQ9QvGIyMEJuY/wH04MffZ580WUAPzMCwW7hzRrUKDqb3Q4oBrzz5pEp9ClTnrBqAGbdOa/Z9yx/ywd9/mO6tsuJiN5054Ew== - template: - metadata: - creationTimestamp: null - name: servers-vre-idpsecrets - namespace: rucio-vre - diff --git a/infrastructure/secrets/rucio-vre/ss_servers-vre-rse-accounts.yaml b/infrastructure/secrets/rucio-vre/ss_servers-vre-rse-accounts.yaml deleted file mode 100644 index afcc4884..00000000 --- a/infrastructure/secrets/rucio-vre/ss_servers-vre-rse-accounts.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: servers-vre-rse-accounts - namespace: rucio-vre -spec: - encryptedData: - rse-accounts.cfg: AgCebmmwvDoy7+ajz9DzQoj0sdADLaOyeYpgArdR3T/VJvvf0PF5edRqt/YxnbfGER66HYTByNSZXF5+HC0qsfAglGlXvZSbV5NpgMfbN4HDHRugB5GMNX35avunETH/O24XqwvkkIETRs3UjNPr3oLdT8EKGpaQgnBwZv31aSx88eLxBQS+CEwuulWv6N+7SFz0ns3+I4vtFYjQHpfAxdORg+ZzUaEX5r2QBhgU6ENuvVzZQr72OlaJfZdjZBpHeOfI8cgned6rhRJNEcsLI9pFc5Z5mZ6bLAa8J4J/JOsbSgzQSA2Mt9LF+B8opuOAJiLkUDjBf8r13eD7BczQfhsI+Nk+LNCaHwEAh48nSoTRwRkM8jPev/cZR4hImCRS6RjJNUyu5r+4P5vNfG/M57jEOKpWf9TOjkJmjQdmVcdeVpOHdXqYZSJGxEOcp0E4EBfl/vq/PydvCmVITl071BaQENnlCdE+AkP4mL1uSSqwR6Oa6C3/WPmCXkzLLyHMBuNwWxz8eh74BBIuE7Ps1bAzCsQL1uGMw9ci6OrsaUqWcAhYJBIwREK4wExYSluoA74I4TMQKLSrivrkBG5UNbieevpy9KVLyYoQig/WtbqzSTsqRhRGyOhYZuNrDXY9X3qddPIUqoVuKhPIZDPBJIWVD/Rry4FTZ134OtCmsJHttoNvTGmBkxIXOcXds2ntdu6CsE/BhoCZ9xTdbfDQf4HNzKz6PKO1jGrauUhaPoqdMcuESBHGjuwJBJN33/GQJqUEx+ad/5lbX7CuWqsNlmMUcQgj6/WZAp5iWtLw0uTXCBiyr8Abbeutz6SUcPdvecUmuu4nU4zkSSvlTVs6/9WMZveo2EljGuRMvBQHNmfLN0gQ8AQLhPocZQV+iM5zIVnEF7NbCxwpy6aR/haFQeY0ot8GCfiT0+5lM+XK2Q6qTy6DG2sb/LZVxevjqWZ/GX4PV96ik+lWMqpL8lU5mmfJJPzn6C+6DozdPaSM+vGvy3KYxRZQPc6EjHDTs/hd/Fv1yJ1K4OTHOw+2OnpQ61JK+w== - template: - metadata: - creationTimestamp: null - name: servers-vre-rse-accounts - namespace: rucio-vre - diff --git a/infrastructure/secrets/rucio-vre/ss_servers-vre-server-cafile.yaml b/infrastructure/secrets/rucio-vre/ss_servers-vre-server-cafile.yaml deleted file mode 100644 index 614f0cad..00000000 --- a/infrastructure/secrets/rucio-vre/ss_servers-vre-server-cafile.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: servers-vre-server-cafile - namespace: rucio-vre -spec: - encryptedData: - ca.pem: AgBxyxl8Q14G+NYb8ubL5wmu1w70+3lWTr4bL3KM0wBmLT3JmvD34eT2kEvcBw4nBVGAZELsJbY2Z7lmitfwhDbkA4WMsrzGHL1QmArelU4qxOAJCO+0qx/dGGYTIggMmcH8lU1GffoHuLNJ5ZVzGhW1ga6cWoFv9B+ZcqVgYdwwKedQS6Qv4gH3srCqJZ54tzByQKxEAdQziGZ/k43I25SZbmLbeS1FgqU882ePHcwZaqRJ3v00XA74aM8E5u4X80bj66b+/GFc7KdQ4/TbEEWcM6WYoXV4GE7Yfi2Gq6MgStNqb7PVuOnNzM4uL0I7k+hrgP+Nqzv/0xifb89e9nulJKbZjfgPQD2ytoCarg89Hkw1Zx4wOPz89NAMDRJQDB33FQTbIyz5wz40kj3oeOoYz0q1VZ1t4TAsyPQNfrNVpp9ZZKvF0RwOk1p5xoMuu0degLj3O4Bf/sblYhyLqQoQOGic4LZBpkr0jpnVQd7tQcpc3w9h/wSsbf2AwVbMKB30SFNSWobtoOChJI+dowaVYwlieIOgc0l01nZUOWL2MKrpTrjRO6hUNZSGrBFOzfUu7uTVfY7fHHDNdnAS1+5/zsiXBC75G7fvl22FfjdEFBFi1nU7dpUkczOmcMsoFClttRcxveVQadGl5udYzzroQLP5ZGVaWDf7zqkyp6W7/sIiuUNNfdHub8GBJQP/tDBs3rgCcdMm7TquZX1Ul0J9u0KsdeOdJgod7cujqpkTuITzdl59phsPSRcem/IWs54y+63zpIEMxo2dTaUVxRjeyM4JtgtP1T0jv5ZshuH0mSxKzwvIXIVKJNq4FRBSydNSnmUcqEC2UMZIDaoKMjDRABXB2igJt4aorHmEE0PQ5mbRvxBb3dHHPfP9rblfPISUn+2MZ6fun7qHq/9Rg8vQBQqQVLaUIWielhdTVKJWuVxz5d9n19GxCQbK0C+fFSrbl5fMYv0YoWYS3ece8+ytTyZRQScAsHMePgfUrdbvYC/5cFKN36i6U4DYNFC4KhLc4ZGTVkxgDKk4/LryUrodNw6xSK0trtzvkCzEgL80rosWSP3zhqbAMl6S8xYd/TJOfK+w+RsemB9WI3yAFrLT2pLoJhReS4RoHCuuLcESXPJ8+r+1eAhvmnoQL8X764CMF+HqMn60G2cIcRlFfaLkqdFlFSqdJNKYXUkUPh7W9sVziGq/cJwGh8yXqZDOPjlPNdjiUH9KjAW6crzwlFnsuHxtIQwaAPwtLKdMexg/MozSwyPaWrSf+cvC7kEHE7TBYJxcGXeTcmQHBWZKiDCQkHLcxlEjiRAfspOY+c+3vJL/zm1CkLbL4dt4FZi3PkYcO3Uvab6/URJFw+t2sPin848nsyIQh/WDb1ylS1TsYZMCYgoZmQeqTeLeIgY8RCfdSVPJLtgdGcWdXE0Dwi2Lhysc+4pw7Gna2Uuv5MtFjKiZsWqPPeVWJ8WFmlSDBO2ZPOVyX0yuWVLI80e55rVC3n5GPdUkNqldLcSYhk5Mx7mACA+4JaQLPFBaa738zEiZIWYM482yBCN52jPtaPDvyP6f5dhURIcazft1axqY5cXrX+cp90QtmLbQPjc6wTSeiR5948SCN/wku1IGVMMf2r4cOx4X3n6F4deKDcIPLpYoP1icJYJV7DHmKDneYHVoxsSAORunCPPPzmDVWXcKwvplRkr8bE7cbhdE4WqSGGLHUgV8oKvF4AmFk2tVDPqKobhY4fnxczRO6QrKvjtTQVZ1Etc73q7fOZsnLmnU6phkbaBAwz9OCEVSfSFq25yPUaeKgQpiGfSUNrMmtSsGx/1DsEq4npkUMac+MwCd0zSzWgWemgSTmkHK/FnwJqKTFRnlZjCDZTaqs1ytkCuSznkTrLIHiTzDFMmALMYUEs8doFnQHFXw20W0d0yRVY3LZzw24Brd4yjveznspmryVCwvO/YTD+5VOLl6bMuPQVBKJHXjUW8FID+/Dxg7GmF5dtxT7dHkB+X5sAp3XogNxJwMT/w8dJqtRvzYXWLSs33GFlKVswdWd+RfKywJ6G5ConUjUctrIM2Zit5Jns07HhKyB7A22ezaSvyu2b6f7wo0T9zfnRbPkJ8H7hx91MOQBc0+Q6vRqD4FBQHcpAbLivhBmqojSo2Ve94cjE1xwgFL2LQOGwVnpm/c6jPL6ZrF+7Ll7+M7M62hiFJm1XEiQ+SJ/8nf0292Zogj4ZR0/j36isXe9F1jEr+lhPusM7Iy/UlY3TrCj10RUSjbXqEHl3RvTYpHZRozyKkjI+VPzppQ/oV84jAANdIGFeWihVDGtBgZWVNXkzV/LqMkJB3Mc1Gl/onBJA3BwcQppNWjCNxeRs+RG4K4dfYhyFTTt/j7wdbxnG0qB2/2nHWETPo6VgGi2E/JSyFs9Tk5N6iWPXAS0a6MTGC+F98KEf/1mhz+m3cMpZt+dXx3BpI9PqBEB5A6k2NvgLTDHwrTh/TjDYjea+RGLap+U3oOcP7ViY8MNiwWehqY6Y8VZXeOxNdmHov/IxgmoQ5m5EwECZUkyV4qIkHCIY06qeThpyhX4AxybT/A15osc4GrdntFGL7XrUsfWNqaugeQQju83unpAham/QQ8e8dDlO5S3QHZCtP/ZItelJFabnvJapMMFjF3INxBc8WhKl807O/YATHXwpW7bgNz9RChVrf+f7O3OkCwsekz+dQBjWxEXIjHUl6WpefiO9vXzFK853WkSs65etjjtZtO5bkLV58f+M1C7ME28k2a0LfMYg63ulPheQTqzSELSQiTcDnHJmCghEY8FKs6KCBgFO4Si+FprJcWyKIGZ3ApTs9SO3b1qNgrPgKqOYXb3EGji7e34+kx1qSBzYs6FbGMoT9HfsDxyxkg6yYMXCFwLbZQ8Q3AYzFoM6pvBLM4PfgvSR3O+CcFQyHrILaxj5ReVKMY12OWB9kDuC4xYorkUiQFGrvsYptV1isYLW1BRQaj0LiO7Ih58PkSCj8yJkWhZ6nvUjvw+8KUskPVQy78fvuNf1SzzyMkIGTvboVa5NgIb3MK0uWRaWuqqd2PJnyk4WPXy2BGbCZh1R4IJdzQflkkpuSl4Kj1I8C13Ixm0z/M35ptlxxNzGtI54+uA4SSYgIwdfhy1H51laTirFVRinyNyQ4qGMnoaiHdwdfGkyV1idoXFf54SWGE3h86tIqa5yw/sGNs9auStF/SmMfJgOmrlo9efhjqSF3U3GzmU0PlM+Ej5XEDNZwUu5Y+YNGzTGfUYGKZdQ3jAAg+gq9nPgAKe7u0RpxlsI6R8wIMlC7XgZjTIpIENyvAXEhnYiQeShOj54VebSJvaa1Q4nvD9TUI74FOCfP5aNGYMXl+JOgON59sj7o62gKzKpkoumqbyFQkw9qFKnLxVIhFLTI58iEHgt8Dt9UaQBOFiQIkKsW84GLHioYiZXvVwMrfGVjnIzqXR8dlElikW2KTad8igabIi5UV6htOzBJWo5xbmI7P9Q8MDcAZjCLdFYKh92WsFx86gmzwvYr43OBj4j/hK67KHJdYA2z4hHzsL+g2YtZD3yOBiqAGB+bTGxbIYcgTI8HRYjBRcRj6CgpCyKnW13Nz6rw+24TtFnMjI0lWTIZS1Fwx2cC8t3jVh3FEupoixU8qvM+uP6aPOEqju7C0ghM1kBudgQ7ZsCoiYfba6EQhDF7q7hy85ujGLkWrF/P7XXsn31j/g/75hK01oexCC0iQehWI/BGm5phRId9AMD+Ah7W2Xf/RJfG6YzRUTaX63YWNSK7QNO9YOaDf90aoZSk/Nn2/LC6MRS30D4FfFJHfExiTpy4wZuweMPUXZhpyavRwRxInukjVsrgm39MoOVVpgkCrqdnsjDjql+mgpQI4K/DjRcs+p+OSBFK3zxfHJoO6xQAqAlffQuALqj/kKFBCp5+tQQsLPrTjPUt8lwS0Z2e74U/IPv/giwYaknGvjK/LFWEULBHg604tImKOn0HKhdaRVHiSukgs6kVZjuvLgI6nBtqip7LxpDGJpm8ghJeplEqKF+hyBx0kCS+FRv1c8U7u94sz+F9KcF9UK5EmX/gHsjGdnDd6MgX/K/rzlJFFaJ+1+NHWeXUkHW95Zgbeb00BTFqP3bTCXELzMCKgWHOnrUuDeuKR53CtJRyjCAOmNegJqoy83ymPlu+MpcipaJrO11BQ2WAfjMIEmM5BEW78Ug42eF7ZFCrWhEzKWZYj1vDbjIbxpJ1RGZa0dfq5JjYxm6qJK73bFhHgBdNJm7zxMGN2Yq8bkyq/l/Z75s4XYc0TRWB6ZUBxXN6HcXVCMCfrtb6VO/Bxd8oa7ZDFsETcsCswniwAQr2uFYid1qXHPBpk37M0B6ws5Wx3vlF+2N8w2B9jbd3wD8e9WncOxLbs6MHyDf5L9Dd9WU1G9IW35p4PyGwIvjG7ZTbfiv9ZKv8s7Huuz+zazv1uhVvIMoS9OtcIG0rI8QIayG7dV1oSwD9/Ay/bFFkxweUy2m8jJNOzPX9RmsSpfkTSkK1XYqFdoR1g78lqHRtUWlHTFfsLeyqy5r+MxtE0bM+xZP3zA/yClwnrcbZaaDg/FB05mnqNH5TvjvIQqK/iqjacj7FRx6V32l4LRJIu6kMnDqmPSa1YAwe1mgT65NppcNSENrLV27TPFjRYS6jBpdmyWCcXA96HiGEClPBNRqS4LK0zhVoHYe/erq8MIFMfVq8tEogcJoKvusTl3xz8eghJ47l/KHj7nRomdasIYeiqgGo1ChFrwVIHwYPLcSW2riXkFQq1nL67Ejujmj0w7udkRFtMjQY3q7DpHirskY3TpVvknqMQlDKARdRdjHDV0VwsWRVxNpW4QiKWTmsFnHo+5TvCJTYW7FLuJ24wdSK+3p4WEHZWgvRYzIPUyVmwkx8xi0qprpvANMvQq+O4/dA+S36JSAzsJ2g2zQP4d4PpUO9v9dBLRdKDqCMhFM8TH+Ks7FJaQIePvIvfl11sunYhIXdHeK/0tx/FAO42LWgdF3Zg4aSfuBKtszVLA27q2A5H+9kkLqhgOLXj0nHNvNApbpqbTzNc3kpqToB5/VLC/dVup5GGy63Z0MFzi+Cm5Wo8cWtSMhvmT4JRPzQ2kpM76tccUz5VL8ZC2bXSruJdu474UXg/O279Iwg2trJtM5Xyh2qvaVp7vDMalEfZbMfSRKP2jgxUPTI4pwZDe7duqpO7d8bW3d+GZDz3mIOGzJjAkWDjZhTAo6uCTStcHcA88D47sBBazel2m9lSH+4greRNCs3SSWsNcrGvN7lZ0BPGG1J1iWfZICdQb0Od/axdRIIMSnRVYDBEaM5O3k4Td0qO5lyfw6kP7UG5akbbt79bJFHDfPmI0uxffLAzexhc0LpUcsjQ+fO2vGXmPM1KtjyLaDLgKNricwqZ9IgUK4ru4VDyEo1wC4c7A/cdxmMjcoZzUTleSP+iC1EHaerIPL1dTZdbotBsmelyCzkD1b1u6QzG4RyYHdbI2z/0wRAVNT/EUfPrnaK5oKuiupAHUJHLNIQIzQS34gVntFkjcMvFMmYlcj7+rQUlxu2n8xDuUL8zYkaWtBLclXUytkB0a+BgQwc99svE/RB1qVmtAvfqUU59dilj3utxzcGMZzdkN1CdjJLLARTNE8pme1TFe9l5hl8yhCl46XsxI3rKheyWCg6Q6kaqRX7AeFSejWT5uR+JzAQHZcy4s/zC0JhLsM4zcnuqml6/Hx2QMVNeX430wsGNBEn4hrKLCObqaxJOUCtWh4DmjV3ZYu73TvY8uNMLtN0aX0KPbSKkoWiGUVLNmeTyUe2DHEXQoM1JdFYVcGebMtu9i9O3/erSpN+waGzPHpJqJaGBnc5MYrQfKmImsB6OPxHwJx1J50O/waorDe/FyK1q2V24sEu4AwwxCwo7Agz1sMcN8b/osJDaIdLC/JESbav4Ag5g0TSxmq6qdcDv88L/Ff6KEMn1HqHL3ezFrS+0B/z5KFDUM7NymKOu92mHT45k26dgSzOhxmHbNvLiaJLjdKSlzYEnhQcZZwimA/2ni6VW2+6Qij1zw33DmNAM2nqaDLbCdblu12nckC9FuAZ7eN25a7BE7SfcJNfroyC+E+Ka/DPu5wRJZ2GlSprU6y6DdAlREMzQu44VPeOs0kldMc5+7EGtVr/3SwFp5hJEx5coLDF4E0I1cX3feDiDDHQPyvtnzsKUP2cPMuSAOzBjTuUCPRSUulgKgT5pEkq+g/DvCIauVs0CbTfcFO3Td3aMVetH9/CA/oxKguKePuWCeJ6d4hye0LEZp0L/TWPB0i7idVXOylMOwuFTSVJQ4hACA0kNe2RmxRbN/uefItbZ5ofDN8V4HxXgMpU15K9sG1ovfP76U3Pcr0thqp/ocf1Jbhxm6AxnNE10LLnNa1Yi8n7zMaXWC9/D/SKhoijhrPMOXF3YVicwGXjAaXxEh7qZ9enU/0N9zKu1FUFtFJ+8xVMibYYj2ygE3yNcYc1ovsjTyaRuPO/Zh5yZO8w4oWoLX3RQ8WuhX12q19JwqF6fGj9eyH7gyVUNa+pISb5NTbKWAEGNhao1vNmN+IeVSXX44OLGiOlFOhLQiPPLbFs3nDLOC988Tt1C0hTGpokx37FP/EMC5exwveM58A25y3iQJi0sYTYTsjeMPrKAr/lh8ogDuG9froUNWK0kN3ydZ2zNoG5KvqwRxY/xMePf5zIpHe6NV0XUSwCBjylBrwOzBh8B/Wb/LiP8erU6r2NkC/xbIauU1dLV6XXRKmsIQrn/XXiS73nOCk/KmW+D54cS0des9AhmnXHJUooPVzT+sNgsQcJpYM3IotnnZx73noxgRLjmqhN4wj/2EOpz2V1aJoDvrCixZlZ3E6/nVo2pOSYemdA6O9+79Q2pY/GOX1pxuhKxtLhcm+4IulvCAx2WXr7AJ24WS1PtGfK1TPMFT/mhvDN3xNwQt3lNWhxzaAf9VMEA5RRr34khfiA2U/L9k6oTzMp3kg+8TB11VvMAKhgAEne7bbOL2l6lEsi9FA20LJszA7Y2GsIbwM+38/bzgoOzdn9cVQ2pHPAaPLQDxtnblAmuW1DOr9oFPcjIY81rRSarBkjZVJSJv+xnNi00bxDJ8BsG7PjAsIFJ074wuxPgCULdtID9ELMZEqidPqDoL3GCLPfCp1x6+y4FzsYSJjJpr14on+x2QH6f+p6++y4jEBMCm7dkVjFaMU9hx8FkOuiJ8nCBdDT/bs65WEGw8pDkR6yCgJFOURmalbCD/iIHRfvJgC1ym03lKt49m3ytxgH7xxOXOOET8MoivR1ahsGK4ux2OFf5z3heyjNohRhgD9OcsKRhMNX8dMsrgpcWs8VhaejH7SYwqc4CDdUP2PykiffrJnuugXckFaofbBB8WKS1Yycs+Uqhtc8STOi2faBvbHL7G+p/NykxbEyxQ00Cxj5OTnVxTTXDQHMVKY4ZEqaNJVjJ/s5WYlObeUj1gtGsB2Sek+z/nFZVSSjI4cm6aEVI/UBu58KZE8L2oedc3jToY6RAWJJk7GeJFyFZQ05ewh3SVMyg4IVLGguJTs8j+2aTch83NgOZVFYUHWqRW/vDH7mwRyp5sS4sX/vuxPq/Vx1a9SNqD9zyXdxLIXO/OafIWr5mwM7LfOoT7R3Rwz0V0O61ClaE9fmxMU+vIkFuk4FHwIk5gVPgXrzOkOg5cFSd094YCoZa0q1/2jfbCUlC5Kq53juz2VnyAsmn6LrJ4YdWxzSCTDuXpCdzaUtDT64TwD/epOAINIYInMY4I1HwgX2vTMnZC3A53n8XsviojxEjptIogbSG/zjTrxCzQZdRYHKeDEDUL4EL+QHXxTm+RipZJ2jM6C4lcS2go5x5S/uvkFcPMywF8nwqZwpB8XnUjzWaDl1v6TLggo8flafvzwc9kVUK5HRTo5rdj4cxF09jAPEiurkWNnNz8o8vX7G8OZqmfkOEENNJLwuMtvTqdwbTcSB7mRsZRPxFPzVolr2LhOH+buhP98xIQnzKdT2w830eroPZKwqsaEBDPyVg/PQ349stYgX2/AXfn+ADaL4dpwK//DHVsoEPr9x8oAUPCP8dFupU3S/vH/7ijuu1ASJnoXqCfy0tBHg5J79bIik9ZOXOh8+KqrK7pQ7BqB275+BlQbsnyGYgKHOPpopvALQ5PHA6npD3rbZ10rVqJ7Jl3XOM0LEJecbvkAm+qfKfRPVOz3Zp6c5VTP4fcU5YHQWeZQPL8g8pWKf0BTnTtqfCqwX80b0NJBeaEl5x9grZU+K7HLIcm8vnrw7OKI8mANjQ33GnSYw2tauEwVo2RZfGO2llaChMrIfXepq65iJrbLw0l9rXU8snoczdJKZl3XjjDgIR6LQUbZLMrShf21CeFogz7Q0wh458c5DzO6T1hvh5z7AY3I1rEl5yAJd49NiekdIYzaudk3sJZV6zrpPRBjX+mzIyOEs7o5KNMcT2YmMcnMKOfQMREDXc+SWEaABhijeS46M87jgT+3U2lgYdCC0+HpNxDG2tYWqcy1Ek8QShj9vDeAe8R9nB4YLbqOeqXFz81//r0U7n6vPkBh96Mvi993Ennf8BNyXDaHkQMdzIq9uDIBO724+4KGC+ddgkDeQPYdNmnvg9v4zhAjbBs98HugbkyxUe4Ez6Z6zJ1Bq6armdfWW/Jscsyb5Z8y8+Q5aB6d0CgroNEqw6DCceJIAWjBTqGdgndZm5JOL2suD7v1w1TUnGtHxgKEQJldCWMeChwaAVzYLpN8P8vjc9n80x1vSg/XiHpjLcRfUqY6F3o1ju/ills8PkxDiETPdmLISW4R/uH+cpbaGvBl5z3pOlAlC51fAfbqxuyg5O7zeOxWyNhT3O2b9tsiKhPNFXSnHwex7l0rwOM9iz5m6BJ37Q23vFu7ynEErThNkba1JVyxsWTAsuImFu+5EWqngT9j5OLo4AvDe/C8AG0jfPTSUIpHqf92PnrLLU0tANfIxRR3gGASi/sKR0fuuGlPJGv2mQNnTJ06aDbxGBhb/2xqZnUVcvRE6G6lCzFy16DLu4rPnYjmKapbZRalF+3C2kbt6vtzGSgRObMBRjDUKgMEBKPqv1F41kxbkyH9ejo3Hk+Ty4fBahZe8vpXol6H8UYeFCoNy4mAWqN/f3JN7ZUSAVKTVl0fuj8ydRavNy48Tkhxv88xl8Kj6jD/d3+j6oeoHsxfOn7HecpqO5lpBqV6bQkUjs7OWNJC6hulfuqtEhMmvcn288tC7VD4MtbCVJuUbtkSloG375TbnLFIPrzu2qO4q1iSeh0riqkJ+83fKV443TFgCY05K2Bnuh5ZCPROncAukt9qGqMKDYrzXo4C6X5TZbf4D+j5NUaSwQTg1g/2u+TmbvIXXyQUrRa9RC+Y6qe8juJcVNlOjM8vFTE7XZrBiItiue8dOE2A9M3CTPCPGUmTBbH5XuM6xQ5cnj7ZTZBLAfBgRRgOfsC++JgnCYldkahODVsvj9F2apijdeSNDdwlLXQ74erz1+MPFf6WGobG8PPsvIacPHBRwnhstNuonETmvWFtiwoQpl/aqx2Q7/6S037GsPXc1OjNJfn3jWzuiHkCcDfNaURlKFtxCGW7fD0FxzZwmCgjkxOeUAPJ87fa6XlP0ruNesaN6tDQlz2KYdxSb4dQ0xo9lZj/5NGNtTgMaVdnN3Ly0Xa6WXeSS0/JHQupqF/Zf7qWaSqiHpLUxKU1vfaZf2Z1IzwXdafHiLiR4czqTYJzpljAXu/WD0UZQYcJyPop18OtA3R0sElcZYcH+lL2Krr8B346RACM1BymRbp1rBvp9CPW5k5Mj9Zo1rHSbsKiScIxykjrUZKRnY1XImYUN5lPLbDjg0QaY03zWESUluZGnn6QTbyyKhyDc4xAd/hpfn0oKjM5nqjNDybf4GENMVD6hbyFdnpMuSUpczkx3Hunzf9cATxAajdAVN2WrEcmiojaULI6r+aX4Womhm+lA9IMGJpffem5dGAAZU0KtV/WL1C9i4Ouan+75CVt7TF68dF72msIef0I25pZqPr/tZS2fX+V7gPgDcTznTBFQSwsa6KMCD01t46YQ+AB0MhNViOaa8AY/+s+clXSUSKMa6EgV3EPhORFyzRmlZU9AdGy9WRN6OTpbosKzqTvAX/aP+EDbQyUkoJ/3BbQc2lcMCtkVIb7MEF37CBH8qq4eoF+m5XFiUGQra/ED404F94Lao0jquGZ1Z94hTi/DKGvBKGKnn39eP1bR/NMopb9JyWtI3hps5vsQxQkK0C3oL6+3PK9hZG2FYCDuGJjyoMdNf+3jdAZFPthcAmElC1M86CBvPQqL5U3T4dwc9Lct39yiKHiODGKzhesfZrhhW9A1OOnHWwpL4FQnKUQ11+Sn87+s8Loa10oUAkJ3r68HjeMGAJB7IeHnnkm4WPyLs5lKMnfQkqdTSWuaBV1P14Ijj0OOSNkEGK1/3rZfeq1v1/OK0Qb2uYJTC3Q+XR9WNsRAzmQngR+IyEBP8xw4uUKWJmnTVbvncYF/2LuW1X6VGCrdixV4BeMtKiB+NC8FB02XoRPbJemswyfaW3uvViQ5m1g+v6jL8yrCVo0LGqOILryZ6B3NR4usbHvJuh6igcYgZdrCpkpc81DpBUp/ULx3gNL4MfIwG5vUZ1MJIy8Rz2IH0hkfTnEZEnlabZsdvylzRPyy+BrVrbx1MUoPAJV55EdC14Zg7tDSwJNaDMVm3nRa5FzxeGhG/MwQ2X7L4biFc6PLtHljGYPMcRj+vA0sjzCyqpg4/c9JoSWQ36/ZQQADFAVpZl6YRK/lwMlkZ2BDxyiABTESoWSJykmeZemAgBeSqK1jkERRvG+zPd9sW394gaEFXxecjZiVHH+7VyDzbd3oxzib2j+Jd21jyFVj8vH1Ko0SUeNJQQJzxBs3gp01IM5aybNTKbVm9vhqijuYtN1UJHcQN5QbF3WldudBfKiNF188NCyO15jjuySH8Hx5K0mrYpZZJcnkQnKajVER1J3d/KBA6WfC/WdmAqBadRR2SuOlhM2U69SJL8p0b0H5oBSCpOT4cf0+ER3gpBzFh6hXAs6uxUOBW2uJsT6ulP4Ht4oJP8LioxKwNuRp7D+fZv9KjZAD6VWPFNSvWl1V1La/6Jx5lYfIth86z/dKdHbqbRIKIHxhiAaAZgTa8MeHwv/EOqVD4pyb+AsONz8bE7YHSiDxjFCOzIVSZ6gW1wRtnYLxcg/Ym8C5o2cMVf+2BV7jQ2k0XqHVheXD/nmrWUGqoN+tx3xuIfD0vAhcO6TnrAiUe9ACv7t+PDoy8Cq6Dy3sxMhuk0i/0Yh1rWjRuB80FxyRRsttUMjcRToCjEArhfWWx6r5st3Sl6KY4Iz1NplyB/R0/7ylXjt2o54nCrjz29GTKZLwPrtmgu6nx2UZbEOLJQ8dk1rrmlpXi/XBdnD4+5T12k1IGjjwzXrHWHPjwYaXNOgGY8k3YdzpMaQMKCOEIPCNfY0d0F7WEh3nFOmGRcwdPg6SCMQciWCZ/MJ17uXgFnFQtCNYO16aoTGtCNj6NckNnLou/sG1xCbAHDkpm6kIhEyFO+A1+5K92FonuSQrCnudYDw1VaRdqRXeA+QLoQWTQyrBGVB1FsfLDRryMBGFhfhmWyuVj+dDcGLoz3Fre5ZRPui/lf3N+HtXcJQulMMkR0DFMrMl4LpFEVrn+vYz7qFq9Qjk7S7P05fh6FVh5O66nILlC9IV4YVi5ArlIxRMnu+NZG9HUSCs83RQX2kREkIpUC6jA8FoPfcNhTvhAOCNitmQWjR439yzJ3hl2XxU8HZjQPRY1heX4E/WUK3T/p+69OU3RK0W14YWPevUjEtIX+BwHcwdmoscAxzcoXVaR1P+OnBfEdoHTdM8CCmn/f6Q2OTbTnNoNPmXZ5RMsFM2KNBcF+jhWhpO3rfXLJs14Nz1QMjSZbUk6X8XhIwen8O+kLf6xUckMYOntQENZFDcg5NPLlIBe3upEU8PtjVTL2rTrG3NfWgJGGgudQRp/UhUd09UkNTNn+3W43+GrT7H2FwaF0XwhiftJrNqmvTdo56DrXISeyEtyorbpameHYDGd5L5zQF16mf3nzmWYM74zkCIQx0NMomOJqb2GPZBznYEjOj8galXthouqDZwMRKeEv2erYrCDj+hpVc3IdcRn6b0b/Bmu1f6ETH4Y67qnJpsN9SVtYcrK2BqaYjsOVuQmISKt7rywyPHYJY0fZkQ0W5ykE1FOzX8zbDxCn7HwzJOqWznQ21bSpNQwFLCJpAn+8H4ayZBYV8+6LAGyWRERUW7r5mU+hm9akDZgcsLDu/6rFpkUURsNezgM7lXbS1rDb7sUnfcglYQj2g/xb6MA8btHkytowHQm7KtS/4Ovc+vFz7G+SeHXNlOXsgiBPynfK5I21ZEAEGfQOER04BVu/v+esp8ToQ0cIadtEFoyLLnuGAeyFRK5qC2lQdJL4J6Ka+Hv2OnFfV+OHJiWPBgw0TdIGn7G1N8OooY4uH9xwY87esoXoe+1bIxr49YnzxNFPcLig+zHoVHXlo4do3mnd8ppPhJtlokmNBMLngfOFkiBDQ2RLhLLgnUOvz6GRI+wiC4M3Ur259MBvuwPrEQtP/TvEvzVfkmH28PoNDCBWb94vcmWOa2WuvdHE3uz17jU24QfeUzLbsF/d9AboLJsKX9sDJzKj6UeZd0NUyR6GQCxXoZqA85xVHZxB7SXA14AeuEBhgup/ZCjT0oQVlYzevC9NwPk4WxiEP+2zfsDMXa06ZIosT65pQsEYN/E+h0dx5Xki3D0fmpchLAom/woQccwZE5KFGPKWA2SYDaHS0au4ic6vDiSi71vTBFz7us6Q5CjNJapt+gb4SiDrTOTEFh+RjXv1Y6vLcKSvPlEWG0joKCgK0YE8PAxEFFxsgwjhiV7+23Bb8pn2XOKFRWC+fS8vacXMifeWDn8FouvRWQ3xSWIAMBlUF7KbO2PFGrKuDoTHLLytw1XQ+SUwM0Ht2XFAuAuO6AMRWhPCSatvCFTEamOsEFsB0QSCECBPr4DxHBFQuSJR/R6tDT5jBRAOzdS44Sw+JL9V4xy6ZpRpjC3gj4zOlqz3A6n/DgR1wOApiNDiE+IR0iaJP/asvSZmM7hZBiO3RJ9FMjAQBMor45FDNE6ODf/CRyLzMIcG+BASrWmgrEJiSmUQlX+FZkWGa/aMF3+yx3fNRq78ZLL/xnW4/3nKsLFiswZmLph/JsIt9+7vRBrkEhkepyoCY1yBXyZwtPKzgBNVVE5R+kvLq+U2Nx6tnHFdhjIzMgxrqk3e4EK19bjEmJGeNzoSnzPaRpwg47sRVe397e+KrJ12DjBWqrouuv5vtu3HfCZcFaprbCwUQpH/wWZmT66JTi0fFjaRCHu1Ntw9eyHQSFUxH9FCzkgNjAD9nHzVz8xg5GERdDwnk2BankT5lpq+R28ddSL5ubb7MVGAqCu3yXghHHsT/N95VYuGP00/znNrt6Vt3lzB043ZjpkNB0LJHoae+I1woDhWfx1DnXgxuRUcAdHTLb9XWadg6Tn1n5jDvzFV7QMXY2UnSkwrj+QPkpObPUodZALRlQiUQy5IUAPW3Dr4P8tZ05UlL5QgxGasXTc5icdus07dqNO7Wrdeh8tRhX2PQQQtgds7NE+cJkJrfGEsGImwJDrNYBshcaY40oAcyD4qoe2uNzzS9M8Get85eW6lmQd5mBHxJx75efNeESOut9L3tX2D/OIShnEnr9/gxKvQiuCodF5tef5468Y3SvhC7ujcA+P4/I1xiF9ylyu17eLJnxdFWuv/qFoubbsP5CekltOUNJtSGViE3AbhDmHjWHC24p7hkz5qgYT4oiOYXf4fscSEyGMiQ/G6O92L6WUyb1b2+f4kiKX6ck7xm3mfCGk3ofSComf6bQHYki4cQGmxGC7RwATMn48G0lDWro2Jdd8hV+G5HDwYASlTUDmElj0LqSiXLk9kn9coVk4KNJinWB7cZuKQnFCoa8xIw1ezaJzUC1fPeExvNmTgl+qBUr7XmPtKVKwhjpedDS++wifVCuRDbDYxn4IRdIPnrHWC2oj5bo5XbKVwkthnDa3HyBUwSqIdXq+45B47NWcMoBDjHjGIJU4fJ8xLYux+VMGh6A2LmLJErMRh1B5jJqdPMAzPXxcLZv3uY1uiXxGQDQw+3/LSC4uTQit9hzSwgKNChztxyan5FpAKPjAWlmgmrSt+roM9of/GTKBK5WNyS7uO3TsT6rN+92K/AQkxbggpqn26x7FmjAnjqsnOlZV56OzaCa3s+uT+/iTa+C5hDPC8pEhntum9AKM+Jqbapgq7vu5Cp7I7esuVmPY0+Lp4FUVuJsswDiVWufgdvZY2wKitsBlZtyv40TSwCJ/ycyOHViBLevC5YLDXn8PByjuMBZfJGhnu5HPGaLMjc089mkXeSlaQHYGqX5NQTFPIUQuj/gZr2phfl3dlD4/xaiNg47mBa+aF4bAkYKqWZgRKI1VXr0p5KqxTKJicx6bR4N3AwvBWc5j07o4V6+N7FYBSB8zfDa1kUk5tx9MImM03Kzw0XeC0IhqT54RDugLk14u/NVVLeiWQ0tb0dNitonLKdWY20alO0yb78IVOv4IzgwnY2qXzRn6wK9YtyUT6W3XGrOvqaamn9uw2ANzUFCbpPOWlTEj2+123BSPHRRw3yY4Erw= - template: - metadata: - creationTimestamp: null - name: servers-vre-server-cafile - namespace: rucio-vre - diff --git a/infrastructure/secrets/rucio-vre/ss_servers-vre-server-hostcert.yaml b/infrastructure/secrets/rucio-vre/ss_servers-vre-server-hostcert.yaml deleted file mode 100644 index f677a6a8..00000000 --- a/infrastructure/secrets/rucio-vre/ss_servers-vre-server-hostcert.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: servers-vre-server-hostcert - namespace: rucio-vre -spec: - encryptedData: - hostcert.pem: AgBylcu2MVd04u6bElafDClAVNbj2EkU6BJhj+to4+Bs4/11vSwAztZQ2D/fDAekkEgYgOt8iCsRYWtmUAFTJK11rL1ePUKZpLxB+e4G/Ss5ozH27ocBrZ8+GAwSft2qV+h3mU/zvab/iDzMOMbRn/CSZasa16zQetM8PXQjFDEXfsYS3lo0nBRkhzYpwOUnTEikigIAidKKVQRtyQCslknTi/+A460+EsQCZuv9JGFkWbzhm6RhhbqnvQmLjFTWLlyP3c0qHwHcyFZ4WSBk8hoHw2xlwrj4JpRiZryuD7BXW/ko3uNw7H5Pr+jthd708GZWSHW+YrEmynVc0aZCaSfgbpe+Wsw9e8hP1nym1dH3nA/6Bqesf8u4DwoS84PrboT6HP/fNsIERM+oaEofixPsdzmf3JGRO5mVbeB8H0iNShVSei87OY99aDpFWD7bkdjLZ+z1/vQxfylPBwXAsUP7uszLUwVJbtBbuVLv5U0wuPZG65X9+hygTihVtKeIlviCsf82pbWkfgLa2eFk3BH8GbWGsiKbRcoMklTdggnW0iBXtQZTSsRrZHi859PUxix63W6gJWi83becaxYXgIk9yxmRLD9VnSBkKw3JOmNjWvdqIJVDa1lCum1IMhLP8XZbHiGRxecmPWdPHoVmL84XzqcNAd3EwfddSxeCx5RIBErV+hBeu7X+E7EnYlRahLexyQLYWVO0e5gy20ljJvhNFPbfNdVOrjYe8yKyf+Q+e08g41zj8VvPC6C1BThzBAbtofThwAQNjd/LBSBi55+4kzcNvbJjQ8vch73Jui2qPJgm/iFpW+RCUAVCv721/bJAp7ZRIMeiNTOSwK+Fz7p16rlBBrLDE9i6na8fQlkYinhx0uAliEy8PdlVaAvBdph9AHAX0mllkLo91d+YAvvEeNQRrCC1/MfFFPgOo4pxJmePaAXN7/x/4hTdmVtqD/JovXQ+T9m7ueRv8Z0XW8tgfFwDoLSxSI1m50U6a0P17+5WV7fF5mNyFSwJ8gPhEDJMnyDeWEBYu4nTex8gwOt8nlO9wEQZLpcEk5B0w5viHafOT6vvh3RPBbK2eJfki4un8Nqrk1nl89okHfARIsdOpJ+Na3TvB67XkriGDV/nbvQ8Et+A16MJ9k28m19gDhDzZKqxiLcrMtxBVD6ePvOu6p9gekTJ/XgSTM11z2LB4pLulZbti007VIatnd7wQNwy+82b1FO0sXLhpTViQNdhMr0hj3c0bBq5JHms+5lLHGXGU8U2IXVgOMR4m577td7ipMjoelNkcsjgaphtxwLgqKzIb77DpnmzDb74M38SbOUfZnDj4+ePQp9BfgWGlAoWvqfUtn8PG7kMx2MbEMcVCmuUkIbeYk/ijDrCTLjkqwXCutMFeqmp7x60xdl2H0drrXLDTk9+cUtqn2VuYlBMPiYJTtAQ3FLmtJK5f7ULNVpGYLGykOcO3TyGxqTKMTK5m5Nfu03aWByNO64jTKpQQNvedJWUTPXBOgSC0jV4K7eypVaPB3VosSLaVMf5udMeyE1sbvfUv5vIPRWlpfrz3fcZKdFZbL2GtIC00OijoWA3fpwrM1pKcDnzSMzT17PBPazwL+F9Thz8rJXp8g3RDy1Swk9/6mo7riuWmBgykLUoDaN4yDCnnuSMtqll8GG7/MI8l/b/QIWPXTLMXG/4FtgNOyTFrL6tEwdXMcpJRAEq2V887rk6MtzQvu+RCyamaoOMN492MjxMG79uLY0cGujInfqTor8+P0F7lGNA09PIvpZO/oHKbC/ODX+9TtzEiyegQ9nfVKEXQ/Slu8zqNVv8xZ7wPqkarNr1XItEcUfRRCuNkWYAu+GPcbahdonoiOZB2XYpNuDRR5e93ejZvSd+2jcqPRHPl3rJaTLTBeG/7WSoOsTcrcRMq5KjYhKPRneF+zahpQ2bt0ep2D/9wWcDLLYFD1GpcXOnBBNQntrdGCP8S6WTIk22+eKNIyHqs0urbvPIW0NE2bbAfLwSwDpC/QSbObSC0tJK3Em+aE4Bx2uDWmmIlAiNKlCc5uV4ppVSFWBsRPesJ5oqIwrD9cM6wjS17gwy8l/bBGz/cz6uMGbohFQb5a4OM5jIByrAc6ZZ38jQui0a0J6BhuLXQ0Qy4hWIQKGz3tmefS7BZX44Ev9+wbVthseHHcO/mggU53nMv3arVOlgBk0A+Kt2+7zt3uf+DruAfEgl0Lad18+G4XamavMys+ARc4b8UmZk/MIxTF32eEgdS0lNdjUiKJMkHO22SvLE4Gacyz3GVbSQWaM9w9Y40JG09TWkO25A/QATtTefwK9b7PTjhH47tqIqOmRafExsxmgUW1J24XfTkm0vVeWCg+4pj+KrT7mRO+dF8dZT+jCx0U2pKYPnZaRxBHasFoOnSiP5m7xHsgkko13/o/4CPgJRjbsj3GTzH4buu54/DbNkn29ImkmUGX+PqHyK6FBF1gTYutmvtIG36pvgEVB672R1298uGq245qyYS7MJm0Ka38jv1t7SbbZPR/4sRflGkBrc8KILTA9hLR+e/Si30hRKg9Drs7uAvKlhEQgTGv4brsRommDS/ysXMDbbWTgSC4Fjyo91jDCfXJhOCs2X+RRtBsBY3NFlq6PIuFODrJ2UHjCtegP0ATF0uOElLEq8bp9nmjx1maXlwyR4iObwbt7ojiQVug75wDn/BbSUi9pXfJbejOEtBfUItBzvEuITMmw3jlJtrklDQi0tDSUSyskI54Ldpbjcm5+7TTh4u9mn7H4fZ7ByvvbO/BTvmMQZ9tBTTVcENUjlHyrI9OPEvcalF2EHHdgS3drkfpAG0joox3X272yuNC88TMr3YtAIE2IOiIvIL9k4eyIUQWhYd3TtQiMxv8D5jjRnO4PT8rEBnVPxZKnO0PwleMIUpkNe47PkjS32l2pZ0skDzA8LswTGeBkDi7nGR3m9EYQ1exzU9xPcg6znzQ7cDfVGSO5bYbyRyWq1r6ZKW8MQJFSoPcWOvjGl8W+zMrkv3zGVc5+Nz0yFc0y6u0NURt0aW3/qCucRWdITW6VVsUOtlomo3dQVGh+XehxY8BWtm9ifyBLCjBgrlj0HHbG5KBEmz2nBffZJlYZNuXuko7iJHWrjXtLojMJSX4ZmKMwAagIggGP1Wd4owI/9BsHJnk0+X28sdcv9OKyhM14mZtIMc0g/oUUbm4ZaQuoT7iUSO3wumM54Pmx5EOysapJYdWhE+nxmDMlWqKgxr4BA3+byatjeKJ0cy/gA67107VXNt576dDVCBr63Kl29ztWLAfHlF+cWoSmLMPZFTcZ3TEifDdLehdnaFixESKLF3MLxSKdQ9gGRGI+0MoXnfDRl+k1dH9LpPR/YfRjNEzzlo2QeFpgotUG9dvwpUPAg8GC6Q22k6keAyLdVTq8+C7sTwubuH/UW/SNNeeW5Rgsk5RweLtqpTPTyXbDmZKAoOoCuYr6rgalBIpZGvFTKa1TBF5IJ49nLwYkTbP10XF66r7BsuFtXDhTbZSTU+OE4qdRC6RkAcolrcGsxQQq8TfrQryhggWYyd/L1dvvjieuoObpGOAcgZ6Jq/bq6mZA+LG+Y9eXUzsy1JjOIY7TbNyzhVUpsx1ywgP8AcsugOuO9iS4or0gjPX8le0jzqE0pQdxyi/pHeIPpp+P+S0BwYeixjA2qwXCPCV8LVZslk/8FoeXTACzwEfYALzQGZms7wsYLneYNRiG2jRJQc+PPzj569whqiQSYsOMy6A5LRTz6ZT5O0h29GD+lTqLo2wcjI0+CzNVvIEn3udjLuGzBKJ+pOgAyWn9jMiMdrpz93lb+GXSYoZ1Q1nLBbH8tatII1Uuw7V3oZPnmOqS5iO8QN+JVm/VLUNefZHJ5SSh/cD9saPRm+RZbCrGZ2goHY2t44l/4sIWJo1fdl3mKVIsoMsoPctOwcOVqpLxTbeKN/fKO+7WdpgTiWDx4r7POH/s0JXK2g2IAGMhyc2AyK4j94VdmVu4dlrRYV/zHwYGlNTbYp31b9E9GRZ8whpDn5OkJcbrOrj3Y0+qHKUfg9IhSUFS1osU/wQmgziuhPEF6ywB8Rri41Vjsfmit2he8pQqmMeCd01SD39CmBsZaf9U4YuqK3//sLQcX4fg6tkJcbP4WrBO3Y2h4RKSKuyVzw1zEaXvab/EVX4jitwmZ3fDsTIhZ0J18ie9NWVu6DiKij60zMObJxmYhUK0CQnx5i5jcuWzeLccVrIhYGXkBHVxwkj//cvJxgmscTmERChsYzzltq94wqJMsnvfWzILjcKG0eFQ49e5t2BETC97hvZOE3s5009aPWP0Z4VnrhzeI+HOZBWjBS97WArmO13gNZjRO1bY1ABy6j3/Bxhwa95/1o+pVx+G+ZS6yN0JewaT8Y7Oe9iYlG70bi9tZksd2WhGnEgDITCmvfQIW/Ce/7Ui2D78nRop9iK0g4zCLdeuIlgkuta8o9E316JTpZl/xTCjur/Z146AWr42IgYaoUJAltCo/prGQ/h0MCodJxPawY7yOt6iuj5qGz2CPSPDgXbNcI8mmgQ1/Jr3u7T0qlEJcSbtcP43rr2kA+Acl1TnWmkkXSGWGBczp9ol38XK1ELLKjI70scrxcm+aBRaDQgHRMU/nRArNpVUG4gpbVxSRifv+6tW1n1YfsoyqLt7UhNk0pvuXh5yUrAzBVMgeQHPaxo4MobCtHhufwZyou+PMGcouske69pm/LMoFIRsc4WzwcIHfDl3tP3U8Ws2zGyhV6Bt46/GMlSp6+0lQgRD657r6aimhb+AXa61crQ== - template: - metadata: - creationTimestamp: null - name: servers-vre-server-hostcert - namespace: rucio-vre - diff --git a/infrastructure/secrets/rucio-vre/ss_servers-vre-server-hostkey.yaml b/infrastructure/secrets/rucio-vre/ss_servers-vre-server-hostkey.yaml deleted file mode 100644 index af2d63d9..00000000 --- a/infrastructure/secrets/rucio-vre/ss_servers-vre-server-hostkey.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: servers-vre-server-hostkey - namespace: rucio-vre -spec: - encryptedData: - hostkey.pem: AgBx9H1nq8Qm7HQkKE1CAO9ZtUfYAgOd4XfcWiFbRfV440KQ3ZO8gPJV7Goj0tuDkI+JjzFcOl7+AuAYk1eB2e+u4TJxFbbP4q2ZhDukUkNnpn8BtFYeCAQNJlwr+mZppDIS4P9fqkvZCxG3gHVlWj+S7zJqHGHxAeeWcRQknXN3rHDqRTpLzUjwjZudtMBxxPynSeQgLravLGOErTCFeu99UKusvNkWM07WgUGHbMvK3w7lC8gnllaNkI6Tg2LZIGSWPS8MqYACcLRw1iaPHo/kAFr2Svup7HmEKNqZD+JB4QT8XXyFI0fLlYq4lVdVX0rXOPQopgIJMTjBCiogTdCxhvIruGyyCVct31ETSUx0uc4ZJ2QZiBtdFtbL+kXgCDWi/QAzPgNr3nSBTu7EEF6PYcvsRXnlwQHeVikl5aJnGLpk7ZDCIbOLy/lTSKGekHBkANdm0AoDkCCqsvjNSyZkERuMs5srUAtEyHx7Ms/GzYwfJRS6ql0ndE/V0yC5cxeXcsK5PSSo0hygze/3TUTnYEg55isx2qAxANSMZeg92m/adw5U9lQkvwhJcIn7jOFupgNGOSSUaExtBIhNkLM2H/p1ry+bojc1H+61DTJnAD9djTGtR/qgpyuXwWLhUJ85tVQCLbOhuEqOBNnnt9CIiKF5u2yd27L16rU4sz0bcSQyMz0v8vcMqH3lcJcvxiGbRtyy98uaCv/NloS3c0X62t9jjGe+locdzLBtDzOe1kjSYJvOqd/D9pMVdomlEtfAeP5JJqxaNgwVM9CJUTwbDQPRe7+wXa8LPlms2J5XLUmlyczi2URxxiw6gKxXHn1QTm4ibTnu9lTRmOuHEf6HXxO+mHEyMDdXplVP2/JNwg+0Gc56Q0xc5tH2rwb1UAlJZD+J26+l7oDaQnxE0w2FlAURUI7tTVo/0OhwD5pUeIXzil/0ohgU0xv2KjG/AaVfZ+A/nn/19SeuFDmwUnbAKXK4UOcFu48nNatiSSUwgs6HhuUXhM1wiyg+atYStMIQAqxt6EcBKPVVS02TE+2Hv2VjIUJBTMH6oDpmnrDh7pPjd4H39ZOqXLiFwOB+a7jOzeeNXTj6A2X69/JuyU6F7reucHVVItPYR8waGwWD+N0l23I/lAisAQaBHL8oh+AKgBKVHDFZE+O8zzMXk4zwlNzQYCW9md8haxV2j+uFYJh8dxx0kiNZ+5qkfrtqO7F/SevtRfHy6AaNSBj8hG2TVtzWDESbIJnKqE35Dfw+sglh2GM5mxFHdAZduYvUTeVg4iQgJMmY9eJuynwFxqOTudITrsQZfdIwNeQc9HVf0DknGbkZ0C5BHcwZ6Q5smDMeGOYAlULMCC3sgx9dO7PJaXdrtM37+oaAaCxNJe98dm6RYtWaw0hEpXI8b0DgmIGWUR6PJZc/am7XqD4htXGkH+mdEhe7Hru3rJoZKk++0l65up5fAjqJsVWOWj0lF41qNiM7scFgh/ndd+IqZqD9wm4b6c3EDhNZgbPg69+M5wBmEbrgE7GWHQgVRVOb7ASpavjEEK6jAwWf8x4x9VV47f6Q7cforyjtlY37oPkLURPbOPLGu9yZplHe7FPcYl73rO09YNeGBNtTIqcv0g010qVijDZUTpIQA+9jVmxLjxVUSyyxRlEJuWNC7WUJVCRZl1/LW0HOeLuNrfIEv3SjF2VrElYg0BsmjObfHEg+seFR/BBvza4vZPtmJ9GRQAMJhvgvil/SvZ/1lQ2YWwZ9P9qFe8gaj78jSJOC0G5cHRVaL29NGEpt4/JiBkf4ryqSslskTqPj4Kq+i5WU0dX6AjgupeeUU1GTUZiSroA43uxohGGZOSAeNi80gerLBnyyIXo5hK1zkfuUAuh9UiPc7HO3NPMSnN+MxsvEsb1O0ovYoTGrO4EpC1mXPXB4vlW1TQ7dw/fqe/b52/4Q4pR/rrhMw7DADq8i3H72gWd4FJ0816aakwTCJiltGqlMg2tl3VZdeE7zyL41wEfrXz1wyb6rU1bqKi/8DtR6i81FfVGd4Z4lzLhUtgjzhQgWLyPtnjJ4K+29RgaeQnE+kDdAUgPFJfHROlrw1ymDRaXVpUA8R7a3I3PITDGe7jXxRinZPjtbfnJtzauocZA4SznXmTRLFGqx/6dOk9y+2cNM5xJylzznzZ4R5VqOLwSHfAtjTg76xiptMu9DfC+jRCXM6cc1C0y13GteuZ/qTs+v+mWzVK1kjvvPPjHvHX4CF0sw3tGYtA26mMskgpff6kXdZQOJl2jsNu6d8u/90mRt3rkPuclUnA4GE7aDFevgyYjJcqnhWEWc9WdYJjz5VghEfrS88C3QHhIA2GhfZ270ydOTp4H4JB9ZPPMdg6+J95oxePUksXFz7cs0PDcZF8tMu6UBVwOan+yczTJWwNPw+vPx3Ox9D8zrktAX/y0EankDUJsSch/S+mIhf+NjItWIt7Z8RpDZTxLxW3incYLw3i8WrwIwQ1vCyAlVRAoBFyHwruJmR1bcSCdUBSWQqQ+/lmzH/2Fuk9g6jxFH0rxx2jfAJLat0JptI/jUoe8bc9OAoAdGSrzQLFSEj3aD9mOLctw9x/D1/FVbv9chRVpMF5tA5QwjeHqqWx88Gl7uwTlioKQKSse+BlqmkJ3376BhlrnSRaL+FS/OAI/1Wf+97LT97pb+3qdmwJBJOEg8X3S+CE3eaV3zGva0cpM8N99vhgjYmozzyX7Yju2Fz38Hbv4zmHj6t8bJXspFA6LrE8MzZ+zxuOGWa2fm0D3NYNPZgzMW1KgYzSZoUPsy354Nmw/NhfMO36woQVIoi/dKsAAqeRa70v92w8LLnP5SblqRD4hXS4NCGPppIC1HimXBHI8LZixIsxzbKkjneTuLC5gIv8texXxDdNjE9PiTeqRYtBcHhGXzTk+uwsFIDevEgAzxJrJ+Zm7vZRMNI4ZKTEquKl8RMzi3noQ8a09FxrBs5CQZv6cIN8Z9s2Q+uU3neZ+2xyN9o6a8cCP6/3BFJ6Qvtnztb/f0CbVH3W3wnzLrvV4Zeiv1v82CePguCUxuOdluCPRF4XHFUIm3O/jRgaxbNkRxS9XWmyavgv5cuFWXPQqFr3tMcCQ51YpEEEMspxKicEEokC6N/kg2Cox3/kF3x404 - template: - metadata: - creationTimestamp: null - name: servers-vre-server-hostkey - namespace: rucio-vre - diff --git a/infrastructure/secrets/rucio-vre/ss_webui-vre-cafile.yaml b/infrastructure/secrets/rucio-vre/ss_webui-vre-cafile.yaml deleted file mode 100644 index 1a17a0eb..00000000 --- a/infrastructure/secrets/rucio-vre/ss_webui-vre-cafile.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: webui-vre-cafile - namespace: rucio-vre -spec: - encryptedData: - ca.pem: AgAb5rqhjHsWucqv0KdY6xGs58u2CdeIhGeLSumbPDOoQ8fhUt28figTJ1xQhqIybeL1vPuw8xSLFrHgn3vCNFMxdeEUvyl5CkwtQlXYoQWkueQjAQWFX5eJVbi74rXnCImO3ZcziXOBlw2FmA5BBQmszyTmMc9r/TmytZPsUjEpQGAtoHNhLTbQSImTY08Ih0rraEHMOJiYtPT6OpnPQ3us4az7QExPJ8kt301MFYWLDq8JIrB2yiP30dL/tGOIPrscjKd63K9Gy472P+UPWoEXETp8fZUzPOASpMZIpuqJ+lSeA62j80mIvFDG7XciE1Re/fv78zfJN//wpO/jQSUuYW8aKZCAuRTLwEJsfeeimoW4fr7Ab4CL6oZ9KNUlyh03VtFA1lqIAPllSgZlttRJ35rorHEY+92jT3xvsFBXaaHdsr+U/BAEBUc2v8NS0h2MNrnqtNdM7LuzzWY5/cAUBxpF8LKB01Ro9Ty7ldLeU5bsrieN0Xnlc2JQ3zek1EKN3r/yYt/3xO+OlG3tnMUiZHkdjJeQYg9Dgj1r6hkwyT0iE2jHlxLxzMWGAenplsp1f7RjAeZnVH97+bk89oGXGXsmOvx/mBEHyJQQrYAXIVdpPZYfDBpR/evCh1Ve6iz0tUv1Ywu9rWNoBXYlpO+lzlQvZeYroqZog6Yza8hD973pYNAOXuBt8hTiYIh/bkRbZPiNMrCapQv/T1itIarc3c8gx7CpPSGeBWB6nbc/vzzqk/9Y3zn0jA7JqZwy2Ucqcn6QFkoqzXWKO42zLoUiDyXdQ58kZNE3MevqY7vCxOobiamcyfcbBzQEoxj5Jye6xtB0D4F+AN62mC0TbxCBdlU7k16ii4aMwoDY2WS85b9Fy4Bviimo/d/3eBrkb3/klsvGW0ABjwh2C8eniLBIoByJAD9ZEkbvOCzRr3zkv1zKk63T2hvY9T171hJRvLEKTRi5ISMFXyifxomPgomuxUy7i6GqccUhG0mifq+N0ek5WUUvGJHEKmZS9Y/aXCtwegoaOKhjZ3jMfIUd4AcdMhVak1u9WePV2T4L4TO4lWBscrRdcDkOovPTTBThqXNeeiOBQSCMqG0GU8n3O0BrOBVa0lEi8bieFkompRNVnnv/j6ikCxqvj/ZdIEE9i67ESXg3Nqgyp+3g/PA4bX8l/fvAZWuvE4HX6kuShPoOQzqMrGNvLSb2IQFFL/L3m+3Jl2zjd32nQqm4Xsw4mT2hb0We9c8et1ZvXzwnrYK3Cs3N+rPFX17/pK6kGfqVcNjHE0LelLXH29NxXy44tKR+jTDlYXqJMG4j+3uXyYn4ajkrbVhz87kO8qNMQuel+WW++UQ6oPB8ylakM3PtLl4Gpxex1kJs5ZKNRbwy/tip9phDr4x5vtLyfmr4smVUF5oGt3qBdc4q+XDhF9CWVtBOEPHboEBp3L19DYhHV0sHA4aQEYHzm56lousju6ua6TlEVE4NABnTclpa3k3nUDdAA/5vy8nm+4il/gbyNWNySeB/lxoszVC7Mo0mIa1Oqaq1PxVMyTzgBAeGDe3auTEPGuOGG9NAhgQoa8SD31G7FHAwa1G5/mkW0cYwzYy5c50FjfHDgQiNGtgweEL9pJnWAz9uPE9TDGIqgF1v2Ax+eBdpWdoTodI9k8YhC5Im0gahPo/3qZKjPyCKoZL66hGN+rTTNUHR1Wo98QRA5MvXAIRGetYW2m5XicHw3qJnjbM463XKT74s7esie3f+T6WjUl0bW8KXisM3p5ScZMMAbc32cdhc42fhJ2Pok/7psYAXn9WSL6pKWhUIRfKlOhWkoqKdBSd4DiL6P+2IXRUD28gc7aLk6btJ/uTPVG/z0YUeXAjqy2VHNJ5UYQiRg6RRCyvVrTgTd5W1wrQrmld1FBviE7oDzhDc/DMH1eu2/wFELkqMMwuOci8JGNCA+FYeOOXE0CJdq+IY7JtUZhbuvnMXDGDgc320t0ynf9krZT/RjQxyoJZ2+u8/gs8oi/qcPOQkm2HPk+dwpAgRNf8jG0ynNJtIU9ZbSMuM5bDQBvHtIBxZhPIWUAC+PbrFDhzU33I1SZt8gMlleJEM6ALWpIQckbPd0ZhzKesUFrX5MtKWJVIZdYSXvkpyresukw4UZIQ4SfckGAI/AjgHzfPqVPcpYQAJO0Avr2TCOR3OBTVgUGhzW4DLDyn5BAEcEIaApq3pked5kTSInXBE27JMzEWaToP+ITgf/N5/Oh6UBONAf2yMR7hgQP2kAYiWW20WmYmgP4Aiwl5La/WNPqirhNMFhgKcXjexAd5qq9C276C8DdDB3bX4TEBaYiZZFpVZd5ANR5jSTlEpAClnUJEGZ1r09RjPzFkgS6l5vvh3cWeNk/vL80XCBHOnsSs+qulm9CVamTKGk6ZxQ1hb/sWkXHZfovLabRk7PsV/4fptgtaB7u31Qkp2Oq2dtosn7sIX8eRX3FabOTAw8I3fpOCPprELJvtF7YgBuXB2LCjQbZduDdhEi1nA30QeRJLDY/tOaYENYN74KLKGn9E+qMuvxn/bMnmofd6Sxh4IuDRL3Ub+l7xgbFkHzRmxnNqFsbSS3lOzUIjhebDvaZaLKsvZlddsQe5UhacMYOUzDFx0RZfEc4Uoo92s8dzJ4pUv3dYvMeLOc7GnuwN1KeBmAKIkkMVO3OLdshOAYpvWnbwrZ3oPJFHikwyzcqZ+IMBZkeUr0CtppW4/ABk9ziO1Vidoi25cD5KRfzItOUAg3tPBf9ZcF1MsjJLMFbh2KSEfa9r/g4UKNa4Z8OT2bqBWcRXIpzoeDvH4wUnX2XTmrIgG/vESMs532PmnPT8PpC2EtXvHEkNFljuL+WW8+NwWDT1JGKHH7z8aOoi6lZIsChvlaF/8mvWPbyFh7x5FSiJW1qMbfPjS1JzR1QmO0h53+K9r4wo4/BZwCOkFpQ2cm+xddVr3P/OT9WG6R7J8XjwTdeZCNHxC8/gT/fHPWMQJV/eBlqCwluyc5uzvtY3Fm5zaRsm03wmLQXAt9mHGVrkqCM3BQ1H34/QwiHvBX7EbRIpkuAhCHmeBRvvNX7l1ZCX5AMMXxKW7C0BPChrJojolxbKWb3vjqjUkjv1zA+kH2RflQ5QCoAUVNJhp3KNPfWyLMgG4tcjiOjYK4b+ZmpXH6wB0V8Qp+YbcUE7GfZ64ZOtDn8tYEvJu8Jx/yJnF16Rmu/uZ4B6NwakSUQropL5KX+tj9q/0NwACsrzj7HGY2kIo3GfA3+0yM4uBIxIVLbDloo9GOORuPr0Z9Ht/31N+ZLsHmYu843RJkAKQxkMaUSc9B0XTwyRwdFRwfzWX5mK8UbVXqoDDz864fy1jr7v4lQ9+FTpndxjMyeISAwJQm+lnGJ1UuomLr4915IZZ4ZOZBRGpFbrBegqV+/92A3B6sEsHGhgM6uSJfjA3/PhDzzips4Tvk9CIP2rB1xhnUeno7I9NKj8hgN84GwwxOLB9ijjz3xDrJBjBp/X0hZdfTVYrted9ZAFUwGjHLyxumhCQEXXNz/ha3NaJTHtvtc2mFPMSkesotepuJDaqEnhyoJTPik8lKbyU1tM23FN/Kkv22LhupK6fWNy+mYGMmj23zGb7F83zcGs5pTIGJkMydEVKcgFjpQPMaafoqBK2wvnv9od2t2+I+OpGSQrxBJ+hvW6c1sXCxohexcfXErQUqws52kZhE2H/mZo3VsQl/RqktiIx49O5esl4h0PGYCX6BjVl44T9ETAM4sou9swzJQlepAhBPRUqLxdMqgMNRsNQIYOC6JHZf+mFqdBU1FH/wMvMwI9huF9DjwIvEa21fxSvCkCHCyxLq5zanakPpTyNF/EZs1IvpVCcmkqsDDciRLb8ubw5bO9m2HLrkVn6em4p3rInkbGwFRXzwY3obImKx84u4vZP9fNrZo88lhMXveJYR89ZJPFJPK755wdI6W8EwUQcW7k9A7o7i9/RRP4PzpHiYQKRTk94eYdFeZj1ISrVG3GLKCCGFzgutst8ip3VfDm0JF2pfT1UTfKmXL+tikqOtvEnEIaoTQ95EaGD47Eno9JS0OJ/X57/d3DelxXz+FkYsDcnfGoBsfwK2yaYXVcaoXxle+yWk4wrOGDlzTjT8kHyVt+RbW9kRyf/fFTs8E6EKe/ovxxTdS0IpMcE9HoTOEKKykrS0pBYnH9h97r4ewPwc+tMBbZZ0qzBW6MziekmlhOUZ644dNZt/FCHElhviGK5wVUOG1wM+zB/L1fuBwIFKYSVzkgdA5yAWfCqdmigk764W+1pmxMshJe1kZT9roqjdV79OJfktvzW4dEslRc1ZmzQbvV9CEFZyQQ4OIx/ykPyA2D3knj21W4UGDkajf1DXbNZZoD7XQ3DMl8T5xaeKyl8cOXS01QWpqBH2DNQf2q4kIzOq2PhtM2sZrmNYxNxUfPEI6qzAdcIbWqA4BRFCMhzQQ+I2f/SIaLVDQpkNCZxY48g6WKgAx78Hn6zEKgBTByBQ5gLwcuk6NfyvVFICE+kVqVqGUe5LSno2Uzn0HGww7NOj7XrbvWqWdeX9gtujCnCep/CJptbjfc7kZobqnu8Uc2bTnpXXOXAZFELIKZshxa+rKHyURKXf+jYg9LPM+xVev5uf0uBIdI5Xjg0NtH6gtyCpZnY44o7DgGQW3gg8mF/NJ3JFm5BeNIIIF8eyU80BR0GlCAI/fdmxLXJsmK+0Jodjhu7c4UAyEDg3J7H+G3q16nqzi7fjQl2AjneMOyqp7vKaduNSetkLjUsqYFZXCQ3/TsF+dAZPLzJD+XcLeUXUYQZhL9VkrQM9CPgDqPc7TN8bL1T6xrJi8F33GMyRXlXdVmT4YQYl/WcsCuLEU4Cq1RJWyKwbUkdjkZCS/S5xuhAiuy7wfChKNwJcC4ejNmZewlgUAVE3O0ubKgzk6Lv6kRHjtD8udFILr0CFI8G6TELxbBD9T5u1v0yyTIj13teelv1Css6QJmpW3LDj81kgSz5Q/BEHc9HnKotfy1ssUgeiUkNukuLI4c//4r1XyRass3G2tR/7R4FDXTQyQNRjiZRCwFD3uR/AfK4HJcrHPMXFHzudOxV9tw3Qf3/hBkuWxwMLa8ScuggoXZ0xOSXA2ch4nOJOtpECDBrIEZJ+CecIMEGEMM0SajomNjnyI7vpwrovbpbAZdoYWOQWKG12GSsVGQS0pxuq3hBSLMCgXN7rZHfMJMuKph+I0kdHK5uhjxZfIfUw6K4CW56BlNvz1pmtibbIhGaHVLYrZqJsOHdAIpx9NFKFlZDJdutunE0zd9e1opUd+PZpDAazGNOfCssU0Q3xer5IiolKavNRsR7VG4yznF65x3XKDEvbwYwnr2G84Hs/2rRNnRu55kjdKUPivV5tlxG+L19SkfMQbviGmjKTcuGpFkotH65J71uwjkCxtaaRj3omdKyK4ix3TC+Qbc9NG/hgexCSVDYjjzmmD1BVGqXtYaz/juKNMze61bvFeVTCJxXK0ZAoa1weGNleeCQZBuFU3KKXFGczdvCcXGMN4CQJFHnIY4h+SnBH1SjuifDpvTbVrXmPrfOw7G9Kt4oWn2ej2dNTI5hAi2XHUJUiYYpCO4TkRSdwsg7dDz75s2FnFjX9maklhnMcMj+9kllyARGsE568fVl3MEac4awY6f6Nadb77cXFktASmZEak6UYKkEJO3zKFEWgE4bbyuECF33hE0Ff5wj6TShaovxKvmNwg7iurBM/E4wEwt9Ftnpn+BdEA8LmERUVSvFX7Wb60kJOAkdTHlvRvQdfZc+WXrDR38LMflM3AaRFjZ9UHj0xITP3FF2gml4/PdXGS4W7RAGuzRVkv701F0EKQJ++pbWEU6wz/on66xts3e6bFdD7z4dwP8+1333b/z3rBcUD5Qu0kyYOhZB51mPhWwdfg5vA9sQn8fyEwfz+cbo2mz7vfxjxr9pMyENGNxU3XWucEA/3gPkhplHSo4OoacA33meJgY3C0oHS+pwIkuAE8wtmbI6dY44zSS/Fw5DTkaUHGzJ+8vmUB3NwjYgkuPeMEnUrtyXWloa3SYbtlc3UrcYshaspvBeHaG5US3myUXo82J0IAVV8zMgNYqvfQNzlULFFs3yXKF96I111Zpm6J9b1wr1SUm/3/5T/L2OQqqk9KZAyrBZ/swlbBsGkoJJLRRuoTmkwZIGVNBFSl+yDI2JhgdeW3hPSJ7AfG2CPW7etbjkUVbbGLE6q/TZ/A9vM1cGIQ6YyClGz1gAvjYzuKC2A61g07TWrFI5fzffMQNJPnVkBYRQr4f4Z+DhpMXYBcfNKZCVcku9xtaaddbIEXlo+V9qsnJOxUkr9TqLfgcEZsJZUlqHFeIDq8pJVub9OKZnNW79bDz2L+yOSiHT/iuInZJJrxaT0MFbPt2IxBfNGN8XAffaTz+tJR6DEhZIuKpmjKzZEm9rrvhpbhy/aHNcyiKzGF8RIXEjJGBiJex0hC94ITL3TNWdsQN7LI/juj58mikpoV7LPQm3505oRO11kMI4m/TLIqH3W0Q959+peAiSj2JdOV8t3CaYOWTMwBqFuMdlH4q/aO5cqKzZ7+gNGzB0nZnkrh5ugmwvzODMmK6RTxhojJSAu3LNeuDNOzjsPXQjFPlk8B0k3pNKPmsoIXLk9YHy7e0gAMGvO+e/RUJvwC5YddRQonL70qzSUnjSvV0Xd7HtV11/DplaCSido1xTuv/oQn28kjhqQkalJBISkzhGYk2bK1/EW8hWHS9hADcDWs2Mf1SyyobNUC2I3CvagUjQokegVjloxbD1/2NWN82WEHsL6Sleh66iMyqyjoS/a+HJ5fflsqkAGdYG6eLP50sM8C+/mlMuNsLgevAs7WnpjwkVvpCFsXWL3LpOx/MOukjKJRQEJtvmHpZWyy4As4PCZbjQqIILArxA89VKnAcaH/yziN/PmWKZVuv5Puqkdg+lhwBGO3sAg4QM8s7m1MRUotUDZ4AaBRXo+cnQwt0MErE670QkecsM3RBmQ9qCyQqxnNS+0QrLAZBX2O4xo7EHPlaTHfn/x5+22txlivTGkTWk9Km0PeVxhKEAMyCpx4gOtVkoo94PUWtL6UJ/K8sZyAwfzC1nRmAQiT8HDvQX1iXlGtFf3lZYFZSuR9i3XKa38J3zzFdFQl6/evp9t84tyMvknStyFwQmUc9M9ilceAJlU6AfajdaWI5t9dRJtM1B74JuKKGpsrfOP/Oh1XK+CDa0lMzwlvKCaiFq6n+260KbvjHzsQWkMix/RLYIIVuafqxTZQNqy9X+Awtzqyk/t7CV49Q30K5eEkAedP3HJ90zkyjCKmk8bQrQjJeD3tss76LfNXYpXHGXe6kVE76nfFuoitfmQRHcuOwZ+DPQjbba3WTC+ApGCOazUo05MptlzZoX7JIZ14YaRrjJRa3ihcmAAaoBx+ey6HTs0X3HCIiQlupvB8Y/uQ6nR2rEtrzwTvHaFzzjiPSbgy1sF6VTODs3FCmE4akmAn50wLGb21Q+QG6WvRWmYz+otHTHfvGrnCNJeJuXejfA+fz38WcMBQkb4LkVShky9NXf2IkkvAmaDNeUt3jh6HAQNWYk6ycN+ac8I6OcjeNgI7RvI1drXqKF9vaYdFffE4xodTlMweu5djYjGJ3XgzebDRwRHQc+KXIFEnKauPweM6PufgsZyc3TcheH/eJ6bij6bHyVksSD9/GXzTb8smtxp187yDm0+47Or1Oxql6+OFpFhkp4QxasRdgifwPHBaKB0nTadG1RhRq3FUMHawVL9h2KBTy5lZtV32EbtYw0MC4/Qvlc5lcaruMz8BtPA1OkR/GEu4ZkCowtnfVCCwhZnibfv0UtcaKBalQSDxCEyiMJlL5woDudXU9iN7bHM5rbDJheit6ywcbJaOjjX2RdbdAcC3erA3nptBp5ISCWVnPlQ5b+8KQiH8TRaOIbLnMfuZoDAZixt94UV0QpOZhF4Mb9wh74zYcCWqPIHqaah7wf+tlh+j4WCDOPlFThdMe/DBIsWO6uCpYx0Pc+19Sd4bbYz/2dVjnnBseMOgqyjOSNn0Ls8GXNb6Tt/kugCt3YdiHK+JYlWAeAnUEro2/WdfYAdCe19N4vhaM9FO6A+qyMIQPfRzHzZPftPnUsTXtwYL91UmiQEQnh2SE6N5+eFEG/fdivOFp/rXHezml86xLtjh/yKzQs6KdYsaKYDpO1NDwLvdfJKLaUaq+c0hAn/gUIZ0N8qXSyNtSZLFyEgzewOAXU9secnTBHyjwvqAkp4Bi/s3anT3Znvn9dgD/5NJyroCeJS8GirYY42A+YcH//nFock+cd5rm29TiV+btd3feknMqEHq2n3eg08mvhODfKAzWqmQppGgo8lfHZH7PigppQu0IXpdWOarcNZUMcmyDwkIAIt8S8tPYIAGtMCdhB7jIicFTV9eOW/AMdjz4ayvM286pNIi/eJDcbU8huNt21/KAvQgq4QhCXPxH6ehgk2hLLoll2oLggV2r21VDUhtbn/2/A06PhWxcZVPIOSR9x09BmBCkC8smHc1uVykxm/INVmcoynT/hPImZP77XG3JU9nB2AvzZXYJyVstWHAyHect/Pti1JfAkBSxeFC6cwuhhxMEvVAp7gcsUrZk8+aOwDvnbx07JRBhuAoPkfashyWDt53o0SZSejpkZYnzWCzl5x1hA4VyxNpLG0hj/RBZ76XiNVRWqeoP/mHJNd1OUrapRHObd4pknNbE68G7Ij9VGPwRmDRFlqGAxWB5z1/eSb98LB3DqcQikseGlTgGsnePFul9NyRyYHvk/EiaY5r43LTrrXOfEzyS9JZDoKuW2Z6lUlYBkUyc88YLeNKrfl14wW0WsXGGHqSAvlwNHIHp8lQfo0DL3KxT0JnNsUoCoePokoK1Uw2xgPlRDaaQjuj3DrFWMHzT13UQcLJSgh26Lz0/XGjfkuj+UnrsGsBd/Vu+NO9Wrwso9Nfs46F/60rbXa1ctLC0zMMf8v6sDZjlBUj2ps1FgxglUy2X0wC4y4+FObt8yK77OIjRTuhVAQUff7d9MwaHcABT1umJ1j4HSA3kjrJT+8GoHvtI79zEYGT3Gm8Z7DlErGTd76VLoUbVa12uL8Rtv82yGQXajs7XYomdfRWcvInzhWU2GR5iSVsbDsAVZkkztVPlAiLd/Fr9wEwuKQPa0HDGWR8f6QOzDbP6rLaXatEWjHwz5A133xnSNFwJcSCYlJvndlhGLMWd/FmWx0vKJK7XF3T0LuXxXR7+pGZsb/3C9zSfCIrcTt96+lavCf3q9KT9Lp0cpCrrhG7cSuLwd0PhgxaH1TdxtN/AKzOfWGRBUPYvZ2lJ2ngBswoBKdUDoN3pJiT/LcmMkUIeynTOqw6qQHPGsc24VwTFI+4UtDndo7BJ2bwZypwL9fsu+VedLAJZTn7z9dLiXEMssew9Sbv3oMFoCuNw6qF3LZB5dOp8FJKE+9o9l4eZDlc5y9cBhjre/JWSlVmv9h0F1P+DkLNBa7EC93IZ07LTTPXaWoOggMEn1oglLWjxz39ZPCjmcntT2crwCZw4WmBJ2WsMHXweOYUmOZFdAYbGkv4avdmyXhPQ04h5M/JLaefkcRCkm21FOemJK4WoDXbIQdcMWPZCjtJeT9v7MZmXowYedDy0ehih9K7Mj1PUMZKMdrxG62bVMzBU0Vy8LmAMzzfI6jaYjZylObjOFdY1pdqWTrKjg3CFwHEIYtA3rFktWYDE6gFW7g589RqyRjHMs8/yvY3T1vraHEyz/E0G7YdzHRmvt/d4xe/NcmxnaqeuerUwlUTzdJRd0NukjuuMvD8Cu3FGE0A3OP07A39/m9hkBuw/pe7HO5s3FJur+m9TX5GDoVROkiGl2RgX+64yPK4JtAGvlJlq5gf7XydjPtXXfqfwOCfOLZu8NKdJOqcdoYZ61SbXWnxOrfbnXO0b10OG1gAXhPzTnibTzBrV33nfKyQ0yrogiAwf900pJUMm9jEuAiMvnCPw0ngIv+hKUqWIzicnVjuuprS+H7uNCUXskelWQOLhzDmpo4YELgiIh+iQbqwJ+/qrbkC1ichdSeQeGWAUjnB9/9kPyEjKBwhPqsNTc8uPNp7fn7V4ChCcIjZ+/hO+hBgFNS3SN5iEg3QeuCRG9pPaGSGt9lOWr0ziDrkAXUf1JZKZ9REZ4e1obuUgYt8Yf3q4jrHCnQkm2f16RuT4xi8dueeD01zjRRCUi3DGMzywZB0c3sak+TKnvjim/02oocUHXXm07DBQt+tHfMviRplD79Rn4TMEWkuFd4/lygyZIiMHUXZ+Z7M8f5bRpn10YaGnmHqipjY1pTftsnnVy6bux6bU/u/N872c2sYpzJinyPAaTQl7I3A7bhRzhvzHncaTlbhxzBU0eC/D5PxiPEMN7sLvAunyv9fbt86foKIrjNSExqT0GgftNSPDnrLgGHfx2NrEsc/VvJu23L58DWgZP/JVfYGB1FFKT2D/temzoAHCVMhW1w7sVWXo/vxDbviQMbMNxpjfhA9cBPFK+ar1cS5Y7GVII5GEbSN09G6V7n5W6MdqGoTC2C1kmCAzEV7IlFtqdB1+Q3JOOYj39Z9JnqXS55p/oQKI0O/2GZPBHIP1vWklX2v2cWpafij8t8Hl+XjoNI/Pe+rUSM1p97/N04FQyRauZv5E8Qaa2uvxpbclwlS+2ev3BtPhp4LEn8pe38PvGsTEugiIk3576kiWWS71YwwZ8uG91YLKK6mOR63bGgBcLgBsx3cfJYigvTWpXlVI8fMgZqccbbm78l5og/nJqBcxCsvzc1YpWqEQ7eDEsj/Yv1B4AUqs3+Co8JuRwQ+bpbnBI6SWwKXNczzXh2pluosYHUys9InIaKT320sIBy86pPvUwz4qeBu6I42+NRS5wyY5bU4wk0vdYtSe+cftcvwnWt77jN6je56oSPXeummgT78qs0ERnUDZOjJ842LLuWqyDot72Mx77x7lIjSOm+e5kyqQZAnUVVGOq91FGoboW85OOcIESVwLcCo+BvDv/g5SwnulcH+JC2p+2KDnGvQtKXCwlWXaIPx95HxrKeO8NwM0LtpeYtCrR8lx/HY1H4i0X/B4Wu5IjY9iviQTU9pcWuzVndebDLyf0AjHyK/xVIOOJcKIgkvA5ob0ji2A2qmdwD3ojRw/IktOFoNdAR41WEtdPKIiF9aBlKzc0o6LcPsW0rdSbJoXE82L/ql7PQKWYo52Zt6ccV3h/tNKQu23w2cWdo6K8m1b+l9SZHJeKjW/DILyV5IoeQWZQSDz8XcdU0tpIoYntiag2lkS0ZyzY+mc/Cneiu1pJwizXbRo6ElnID3tLGLQrkPYpddVU5f0waL6oUcsZs0hkPREVziDj4mGjNVhA1KyOOATX+gof0Pc8+r9gN5N3qCSQtZSW4lFO4XzfNbAhxjaeDvVtl8uWImcoaA2iC7Vb+r8cePjyo/gUq8jMa07q5+aogMigMeFEfm3EIHX/10PMVYyoVzG0WrU2A5yet46/rUbgjrz32n3IL15dlHtuDj6DIYPK52bwoXNm2CiZKU5ZmGfXsZaAFq6vsCpv1G+TWk6dZ6lYIVLYxUy+YRmpob7W1auYhOvRbUNx+SivEpnqz8hlei9XSjqDf71A67Ej2b+UTE3zK9Q3HNZBAeCUY++JFP64/g15ORx5oUF99eYIdOIFoChZt22hgTxFxMgENDmKOsO9qKDW/JN/zG8IyokQzg0C5Jxht5ndf8qNfyetaP5kRKkOUXbWQCLe/EGUiBsGjiE9MFltRCNGU51UwyiDE6nY+fPsPlu1ZmI48nGFPLle3VGIRBSa8a2TzPW5mDlGOaQOEWhlfsk14/SY5QZR220VAky38I1rLDe/pe98/XHewcuXxXYZuG22k+YTDn06pRcoPC5IF3JX0FWLce4DA35B3zY9SzOgRxv4vWShB9SOhGe3xRxpkHg52xFa8PwUFBuRBWWWreJn4POnHaPJ4BOCI+WkblURfgG92uAWGfnAdVVEiN5+VV1DpXYYYHWRYffs12kYBZOrs6gKKfM5Fnhc8J7s6vL99aAatxkhU2yagJYovFvDRQBx4pj5p+VvSi7eMlPpJgG8hrCIRcHcS3Woaghiai5NeO97FNlYFljo9hPZc+EFZJ8QZee1FagLZCkLBiNVAaBIFR3F4McQpMihOLCH//fZc0SZm/aq+kHNkk7BW+3l/U8GphXP9QYMYbaMBAdyaZreK9uN2MNiUbAb2dItbPuLi5ZeoR4EAWnidFVgwifSInC9IV5EGqv3SFy5UW/yTO9djrkwWea8Z1DqN9RQXnacvmjFd7hEr0IyI02b3gV8G7n0LIOG1fV+Ybju+BFJiILOdFysQWzTrhnJPcox/DN6Zm2sh/0YCXclY91SCup34rKzBh0VcrQ01z7zC8srlr94nPwGYhVMwcTnq4UGxRlQEmqI+zJXk/alauh0iiO8uruPT2ijkN5Ej/dIumFVuKHEozDPoNJ2SSwz1CxqmEn41osWOJu2F5RRF3SRy5EL2Upk5+r2JbYTzhELd7lfnEe1Qjmz6QDUqYb+Vp30kJqLUW7BeEwhXvS7MtvNSheoP2auo1uqCwdAbg8rm46FOeMjbrtQgU/KN60kS63Gxp+mZE7Fl+zXzHqqOL7EuLKrrZN7SLAkG9D6NO/TsAIy9nU163DJmw8FEM2wN23A457KgDKKAUvzlERxhObkZ4PZwh4Z/bBqwSBEbxUZET5YHqvhbnl6ogNhDGbz+doe7Twj4EvnhJo3uytjAtqOXse+prjTCOBneYnCul1YeoYPHFecOmJTMiKIBFQKukaysDTgBCvywRqatHOCTxn0dj9XCnPdPydQcBRWdLK4L/OMcY+K4qtqPBSTP5/47cw9Do27WYZB0lKwG72etIOtcdm1vxzug042VgOWssI1ANwx6F+72lO5AKEWW4kHr/lge2rTGQl7CDZ+tFHdEZSrPYKvhOpyF9ivslA67BQoH+iBgoD8kHN+2IkaLuEmfOgr0LLhmp6d+EqvvSgPszBumHq/hrnKNPd/u47mhXm4g9xUrHhcMa4gxYyni1MWh4E6v59w01+gDO2+I1w7E0xyNhoXTJc9WzwjEXn/RPZyc/k9VcW/3z+K0AhfXDB0TdmkL/e20YH1+dtZ080waPPXNxfs4P6TAxIdP5vRK5+z7OaCHH0zXFf0nZD6FBP2YBz6l09Qe2di1c3sUms7lbjarr0Qutn/E2ytY8LvjYYY5uj93Kf6v5mY1KzbLcrSYm4Q6JdEB8EbAF1vfPUV0h8OhomFG5u6UwDtkSuNsZtFW3OXeGvp+39KAR8saCVgoe1NkkL37uQWL6CEfPXACGGi50kugE1K7avcEQIs2in+sqWD8yukVEcawVx5iYljt3XgeyKut97yKSz2V1UX/bZKUoFc3h79r8h++P24F9VPwFBJ+CCuemBst63ar70zYNsrhrM0TPtY2PBsRkdBcp41CaR+EdEvMZbAP7ISi3koTRinMbdct5iEGA5MSkqiB5nRzpqyJyIC+obLHfEBdavVix+XyypTx1jGvuy6JDpFCAU5YgTeZ40ggJ3qWSiwd5Z21LJOGSpNoCRgAGeBWWHThFM/2VsMgJR4qCvxIIfAYxAqqKXpB2vRC4kiU7JBu73RZY5/ywr+eHHkPlkSMxTs7LqbCfP9BRWG9qSPYY7tsEaBDtOr9YFHZ+le1BSQ3p281vByMeKp3QiMmeocFacILMN8l8flZzpssnYUxH8rchcCktTtJXsAzLgGotKwP+vNWtvhTqf0v/nSPZ+5zcYWRKt+GHhu0DVYR97b/ghrMCq4+ocrnQhhk1JLQ7uZKjnjPOZrmg7ZX6F85IC4iHvS6paC1gQzg2A937xU1ldFK71P8irAlb3byelmRg+KBBaG5imNYA6KHBNON1znfKRi0ksUtZtWthSy6UD9UKPYfFKiqzbNCRX7ceIrDX4Tg/wk+t/4uKgj7nK31sN0NFR1F2rIkYqN2ItH2A8nbydTEdc796GasP5JiivUqyBJrOhiCNWDKJUK4FmHUBMowmEFs0ZDQpf48olzn0l/Re0TMRjugpcbH6lNhJ9YpqvGLU3MNnCB9DvbH8oIafDpxK3X+lIJwvV9qu2kNGMGkiYc7QOGN0CwmzhPzAv6k+JEhUw1TkH8m4syx6pujqEA27LdwUAQeYt3L7bbBxR3Wqt2WeoUWhj8k2WcaHgzMzgBOzVGcb7QgHVmTzJ861z3MPzOuWPBPix5qcGz6bvTXnrsiUX1XoeHBjb64iLL8LiQikbR3oKOb/W0zajEY31X8xOpa/+8Kf6gASGha8v1nGurMEBZTp5gnsK5nnoJQSuhk4WGxYGhYnGsyARrEO5yWajktudzWxTPicMrIO2iJIS5M6zmayVXTZdDv3DZSKd66WttoxlumPhwBDChxxTErZCVoZY9kSzX1/4IAcB6+e9vlctssuLTsGZ5DU0nsC9Hu5bkV+dVGczPapLchUrPx7D4cSdjYHmU4ItlXdMmxDwlbj98mJwn3tyzNd3j3qIH1M5pHKH5557x3NBdSRBTrBMxpqfLl6iA0zeGgpBDKdzjQZ0xsojTaBdCK5B8sleMTcRgMFj2+wxYLOEYg37315aPwjSxIt5LI7Q8H3BKKPhBz25EH3JOEqZGS6gSeUdxk7OFVt8Ryj8= - template: - metadata: - creationTimestamp: null - name: webui-vre-cafile - namespace: rucio-vre - diff --git a/infrastructure/secrets/rucio-vre/ss_webui-vre-hostcert.yaml b/infrastructure/secrets/rucio-vre/ss_webui-vre-hostcert.yaml deleted file mode 100644 index da5b4cfb..00000000 --- a/infrastructure/secrets/rucio-vre/ss_webui-vre-hostcert.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: webui-vre-hostcert - namespace: rucio-vre -spec: - encryptedData: - hostcert.pem: AgCse9CeyW0pcXe5PfULtYWG4gI+3pG4Unz9vtorABHdIStyTIyYB0UB5Xc7X/aRbNjkUMngfFflJMwJha9shHDbbgTfFqyba1Q0DnlRY42i2mxI5pwSKYS67I27mlXl+fLCKrWq18YNL9GV+nROL4cui0s1WCi5VMAaQnEdsheGrkDy2G9KUNv81WwXVkcypDF0IK4apQKf8QpJ+cTOmyvB98xXyg+PGQ20kVJUGyF59aPxqvvIFhX+Hs3dn6le3BNFt8vQHvOScgTn/f5eo2t18YvoKZvS9C0tFgXOXC0o8tg+/pQlA0MG8Y5rG5Ayp40hVfsUXBDcsHkFErB6O+d7PwcFtjPiuuAogWK1uirl51MK6z6INBs7DNyUAaxuDGt4dxGMEng9uprE9GcmC2ttDpOFJQjpeBnsrkVeQAudiNoL7aj29uPajgBz/A2cWyLzq5Og/zHX4tuNMh2Jd0hy3JebMcRh1EHjgOqkzFlLNr3rscHuk5hDkwBFN086RUiFAP4tJgBjkianT3boEQoJ0F/UeVLks37eFP4bbOpN/ka36K3T3RlJZVL+f3suAdOZlU4glpciPJYFrrysDPWwOSTpKWJTzy+0fuB6ZqYeySOxnUscxC0AdxxLAfDTbZmyVsPQII1IalOVhOuHQ5erL0wW0NqqCRtYsaH+veXzDbkIWTHbGTeMgEZyrXSti7GNT0RtD3nJthE7WMmBCEpRa8IcJr0p7b4gG7bT5Oj9UUF9gguL9t1CishcgKAzD5TIrg5u+BVrcRLPuUGbAwZtZmegh/U43Yi6sqRZVNuA4tvC/uXEqZh0oD/JeZkbn9Km+36agFHPKzEeZhh8VX2SJM9LfepZESkQnPDH6eBR4Xc5kkbZ0Di/dPxuHEFLm61ODtWF0ILwn/Sj0Zx3wFOEImgG5Y+L2DSSA7pdEkoP3YHmNQMbe/t2TzUE25LzGbVHfCnYXNOD57MMlmcR4NrKAM/2Qg1WkIz3WmTCxAyAcEGtDxghehS4eXedCp+JUve0PRkLyN3rP3dknsJdgoR8ZoCqeeViwhEEfxuLSZCDUDhWOl/EYU+nj7/u1kwWAp1J4JyXkt9lWZ15+u3gUlwP40F0fG0xIjdMQu1geEt8XrJfin6aqwFTtxPcTjO9MsT9njVIjNHhBYvdRl4UsjGS5AGBYlIeGVi6QMncjdXP4mDNjzytrCC3t11xFOfnjVen5AmF5xK8SVpw78lWmV+QXHyjp2lAoAtuWgBbv3wQcRSYuiXs19EbH6rqLa7MVSwfwmTq6RH1s/+PbeYMgxnWyo4IbZY+HAfb/HgQHAM4AbMuWCoqUAhper7FfnSQyZ2335cDuopzcvyXlII8yeHo8yTmy1diR/SqgpVQslXdo5UjN45Gl0hpRAnwU8TUlNmDNcP3Ga0C+T/cF6gm5X9g7NSDswjznjmZaDD7AzJLb6ubqC7Hj37AXvlxGQpk2ZrkUy/65YuyOn/he19qTsRZg1Y4zGdQKwmpJRtschxlKZsBFlHqSyVg5Wa8IrgIKk17sFOg+sfJmA26YXV/wBeQMDXHxbsGwfsiOcBzt/1kPbrdaB+Pjjx1/wJU/mE/Y1rKXUrWiqbD/67lv7y9ShiHsMr5KRLZeHLbapen2cE0LgQGOuciyvVloumQnVZM/RUWttXiQJLOLEJvPJoFaItxH/iSLAu00cRgK1QMI92JkDpb1aeoAsG+BxBUnnSQg/LWYvXbL0vk7KfVBi8ZQ3w6VAJY1NrPbwkPkz4Nw0PlSmwkJIlBWjBQYhGCTx+vy6b03ORE76bixAtopprTYr7Ha13TXQi1VPVkjyb6ckpovZL+zXW/cpuwMzWl4lBWkA69bjGbQB8YH+X4gElVAyqVoe+rZ0QIig1r8rDwclArCrx7M1NMCzn+NET1MZ64wzosezFSw1E+MWA0NEiL9cahkZPid/QNVvAOSvizEMKPKGWeIFYpAm6aJuXpyuAMmhUxlenBiimWDhgS/zsMyTE2Mt8RbYcXRwUsNW10rnOPQDEvTduZB/5LOp7x0We87n4B1zV6JhKHigr8sK64eTDb5McTlFQiRCoU4Ac0rbgJuZf3lb+s3+DkbpHdjvFYsKMTVddTfpxb1RJfYiJVXo0A2dgurWoKDXnLcxT3KAa6rG0IbKthJ4ZXegfMpyZxKz7KKajDYbVPehBFnsziG0SikYvTN6dfOEIlDSCm/NI9VyKMMq/Fb8Vhgj2eLNb6J71kINDeOdkMjjHBm3FKtjtLjtsBsePgcQyy8hMzuiFnzy6Nsnv6FhEPYbTjDhHeIr/uE1nIXFoKexwhWm4F+/C2XExnNhMLtU84bsl9V3chKn1rgs5nJJ+UHyO0EXzpSI7o2wCiuRPA+C5HTmKzkrCLbUNKcg+u0eE7xpjJ8JhQUYCpghKcaOnVFiQs7ypRfxq8EyL91tgWWH0XaT2IE1zccuSTRgMmh1tfJDsBjexQ3nVzsFDT+OqnHG0ehuNNBo2jCXnnCJ7c+1i+v8CP4CZZU0TCnN7sHSYQEq/h1EMvXZProJ3OAxV3EeVgqxMiBkWsdC/FuVhbPlGnCsexd29bec/cd7baFarhkxnoWGC9w4h3B6HeEG0+OzOfOu+N7gkwswWxcEsiSCrmxWXjD4XGw952hkdL9qvryC+ZY909nza11CPNHkSbL0Y+IhByEZoy0LI99vmWejd+ssvSrAOu2AAOtosQle+2kSlZZI2AOMMuj/YyGtlq/p3mKnrZFXIms7JBF/p5zRzjq0OH3Nc7wqdlWGAhLVV/16eNkTDU7irgWacYC6xoFvuGTiS0TbDbp+jxZA1zRRf5j2JZHZMTIQm8hUmQ2bGleXF2TJQOnGGxnnZVB0wIycArULliGISUVSZzPffP6RNOblfjDiUf8Lc1Ub0FFe7dWH6eLQpLGZIy/WBsGi/JmG9Ck6MVNblZNXB5RCaRshMBoVr3OLJl1kSZxTV2cd7t6w83Oxxu31TXAFjX08O/BXuDBwSvlOZyb9IckRxz/+xqFgSXIrTqcb2DxOgtl7wv2DBwZCWfQCJQe/YZ0FtHfIEBxZ0kYSriYRulcCqRWXLR+3bnFMVEPtMQSXoVadAUQ2WNNl4DrgKU7qvk0Ja99eRjllEDCCuju33IDKL4W2kmhELMZF+H3OKqAPj9VLHkAWzgCpLuEtr/zR3sAfJ0c9Yu51xPSJtPPKXttKCp5MxyYP/+kXu7eQRRgEb3HGgzgH9EsgUZqRC2SUULhETRkyCSNdBPJSD+gDs6goKNYuB2aV5GClUIVQw/iTkOulrgutoW3/Pc42ue7QAX/EZbJf3HTeqOTubEvSU2fk6yBxdCzIvwP7qTyV7GeIwQFYYn7ZhCDpjE7F4i4XMKMgIeLLQuZv/0vzRMo1QHBy2E84Qg8m0zsCR2w6H7ghusysoMC6oRI2A6paJwsFPgcdJji5G19/KgMPw3sdHMamou5+LiT1PWOKkjXmP80aGRQi95vTlaXZ7HuBwYfQ2RY8Ck5s2vemz0pzY0BBRCuyf7kfBMSbO5UeeEEpykXxUQ2DfZ/ni/DWgpVdAI9RighBV0OeSVxdkOyha8bn7iSSWvu9PTtMJGmIZ4T8zA8/38csqnvwzoqAsakrrGFtCUX6Gmi6CXGbICbQ8LPMGG/+NHRpMPmV1imP79e1mbDU2x69pzj2R9Er9wKbwE+mjLtQ0NguFbRKAT7aLqveR5A4aQ19OjRPNnOgQijPuH13+xhQ0z5HCZA4fUzCl7CVT6EfAUwMsII634F2/Aa6UuSQrCj8hv1rCYDut6yG+RjMg/a0QoCNhv4g9q8tg+sRw+iTg6qUJQBuy3ECMM+1jDih2Ha4LOT05j9a0ieFb/GnTNC1sj5lOKLjH5JzjJNN2JIU1p8OAeW5Q7nUGxsKfFflIQm+MhRsPtJX63so5OVCg2oPEH/9vqCim1FMbrVtNPsDR1SuEkvF0WEM2L99EOb6D3fMshiT5Hj5U9QSIduuZsYiGF3uvqKGIwhOfjjmL6fsI3hPI/IxcE9VlFpXeY5KwYlUc4H8/qlrqmbyRW1GTnhQ3RmoiraVB0dOXLFANaKG7bhiGw8TRWBKlzJOwE/vRIk4y8qkaRbyjX8wjkBZhWeBO6TevBXpdfdJWyNvAvWZ1Kl8O8wLPdrNNSyzYwc8A7auAcPtnqv2f6owEtCohl3ErQlO1TEP89DzANjnnYGrwEN5XEY6OJuoa/F3hptqJSwX099LrQQes+QQodYrhwqQT9LBW9dfWCMtBO7ZIjha1zkw5Vu1LjMCeb9PdR4TMibFkMNCqvlDiPqM/AlQfBxEjzhnjw5H7G/QsqN76fWPRIXWKF/mVfeCSrcrK94Rqo7/tE1+RuFMQur5CitBFUpRkIyfIqyi5ZISzG40YXEe7Md5vJNwP9d4ESLFr1jlVkN67PK0+g1AIoh9P17ZmQOwE+44s6eBHe3sDROBL6i7lyrY6b5nv+jhUVJ3EWF7Nmy9oIq2BRRLMKQbCldWqnWjB3rY17syaa6l0UxYbytlYV9X+NOZjIZyYpaAK99QTN+apaGRfktIj/3/YPhJSNb5JXPeKExmBZRitUTIVUJt3Yfra4KmZJ/w+04R484zKsGuzO+dcZkdruUGT/8y6/dG79D9PuMuanlZQyoMLdNqw5IM15WHYyGI+EE1xIcqhOwwUxnJaKXcXSrQhCTaIeASenQrnKc6n3WUQzr36ZWDh0LN2MGeADRIWvSQ3F2cpoHysGCoXB6zZBcsSiOWMPLxSVzksxJNRqLfeXJIb0+nYEIiR+yCRbzufolxEnqyVa - template: - metadata: - creationTimestamp: null - name: webui-vre-hostcert - namespace: rucio-vre - diff --git a/infrastructure/secrets/rucio-vre/ss_webui-vre-hostkey.yaml b/infrastructure/secrets/rucio-vre/ss_webui-vre-hostkey.yaml deleted file mode 100644 index dec240f9..00000000 --- a/infrastructure/secrets/rucio-vre/ss_webui-vre-hostkey.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: webui-vre-hostkey - namespace: rucio-vre -spec: - encryptedData: - hostkey.pem: AgBgMSjaRf5McnbCU5YVxRk7J7Na09uXhcGh58eqqnM9OZB8wfyNjUWUyw0QPhWnrim2cMI6a11vsEpS3JkF2SlPShlu+ZSYrJ4a3vz8JOkD/+tICW0jursL0I8HkA42JyTa3QQJkEQZdC7ndlunY+5eu619Zr7bRrR6xHhXFFSEA5QjpS+lqUeuzcPblCSyIQyUz5v/SWjH9t5McS5qp0+EErjPUHYIixsgWDCelD6abWtMM96p51t3+EQx+2OcDGt7vtr8X/2+HOXSRC5RQjQ1UhCkLwglKx383T+eGY5U91nCAQnjuHBa3dy+jkDRWB7hZDtnnJ90w+3o2nkMsax19DTFybNtut6Mi7C26/JH1pSWjQxNTXVZ0589xAc6sIwWRUgRJvG7cS6Qyb90PkkxdXp0ePYCrE99k4+oDQe/KUX4kYMAUiG0/mG3VFzS4wQfmyq1n1Vy8kjRFtTSGoO9tCvcSKODmviFxZV939aF4FWtg6fLeIlboXJc6Y0KBurHG+WJbFaNUnbFr5rz5UV64GpgCocXE6KvnBxAGF7GDEIJuvNMTMjVtxK/rxn7iehi/m0x1Jj8HQ/weepoBusGtjOoYGd+z5vFvX40mBrU/vVKIWO642eyS3CJaseyVHp7m1VwDh8yyUgDhzEF/vBRBRZ9aiBL1paw/Vs8PXkr9bzeAPaE717qlInkuqAVMcRf+4FBEviIygTrtEF/XD7PYa6cXCMA6YJza8llmDx6hRE8y3upWqKOgYH1eQ/ssYpmi2ys+Br4XAkI1D6sZuhpHszK0hgUdQw8RsOnymVA38DaTZTFDLOh03Nlwdt2CyFbZ331HHySUkY4dRvX1lOwyCo4emJCMbUncTphaZQWBP1/mG5it150mikhhlgJ/K86sdtPd572d7fESCzx7OKp4h4yF5UFLrfrFDicwL23/U8z7gj/VQoAY4f678iqn4lyR5z+8dBqjW7pN0kGEbMl5J8YuJDOz5nykVaVR80b4aQ1KSRogwUJZJmeVV/fhUH8DNtWsBkIEuDguvZsG5t4Qa1hksXWm/3/3FUDsqVFxwvzlSP7Mjaoq0CKSnODnuGYDlKEuq3/IDuExikpKXOBe7cOV0plvQS4zKg8XAPj0Akct3znnTTBWReLarBpQSKz4D6T8OOFcR3wI5vVnrdpu4ykh3r+fiQQ3pd8LkLGsmA2i8qzQxK0C7nqCUqJz3X/1qCNttQ7KINrluuhF3KdbATTZUp+ryRs1Zaf4xK9/BHciF+ncE9pxowJ48+mtfsQWHCQmrnQQts8AMc+Xt0QAr+JzQIhYSYEeSdfvWN9ZywvMdDT+mG3+dkH3vzDRtzoIG/WDaKLRpC0JKudJNR2JGmUNvvbK3bqZ20lWWv2NqVLiSB3DjlHbr4i2kY+dUUhurPoWW2Bt3Ql1jMttRGG8MIjRDRKW/9dMyIdkn8glWkDMqqt/V8nWRAJI+RgS0g4pr/+NZKbRN2Fjdrbb0HAXsF4xpmYFoAaOuLLYyrG8nywor5f68PgVO0Qh05uZ9FU69DyI8iVawzKgluqmfOsCvQsMnQaRyy/51NkQaSxxRpkWy5GA5OnRXpysHjLQrcbqerd/z3WxLDGuTlDupVL6+eX4H+5Rc4h5iFfPVwIPhMecxh3D5c0iaPQRVsqO45Lc6/Z5I+cNRDaZTegrYX7pc/3HYP0+U8/qZ+wP0EN1z90lw4ywomISA7RJSzf9SQ/n/mHXqm+TXA5Sz/E+ZtbxN91+tSxAP6ycfvcJE+d9ZrnAj3hui2dlxvzYCqKMhJcj88ySWbS125Wc0KvPyxCM9LD4lO4lR5DlvGmLp93hiZumx/igqOufJOVR43Q6te5DiStCES142rZP5e8f8VGwFxAmd87l+FuhXZ274F1lgu6JCYdfeI0HxCGGAzKF6DZI+AqIi9jL93zpg1Of9YfZgNZ/q2ITuyH4smoRSyTiN1TP2tpsaRym05gpySnuXlnAarkhATgG934WPpNIZWHkAzA9/kW6GwTrnM1dMxHeUeFYiThFGJlNJehCaMz+3KFx2ffHjmf/lsC1ZHGZJRF6NrApWoZamw7pvUbycVsLtFSGjlhqFOBg6rh2sEHy0QdbOu8o8pQM0w2hSH6b/VJsbHKRmucdgLxFjgfxHilre0/xBBMI0WSAkSsxJvxhH+2aNk34xqfx+cE9GAtttJKAvPWmjWSj+ut7NR27ec+Q+oSwdLrXSOf8pwB9G9vbY1BQuudMcjaIe80/R7rXsJRojti+sluJHC6ttu2cyY/ZQyDzKGZw3yNt8HN6FNELwhEC7sbJ3xO3kqLMyxyrdvqtyoyeva3kO67E7CmQganpGjUNCzCLzd7eNEWmYyyNixBaqoX5xkkznSXkWqLZpz/fYM4+ze8VaTN15D2GDNAi8igzj1pgTqEM8vy+aLTh9173CvxytZNSgBTBmCWoiTeJvFq8l1eFMWbVV4NrXEABwxcUjvsfFao1YYK28qM8RHzuiccNHx/Pi0TfjdC0/RJuyD/2PNcoFsj244Qfur7oSdyHXne1hq0Z4vdpha05gQhJZnGNrj6K4j9xn7/XVXwIn46FWRlVdpiK0rHlmnSW/dWXnvswxcDJ5o4j/qYum30wPhJxzkK+6DwodvzcRBWWw2z9UhyMcHXxLLKzJ0ge6f9qAuaAQalWf3Y9+NH4C3kmV5q3QwDGhuiXlx//r4PrxacFMqZ1PT7zXLuYcdlsqfLEbT8xKNm844WegbCAo3+Xs4bjWdL8YsUfF7DDBP6AHXJvwHpspYTWGrcFJ+4m3qRXGpWB4kTNsbgZpghwgK46w8B5RLmrq5hO/T+4n0H0/fZ9oG1KQVMrD5cRbVJLeO0avRJSJIg6V6aRcyykxAj03KJIAjma8fjpMIdYSHrChrj2aJ/rQeXZFVi/bO4EOy9CBBCaGO0/yCSO0w+qaUhZnrpslIfRQk5QbJq8rTgdmMRZlk4xnDkOSUk2Bc4tE+/wAtic4f962cRWkaz//eJt7p3k7oWhbF7iCsZphdfl1anrO+FmhLGdurE8eh6hWZLgvxHmHDn9X0UHWGwzxqnlVOZvsMmub3TbjnSloW/IBBlxsxosXBr/xgt83BuC8wYfGtmkBz0Kdrx7PgrBdJ1dbE9 - template: - metadata: - creationTimestamp: null - name: webui-vre-hostkey - namespace: rucio-vre - diff --git a/infrastructure/secrets/rucio-vre/ss_webui-vre-idpsecrets.yaml b/infrastructure/secrets/rucio-vre/ss_webui-vre-idpsecrets.yaml deleted file mode 100644 index d4a0e6d5..00000000 --- a/infrastructure/secrets/rucio-vre/ss_webui-vre-idpsecrets.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: bitnami.com/v1alpha1 -kind: SealedSecret -metadata: - creationTimestamp: null - name: webui-vre-idpsecrets - namespace: rucio-vre -spec: - encryptedData: - idpsecrets.json: AgBG/evoZOKu8nvVupgLtKtOoEPak1Sxpi0lylsvwWaIqJoPVoPsDwrW6n7qCP1Sk95+4qnD7hNgRJjOB+wq+1U5LiTsjQD82EtS8Fzwgwn0lUFLup1zVrs1QeTSj62QRKGgzcQavTpfDhGhk9JQx005iBXSUAMc3xLQdCV7vAlL+9JtIQHhOCmGezvi3uoYuicaegfyDdycZnE2GuFi6AXqeBniFA26puz6LxhHjFSNMoGghHrp1q2K5zlMm8q1VrUDaxknFGasgkCZAhc4zj+gomYs7dN2iV3qyZglbtrgvt2uHZlP/MBmg0wQm5OLsgIgZCxdpeMS/Rf96knFoNIJm55tvAv/X6xfqoJg1pUmYdIyL5L5tiDyhOFC9DbZzxb0g9XxfWkU4xMeM7WclNr2h3086jad7Hg/wrOmEjKkFdC0zVYXqk0ClpXKUMA7oLdZFdT7wjSMWnsko/zkGDF0clCUK81gq89p4IQR1ldIo3Uf41SM/pSggqfBcdHfBb89Cbn8Yfr2gPCBneU7gB4TWLV0YC2bNjXdZIE5eHsumjNi2Eu+h9rPCLPKd11VcXT3WmiERr0XVwVvnDfPqQqsSMIYIXMZGNHAAiossDLo/OkGPNtpy5mpX8N3v+LHjq93FcwBAZXB/ggcyziNrU9iN/DeS0Qgy19ysfEmbyiU+cc1fXYicXWyr9kq4zZPQE/7CgWYROvcxIckV3sC/U/HZn6pTj7gAt8xmUjntiTMbJVMUXox3lkDhXNpOYza9RnnXw9fjOOI4yjG39IeoPPv1r4w2PsFJIuSY7bup6I3M8BuzFTnb+B20Z61JcbfkBc4+VZ24UkOAjm8ja3ICDZ2eEwY+Ej1PKVU7ytvhSOF0Ls/g2096rY4ERXMF1GhsK/rAgdlnAfFxUO2+/Ogh+Lpw7tOODHyLkkqULF6e/7X3sfK9Ui3tYA4aSMKV0AJmNXrLrzxZCryAMsXiZm3Te5Bq1vEVlD+rEQxa5fWez1BTsDEtKpz+OCIUeJEkP47K3dFcVySeJzSfHucjMirMeaO1+xqgOm6EIxK4QP1j00U6T3gczgdbAZPqaehOiS5Y/Ii7IypkJ8YDB2+zYW9JrAYqldFTY2Bxp/VJ8QVx9LdyVVMfftxba/0OdbgipIzGocrkP3B5v7W2lcaT0I2VMIpjFJA+XkQ6rg9h8lAyeg7TkrvPz+XnEF7BFapuWV7R/sIAhDWQHbN/398HQUONEsBM7tK/c49mkOBYTrlwOz8IeXbX5639kj3lgHrEH30XDLAc0NUK0e7IVZIsH/YhxtzVz1jdGTfO7Ga7/Bt4ya/wCBHVvKA1+NZmMSte/ZSqf8oUVFBiCJxqkKjXMri9tsYT3nY9wZGPC0MQBW0Q/wTXG4JYp8nYGDjb37DOliAqC6Bn2kWJISzWTQovomjyUM3rqh9ccAyX3RIqwcmTQCtx5YNh0N35uTfpVAi4EjFiDo5QpivNswv82BWDRtbiIUq+MUwHxc6oqZwwADpcck525Prokw97ftUkvhPJFU1OiggPlsNnB0fRjNoEBsvz/uO1r/iHBa2GJrMHO6AayT5VKtVV1zg2oXfZMt/ONTmVGMBNU3IdAoR5hwPFicqfjAWch4r8K7DXQJHQ96MhVM1JJ3w2T7R2yKPSALbHfFKC6PsDV5AczGN7/RCLs9bY5gS4PBszNINOsbDjgXTX5hpohj7p3TPiHBsiHlYCN0tg7sGVyZeZudJAs7UiPkpxHzMbRKylIuGhLlxTQUc8i+w9NcAb5PZ88KlakG2bBvaDPG5VK61FCxgDMhbZrLHBclkQo+Sq/Ym+TRYHSst74svCWnzDP7pf2293lzPSByJJJYOFfAskVVR/RyDHsW6nQ5AYG2ZBC0aN2j7DYRfJ6iZ8u1bIXsdlg6M/0jug0lhowLkdXDCLKszAa+/qNloEs2Xq3nU9c+LXWvAxI6Ecgbp9ArECjYtO5CrqZ4BkGVOOAUh0dvqJ7g1BTJ0YHMPGA757wPHnNNRpJ0OrjoUi7TFuzjK18FfFqyZFm5zBkPbbMTlTNIpXlMv7aFjjISDReIoPfToP2VLN4H/LwHHxyAwgdgvF+4PypXyg3vx3a8zQl1IsxN8nqB/X1dlD/6FWNiBs5uSGhDiOsilc1dUtPiDQHCi7zE6b4DkGh7H3ASeoVVFxcUUhx0quiJGIa8PvQo1s/AotudGO+cVs+MK2eixSQFIhMukDclEaWMQ1tACH42EoCWJ1RTOKFOH/qrveDrGX8W0OALIxu+suNkFh6/lDUNy5w7RwzXFB9dgebriz+CJu5W/Ykf+OYMVpz6TJUEio1QNOzUnxLRwWyO0MR+yZFMfiRF7bfvTdgUT8WPBbmp9yERO3jDQYl9COfWDiLOpWuh8whofr6jYNasqI3V/90NPrWW9KquzeQZoY9q10ewBbws0ichn6yr52083OSFkYNJHViMHYZNyMqUIcNxtZvusM3yhfqN7g2m8AmNK13Fy7DhqsVNyvv6lrzvLBWET04OwXXZWk19IGmXrvuc4umpwn5IuO53ArpJvlzUujSC9CYdrWaygv368GzqB2isnzwHiAYRp/Jom1I5f7SScDVt8m8ZbFHo0yBhIOCeklZ/U8CjRfh3vdGdmj1Nl2TB+7AucDee+4IcuDsprNUi8w/WUFQTDsp5GyQYXeMFK8u++IL61xLn6qNkmeAmk84swEo2jp1UC2wnqaYM56f/OfxNjzF5yPpnchjfLF1k9/HZteQD3Nr0LXvGh5kq720WVfkO7A20+JGrTNBfRXF9636TgssPpx9P+ixiU6ORCp5nZGag/eUxBtgDzI/hNpBrjKhBjH1AVFsGC6aI4s0053W0IItRs4CkQGOliRxxbDlMjDTFCHRlr8lVZOSu3CHxd2P3zIMpNVQlsNjnIUTYNgxZF2yDQj2xpiogxiVoh4WOOvk2mO6/LSQ5m+sBMk419PVjgnLATnCIu/4NHYomOX+0DbmChtQgK48lueyt/pZ5JUnXo2P2qjDoo5um1rtDyEekb3RXZ9Nb3Tw11h3Tyu3Y0Fs+tmXBeWNmMTTHqLz8odOmXBJ/SD6wCFo+AlyhAT00wXFhVkmvIIQRMoCtkXY3LgLJWG/k+QaCbFmZtbVc7Q2IyL52GNiua1BsPMxHnOAySQeFU1BqnvYc2SJ1cdse71AIlPVpeZCnMtYSyMuYP8h7pJxTaZKDivQUzEyewkW7lqVK/SHPhCShHs4h99vGbbDi1kMXN6NI/JE6udfPHQ9/P4QOz0uKiwK+sSf2m92Xg8Q== - template: - metadata: - creationTimestamp: null - name: webui-vre-idpsecrets - namespace: rucio-vre -