From 3eac52332800220b0232b758f26670c7999eb32a Mon Sep 17 00:00:00 2001 From: garciagenrique Date: Thu, 14 Nov 2024 15:40:51 +0100 Subject: [PATCH 1/6] VRE rucio UI deployment v34.6.0 --- .../cluster/flux/rucio/rucio-ui.yaml | 99 +++++++++++++++++++ infrastructure/scripts/rucio_secrets_5-ui.sh | 41 ++++++++ .../secrets/rucio/ss_ui-cafile.yaml | 15 +++ .../secrets/rucio/ss_ui-hostcert.yaml | 15 +++ .../secrets/rucio/ss_ui-hostkey.yaml | 15 +++ 5 files changed, 185 insertions(+) create mode 100644 infrastructure/cluster/flux/rucio/rucio-ui.yaml create mode 100644 infrastructure/scripts/rucio_secrets_5-ui.sh create mode 100644 infrastructure/secrets/rucio/ss_ui-cafile.yaml create mode 100644 infrastructure/secrets/rucio/ss_ui-hostcert.yaml create mode 100644 infrastructure/secrets/rucio/ss_ui-hostkey.yaml diff --git a/infrastructure/cluster/flux/rucio/rucio-ui.yaml b/infrastructure/cluster/flux/rucio/rucio-ui.yaml new file mode 100644 index 0000000..3707ae7 --- /dev/null +++ b/infrastructure/cluster/flux/rucio/rucio-ui.yaml @@ -0,0 +1,99 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: ui + namespace: rucio + +spec: + releaseName: ui + interval: 5m + chart: + spec: + sourceRef: + kind: HelmRepository + name: rucio-charts + namespace: rucio + interval: 1m + chart: rucio-ui + version: 34.0.5 + + valuesFrom: + - kind: Secret + name: rucio-db + valuesKey: dbfullstring + targetPath: config.database.default + + values: + additionalSecrets: + - volumeName: idpsecrets + secretName: idpsecrets + mountPath: /opt/rucio/etc/idpsecrets.json + subPath: idpsecrets.json + + replicaCount: 1 + exposeErrorLogs: True + + service: + type: LoadBalancer + port: 443 + targetPort: 443 + protocol: TCP + name: https + #useSSL: true + + image: + repository: rucio/rucio-ui + tag: release-34.6.0 + pullPolicy: Always + + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + + minReadySeconds: 5 + + proxy: + rucioProxy: "vre-rucio.cern.ch" + rucioProxyScheme: "https" + rucioAuthProxy: "vre-rucio-auth.cern.ch" + rucioAuthProxyScheme: "https" + + # ingress: + # enabled: true + # annotations: + # kubernetes.io/ingress.class: nginx + # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + # nginx.ingress.kubernetes.io/ssl-redirect: "true" + # path: / + # hosts: + # - vre-rucio-ui.cern.ch + + ## values used to configure apache + httpd_config: + legacy_dn: "False" + rucio_hostname: "vre-rucio-ui.cern.ch" + + config: + policy: + permission: "escape" # "generic" + schema: "escape" # "generic" + # lfn2pfn_algorithm_default: "identity" + + oidc: + idpsecrets: "/opt/rucio/etc/idpsecrets.json" + admin_issuer: "escape" + expected_audience: "rucio" + expected_scope: "openid profile" + + # credentials: + # gcs: "/opt/rucio/etc/rse-accounts.cfg" + + resources: + limits: + cpu: 200m + memory: 800Mi + requests: + cpu: 200m + memory: 500Mi diff --git a/infrastructure/scripts/rucio_secrets_5-ui.sh b/infrastructure/scripts/rucio_secrets_5-ui.sh new file mode 100644 index 0000000..43053eb --- /dev/null +++ b/infrastructure/scripts/rucio_secrets_5-ui.sh @@ -0,0 +1,41 @@ +echo " *** START rucio UI Secrets script" + +# Once the certificates have been split, provide their path to be read when creating the secrets (NEEDS TO BE EXCLUDED FROM COMMITS!!): +RAW_SECRETS_UI="/root/clusters_CERTS/vre/ui" +RAW_SECRETS_IDP="/root/software/vre/infrastructure/secrets/tmp_local_secrets/idpsecrets.json" + + +# kubeseal controller namespace +CONTROLLER_NS="sealed-secrets" +CONTROLLER_NAME="sealed-secrets-controller" + +# rucio namespace +RUCIO_NS="rucio" +HELM_RELEASE_UI="ui" + +# Output dir +SECRETS_DIR="/root/software/vre/infrastructure/secrets/rucio" + +echo " *** Create and apply UI secrets" + +# Check the names of the secrets on the chart documentation +# https://github.com/rucio/helm-charts/tree/rucio-ui-34.0.5/charts/rucio-ui#service + +kubectl create secret generic ${HELM_RELEASE_UI}-hostcert --dry-run=client --from-file=${RAW_SECRETS_UI}/hostcert.pem -o yaml | \ +kubeseal --controller-name=${CONTROLLER_NAME} --controller-namespace=${CONTROLLER_NS} --format yaml --namespace=${RUCIO_NS} > ${SECRETS_DIR}/ss_${HELM_RELEASE_UI}-hostcert.yaml + +kubectl apply -f ${SECRETS_DIR}/ss_${HELM_RELEASE_UI}-hostcert.yaml + +kubectl create secret generic ${HELM_RELEASE_UI}-hostkey --dry-run=client --from-file=${RAW_SECRETS_UI}/hostkey.pem -o yaml | \ +kubeseal --controller-name=${CONTROLLER_NAME} --controller-namespace=${CONTROLLER_NS} --format yaml --namespace=${RUCIO_NS} > ${SECRETS_DIR}/ss_${HELM_RELEASE_UI}-hostkey.yaml + +kubectl apply -f ${SECRETS_DIR}/ss_${HELM_RELEASE_UI}-hostkey.yaml + +# The content of this file is the same as in /etc/pki/tls/certs/CERN-bundle.pem but renamed to cafile.pem +kubectl create secret generic ${HELM_RELEASE_UI}-cafile --dry-run=client --from-file=${RAW_SECRETS_UI}/cafile.pem -o yaml | \ +kubeseal --controller-name=${CONTROLLER_NAME} --controller-namespace=${CONTROLLER_NS} --format yaml --namespace=${RUCIO_NS} > ${SECRETS_DIR}/ss_${HELM_RELEASE_UI}-cafile.yaml + +kubectl apply -f ${SECRETS_DIR}/ss_${HELM_RELEASE_UI}-cafile.yaml + + +echo " *** END rucio UI Secrets Script" \ No newline at end of file diff --git a/infrastructure/secrets/rucio/ss_ui-cafile.yaml b/infrastructure/secrets/rucio/ss_ui-cafile.yaml new file mode 100644 index 0000000..a10f146 --- /dev/null +++ b/infrastructure/secrets/rucio/ss_ui-cafile.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: ui-cafile + namespace: rucio +spec: + encryptedData: + cafile.pem: AgCAQviBh4qLICAZduzdgUkxNUNeKMXThiHqhBVlKZWjmaCt5KpW33UwRtyAg/9cy0Y8qWykv6NDvv/THB0Gi0wrW3ehwM9EKF+sA9LSFwulyY/igiCOYeOKMiz5Bmt8ISE7g1o6e++8G0DWGGdduSmaFge3bZLbX+G4pGGh1ALgNvgwLe+tfzNu/N/Hlh0uKSRCt6pLRPkB+njlXExoNLyGtOgK/htcqekisHN5ovTKyOB4iEKTx47OG6VMYhN1Rln/2QXZUtXhGcDzcYj4PGVcBmXuTWnKYesQWkKM5xFixX+ZsvltN66p37WEJUJp1FfUmhEkV+s30v9odztM90AZ+H6B1ATDzvApVhsyKDYVocviX7ENTJNcpdkkbE83DftOc0A8WtzHSZaIPw6Jt3MAQxZPGy71Af89RiRUuyBEWCVVUVDeD6m+j55YzRIW+wNhORFndgJTP4kTj0kQJVh2QS1PQS1c7ctX1lmBJr57EF92oy95oh7+6QFXT6zN+Anxmew5RDjysA1AVzROdqMf2fgpWHVXHYiRo3K1uuV5AhmZIu8Bu5eSKFtR7gFR3XstcZcroyPBJBAwCrtSk47dOtFL6CGCArdiVXNz1nJ33a7PLgTofROzbZk2l+5SkIga5DIHAGUgPwOT9JKitRYLBNZUHGdQ20aP/zY3AwLHNFLG/3uGWMcn58+KLPBn9N+0+m//6+duAhz9zOEdP3buRQ07DpyiiRbG72tmT7iirVLGHfdsXyLOJM4u0Z0YNJOZXCVsI/w+stYfsxrZvRPaoEkCDqZ/5r17lbfj21CoSXMst3OfkG3m27eo1PY5anvNrJok/VOxYODL45srpaBfyPdtloO74dBf/v2g9yW/g8ad30WBLqpE5OgNa95yxZx8av1H5GmWbli7Lc4iQ1rbuZd8t7SSpha23fcQKelPBq6D+O8rarX/ni/pGtgwRvgLRNesalXJsh8fk271wA8W/MzM9zwwjZ3JqdWQMtXZmc6TWhlmwjKSaP6zzCtltyMxuG352+FnS2NrNUqD+ZBgpEp44neeThaMaZnqzp1Jp+MV7puVAwnO5PzIoVbnMBx9Ur5pQjZXWpuiTKyF1scPpnd8HQowTI2I1B0+QSDljDkr8PztaZDlj2j7Az7x+zaTrXGDqqoPTJrMjICBTKyvKhXWnhXtwARZXY+FW+5nhGZGNPeeSwHi5WyNAIDWUWD+ra+WbFDOdamOGc1F3us7JtPa4h5lU4icUIw0fzGyagfMVBdDyzHJ9clfSzBa1yV96XlS1vbhI0sUqH8Yv/SwZw/of+mOqLrLDDshuIAH6JtCZ3Ucw+bEWVeYfTr8/rnEfoLlkZHVGUj4ODt+xZgFyJB1KSbHxvi1jKlSI/G+FvPA1ZwjcoB34HRo5oxZXG7HBTqKCcYsDUsl4/N8TB1+bCdd5onDYQUY1qNWjKBQkcYNhhk5flmlhXb8xpjXjkdIvUMJTHiPyIw0MkvJrJ3gWiMIBI9Cgj2DFCkY+InzngkRvcRbu/NoJY4sLZ2UvAZWF+Nai26bt+PDqsiZAirxxhdb4Ck4vBg7EuKz/G8erDLz5dBKJfGaInYXffMxDTduhIDGEFbRMsBbtFVBgXnKShp78IQjk0d6LB7wque7CsGUcZ7dG2M/JKIuMTh2EsnIu4O/r8vA19qiwqJJxJJvBV6sFkW4feL/yGPxllM5dzP/bvhFKxMqYOoYOtBdcLJiipexhNfZEwiKG/0U6zY02GTnC2rB+S/gFB8mCUTiX8wGC1ayT0LshUWbf9f+mUrF6tGccquYNh61vyoD2z+ABIBn2KfHjMHG/54q7l1JYXMIgyql/XFBgFrsOUxoSGbxRJB3gg/JKy99B8y65X3z69p6dazc8TlKhs87JVzgP1ls6Dc85cJh8f4wC5SRHCnhyOC05x6eZ22YE3qPNpwbHk/4rgYxgYeY1ZLjBMD19Fdf9oINLdMAFLgQUI9q21BPczaCVC8tWyBdaWaFoUzWD2w46fC/ZuXjw+A7ZsVnt1KYhdsX72J309g+DQRf2EEhb8E9GFeiE0AvZGRxHz/B74Q9JqkpkjC9ciVM5ApCVGRB+IWvDM9Elv9detQhg/o7cuujaMas5OlECGf+q38RPsLWrL9xGUxQZqN6UCwjlBdjs9sYo8UH/AIWx0HPcDMtWLxvu8mdSetS67NCGJ5QxF8K2WGQMNSFpbxnqBzriVbpHzKiVhh604BnBy+b3ZJ+7MOMdkNJtbW3cSv595j/lmdCQ1nsJ9O30QzcBPi9qAsLwhohaSq+SezXYX4vmGjzLNmfHbtqlFZjxu9A+86MCLRjnmPjZx+78wO0zHepZuoaprZkHd/8KwJSyvVou+UivsQ4pS52pBo+rY7gj6s3I0QN2HIKyFb5fTPdB/Jsv0eAt3gjcUNrhmE2j2L2DYdm2C0H+fMkds6i0iyD+YHRmh9SNqfADJDGW7n1u7mnExRwdEY2ebw+ORubkIq+EBt19UM3xhnjjan6GMjWoU5ZKumzWfQwlYLQeplxfNm7q1GYgYwystHOwCAsMnxkvE4mS8d06rQH5UniTdfUR3jrBinZjwSEaVPMmEfOdbPzs9+1cvbzswvLWBsZEjx4Bp2UeDfmlL/YjelMh7AJ8JZnWVHWm0edWtpJOh3pjQQhYu4j9iMWIdBKzsDKG6yNGkeNToJn3SAQCOy+2K89NhYVNoBVYA/W7PtGafYTcWh+SDl0pAdBGJCfcA7zeGSybBz0jRglYDydB43kYCIZkpciCLK0PMjAJcpeUhS/sNwk9xP2nqFsb2qG67kDVhlhyc41dPquUu2MgPZEiJC+FN5KjriqnmyXnu608noeMj4UXz5TMS8Bsq27+77NtDbuP7+2KzbfnOaZxKFF+6XNPg3Q+OQUdgPSMi+qiiIv3QOw1aza0rTc8GiV7hBHRC99wfilptPXhDQcGdl/vYK9xybCHNxJkGXT7KF51oKSkslGX6Ftpq3TFjm33B1wVMMgXXGDb/6rUumHbqXYGXGMsJlNxZv+UiQG+qf0dm+3KHjaseTdwNqJRqowFn6pgt4x7O7/OZ0DKBKcuvSjT5D/m4us0cI1Vo48EyZ742V0HrNA5zLaQjo3Zge2KYKWmEQjnaM8JFu5AvZwczFOoNxBIEjUF+/wmCpptvwjTMDpQia0gET34jWa+0G+f0W3YBZaFm8B/TE4qXsA/viPU9TOoRfGUse4IeLJ7V3UCSU9mfGL3kkt31+AeEiKHHrXtUqu5xAZsRzmP/uk+tH8mXOgOeCc1olbUmVA5xgE9YYAMolRV0dcKthPZiVdH93Byrmx8iM3MTAuPT0qGxWNNxP3/cgIRjX6bR2e/DkxJm4CcBrnuoVPw3G4NYLMN1SrZ5PPpb5uPhAClBEdRHGQCY1nXVGiMlBYJsXYeXTIIYN70+YEAICUNVHfUdYEK2BlxGXmlR8pDmHECC081SP8Vh2/3yrWu8F+8v2T2G3qOnN1F3ssVjnGCCoOdzHU0SGyyrOQMIGxU601c0xFi5RkJxKlC+l0+K9suXEEnvj/j5AefcVVN4wotMQVZW6U0hcpjBkgWNy76KlTcVOrZOrTTxnlyeewMNLa1Xbts3r8AJUa5+fbePlUm077Y0LXl1YiJbl34m3Ddl1WV3Qj2LwTsuddX9SNxzzlHQXNx5fD7ADkWGDp6ho6hG577aeWvJIPCF+SOx7ZHbAw02iy0WtcOMeNC8qXZGdQSLYXRSKsGl6tFKTt8BnOyNE4k2YbEB2JQnUXsYW3J1Br/uVGbUONyAM9SNoOnFfHhfDFu5jEcD7BJf2DLmx107OrOrXcj7Bj1ATZxqDd+LwmH+QFoUjoCY+PBLTEJ0d+jdFokBCl70/1nmXbpZYMs1gEkJBkrtLCiQkZQhJY9pnJVqf4Am0gzBqI8mZvaNnImQjEsZIrA5kvJxjGzboItUrtj1GGp/Df4G723g+rznK/raPMaR2MZzO/mCCZlW9cUP/golek1yGII8MKeBnsvCOOPcpbCN05APj48i3qjOFfwV1tFG88p1M0R+WywnscStNBYP4diXyDsV3Hwxv+5dlQRyHUmxlzWHcQs2TFNb7uBSPLiIkRnB9xIhcQ0yG1W0pYgvoKav8ruAkcgQ8PD6UqfTs7mDCxjjZ0/U4bpMzQmTCB1tHKkYRQR1oSskxSNzve2K1DocBH855FdaW7ARl8VuTTNZwzmUI5v/gew+0k3EQtlixMoS7xTBiKgar1YxfELKxQ5MkNnWdpPe2RBDlZFcb5bx11QiriBaHkutmlvKphDoewKFh3rVxCC13qL9uTecc86f3oD3CustsGh4ttpL0fn6nShVz7Q7yqIny3Fro3RqTkrTq1+PQLnnE2wspvEnBVaiBm91/pyQjLVorOEgQgtYwAvAaoddd+A2WsbgqnuF/6s/g8iW6S2iWJD8ar/9NnYwg8Cu2n6ApaMOZgrTZFGcofCLpd6siREP8NsvdTI3B/GNmqT8H9NThjJ3cxTF8aRSgdMt8MmErMAKREpDTwXEJUelZFGbp0G7favxb6g5DNZqICjQ+l3LdaNnWCIxuQsxNgYhUEQ9aIcESEwx8Rf7ry9AF5gMmVzzO8cSatyrIUjxiEpHSGJLTRYe6LDryvbVruqhyrwC8/BpgoRddtCKfzliI668CmeJYm6x+RaYre9fXgq/8UVQssgJXcbvWuhaTkWL6b4/Y8jeV8ftrGAwxhDsCxstxUAugj/JY85fKi0B7NJrJP/cQzB2Ghwl5qxsHrma/VIYJAed9FFVswozE0nZFd66xqcXUUdFyGNwLMlJMoTjzY7UDvTP+mAK7wL9e8t1GLYBbQbBgoD43tBcZ3bhvnFX4PnyxPcJ1jL6vrGIvKO0FasZ7NJ1Zx3J+B/ZMgKRfM7BzaxFmr867PTYf3blC7ClO2oxtT6CGxE5xnuHurXMLP5zxVomgbflMGb4wpSHljKh42r1yawRYLVw0ki3toygtp5r+ufNADgYeyeszY4awTWRfh1/s1wOU8JH6aGlGXpmxiHKJobuAOs5GKDOl4fJVBwl4psTjSvtpRynrJAFICPXs9722cSLXP6Zc9YVYUxm6Mxamjg58N4TSH7GLElsAePPN8Zzx9HcnRtQFZU3BdjRTHo72jW3HhYFvKBKpTkRXv2P/14+3Y7ufHQZuWcg7r51TZo/VrI8TUxQtBDu2gJjmcFUE5O7AsE6cFqC1wDjMtmmI+rG72bXRlI0GFtw/2rF9LtLrMhQqEezg3acfKUrIqrtjM0FUHZzKqaOv2941y296Le54F9KoLLWt8eY/4O1D4DFWIIhx6IEyiXCYL9pLzoA8pfKY/1aRWwaWr2eOiWPTUTpt0RTQ2sNN+dyt2fBkz0eu8oj4jQVY0Ovcb/lxukxQdvC3GdcEwmvKb26+Dqf3Sb36wsPwyuYSBdZKFcycN1gx2pvIsoWOFgen/pCHYX8d4N3PPykHSc3WMl0YZlv1XEYnahnD7fdjqm/wFqOFg3FsrYtJFhpCcyqpQlPTOcHIBMJii7TEWf6q3HUjSXORXtT0q0wuyL1ruPARiRJmBxfzEKrdGdU/Mce5TzuTW+7uaeayRbMAqIJyZ2UC0H9otTzBtVdWXo8L/btD9VeV4r17w9+P9553vuckTDiYPrbvwf05D+BSl1lnmRA6Vz0rWJCOcRUEkp3teC1P1t5YquzUQb6PZPX4Sk8jMiQRwxNRmpfWAdGnz+yQlT7DkAAUGoEDGrHXpGFb/95ljGh3rwY+l9eY/mitQsZAGX1HVXY8NMlqWmTkMpCpDTeN1YQbQP27xQue9DrjEWYnLqLhH1DpHFHV8ZF4V/Tl+dIBGDfpqEVFcCBXhv0SLlEDMXTt1eI0QYSZctbjGszNwwipGeQMbi7Z+IFAiG19YL/6XyQaQB3BfSVEVbfsVRpZdyfwP8JbLZBStxp9Bh0yib5OjD140wYMym2YF/4ITv8d1iHeySlMbil2luqY860VriZtJbI7tbVBQcHRXSHh/eqrN3fv0sHqFB92Mq0jUVTmBIwcSi51scDeeWWHA43c1n0Hzig59EybvU/ZfGLxKUoNY9qwIjljN60Rsauvvw7jmaaJVmbx17GE2cWjO6yPXM5rEV79GHiDPty2PVARacLXzjdv2xOipXA8Zy0bN8Nc9YzJU13mZVfZ7tBw4DWJRGHVbJfHSWVAzZwbfaADHUJZxc9YqVFIk1KnKPIUAGwe1O0hvEjW4QPkMI2lCO17XWNSVt4JkspnUm/w6/OnB6X1YFudHg/5ckGJimYPzcyuIhT6hYW/1pRHb0ESQRZb+mMZDXlmtynXWHaLcjADnMAsuCQZ1CxoldzUgC1snSAWr2OtW46S4GaKZGYk2tZ+mRsl0tSwuAauWTtQ8Qlzd2lpaSD+a/eQBQkzCOlF1YV4pXiqrITSxW/EttENHTCQEcAch6HkZJNTIA+x86GhklG9lPLh7j9NrASgbWAJVfJctz9JiXUhK8vM/C2q340cNwf2LJqTHhnAZ9FjosaF5Z2dsAAg5hdh7ZV07hnGSncbAp4bOzBOv7jmWCCob9jJnHjbpfFw2QEWB00M/Ku6z6z56AGKCvtaFgqV6f+z8Bl+3/EbyRbEAFr27cDN+ncDGcTZD+f1VJhNOD9IM7iIqsDFEFvoHFOa/O6xo7NckiR9pMH4hV0pu1Lb7e6W5YiRmfBsHqfDVO3HopW1ZOVO3FJkNDUyl1/DgAo0QPH5myVGzg8eSlRkQUUs9wcKoLptd1yybGMzbskkDkB12uDRun4IfoZSxnasJ2ro3ux6fiVHNZREYjVhmKzanyevfaefkAFsWLPUKh1Bg4Trybm3Ii8zhwwwrxlNfqM+0iKSHPGW9SK0ZDcKS98/iMxhvSbXAmZubyn6jO/tnHH/oJxUtk6KytIFwUIzaCSwYedNywEXP6ayM8DWnJ/jhuDAYJdRd5vwuSoVCfEOnV2T1Xt7597LpJAifH5QPupinx7tJD2EJBzho2xBH5KmDcG5dUyGsnhqtyz0kW4QqRSJtLqyyCKSA+eqYqMZ+LFlPjnPKjb92I7gIE6nb5ifA8R1XS78oGoBQoltX2w4kSenkU2gXrZn02/ITWk9B4PIKaWepKuzq8bOKphleoXGpRcNcbg5rgGabc1TlUCUigJI3xZh3bHXpWJASHBuR+vWQFYmm0kDVSob6dVuwfYMj2W9p7vWsedRZDfDZ336LW8c5Qd1FKsTjz09a1PCAbgpAdD5bWY56nqBjorAvIJKxM1gb2DtIJ9mX/9YrprTd7/N0Te//dB9HCB8LnMrc52SzywH+HR7xsy4KFo1j2DGcAqQVeuATuyTVj3s1E4SONbbnbL1PzUc2HC5jcnrg206Sab9cYVT0nCkALaaFeV3WN2+bwTnRv4Ks2IJGHZdaGs1ZYknbCtYO+RYxkZDHfZBdp3Mi9opn9h4HAMuQMyvL2g6VWb8tGEO1/pwQuhpHD5e6sbuMFmtWo3ZJSGACn1KxHqTnfYvYW/tsh1E4s5AosXkjTTiN6CH5fJWW13ZsGWunTxlyu5tdL9zg9p88AFhx1mHMbncPCoXsPnB9vXWBz5FYHPAPOYv5fH5xN2amGAsmK8GlvaehVpRuwlUt+WM3gV4kQGtNI4t56vz4lqiHzV+J+ru6hMkMw4Cfr6PFawunmj0PxtxvVjs6ZldPqaanH7Y2l9W9BE4x3wvtn4Q6vr1FnWkg+1flxTmVX3iE+Q0UJTLA8dDBQ+Zm3JaAreyE0uy0ZRWGrMC1pisC93ukYfO/+LLaCwXXhAkhJ8GYqXJFeZgmSZGHLUAbCswMb9LpBjEuISeCh9yaPRHrwuC/qsdPWxHQK0DBg/fLDBAncPWvysQ26sn/vXPpX2P1h8tdwvX0lPUPvT46tbcOTl1rRxlqez0Ni9PRV1EiC5v1gSQAtJpyN3Mwr0TzX7idYGzydxU69lx4DeEr1xcuflfqTMeT86h4BQfl6D6TQJ8MAWWz6Yaaw1CvwCDvYK4bqyWzKguO8NPeM+wYatXYmfZ7LC3u2eAAuIG35LjIkZrtnljalNNqMOWl37nu0HZs/LWJgsuPn+kynCWxFVvTaVVqXYRB3YDQVNQas8JVCVzYttKqQfREIAN56hR+NyHusy0kV46OkLpTHW8rFGO2+3wXp/NxUK0xQzMVJUsvdDgTwzzlSXhqZDENp0Mri+7MXzDgUAyMgFcIin+VNMrnYmBjh1CEdAy2KSy1io/mnEjRbdQO+mol/9nNCkVF0bMEHwj9PgOPUhIy52zbQ/qNjjIeJ8Vxp7pPMy83Nz1ZeJOJ8JKR/yQePDPnIPdF7h+CZoaRDRFrJ/apqJ4t664R7YOc5u4hO3KIQyXmO3CJNtThJ4IZ7dCG/LiS0cuKQFbFmv1VXjkGOzVC0JJvNni21fCXjBI1kENzrzncEF95XvEwl8fEdgiu+UTFDYantUIsoYbqr4UlpzKxRvG/sWnx/zskja/VIlcDjAinmNY+KJovgfow4lak9xBL47KLDzD9Egx9gHTH3mk+EbtbNV6vPZdBKvaVE5mAMgPhePMEI0iBGxbdpG9j2x6R1tXwJX6VuHiBM1jq1e3fPUsUOgd2NrZ15M+qU3EDnrhRfWlgEjAo9MpeXl+1/Al3ypFt9VMorR9vntBwrN3CrUPnMZmS+NLo/YSZpAXOdZUjHm67PDtOrAIYTw/KCPajTn+AZm0P8/WCfU3/rbtYFyFfrSxyJfSf84r6BTdjvKiW9vMaAeaOkY2ELBu25suG2CaK2OvV2Ej51QDTuzkn4+em6/RBv4phEsHDF1CpvB59cz7r3TxwPyPqvS7F40MRzsN4e4Y108+AcRBmUq0XfaviVDn2lL34vtPKghgpYnSbh+3Nl8xHBm1LxYsFW2aHzmUah3UfysugTje9vS5EZQDDOE3tY+L5Jp3WGS+BGP7C1btZLefzmKXJ5p8glI1wsLyY0g3uS8IDrRFbvDHGdtc+jXGnflhlhB0l0M2ku1lmNTPSargee+88LUTZeJT+sqHpa/BR9u5MWryTikDcy+Q1+12Wymk4T3Iek84ZNWpPcDeBY1L8bZXk37DmkQLr0qiJwa7RRDawGz/zuCC22Iy4k3xbaZ68iYxVSFEYY3Jn74aAgj95iiNyhxdxvTpZFTjRapDc2RycDj225L93mdAvqqUgYU950UxGe1EXqczpqfh/g7PoyA9iEB73wbp9FwbEskdD0XJVAVdu8FBdz+Cx7rW25u78UTaqC3Rv+CM0ZnNID4g8pJocLNQgW+YVLJUAdEHX0IQILf+JFHuZc1kBhgcGi44D9Qjza9KALCqyjBvWe+qm5boQwV1n49LjWFz4af8/QXhiGf9o9610KygO4n1wv3bfQS6/OkBRpgHq5wBGjFJYT6Z4xOoQaqNXi1w0LLJ7aaVFzw4bfemPBLk4U/Cc9bfpGZnzNP5eQahyzZ4IV+igd5K70zUUu5yL8MK6+5SPaQOJ9s9MgxLHeFwg1ng1YVlsbjxeryP4rj3WeI+M101UA6X49ytr+YYGY9F81th7RoSQygy2XlHuFVK5Wb8mMZXKs+VQQDtvVB9RzKPr2F2rhnGEaidIwdhqoCpnWBIF48Rtb0HUz5hsqtVtFUipDmRgalwPe1GU2FEWBNnpgynbDAPXzUaekK1O6SwNb3U2ijAT+QZqag465OlKm7C+YGSn4EM7660Ig2R0tSJ90NBz0T+ltMW1lZAgAh3/OXHh2ZWSgIPhvAdhFi9Hg7PON34e+3ZzoAlkl9Wx3fD9D1LtnAaNI8cQZRdQXY0ZypmOilFPRi4EvPkqsTkZ13Nv+ehm/IWN5UZpXlJadZFOjwlf809uxrLvD02YIqxyCj8pOraJLZfwwofFrTDRL2RGWPuxQS5duPZKLD6RKAPnlKSpC63M1Os9xN84DRNOn5XiUKZIyS5Iv8kTu/Z0fAUL/c7NjHGrpgtAvQLLlr3PGs51/qcfTPrPoJC1W+bYsWsyTTZe76Pk1UfxrRcdjRyLIKB+zzC8hqpFQScZXzY6n4JAINQYAjd8RmQfC68JXGtNQbOoDkOtwvaF6zfHbTBJj8auJ6RLJ00Hzzij+1svYJoFpWZ6OxWeJGmrullZzYHO2Wy/9tF8mruLz7XMc6kO2CV9PSd95+FqiHIj59loVmm6Cd0urAVUFKC4yrEVEBqbkb1+nwcIvcU3E6ZGbWZlQyuqRUtp6M5LEBj85WoshXJ0ngVz3ZSvrSj13MM0iCYFD+9UYfMLgY8jysxN2jTAS0F0o1siXWAwppY8whqJxMEdpas6/MIsGh30NH5xAq8g7RUsMw9HXuElaRDTFb6Ph5RQ1OQl0TOgO3Nx5TccEk3+IJEo6ieDZkAATiKI7YUD4rJCrjQjhp6EY+PCLXvlVCIOWqWpDsWwEpAx0GGNLuHiAenKSNKS2duqRe3OlYIy40SJigRL9jLA3V4ZMmKslJKU385+PDGkwnZQKnQW9kW03rH3yqcDm5cdwKcn9MDO6767JIKky+yyFGFGS7E1OYz5OSysIb8Z6i9X4UGvqGI00sG1SSVC2VbDRDUGYZtI3SB3K7EdqaHzeiM6GfoNIm2tB3jvYqyXwaD32DTQNnOv3qN1A3PBX7qD2I7fhT+myDGHDEKIqng9RYSNAAKcREH93lAIgSJ3mbtWazVILtVUrjf6lcCllCrMrfT2gsZYohV/vLTHGURTcwuup//EYqnlGd3gS+ABnTysNQKXzLIU657mPE9UYzM+u+v9QwPy8OOTpIlBYnVjZmDXMIeEVMmvBFMnwGifZOVrCiseS5RsSv0V/wSlqBCUq613lxE048tZ+5rz11NacKkI+N/NXf38h3sI6VOTk6yBK3eVE1N7XzRD+IdStMIsUBMgUAyy/NUgZfNdG8icjD17NOKdzDZ3xWndyRM8rynwKRK56QR2X2XpUkfrJdDTNbVlvkgMDheSBoHrz5OcQKVH8XXj2W00pd/7m1kdBry/ml1tiRSBUmT5ldXuuEAD4j7wtxLw3fXhQmZBFHpMy57SMb31PZvloy62y2iiPvkTCECVjLUGdXSv2XWxZYvEZqkdS1EeWAWpAjfwMZeeXH0op2sUsqwCujBANPqGPHKizYmdqOhjiNK6dXfwop4LSgsi9LhWnwYZ+f5vgwifR61hi5zc0eDL/4K56quXw031BhdR/s/HOA8zh2WZ/Pav3+oqB/eZPiUFjCJEfEsj7USMEg/8k4Pu6a17WTZ3gUL0g/k6l22KuWQGgzt+qkpcvYm5dA3BY2jxqO4944IqddYxUs+bwLMsQSU+qAkfondk6PX7T9t1j1nmB14MrUWGDHPa5v4ca2N4EW4W5UXfg96pdKebbgZSPG/uI2JqXF6GIowlTMPJuY6ITlHMkErk8A7K6+QEmBnjblJy8gpqO4zBoZFd6b6GeLXmD8catzjSnCcXihb1B1XzoR+qRN5E41BdfUV8/99qZ/M4DybQOw2XUmenJz+uOdog28hsoLYPi/UjeFHaDCcc6+f3AVRzgmxOjVVDjvRPj8bd0jnKLpBLWul8AjUfFv5pO7GdgDcsYErmpIJ4n2ROWaLNm9dJsVSDd2G4q7qGRxzLXVk12Thn003bq//rwimbMzBj/i746ALyeE5fVmDL4hEu5uTnMGJ1jNCCyB5xXKcwaC0KUgHO1u/EjLnF+dnKRnNc6aGDJFQgS+4ytdAWrWiCwzVs232ttQsnxt5CE89vfVs5mW1T0XftMGZTFg+BwFHhJM2ZGlFW4cuUOo34hzZsCp9YnVAsROAHNk4/U+sTQzrF10mEqlmXj9AQyGSHypHMID5Pp9U2bRvOwBAKBzVFUKXn9LLed4khwmWGohgoi+iaYtVnl6KyyWj9qBxjEtnUykCrNuf6Hi1i4g+lwc2fCad4HCszwZ6ZcGCXAfAig86hA62kW4/+4rvL1/z5pua/Dn/NUfmxNlU5DAfQMpCIwaOlY/cKxGCWZn+rjv+3PGmLLDgHD32wLQjAn0tu+HNqP7v0kKVGBqZF3NHpG/aANaRldpJgQ3SmJjBb7YeJ9kw2xHkfqDxUGcejgBTLeCQ5eLMzhfglHdR4aUTuNW/X1THRcVNN6pVPQlks4RaZUsZqDRo+a/AEs35dMDc/Glg5/UJ9aSZt3urykLL2CZrc/jrBz3v0cGF9uCGyovX3MKxn+1T+w5vOvYNigroHuj1HLRyrpSbJAvERycjFcmN9/Fx+DYVD8GarU2BBSQebGP/T5Vs7kY7NS/kctdRgEye38+iu87QhgQuA65p+krjxgKqauS5DaRm5D3NbyeGkcR9wxZjC3RzWWaaWB81+KDdrUCqZXR9ynNH3AEXpH3zViOZRKW06scQvQS6CdwICQjfP5CpFDjPUcMre3FiF+rWHgwg3YbMm08RBmIs4Dwn6sMItiCY/+IBbVMBIuFjkiUixb4W7prf8fKMQPEsYd7H4IN36/w4y1wj4z6o9Qi2h/G0mB9oPwGAMELFpb8sgnvhfLQUg4qIteaTx9RKpYfOuJHP256+x6vxK+Eol7gEiHc+9CpL7xwmn0e08cHssV2JTLVPdb7Z4ROoemZPgCYQoAmLglOdu9YAt1tCIKhG3nAu+S1TzVLjllw3MPV+TswyIt+XBJOmDSjYqAsu2gH2AeHvwZNlbqxf2JuJlXCnwUbthC+tOAEonshrzNm7d/+BhLe9+GEk7Yfw8QQ2oAV/8/Vbk71iA3tDflGPcuIfRp4LtS4Drv+o7O2SM3b6QWtPfYQCyv1pxaOBUa0R+ecSqFM2fow3KN8EsqE63myxbsg4swFd/LDt2pLne3cyIaStwm1BpoaIoPit42isKLrqn8rs0nc+o1p/uN2MYOLG0jkM5t0P3o5C40y3OKvr2KawLI4vFikZ5I62kCjTXCAHWg12kpdF0/bYBsi8Bk40VDYoS73TW1GflPuyaxFuhTlgvTnHfKqLHBd/rrUSDHvZjPtcZBfd94Afvqeltg6Q0f0T562HLDyHpFkmVn5hWNcZ0fADtrMJNuKGbVKH/iOznsqn8CmeZU7ms7+vUoffDdcFQi4DA6EbrTHPiliRMOx8D/2GUVgON1JEGSZ5e3Mk1PuhGd0O8AkyWOQKlym7goIv/Mp/9Ud/1NZmDvx2rPj2G0styg5zstzveYLpY2l13RWssmLwmPgnVtZTg5sfMqRMpO1dfa5DLQ0YkcQXoLfgbRnBHah4JnPGbCfIo4ausulIpeVcTVi7GHHG8OGIedkpKxEpzpiNDcTF8jR5Nn+Z/odtCdswON/i5lahviYGsQOxGrgETRGMKcvsivnzEe4Fex6HhGGr5u0xXiO4E3Cv6mQ0q8RhM3+RjUySxtGd+TambX8hXc9aC8PgMD1sMQ3kKvfm3c30yS+0Fuz3SPSP1a53Xw/o4zG3ZZDyfGOjqhhJw0vwj9BJXXHXDZ0qBCv9giddKAkOay+J7wnBhbzoikYaNrgllXq/Tenp2luxJK7xM2K1/9jxMnbtcjAK/ywMGHjeorCbjY8v8RIYP0nySu20shViHilyNFOtH+fsrqipQpXWAX5Bd45dZEpgItMZaMTieKUtRnI2hoRrt+W+YlawE/SzoZ0IGTKjCp7Hr0oXXgDetiaqHDN445n0rJNy+WbN+A0KXwRv1rxyjVr+L+E6DR1qOBaxbluP/plrm31/DSXjiU0zEuwm+aPf1zMqgIuR1l+g8HmOlvRLIE5cZ+y53yty3WwrcmLMM3+bvCkL8g9WJxY5vNlljwpl7Ru0IieAzAYWPt+85Z4taeYElsQMeOrlgVS+aWVMk4zIeKdJ9EFgklYpK+hkXJsB101tQUT2c2QO9XYwsIyUP3h2QvORKJC5JQyJrN/CjDv/ea0jd5jX77UocpwA/U6BSYrOrXwXwQZa99ECZ2dAABGbnuO0Zk/Ge1LX7nnYrvZAaQm6xHbd3fZkIxT/l8ieVPF6EeyhGB53XzZBUMtSrQt8w1o4+0Y+1uvf/K0yvQiFJRk5nsOduLTKnCVRwYrr9NBQbvluwoZ5sFEY5XoErn3O3s5Prr7gviR4A45hUHFujg1RuD+xi0lFLgkInELgZ64EPgjHDgSCt3e5WdKmivlqIvNmG6J7IqjVDFuiUthZYD6GeQsVfaHXpF4YT9vssSksmxo4MEG9Z0ZYa/pc6Gdi/0u1DOlWnNHJgGJ6RrT870r9c24wkXnnRTeRO3sw/PqNOPgLsvkf9eeuHPEPG3isAaG81V9e8a6Mt4ow20FHE/wvksZ03onlEemnBGY/b2+2LnE54b9+goOP63xFLS5hRnLPXZ4F7FETUZENENELI5bK8ZLl44u0VwOukmjEVjWBH1tgFLf9+dxmSIUK5o02eKciydIq0zjzlkeEBAFppSXSv73a/sgA7kqeKEtqaWlIhDwekgn4Bmq07HGF7j5UTMmRHV/QHBXYnO9O+Vn3LA1F1vqqbrpmUH0ffMPnzNTbV1fEBYVvWm8/6mxbbf2U90IB3yp7cbMRkw6GPZxCTJQZ/9DqvSeL8n/f1+i0kM7FuqpCnQBNusWBiFBOBVYr5vGm0mhVlNWJp0wic4X4uYR11Qtg5avvMEYbPCFG9gveF+vUpm1B+CK3zmYWRZLlqg2LFjQ5NwA6RSFa+lrqYcN8w2KZKGv2l+7/fW7Y4ChfYYQVqisA3SASm3g4= + template: + metadata: + creationTimestamp: null + name: ui-cafile + namespace: rucio diff --git a/infrastructure/secrets/rucio/ss_ui-hostcert.yaml b/infrastructure/secrets/rucio/ss_ui-hostcert.yaml new file mode 100644 index 0000000..e7d66b5 --- /dev/null +++ b/infrastructure/secrets/rucio/ss_ui-hostcert.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: ui-hostcert + namespace: rucio +spec: + encryptedData: + hostcert.pem: AgCG40oXuAgNU6Zk9ENpMLOIctfHAc5QL7mdRpFWhpWBoPwnyKk+aPxyHfBuUgUeePo9Q5cfDq4VF4Gg9NMST0femSWuyPVx5jST9+bcjXnXNb7xze902CELdO18m37jeJieLKF6tcHXMPy/1jcMv7F2Uogd/QxE/hNmtAJoRU+vl86JMW/wQigcGBX0jnjL/GhywETLpk8wUpAOye34fbU/7LL1URSPSa99ChtyyrrDOuvnUIlPePGz1kPZe7Txp6MCnsccDE8jCwfqv0QUsvktvTiqe0rzP8bgrlNrK1Q0YnY7HhvHqqWEW4Nhu/bYf9TL/uFSe+xT3LRVcTPQvqsPS4RiFoPpkV5esZZG12gpQXxbKw48wV1nEWKIGtczn2EDwKSjohSAVI//ZhLH6mh1dLNowQIDczJkkJOxnGSUPl3YefnyAYR+fJI/7YVJMqFs+EolXW/wSkaiQTD648xbE96bukQ649vW7jtKX7mCG4KHf/OF1TTnTMcq9F85QqyFSx4rfFnjj0W6sE82VL/FzdK3VhG/+AFygy+yJPiA3HqLy23H9YSNt8eXPIfNUAAQ833KBTQVL9KpY7YXWsxcAKKYvmT8M7B3MxeohxAH6QvsFxYaEWqpS1smrWJb1BmrGWPACHmYSjp9Y37Ok1HvgqIuYi1YVQ5xzA0FmunxjInu+3FbPA2a/YyHCd1gJ91HHoE0v2cHw8nC/6Mgrlt7k1ScxNZrKd71iGfZBNObnAlH6D3D8aIAuu9DrMnc8Pvu6LD1VHNvKSRQWFdi0c7R4TRKnOW0KtJIVM8nQnwVOc6rRhxolLGiSt6z1YcJXkP4HCFJYZ17hBENAR/sEhybjgRAFVRtM8tHw7i24dCOw8yS4ymizQRuICZEiCN9W/nnM1oNti7IFgBrFkKSpp57a0+HNdhgzUWgQbUTUI8jz39J4s2eU/MiYWx2QCPXXbvkYGA0oCDZQPlp1yA6aVyi3QWHlYfQqOJ/mnP53AzhbKHias7YH8ox6DmPD82uhiLLUNVsSJy67CMwLPXjEezDHSZykm0QfEbohuuJ4yqVZWytDvA4SzbCF62A6R8+rA5WLr3SmiAy3ehbFw4hMuI19v/CGEzlvKWHUV+FDrDaaIArLKl/iRZBx+QkKQyMpTnud8OP1yqRIfxibGlSLsb5tlweorFsZb0fHdmZMk/LiRKdrcEf3EmXBLRFktg5qcsiLlefukEcaOmFsm58V5LG2CqOwMEoN+RdI9rfloFIQ4MJJ3EgDiNT0MEYMbv1STjEHOeydaOjnfU59F1FiyOoyBhIfgvlXg3Ah+joWWIPqUvPgiU1afeKGJxPs7LxuTAKTskRrnW96SY4lImH+gMJewOJf1okbcoIm/WfrVEe+51XGkDqH4LPhhwHaWugbj9Hi9YwIIwvbfNpKtbFw+cZHX0HWBWWxx0JMr0hSFwdVQ8rAFrVIigLLHFyTxr9GPhcbHKTAhSOnV+rjKvxsE2OUcKk/cZ3hhLIohwdn8QxDUDoA6276DCQ+fupQNuGbHc2h0Ev/bxc1q+M1MLGcsG+9BNcqlow+mJWT27eZPo+NcpwBKMnZLxHEcmmY9kackR6onYW4OdoBPBIeAK3L+XzacwMeDsj4xPvlWmSRFxAO4T1Gwv7fZysHma7eXvOHpqn5BlMRJUbXzH8CvksW/Rqi+Ec7gSyiAcweEFhK2yvnUjfjr7NFrd/BrOGn/eWlaOKkRR12RYggU8M0NczicbDDR35AxcDCII35NWiTPhVByKcwZfY8z2o0ofefZpOEZKLKI+H0n6BfjwJoIy6TUCMUFYktayFUAU/d0tC9pvndxZRvzJsWOwmI79D6WykCOHmnOuiuVcfgQAmXzjd0ILSRn/ZhskTO8MJ2Hz7GCPuOKatwYntw4B2e0Ji8aGDjMKkPvmBKT0eDsacdzKjWnIvqvqHAy5N7SABfUd/6yJoEdCJoC/ZdeO6UgM67fj9eQXvYIH3+RUaw5HS5Pw/0n/XLAnfDkKd85T8fo7gpL+bbU4gW3nbqOb3KHeHgH2PQsYVVyP5dCKAC5chM9CGUcDrF0dcf7pum8mjGqBW53iZS6Q6Zqy+5YWCPCFuqfjmmH1h+xXkZRjDoErHVdk0yYZJRaslfQP9lhZGuvtJVfZCUn9/970sQuhjlM5mMTEsxKplJ3EAQdGQEiSYWjOTh5OBO6N5hNMy+w5wx7GOwOPnJHY37BKJwqcf6j6yIg01RnA3TsUq5AK+uwad0w4gXNg8KExsg0oaHrBCrEML6L/Dzd+rR/1ktLPIaTqT7EZrZpJEO7LCq/PzLOTCUCf3EAw+yJPLMv0GzFmooZbpJ8ItThovFZwc8mwlVh9HOZE/XwaOHzOpgBZj1J9zWVS7FxVgBwQRTLPoj7/NyLSFxK25zsguSHCa00YWANDDG8TerhX9UAk3jIKqnSlwHWf5eZn9rbjkkBTW7/EKrRkWwc7Vm2DlqLPk6yRFIoQhr2tO7bpMjFZ6F/U2GCaLb2ngbHsVMrR6wJHla4zEdab1vc/yOP5ovsLFi44l4e70+v9e1+GnJlGvdyzCDsScrOVNAFmyw6TCzl4vUc/0lWlcxpOJRnGvIfg/CZNT3f5luEf6JBMePAEb3weywtzyRpbPB3F5qyl0vS3XVhXRZg/7MpzwrBgEYHopgj8gC/iKnOoZIG8UiVuAmZkoiPKgO5fjzI+OXAptdKOmDjxGIQWL/kHV4ncqZM+raeTWF3KRa8dt0cyfnRNeR4iYRiHJ9IeqnBWxc8/dhQXK6+PIVNfarIl2pzb59/zGYzIbEg56C3USwwrRWpGUH1iN17biPbyRpCJIbWadd9w3//MueGe3dp8xghiKD2fMBwrcg4ok0NcwYK6FJl9sRPM5QsSiDbNmQN9eA2/CD5gqJFLbN7r7iWP8XO/FBVZvi9Owf084wBsHPVegI/7tGbKhuwJBtJzwru+y5Hj/svU74m0oJ+stNZb9OFoYDPgu0vTQQMkWuNR1rJqzn3I+BdMARVYdpVJsFnvfOVYPmKO+rmRdzzJmO2R4ZkbFNwKq8MPKFzvy4dc+psKOUbtLOXNhBJpC+Y6QB/2yywys0Cbx6HslO/glrHyE6yWR8V5yvHDcTe/104VH0xTJYdedHpBlNaCFeo0eqQRSLdLhdWyKp0ohQqbhN1WWSpPYCitd/pS/7T2LQA8+7A5TPMcdx1WuqKvpA+rLMvXPd7x4T6ibZ5qt//Z5qPmIxnF/kgR8kqbfYGxfkXI9ZNbWc0RtVSPAdx3pVtOm5MFJ3Xqwt+QSFPwK6WxdnjPiEKMl1wTkv0EEkRQ0/QllxOtI7AoFlyL28wYy++mreHPxNgwgSm63eAl/KHGjs69X5th5GhN729tKBqw41FfkQ4yf+NA15VKFXrgLikSAQgHWmbEsApMe2HnqAE5GovKGjPhhvKfXXGVzqdPIJ13yhPXal8kkydZtl7Q6TaTxz20u62v5arSdwkA8SdSZTtfxlnaCZAPt78dGiWoUOqgrdgKMNf90V8kRrBj9VXVRemFQ77yvMd1G0Zb9SfzWojXXMH9YEQUf9DWfE+XHII5qfdL4mdH2Fyuflm3Wm6Ukoh46z+kcM8Sh7TOVA7jVotpRrcv35hpkNeii7o4f+FSRjGYCaFR9zhbruGHJkBa9beu9MlRfiBkOG0mHF8JpacPXpqMUHWeAawMpaf5AnJ8oPn5/+DwjMH6LP3YwpxMtZwURnfQN8lLSpv84MKcEXhqOjEkx2sLlYdyh5swKmVjscSJpc9Sl9legq2FhrvNXPflWdfMxtlUdVPrhmZOe5ApxWzdFqo+AA03Sxep/hB5m6sXRlUS8Jlcayx1bnPhTUbjRrYoR5VjH4o3//Jx1hq0KjoSwRiRxOBRhVnBL6OHugRoF8iKtro5zG0mErOPRcTy7ZPmUfyPk9n5IPTi4EyRMq8SBcxHv+V12tFcceBQIXRWv01MiVAgEl6m0AxLg6kff7ntoMmHFC7CHbSMKW2pdViEQ3TDR7BO/yFq10Dy8G8zmTM47YwutNjpmLslParaLn8Hr4GR3st+A/hUlEiYbchd5p2zQ4WXvWu/3SYaeDG4aUifrK/prg3dk3yI92mW30rAf2iT7cfnPj3ivVBRy4HGnHZ2zEZpqp+oEmiwEbfXLzM6aXJnp6G+krpP7TF9zkl36Sbr7EHpqRQULrxMuQ0u/N2VxbY9olX6sY9ON8Y0kX8Ja0yZpp9XeSBhKGtLD57Wp3yDCr0mdiIn66A3hGS1Jn3DjZqi76M1ahQBMm5Y//fNZqJ11XrvtochW+CXBxp1aG0f6Pqs7vdMN4mRypyANit/rUQUm8YzldRLHtIjIjprQ1mScv4ipjifpz5ICtg86q81M6GJ+kkoE+gDZ1o5DKWDKXXKdUyP/hetOFnB8zseP0ht+DdvRXpNElxhmh7wjBa1i0uBd7w9lgz59KudhNK7U2RpvEEYLhI4sNiAFAp/ftuSxxxBMYXHYejIwXc6UEAQGN4pDWcHWOtNmCVy0ESKeyj1ANPiDGuMmns++8hpnBm8kQYxxa7HOA6IZYs4E2BI4PJIojuyKemctETIxSTQGT7RkUDv1iFUZ30To8WNRo6vynpGS5Hy6FYx9xoJW/33EfNyB+TK1N8/xf05N99G7YDyWpCA/6OVyCV/QMY9/Koxmnq1hPJNDFUL9r5PNKrr0uH40CkvKY5ss4Od+0/q90Bc5JhnH7XxXYopNEPz6oZW5FoxDYgtgMQrivtapVcqVVznB0YuhDn+UwdtmXQ8s91rzZVEQeL3vQTIMH3N65ntx + template: + metadata: + creationTimestamp: null + name: ui-hostcert + namespace: rucio diff --git a/infrastructure/secrets/rucio/ss_ui-hostkey.yaml b/infrastructure/secrets/rucio/ss_ui-hostkey.yaml new file mode 100644 index 0000000..737ee56 --- /dev/null +++ b/infrastructure/secrets/rucio/ss_ui-hostkey.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: ui-hostkey + namespace: rucio +spec: + encryptedData: + hostkey.pem: AgA153IAnVMX+NwM3zaoYkA1qUTmovxzZ7unvNgXtMNAwNnerPP9WVm9U6CNg3gHHEckyEvfZ4tMh+MM5XX+F3+xfyL53uIG5mFMNm+o5MIAUQ8/HC51VfVOmE7Wb78fXrS1xTaNnrMdkeCQHWWSUOMEHKEnRFlWEd1vXrqZVan+7goQ7ez9pQTem4+Z8yXVBSSmt0Z+TWtX4NxngDst0m52o2fEupm2MbLHc9bo+uLduEKryggxRMVh+izMqP9vvBrT9TcflgS2z8xNwT9PN3D51RrUj5UWkQfug+lL0SMpM4lH3Fd2Q86fbH6NGto7zf3MuFfwU+D0ILdKJQyzzxOgBBabf4uBtFjLv3Og6/hyDZ8k8itBgLehRncGt6JeqptqoPCkbOIyQtVu1gyB/cLBFzRAH5Km98X6mP72i3y0E0Hjl//Q3oWui0pbzYR4KtO54DCGU7IP5Df6DvRmGY8aHPGNZAJJ26rNEoAr2yqL3Z/pWxkWzMJV0MBu2nFrrR48tTTYtj7hgul0CDilpWCMQNa+4lnSWWZxph8mq17YFqJcz1ESlIidDpZiNnQE8ZClIdMbzZImCzFhCDnDyErwd7Az40XzqRwdV4iS7YNc3knnUDf4wpjdulam9e3iyLgRPnn0HG1q/8rkcoTunQtEN9C2Zvz1Ec8TtUpTXCCMMZveIz4K73Zff0/eAYTLOSNj++Fl6ZUxuyRni9xueMgDwOrlhxxDfJ5WibJJtE1gkxrojxEgR2d92OQ8mtCBROAp+niI09VvF4nOCDUbmhQyueXvuLNExvnM6m4cH6HHWoQv+wjkNb9prjQPRo/uvD7tRIcHvERSvBfFR+I4llZOLgit3GjB0df+4zhWA52EAr2exktj7GCWAPk7SBBOfsfzMQQ/2njNnxGLSVFiqyhOot7yGt24SbWopZQroctiDDNgX2UC6J/U31KumkiUY+TE7fhM/kOqw9L33dsDDZu5DlAMBvd9TrTtudvndN6A34XrzzeD5NXkCOynGDoFnfBqaVpJ36653ARaX5ojM4LqaCpLuYbF3FKimdKUjTVLsJF1M8rUF6lp7oxqKSnuTJPvf5K/u/7OGOcJ2LzskVcbh2etghl0VGUAstihHEWAnpRu0N3rz3XD/RviJ6Jr7tS/U9zEKm6i+QqjOnpvKLDgaJw66MG8xvMpaT5Xd2ZPtYOdj/PkF1LOie7FZEruE6i2mIVJIU0dVrkNZRczf1YDqQg0gOMlWY1n6/qfWyqjxjKaIzyYrsCo3MxJUL+cTwTdXSZegoXkL9C0hl36h/naYnals0lXCG8t7Q+y8BUPzeWodAw6fMAlavitBJ9i23+NtVxQLaf2/ioG/UQ/d4xaEfYt53sBhCTMxa1UYAco2GSG9NktDluDxX+kfT5c6gk4XX2b+alIuE95mHCrqI7eeao/RACKILiqbBxmidflblXvqn3Mq1X4S4+ggeNNX1EdPzks9GaJzzOcCDuL+Rf3fwSWZ/ln2EvZ1oNdiqg0gcOZ4Pv47ZQJT4b45/sl1LYXG8f1gGjS102K3QKhXPywtZAvt6qXNElYZP+kpdgiC8Np8t1M42z7tMWHfgOk6dwZmU2HqTnHv+8NvJwRiVACJA2xnMjF0f43DdjsrySQ8cAyV4Ch3OxvaMfd2sdoY9kh84Ysz7f0ImvmdL5zFuakab1HuXceEwjjHyLGrcuGz2C7HkCo3D5ZIdl1K4eHMVIAnQQEqpSoiUy/qIgwnhPHzv9/QYRdfHmgeDyOo2en3N3yaetEImcONHwSTFgfDog7gWf8Qm6ZOqi3Khz5KtqEyVVo07y3JepW0Mf4mbopHF6BwIUMt49sJhdLi7HQzAr+D4iE9jAhQs00rPafZGmb6yHK9oaTQUM1QxV38aasWueDhjdKl3VZsks8AYRSZYeywvGN+WUVbT6v7dfdep4qCv1wrhBt0TUHezQgsniCu+eHqXln/M7/d+r5FpE3J9aSZTpa4mB3cvIHrWtg14OjwuBrYofAiipRvbnVkZ4j14DKa2fi4xFmHVMOQIBqzsWMWDwdSK9WIiTsRexctVpYUOoDbgzcileg4b2dWEe+DBrsseOstMadlUVJKec9ALZ41XBBi/78ZaBNm/x2DQCf/q4HgWLaP1uvQCRUyYRZXEgKaBz+sBsUIeLdCKO+nFMY80fPtLhLgFyvZ1T/XcIvJioW15/itzdjfiownLdaJyMlk0xDbTcvH1hf8kpk7MnOTWppNt2YvSM/bXRPfSZVYQYb20hS7H20ab3D3H7jRKDDC7gmdZMupPhX6CUNgetad5x+5f995BURI1Z26WAladW4fz1k2KYK5GUDzzRcxkv3f+AICpWZOL0o47veonyVDi9JfQpevQgOYlx5ECW6+fvLy9C8FldUXL15BoWTbq/YnxyJ8EX5vqBx0F9fzu99adSQtWpZMhVVc44cYdVmBJnf1vKnFHiUMW/MeZazD/H+EUXZtVRPw2IvDS207VbkCSFTuMVcYxBH3BoXBMR6YhlaCcynWTvmNVVgXVkXdr09kDNo7bigdx03MiXYJFBFxaK7HV8GwoI0wRC4bE+0C6GwqROLVo2e4gLyFZDkmkWvLm4l257uY69tWI+zr35nQklXQDUGVUdUtH5Jlbiu2y/ka239LUAts4F6cIx/ggcsBYU39j4zxIyKmzk6jQ2bKgHzO6fqNNofpaUAhRK7K9DP82/nqaMURkebE7jqyQKwd1QMxIJKnTAsrpMxljW2xQqChaOEIRHY3pUILNBMyJUG2MW3FrhFQRAITZUOO2aIVEZ/nk5v8nhg8lIXvz3BbftFW1fs/W7Te/vxPBGd2e6mqCxy1bHRibC/ufS94QVLmm3VjqQOQKvYxZiI0c1HHfw5BO7WaiAzeZMClhJT8ouH7Qr6fv14hvvUky+zWFXwsF+SIv+oGOxQH92d6ceV3bLz3r6lJnoOCC/au8tUysgsRO7OUEmnXIdy7/+4J29xi4WHfdL9pOT1EVtu33h2YNKmIoviTPqLOirvzIecDzQ9p2M6hLz7TgiLKdIUIpVQiUvmZIu/YbgD5cD11lcb0E5yN1s1Ccd0xV2ruKWOj0I+BIwnUOcI/cGD8Pn+thXFT+AsKNZqRhGK38q4oXhqRXNG + template: + metadata: + creationTimestamp: null + name: ui-hostkey + namespace: rucio From b24ca68d38a3b1c2401cda93bd4ed6e27dd0d7d3 Mon Sep 17 00:00:00 2001 From: garciagenrique Date: Thu, 14 Nov 2024 16:26:22 +0100 Subject: [PATCH 2/6] configure ui --- .../cluster/flux/rucio/rucio-ui.yaml | 58 ++++++++++++++----- 1 file changed, 44 insertions(+), 14 deletions(-) diff --git a/infrastructure/cluster/flux/rucio/rucio-ui.yaml b/infrastructure/cluster/flux/rucio/rucio-ui.yaml index 3707ae7..a3a58ab 100644 --- a/infrastructure/cluster/flux/rucio/rucio-ui.yaml +++ b/infrastructure/cluster/flux/rucio/rucio-ui.yaml @@ -6,7 +6,7 @@ metadata: spec: releaseName: ui - interval: 5m + interval: 1m chart: spec: sourceRef: @@ -24,11 +24,19 @@ spec: targetPath: config.database.default values: - additionalSecrets: - - volumeName: idpsecrets - secretName: idpsecrets - mountPath: /opt/rucio/etc/idpsecrets.json - subPath: idpsecrets.json + secretMounts: + - secretName: hostcert + mountPath: /etc/grid-security/hostcert.pem + subPath: hostcert.pem + - secretName: hostkey + mountPath: /etc/grid-security/hostkey.pem + subPath: hostkey.pem + - secretName: cafile + mountPath: /etc/grid-security/ca.pem + subPath: ca.pem + # - secretName: idpsecrets + # mountPath: /opt/rucio/etc/idpsecrets.json + # subPath: idpsecrets.json replicaCount: 1 exposeErrorLogs: True @@ -71,21 +79,43 @@ spec: # - vre-rucio-ui.cern.ch ## values used to configure apache - httpd_config: - legacy_dn: "False" - rucio_hostname: "vre-rucio-ui.cern.ch" + # httpd_config: + # legacy_dn: "False" + # rucio_hostname: "vre-rucio-ui.cern.ch" config: + httpd: + mpm_mode: "event" + rucio_hostname: "vre-rucio-ui.cern.ch" + start_servers: "1" + min_spare_threads: "1" + max_spare_threads: "20" + threads_per_child: "5" + max_clients: "20" + max_requests_per_child: "8192" + timeout: 300 + min_spare_servers: "1" + max_spare_servers: "5" + server_limit: "10" + keep_alive: "On" + keep_alive_timeout: "5" + max_keep_alive_requests: "128" + threads_limit: "128" + max_request_workers: "1280" + max_connections_per_child: "2048" + + + policy: permission: "escape" # "generic" schema: "escape" # "generic" # lfn2pfn_algorithm_default: "identity" - oidc: - idpsecrets: "/opt/rucio/etc/idpsecrets.json" - admin_issuer: "escape" - expected_audience: "rucio" - expected_scope: "openid profile" + # oidc: + # idpsecrets: "/opt/rucio/etc/idpsecrets.json" + # admin_issuer: "escape" + # expected_audience: "rucio" + # expected_scope: "openid profile" # credentials: # gcs: "/opt/rucio/etc/rse-accounts.cfg" From 759ac6de49f9413ae5fa545ef66af89e076c9428 Mon Sep 17 00:00:00 2001 From: garciagenrique Date: Fri, 15 Nov 2024 11:18:56 +0100 Subject: [PATCH 3/6] re apply ca secret with correct naming - inconsistant wiht rucio doc --- .../cluster/flux/rucio/rucio-ui.yaml | 45 ++++++++++--------- infrastructure/scripts/rucio_secrets_5-ui.sh | 8 ++-- infrastructure/secrets/rucio/ss_ui-ca.yaml | 15 +++++++ .../secrets/rucio/ss_ui-hostcert.yaml | 2 +- .../secrets/rucio/ss_ui-hostkey.yaml | 2 +- 5 files changed, 44 insertions(+), 28 deletions(-) create mode 100644 infrastructure/secrets/rucio/ss_ui-ca.yaml diff --git a/infrastructure/cluster/flux/rucio/rucio-ui.yaml b/infrastructure/cluster/flux/rucio/rucio-ui.yaml index a3a58ab..d4a1c0e 100644 --- a/infrastructure/cluster/flux/rucio/rucio-ui.yaml +++ b/infrastructure/cluster/flux/rucio/rucio-ui.yaml @@ -40,6 +40,8 @@ spec: replicaCount: 1 exposeErrorLogs: True + useSSL: true + useDeprecatedImplicitSecrets: false service: type: LoadBalancer @@ -47,7 +49,7 @@ spec: targetPort: 443 protocol: TCP name: https - #useSSL: true + useSSL: true image: repository: rucio/rucio-ui @@ -83,29 +85,28 @@ spec: # legacy_dn: "False" # rucio_hostname: "vre-rucio-ui.cern.ch" - config: - httpd: - mpm_mode: "event" - rucio_hostname: "vre-rucio-ui.cern.ch" - start_servers: "1" - min_spare_threads: "1" - max_spare_threads: "20" - threads_per_child: "5" - max_clients: "20" - max_requests_per_child: "8192" - timeout: 300 - min_spare_servers: "1" - max_spare_servers: "5" - server_limit: "10" - keep_alive: "On" - keep_alive_timeout: "5" - max_keep_alive_requests: "128" - threads_limit: "128" - max_request_workers: "1280" - max_connections_per_child: "2048" - + httpd_config: + mpm_mode: "event" + rucio_hostname: "vre-rucio-ui.cern.ch" + # start_servers: "1" + # min_spare_threads: "1" + # max_spare_threads: "20" + # threads_per_child: "5" + # max_clients: "20" + # max_requests_per_child: "8192" + # timeout: 300 + # min_spare_servers: "1" + # max_spare_servers: "5" + # server_limit: "10" + # keep_alive: "On" + # keep_alive_timeout: "5" + # max_keep_alive_requests: "128" + # threads_limit: "128" + # max_request_workers: "1280" + # max_connections_per_child: "2048" + config: policy: permission: "escape" # "generic" schema: "escape" # "generic" diff --git a/infrastructure/scripts/rucio_secrets_5-ui.sh b/infrastructure/scripts/rucio_secrets_5-ui.sh index 43053eb..3f13d20 100644 --- a/infrastructure/scripts/rucio_secrets_5-ui.sh +++ b/infrastructure/scripts/rucio_secrets_5-ui.sh @@ -31,11 +31,11 @@ kubeseal --controller-name=${CONTROLLER_NAME} --controller-namespace=${CONTROLLE kubectl apply -f ${SECRETS_DIR}/ss_${HELM_RELEASE_UI}-hostkey.yaml -# The content of this file is the same as in /etc/pki/tls/certs/CERN-bundle.pem but renamed to cafile.pem -kubectl create secret generic ${HELM_RELEASE_UI}-cafile --dry-run=client --from-file=${RAW_SECRETS_UI}/cafile.pem -o yaml | \ -kubeseal --controller-name=${CONTROLLER_NAME} --controller-namespace=${CONTROLLER_NS} --format yaml --namespace=${RUCIO_NS} > ${SECRETS_DIR}/ss_${HELM_RELEASE_UI}-cafile.yaml +# The content of this file is the same as in /etc/pki/tls/certs/CERN-bundle.pem but renamed to ca.pem (inconsistant wiht doc; where it is cafile.pem !!) +kubectl create secret generic ${HELM_RELEASE_UI}-cafile --dry-run=client --from-file=${RAW_SECRETS_UI}/ca.pem -o yaml | \ +kubeseal --controller-name=${CONTROLLER_NAME} --controller-namespace=${CONTROLLER_NS} --format yaml --namespace=${RUCIO_NS} > ${SECRETS_DIR}/ss_${HELM_RELEASE_UI}-ca.yaml -kubectl apply -f ${SECRETS_DIR}/ss_${HELM_RELEASE_UI}-cafile.yaml +kubectl apply -f ${SECRETS_DIR}/ss_${HELM_RELEASE_UI}-ca.yaml echo " *** END rucio UI Secrets Script" \ No newline at end of file diff --git a/infrastructure/secrets/rucio/ss_ui-ca.yaml b/infrastructure/secrets/rucio/ss_ui-ca.yaml new file mode 100644 index 0000000..243d94b --- /dev/null +++ b/infrastructure/secrets/rucio/ss_ui-ca.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: ui-cafile + namespace: rucio +spec: + encryptedData: + ca.pem: AgAXol6H8jay81swOeOLPlT8BSsRP5zMcCM7MYKr5hUHAPCV6juRoJDKrlaktezmEw7zeykSVfbFR2LksIypicXFFdset4nSAEhqqIPNjtbuNeSS6wCJWAk1Y/L0NQiWmPmYt7JiAyLHpHVbwT0L6pbUl5YAAxz9+nhEdmn6sGI8JFuiYM0y38/sTnGHfm4xp3aN5RrJboADm59xQneMvzXjV3ZrqKGVKomyRzsYa6tjLT/Xdo25WnGzyVW8RRwMU4wX/4Gs4lTmrJyO9Kj9Xk6HJMvKIRIMZEtGUOVyzHd+I7ILg8yQ0cAlD1ij1cS0S/CkEAuq8vEebOJOWqjnU4D8XBvypp+Ij7vrAspIUS35+KTlztK35ytVGNZVMXbdF0yYGzhWR+fquJWeo/waRNrbtyOyik1urYJdHwndmn8JDF+1+VAK7/8dnZCEGSX/jzPPLyS9Drg9N60LDiucv3R1U4eKd5QDB4v6FQuIoW6iW+7xBoYUmpy1l8ctifLumdwNHUBl4JdYtdI2qefbmGBfj+TGBoOlOeE73oFNZZ7OEVlI587wbCgRPQL1YS39ybnHjRT2zKKWmHSAC92VPkVm8PLlO3cnww/bGqU+0Uu6dsYivQWQljXatsrLran9AvemyMd89SU8X4Zsd8wIfMy+H2EV0P6KXFPfZXp3gyDR8zryH91Ja/tX2GdPqF2+p/nfboE73+0Ip0IV5PkVA4dxuJzQcooxm84x8h1nPu1yvS1oX1NJX5uiDG3zksYMRqCawnq1lw0PrURBaYAkK7Emf3+2p6aKhdrn8KRNpS4tMgBRGQgJqRK+QFcy5w/V42DiKDcEQBwbtYZ4qizsN8Mj6ftLZHjk+l7OXnQ0HaZxTXrX9XmLk68L06iAVly/goYROHe23fawXnwhyCI+GJx/KVBk4eHGJUhUZ0/WvUzoxAj5a8eFlOB+9+VxHTA2fmOclCODOIuTZVJRgtspH6F/OKTPpgWo+KQcA8SPLYpitBl9d0MdZ4TScrD7rnu5dRLzGfV3ZLxSPr6P0vxB1yOBaaIc4h6R2zA7ySgPt1iE8jYEV7VXC8JToCRjoSeeQ/HQuLhPCz8r3qkDC3nFUkDMRdvFCYbIN8T04rFUwkFSw2j2eJTkzrUOBQox9+CCKiddsYXe+vXs0ef+gC189jjJbntvyiNIt5XOVLGJb6EO4VfEQMQvUzoId5HsLDkpRxWBva4hi1EYJtH2qO+ZeanDcyLZkeCou3b58yNjpjkR4v0GD88uZxTbICGIzUhPSamxC6LrcNjkrg1TaFVkZQ/OYm6+sPNn1cUvKfEi1Ep/2q2Kh5xQrZIJ5qZgMQ6H5k+iwM0fTAOludpAedVoqnC0cFUQkOysWdMmKT7WBIYRf9zysuKgCqZw02rGZ0Bn+YDPeYGV4J9p26vgYDWSFv7lj75MDI4kAc1iHptkWzVGZQnvZZkpImBvm9+2ijDVdFEjpocui7gcI4b5guWtK8ARiLnREw9rkfCWBRMxmwRZ3Jo1e4By9wu4PuuukoQQtLdu0hkbl0gzPMqyfiaZ1SF51KHDgDXhOB2lqWn0oYOGWd/pJJj8waEI2y6BE/mH0t9Q3W7gn6GxRBtKRrAnVkWLmnP4iuAdidnyp2NoHqQMAXwkouN6fwPaCmK6Wwtuk6p6P10DL6lx7Yv4aM+oEjVNB+5cbAWpWexXyP8Fex1CYKYxTxovQ+j6buur/oH81mnOB3ozSjdApgHDgp9D1E9s2+JvksD4eWdj5PRM48NBuMW/s5koItFL313b3dobk/qLiFqplZS5PD/+pHZvelK3NoTS93DMxbWZ4Kishg/TS7tAsejpLFV0CpmBvGQKmFAF4V7AXdDRQAJjTWORE4L9+eQIsCI+kZRx9m+LH5QbJ9Yrs5PVWKyiPWUuDHv36ec1JGepB2Sz+Al1lEuqh+d4JfiguhmvzZHMc1MC7XsgeVa1gip/CpI6+zlShJqcBj9AzCKR1HGHTjLqGzOJbOQkYlSuJ1sE6SjTiL7uRGNWf5ceUzFizhqqxV1xvl+WuiyLL/2q270f69nra+Vim45Zwvw7IGVroKolG3lKD+TVq1yasTMGR406BXxV9oExkjzrX1D27Vcm6IL/lMx+HuJoKFTq6vU4fS5T7AnTDmwmqwmqLHHkEk43MAETq5kMX+3+G0cruGkAwMkWhKrjl8sJi1CW9Dr42pO04J2vj/Vy5v9X0gexjDnJZRsGu9Q3OKfAYknaeaqxkPwiIZeidiHs3caFVwGfyzIsmAMz0rb5bHkuxZe8kYb+XVMBS2nq1yA+R3alVoBPS+LwSVYdLGMeNL7NM3iqE79SR2TRRdUa0jH0MQ0pIcVTabyBR5x8EwScEiLHFEn42SqAHOzXq7TLqDLEsfUwje8dXvooGyqImvCao91FlfRj+dOG3/jND9D20PhqJyhNGykCIybIYLlhF50AnkvvbfwbuyQ/IpbQZogkygoifhEBbiI5DTRnltBzDLkj1z1PXsdLlWngDN4c//iWpRmZI39FRxzxaeubSB/TbOQnDBXYn682a8Nw7RKn7fpqU/6/ZvFfvH6C7/KKahSIDKWio9zY6bMZK1uR7HlPBQ3rtWpe9bR1AfkNT9lg9wWQdbLVrAh17Ndo3mPkQGkBsprmLTm70dPcEkYLKtGArA61/GwAWnyaO1LJxLraDN35iFwGyO/1fDwjyRbfji6J9sX1w6i4W2eotmfFvZuFnELiIjtxO6E2DqCkYf76bqXnwK0ap+67y4ix5uI9VdrVYo7+ivKk4U7jC04AHU4XNxV5mTHWqxxDuJdY8rrYY6ko2/7uYpclqXLctenB2EB+x96HU3DvO2A8Xba7hWTxzedvJzxG76tB6E3jtZbNSW2ZugZKfh4TveWuvja7gIGDyq3N7Uq1+m5aARDcCLPmGnWDpAr0nnKJll96BXkGg7wH1IUwI/3uaW+omMp8D2kpgy/SpuT0FY/Sot2XAT/yxM+igy/R0IEp9XK8aW4m1qsRlTlp0nK481XEAOIQkrWAldIWMXwRE1cykQJJXZBJdbDGRU7BchGF4M0xsAYfyT3cd+PMgTTMhAJ/LBVPFXEgXuhBd2bV/sk6xmxRWLGvkCmdakn6OTVzyAekr/aAclQkJ3zsikHZQpQ+/uXCYLInIOy0kA09ZdY4u0j/FflLh7ELmMu3fouVNSJod8S++Z9lnc0IMvwithB9dQ03dYqXkhT2h+4e4D/Id4SUqyF+qYnt3qAmMCBW+l452uGWjRQQ7HglEOQL5Ouhtu0G0164sPluuEuhm4CcOZ23/3jWPejSEoqJk7SS4yBZpStHcBgzPmrtX6CqAfbDfr9SU9sXUPK6+cfSUeR4G6/WYRa1coBYSxjzwZ1STmTJwLaSPwPcX0OnR8Tq/ocJy2whratFQMVShdd8EPeQM8aFxHItKsZwoQuGxEzd+sUiWKhfLG/An+xOi4yNZZ+oZ+gqcrmpD/3Ki9I8aidzXxqlja/BN0aTCjVu4eeoRIo4m3bPMmK1pwM2UAQuWhZDX2JqSm7axpwEMdn81Nz6oxolTTgbCMjFk5GuWIp5jvvbA/8ZSOF1eUpCoaNAT6oFGvouJAwDwygDH6cCJU6QiUBQqjmp1tlaYx6R811xus2nyjZeo8yHpGBAXrgV3Zbs7js+YsU/4vBMogBWtsp/xF650JViOqpFSbzkzDSvg+TdztVbIePXJzwyXZd6GBjk7VSVuOn5Mui3Z5rfGAbTiCE4bwFTrxNeiGyI8IxyDSLjeWSsnkALTIXzWN8A7pMjfEklBJ+cEOWlE9wAhjZDqWwZXiGTkiNuicYYd+8tB0ukEQPoCMd199BVsy9ICNTiu7mDO5OImNN8CfyH77o1/t/3TnJgwE8M544qasL92akJFdegjyGBwlzRhLnBzONSfWE1F+hhdj4kChm8Cqe0RCs2vveRCot2Wj1g4n5dgGhBEALT2Yw8uLVovXmYEasiOEvUHgtwLU1hYpYOMb3a7osO+ZF5Q+IE9Xp0cWS5Lu99BckwKa7k0bOyI1C4kSWP9vsl5QFwJc58GQ9NUfhdYrTvyN01IqELwjfUEuPFFdyWVij9K3mTgdLaHaAMaAKVfjGZSMJJarO624IFQ4pgEAr2KyAn6mt0r0cBLhPfHGRacf531rmiTEW+MuH0MzMu0GtADdeJgLspUldx9Vii++e26fOh7VYE1ll8oCGA2jzB2ennHIUJ7ilzVRddKMwsgxUvryleVF2zHFMvs0goGvmlIqrMQ5iMOXPjXMnj9KE7yKZkA2AgBezHN/5O69DugEzt2jdqQrkrf/X9xg7+qS4F6B9cJY5Oo6MFA/MkmyBVK6377YeofaTayvz8vhSYXmURPrScw2KIl03Xe2OTZ1imDjgKtIiLGuCzpVl/eSVKDLoRykqlM4KVHVySW1q8JCIVCoh9NJYupZQGXO1HQ2Ozsqs5ItfmiYAlDh78ohKbHRNVrsxa55sOZpqYaSmuTo0SCKa2wuSpZ3HPNSJfoyXe9obLFGwnMIUHWoukZ1zIHCJJLT01VjAOPknxKWBzwW7+qxkTbwNihzTRAwaBEvXLSU7ZZGmqbLXBYBn/FQ9AFu4TFr3ioy7LAtcL1kXNA+w+MLBREDvvqKg56YrTVz23UPb6JYiXOHtT08GhzztkbPYTw5PZ3mL+q47AXT1Cv5QDZxrph1vYDFsPZuv6Yg3vk2uyj3Rk8QX6mIDnNaBJvjS+D5E/wZ2MGZSjIcMFPNr84R2gXbeN6KJbVXEe54QrWN45ZTuAINb4wFp+BnSy0AZOpAFrn/XcPmD+ymNwFyYm3TGJeB7a6a/LVzWSic5zpVjJJi05wckfGTV3HRmOmoheLtlBM5nbskF0p11wEChv9elPZFHN6uTpOIvf4sN0WdRm1cGLYfh+o4Ow9/LRVWAj79yp9irbC5H73I/AiPUfs4V0Sfg0NcyIM8zxpOgrc43UsHwr423Xwz+4fXSgj5fSgK1HFGops8a9CYWBMzZwirn4WpKJ5nWxMLoB92VeKAc0p8X/Dwcw197lrVc6PL1Gwl46DV4OFVdiKNVQYCeaC3RuNubxj3vNYg/7M68nLEYACaJJAC9tnSDCe1uvdZlZoJE54oKN53luDhkPuR8R174v59IWudpLsAiXf/fJcUG2mnCfJuQzP9FNStLlqrsBxVd8xcDrib5BBr7N0QVYUH2xUZ9q9Ks+q6X5v0MYP0kUkpciVB8RXWFT3jh9FeqqRvNs3vtaxncuUOi199DI5x/0oFlIMbTCTltdnPZxyAIGd/Jw+PZWe3pLi/uGHSi79rp4NdismObqNoNwoIN5EG03auZX4t+dhm2SutjyS6EfzcDJCWe+bZf2oKrh+OyxjKvmu3NhAXeHY+0nbM1EnE6Aftg4tYyek0Kkx/Fs6gudHzp/zbXJrvyXMrlSi/cMRzkrdAoBdfkOm8Po8nGe9moa+RHFvheZ4bL8/naezqGrX7dlvtuNITAZUxXg5SWB6J9sRWDsHQCS0weXFi7rBG5BNWkstQkjt1LeLBiG0BNjPo5xUuNLmh4sqwrXUNFTRRosSlfhY2thasbR1v5JZJZuE0fu/ArsXPDnyhHZ7mJbg7befbVqnUEglLr3JTC+1ADUokK5PIjjlhUfsA9uosFZXO4HSISUO1zNhEgTkT6PZnoWyCa67Chut9bIgDLr/cCogQaqdjzF8xywi3F9r4vQm4epWlG7nTKuDfTjddL98yWZPPtL+rIHt+t1Gxc7rThrbeiOdr29Yq7zZeCIaoYOF5FXDmfM/k/2ChWKiQ/zS/U6xL6V52xYUcRPVV6YMJSZdLDHVMLKiC2mtWHJlYhWd4FP+ZJ6XACzzz8JQz3o0tpe0E+U9oAVHEl+mOUtmTmFOaGgVPxOgXCJRvtwTNWhJST/JleFFgWi2/wZ/UfP1uSWkggwa8pcNhP+cTapXhhUfmO6A/8b5AsJuIT5oMYkV8UUV6ikN8wMwUv3jrNOaBQ9jILrMzkrIznXaCgJEb7SVbpX0y9lIV03FW2z8NaDE8HAru4PNxefh5m2tD/RLmgnxvoQcG/ji//dkaB4oyUo4vMOaoTwX/SIesTl8pmohKKqGbq86o1zGRl9vW4HtX8P1c1bjqCpX9MBWV0LuyX+pUu6LhUqtujp8NykbfAJ6zPIWEeZMWkGL4CL92RnTJHWC+5amVR1R5n+yX8PJ6UBudiCcP+C+3gGcuol5F27wLRFlXG4wjvBzzw81I8zQzAyOMFOVDV3PiI7cdSXYZxR1mVgWIXSwJx6nb0+xL31SI3iT9Q7klehOPKauKmPbm4E9Yiy8bJVKQNvRzWvpVf2D3PrNKZJi21OovjCYHaY+hMIKeF9+b/9yp4i7S/9NoqOl7dcveZOjMIkMCGNSPOdcp30iEPfrKSY7f2ncaGEKAFhQ86vyyf4xGMhIKuBqsfeNcAXF2G9V0Er/cQckrG6M82D8AND996MsEJ6NmhLBwcGGlB93TU7DSBij9x/op0nNyWIoo66YxDbezRvAnjlDWZ95C9S74T0KTzZxZd2rW9sZ29XBOHX0MjvjWQHx92FwwXJaKoYatS3VLSpp+f6M3Y7RkU22uwXLgwo4LDOyCSATFjvc29UuybWbX6tbkEag3cVuxfOwEXirrdVtR+7JAC7fWq8Gtu1m1CJI7oVfgeosKDMUoZz0kTB1aY6ddQP6Mp+Boy2tk8AIPPEW2X1qN9DME0Ztg5TnRaxew2QuZJLyZm4oU8h1H126jZ5RNeq03MqPn20Uh2lHbHM7PZOQek8G00zc6hHEeo+G5srrCvWnkwDnNno0CuDqKD1DqYkvHl5I4L5DBheFN7wrTu632VkgdyY4CJ0VoR6Yd5B8BEWFkpdayuk/+M59YRCN/yAsS29m692lTz5vYqO5YXMvE3CWEGHo25T9xbporM77zFNtiBTtpokUds3orvBu4k1WNpDyiDgMhCBLvGP4El/JosRk2xoFCOryBykyYu/GS22vsyQfTQldcVnI6yRgSn0Ay2n6BU93j5/H9sKN97l3Ot0jA7iAFhmXg8+9Xn+BdhRKTBq8VTcRvbrhg6aNZLE2ReruGRPafgR2olrgqlipj0iTmijnjbkVuv1UvEuvKAw8oVeNbkf0xzmruz073cYKmANzlbCr4qOVZHaTlRsvHWa2zszx7c7RJ2LpxSGbAyrPMPsYGQZHTcWbi1a/aNu/hNft4nub+fRUhkr5Tf9n0Daqhgbr9qquSehzhiO10VfdoTBt7qf53fwKr4tnZMXTOdlZrvsyShxDnYCMq9Rfet027Oplra1rKWPtROHLc9PYyVvCoSfZAWd6k40FaFBNwzh3A16C+Vci3is5BnfiIvHCAUTvaeknqdbOCqKnImbtvMjHv3/pyzna5H6AQimfD2TKejujmI3v8SUCOYvJmRPhvFTzuywu1n8A0FVXKo+nPkL7KD1yem+/dETEQI+VQxGwVt4nv4YGMjjDzVBhtEwTd44m94Cr/jdYoiNNjCYDTArWvzZxmQSVCOcnqHh7kvxm4KWSo2mR1HZfMlCLcjLtb/zRz4a0HTKjeIif7idNLh7auU55j0OOrnrVlJuzF5PlVrF/bT5d14Bp1qSuu0CQwnXP9Snv+3xgK0VmTN0gTXrKkNIMpJ/VnkOMjeg9zrM2mGCZIzaZVph2WV8t1hauBfpYkUz7q1R9rdu9LzpnAc7WT8+GYWiNH4Xx3XqtVvHyKofr/00MFfcASps0jnopfERf+7QDMkYqdLMKTcUSOTdHee5soc1uoSho1joTEdiqLh2RH/GvVy9y+fRyd5+XQkJble4nxCN96Lp+XR2ZVdam4Q8KVtG2bbpGCXp0Hr66LwiAoM0NKm6h3H1vt7P15VkTSj8EJNQBgbnMzArQLwkGVujZlInDDzr0XQOmYqkhkiB8ji+SEAAO6b9EIEEEyhoNdgiZ+154C+2br9J2zn6voxhCi9lxb0Ai51ejpw1tLXdgmFlCnn5zwFYA/71soNtwL2JnSVi72IkThMxZDph3J14leKAmeQS4ANQgfllakYf443GbY8tvUW1MejVPM+alFDHjiSbXzRf5zpj7FvMacYKbwEH7wzjSaLMdzKrRM2r2wTggfSFEXjPseN9Yttx9snMx/vHfYeTxHOdmb47DHpyKuNFOGN0iQdvcvUFiSxcgPyraJh54dBr9fLMEz5D0540tTo329fqk8O6DmeNy+tIbTlGy8YtvspoOjkZ5403SWfx0a2H9rfp3oGb/2Q4AxRGk8AKyyto0cBiwfxool1oX52j2RvBAxilGzSOBmHSnV+HZ9iRS97Xm6gSlrOz7LCu6jlXQpRB6AiZap/WVg88wKDCyenk7DPix3MGsT1dqibe50z+PefTrNyyQAi5lxVEnwdoOXqZw2AJFAPE9UNX4XB29EgnhilO4jotKRYZfIz70nWpZG2vw2tCh0RgbvmCHRhutH1BVzHinRXiAOSsB/p6Q4yWxM1dYoCcENxzMVFUxddD42QngZH9KVOhopXtg1SLagkbAV1db2DfpqoQpGbCvnfQo0cY0umDCcT22QCQpBO4hbJruFHaTgwuX/sJ//l9JdetHkHELQ6V4n26h2WBSIBi5Q5kFH006cK7uOwQDjEIgjSgOmCPNPhTi2P/gvW5plC4aklsotrY1xAKsuJXFFsAYqodQC7up9CsHX4iqOltPoPmI2R3yPc33IvK8EHaK9axhDtGte6a1ZHVyJ26eDUCbN66vTFC2/6ThGDFBXWMxcHF0BssiVlsj5mp40IeqxpQas8hpv3/j9v1SIGUpvYNBnnkGmYDkhP7ZJuOhRm/gbbP31nyX2iY1Qdn5MXi4lcSSU3GP5l7ICzYlY5wInEDSay8JYJlRJQ2/6Ztawj+pVp8/qLmYXoHtfRIZ+Vbw0MUCADA6t9Z+4MIuJdHar8BDn9dmKj8g2qJOqxISgsqVAUVc6yelGpySs9pi2+OwGaTL2H+q9yKtIpq5a6ulZsxDUz7IsIxr2eBMNsxByFyi0ntm1C/C3B/rCJJKyTLJ148jPZ2UXN2wGMgUhKNhq9AJFPIrdQUXDzx8G+f+bpNg3gADtBg1U1Fz9oJzgAxpW+E6wDcNkB3F0w/4ULj4rE8f9XF+vIgp3dAXlS6hk71Qdm50BO2TqTtOdm/me3N6qQ9JANa+J4ekmB+86KDSO5wmW4t24aJvBjk9ARjNPnZk2HRVBK6Wn42MKo7erAXrwruqUsAkC+5EXPZtmBH3Ga3lPg5l/AtWeJcy5Z70LD2/7e7sy+hk0GKG7PsgcEzWA0cUObC4ksX6elT9MtUPLHD1zGHr5MD1sMom9DsEvrQCHtZG8MXDSC0kn8XrczeHqfnYQfovAv4gguLffV335l4L7h2ttECmkmZxCcdnZFxd5AprAELOywyG30WAdBvI22LiBI+dyquzRL0FYg/cTcndNGgs5RisddUpaEs59nj9Z0y5t0ZKAUP6zInrIwaz8vMcdKZtOLNDWiSOwXOAXpg0d2GJtl6CsI0sDElR7NbpSQ8yr8m0oeyIKOIMGe+swa7xswuqujpqb3Pscu7BEmjbsNy2Uuhlj5MsKinIjdP52g7npiKNcJWvB1A178EbbT+vFhPQTl20bbWonTY/4pPnZ1oxe/NRMT3f7ONXbN/Ostjg3dRi7wUUV/cPX5jcHVuN8t1vQn+Jkb5tfOXGpi1NlyzheYNEUO55uCpXz+KRg+6JXAnull/wEbfJ5A1xmpNFlco67jv50Et8/eHtchZTPiBkiCEf+VGfzLjU5ZGzwslM8ZvS0shPCXPjAer5QejcXMI2haNXfwLAWNCV9U1t9Sr+rq35B3CIgvz79nWvJQneywD2rilzQUKV2Dz4PIPRkJX5COsmoMMRmXjqZTKXG20+8QDjybmgQw3IQA9GhFIYCfDP+RP9uJkI9LMaA6Eu1gYvLI8O933eEj9sXFtoAojYo7cOoev60hJBE1nPJOrUiKXldd0/B7EXpdFzVHaNYHL0m/FUd8JQrT/9OUW5ensXu5if2tcSx1ZjrKp0si+plYnm+7A19RU+FugUWJ86gHgCJl+W7yqyBCa7EsyicrVtgOnpT51NlejB1ePcjPObJ0rZ5uUgJwQzg2ac3Cr+ELEzksiYFfCURgyre4cYKULXcU3+lbSaTNLt3FHxreuuvFaEDfTqq0ApfYn6ugSBYO/fofKrC20tYVSkHbEEBIcS4Nu95GRxdpQElZDCzkFBj/dGaXCflAN6lzazah08Ygh28VeMV9qUVt0ICTPVbQyg0tpAMeTEjrwz93aan7YDeXd7Rem0SrKfR9Lu9ZOIt4jjfU1Wfhuvakl8YQibPhpI4vJ1QyCc9dIf9cEJm3UuQzNLWSCAhLgETgzZEufl84iNTvuAiIr35qFdDiYTpCA6Nry3TUivEkAbtwltf1DaUhxJRqWhR93Of3N5REM/dm7P5Pc1aDYKUu64B9vioA4cXPhnx2hSJJkUYXel7Nlo2ujkbd+YevFdU4t4hKrwgVYWqRhLzX6d7KGqRBPisDfUSqfTAf8ORkjSSii4qYZQDEeWKI9hReB9rxCpLbzmAnLjL9GAmd++aSJ+CeZaJmplfOyreK71752UNWIOG3P+m5l1bwqT8rWZgJeg0KJiTpNf0RR5MXFZHJ2lmgmiRi+HYaMZrUR8/EwzFziSBxLWDQqieisBW7kpEe7j+FfgQhVU0WlXDmBUnVWCNTTGfQatT/wr5E4jfrMGIP9wEcamylmgiSOkbyAoBvel66vxPBofm24YIWqvZnOS3sUs65x3bQmR5Q5PBDBHcoMaXSAK/vsLNzYcfJtQW9sMcDeOz9qbbZlZhSm+X7OSpd3B6c2m2+7pS05mypYtuZ4Eg00WjqEVhdnUIArrE2pz4vQBHQtfACfUrbEU8qACROUIdbHemX/3aEAS/r/SWavLM8uhHiOwR+CqK1osImUQgA3bYmKPo2L6A14KQxgmR2/5fFApryH76KUn3qYrvpCbATHARQe/SIiJtxB2yJFmJllDbIiAWkCZi0r5yd1Mg3WdHHtACo686ljQ5NRQg9+v9DjRzZX0QucXDxZmqrAaCgQInpLvkBTuIQXe93vqnTUtVyz8y6t5dJmS6iJPspi6IOZmwxZKlZMZb+v7zxk/08S8pSWec9nWlaHy64iVsHJ9qHNndLLtZoSGcJYMRj0DFNRMl083b/q6ixpGTJLJZz569j/ZY7lDFrBXaXZRIQfYqPjB/DqYIlNl+AQpSllbyhYkKZV40KfMfjnWSw0plx6YJrMvc+86N37RZROaheWlf7MFMMw4tAuNclCQzDce/pacVE8HNtOr/x4iir8kksu8XLDNbkpxI/5VYcq71KsOfU0JLS9Jwp/4PM9Xg93nU7W4SQIwsQFDxHB2Ie6pUQLmsILOUOmcjQZBS7MNcG7cmz6CJiSV4nIxXKzWjOOC/swrAjPJs+nOtpnstsL3OMcaJoUdG8JR8zvSkvcL5JaRx0hdZW5q18EoF9tv8TiXz5wg+i7UB1LOFquC9yW78kUTSe1r4r1acLKMGG5S6neQgw165taN5X+/dUMfq2qB8se+TOI+swRm9liA3tiedoZVXw53rf6FGgQhgOpHlLAqlDyvbDG8blY+4cEkLGqXT+iPDwXlX/TDFz9LspUuuwtyQemaFFW0TZsIc2tH6X0gEUsxGTgHkhBTTzV4+Ctd7i0PVNhB8g1+uJHdCyc7KU1Bn+pr61Kv42gCUutG5vSy90C2/dWhnrQCbIB3fcFPPMrHoGcz/145NPEDchz4rLFovHyYjlLIqzrKgF4+3+2xzyhjhCdUPSsW1au+QAJef4P3XoRN09n9/315M3A0k+GP5Z7Y9mPIu4nuF65aO4LLlHTKFsmn8b1a115bAAD9xggQiCyNxOvkCMdR2cRAeg3hRmu6Qb49kaLaThzJRkwHTbnRzjjO/vPYhD8ZZFHQcU4xKDqwLwOI9O+GLHwIr6JIwfYq9rzGZwe6K9Or+QGfcbTA7NUIhwkQ7FIOhYNJ6N+g/qcTLxNZH/IaBfiLrUuHMwaNEERzg03d4/b3629am0n4fEeuIa0F16ZwdrHBfK2Gu2V+Vmw28Zmz4B1/0zdoVxzAMukI5ZJEIITElaUXj7l/TqNFnrIvxKUEfVcfnnRL9yl703q1tnhk71AK2v+IB9zLNPuSfj51SMeiXyy0q/hawBTulemqMUbjmJIVqgh35xFKchkCSb90YTlOaobjxwaCKGrUm1ZIiqKbxcyk78leQ6AyRgqbQD8IsvySKlxjwNGLdV6fesFFHAkmXGiYoYVtoztk/dibaYZ8vfJEcNraVrKmbLenK/o5Cw9Wfy87JFDzFa5Zee+gZEAhYOSEXE5j/BchJv8M+po0fKTmRxGuMXbLPwiQM3RCFtG6WhkW3VYSysbnJbtEfPmphCaOlNCm5rBjr+DBeInU5OHtg1e7s9ICyWCLGh4jkCBIB72fcSq6kb8d6eHX8OBjW/DGBZPkP5TGC+6l8BAJ2m8iz5c+GE3Rtx5yf+QF0/n+vLPL9MNhwEWB2jN54b+Ml622cPwRb4dPb0YfAPk1uZI9F2jTs+gz2wIzAkulEVQS7UEMDgraW+8HChMKTdrns7o7raOzYjPYJNR3tSNocnq0agzegddptxbz3aHuIk9zHxwlaYLiRcGYYt1FZTU3AsfQTF+yaeE1NTBOcADZ1v006T9aWBWYZM/75Ipr+DExESZxrH2LTmLvfOMPrGJAf8WICfT1AT+Z8PjOZPb59kSFCZdnWzhwUDomQDmXNn4vTbYHaxKsFRRqp49Mycm47PEqiZywiieuO7s0uzWOkeQLJ5Ph0/WFiqabhpRLYHbwmkFirjm+hq0tFJVasDl+WgIxyf9zq4Q93ont2xtOjJV09rZUrpI2OlqgCyqsK1kLCoyIYqfbo2rxht1V9qEkeAJnP5RginxtZyRrD7Ux0oyPN/gKeOYIXZAp1Md10v2XO/EAD2XF+vlUWP3gQeFZ6XxfUfQvJvIgW+1Nc0c8CqB4e23qctJbJHau3KrhKpvoiMX2kWqlD1JhjuPbiZ7DjKj1/JI37gj2UEaKCbDLFuEEwylfiOLTSsJ2sEMu++8IWfJX9sPe0fy4vCWybmT7t+HMA+aFrSrRENx2wiN0Z8aLdeFVgep9SBvTXaFyve2LdWLzLehRuS/npo5tY8FKKcz0ECajxdql1m10LLkL7WNYYv2hrc6rhZwbNfGo0T3YMh0WOxFsh9RFhrF8CW1p43piLbk4WhiR8M8PNxJyFpC74OXfCiDk6K+dFaI/c9728Ai/xUdj4c4O1xAkhfZb7mjjYeCGJOEkN/InaXItbxmE+R1qpLqFtlsqDiy37I84aBZGxwpxCMZIiBTPddaery/gtCsikvzKI/KDex338QG1Tqc16Y2gbWYUXd0MtpyCbl5uzap1KTcBNyqVMNTqyoVyGVyRYdOYzaT7x/80z+PTBUuBhz/EloPZ4Vg9AKGYTKAis1Q2RkirDY+qOzSTOLlQ29C3p1XKbUz6clvkupcifhENqBkI5irn/tS32FOkjn/rOiIoH+pAzIVxAUTAxoMCeqqVsyxZ8BxNOh2xLcX739aUjZoWg3yitzrx4f5/qMJg4Gct4w0h20Y16d81IODB7n7dYmlKVCjfFlgrAaqK6tnAKG0V8k6zBuhe2Y4pF++YqadbJy8O8jtVXv+Jg+fk/gJHSp5xkV9F/b/TWzkSxhnxEkQMnuC1Y119JfAEEfoQWtObHIRjY5BDWowIA2rBxOS8RGHV/eCBVCL2VJsRkTxYNf/bLXu5VtsmytHmdk3EH8qAQv1ULd1cXe6MYuxs0V1WVXrsNm7dYPK/pgWQVUwTJqF9I0pOjgHj3VAcAfXDuetmoUrrnpQbCIP4OdgTLrY9Hlp6/JuBJb916i5rxdzFTBzr/7ZUmOu7KlRJTuux1h8gT8A+LXLpBUdO80AFyvuu6mwYNLWChlWLh4dKECbsoT0s3OIZFStUs23ojNZpTwjx+R34L496w5IqmyLMIrokHlLtCMDZX1jXiRNyG8RtFw4LppXOd22Ww7O9clk22Xq9tXcsvBHQlIqx23vtQNpptI4ACw6oUoV71/D9s4WPXPNNP3KTQqnzQy1LOaJmUO81UEGWpmkRnsx4ehYkFcJuBl6BWwYYnEiSZffcodhhR0WreXht8GCPy6lUsAmNuOvEKkf+4sc9WeCx13EpgeF8DCjItOLxMt3hqSPADIikiJvd2QQAMegAnhjbmel7obsGj1ihiqv0pkMcUeLkQDzObdt3kS2Hu3FKQkWymezJznNpVAGEPvlW1/lOZLarqCOYuL9itD+iLnuQlr028DSp/4u+yBel6woJBxVUW13mi7EGdCWJdqilUeUNtZKapCAB7aOWrbfGjogimQ8Ha9QxS2sQXKssKmFRgckQapv+DC89MPugOSY1N7dcCfFr3ypldo6o6RVhvt6QENHzrq8gGAt6LP9mxGgTvORucbeORaJTKzGQEVx/Y1mGrJq9mnl3Lt3VqF3zMQ3bplXVPBFwR7rNeywzLLGVluH0wb+5S13Tnjz9W6Sq4dYURzbfL7OV8UGe4QqadsjfC6F7EStR3WMyzvMGsmKheLKZkvjCjx3ph/RoMybrNEp/aYxpb8THQSkNOqzGd4= + template: + metadata: + creationTimestamp: null + name: ui-cafile + namespace: rucio diff --git a/infrastructure/secrets/rucio/ss_ui-hostcert.yaml b/infrastructure/secrets/rucio/ss_ui-hostcert.yaml index e7d66b5..2286731 100644 --- a/infrastructure/secrets/rucio/ss_ui-hostcert.yaml +++ b/infrastructure/secrets/rucio/ss_ui-hostcert.yaml @@ -7,7 +7,7 @@ metadata: namespace: rucio spec: encryptedData: - hostcert.pem: AgCG40oXuAgNU6Zk9ENpMLOIctfHAc5QL7mdRpFWhpWBoPwnyKk+aPxyHfBuUgUeePo9Q5cfDq4VF4Gg9NMST0femSWuyPVx5jST9+bcjXnXNb7xze902CELdO18m37jeJieLKF6tcHXMPy/1jcMv7F2Uogd/QxE/hNmtAJoRU+vl86JMW/wQigcGBX0jnjL/GhywETLpk8wUpAOye34fbU/7LL1URSPSa99ChtyyrrDOuvnUIlPePGz1kPZe7Txp6MCnsccDE8jCwfqv0QUsvktvTiqe0rzP8bgrlNrK1Q0YnY7HhvHqqWEW4Nhu/bYf9TL/uFSe+xT3LRVcTPQvqsPS4RiFoPpkV5esZZG12gpQXxbKw48wV1nEWKIGtczn2EDwKSjohSAVI//ZhLH6mh1dLNowQIDczJkkJOxnGSUPl3YefnyAYR+fJI/7YVJMqFs+EolXW/wSkaiQTD648xbE96bukQ649vW7jtKX7mCG4KHf/OF1TTnTMcq9F85QqyFSx4rfFnjj0W6sE82VL/FzdK3VhG/+AFygy+yJPiA3HqLy23H9YSNt8eXPIfNUAAQ833KBTQVL9KpY7YXWsxcAKKYvmT8M7B3MxeohxAH6QvsFxYaEWqpS1smrWJb1BmrGWPACHmYSjp9Y37Ok1HvgqIuYi1YVQ5xzA0FmunxjInu+3FbPA2a/YyHCd1gJ91HHoE0v2cHw8nC/6Mgrlt7k1ScxNZrKd71iGfZBNObnAlH6D3D8aIAuu9DrMnc8Pvu6LD1VHNvKSRQWFdi0c7R4TRKnOW0KtJIVM8nQnwVOc6rRhxolLGiSt6z1YcJXkP4HCFJYZ17hBENAR/sEhybjgRAFVRtM8tHw7i24dCOw8yS4ymizQRuICZEiCN9W/nnM1oNti7IFgBrFkKSpp57a0+HNdhgzUWgQbUTUI8jz39J4s2eU/MiYWx2QCPXXbvkYGA0oCDZQPlp1yA6aVyi3QWHlYfQqOJ/mnP53AzhbKHias7YH8ox6DmPD82uhiLLUNVsSJy67CMwLPXjEezDHSZykm0QfEbohuuJ4yqVZWytDvA4SzbCF62A6R8+rA5WLr3SmiAy3ehbFw4hMuI19v/CGEzlvKWHUV+FDrDaaIArLKl/iRZBx+QkKQyMpTnud8OP1yqRIfxibGlSLsb5tlweorFsZb0fHdmZMk/LiRKdrcEf3EmXBLRFktg5qcsiLlefukEcaOmFsm58V5LG2CqOwMEoN+RdI9rfloFIQ4MJJ3EgDiNT0MEYMbv1STjEHOeydaOjnfU59F1FiyOoyBhIfgvlXg3Ah+joWWIPqUvPgiU1afeKGJxPs7LxuTAKTskRrnW96SY4lImH+gMJewOJf1okbcoIm/WfrVEe+51XGkDqH4LPhhwHaWugbj9Hi9YwIIwvbfNpKtbFw+cZHX0HWBWWxx0JMr0hSFwdVQ8rAFrVIigLLHFyTxr9GPhcbHKTAhSOnV+rjKvxsE2OUcKk/cZ3hhLIohwdn8QxDUDoA6276DCQ+fupQNuGbHc2h0Ev/bxc1q+M1MLGcsG+9BNcqlow+mJWT27eZPo+NcpwBKMnZLxHEcmmY9kackR6onYW4OdoBPBIeAK3L+XzacwMeDsj4xPvlWmSRFxAO4T1Gwv7fZysHma7eXvOHpqn5BlMRJUbXzH8CvksW/Rqi+Ec7gSyiAcweEFhK2yvnUjfjr7NFrd/BrOGn/eWlaOKkRR12RYggU8M0NczicbDDR35AxcDCII35NWiTPhVByKcwZfY8z2o0ofefZpOEZKLKI+H0n6BfjwJoIy6TUCMUFYktayFUAU/d0tC9pvndxZRvzJsWOwmI79D6WykCOHmnOuiuVcfgQAmXzjd0ILSRn/ZhskTO8MJ2Hz7GCPuOKatwYntw4B2e0Ji8aGDjMKkPvmBKT0eDsacdzKjWnIvqvqHAy5N7SABfUd/6yJoEdCJoC/ZdeO6UgM67fj9eQXvYIH3+RUaw5HS5Pw/0n/XLAnfDkKd85T8fo7gpL+bbU4gW3nbqOb3KHeHgH2PQsYVVyP5dCKAC5chM9CGUcDrF0dcf7pum8mjGqBW53iZS6Q6Zqy+5YWCPCFuqfjmmH1h+xXkZRjDoErHVdk0yYZJRaslfQP9lhZGuvtJVfZCUn9/970sQuhjlM5mMTEsxKplJ3EAQdGQEiSYWjOTh5OBO6N5hNMy+w5wx7GOwOPnJHY37BKJwqcf6j6yIg01RnA3TsUq5AK+uwad0w4gXNg8KExsg0oaHrBCrEML6L/Dzd+rR/1ktLPIaTqT7EZrZpJEO7LCq/PzLOTCUCf3EAw+yJPLMv0GzFmooZbpJ8ItThovFZwc8mwlVh9HOZE/XwaOHzOpgBZj1J9zWVS7FxVgBwQRTLPoj7/NyLSFxK25zsguSHCa00YWANDDG8TerhX9UAk3jIKqnSlwHWf5eZn9rbjkkBTW7/EKrRkWwc7Vm2DlqLPk6yRFIoQhr2tO7bpMjFZ6F/U2GCaLb2ngbHsVMrR6wJHla4zEdab1vc/yOP5ovsLFi44l4e70+v9e1+GnJlGvdyzCDsScrOVNAFmyw6TCzl4vUc/0lWlcxpOJRnGvIfg/CZNT3f5luEf6JBMePAEb3weywtzyRpbPB3F5qyl0vS3XVhXRZg/7MpzwrBgEYHopgj8gC/iKnOoZIG8UiVuAmZkoiPKgO5fjzI+OXAptdKOmDjxGIQWL/kHV4ncqZM+raeTWF3KRa8dt0cyfnRNeR4iYRiHJ9IeqnBWxc8/dhQXK6+PIVNfarIl2pzb59/zGYzIbEg56C3USwwrRWpGUH1iN17biPbyRpCJIbWadd9w3//MueGe3dp8xghiKD2fMBwrcg4ok0NcwYK6FJl9sRPM5QsSiDbNmQN9eA2/CD5gqJFLbN7r7iWP8XO/FBVZvi9Owf084wBsHPVegI/7tGbKhuwJBtJzwru+y5Hj/svU74m0oJ+stNZb9OFoYDPgu0vTQQMkWuNR1rJqzn3I+BdMARVYdpVJsFnvfOVYPmKO+rmRdzzJmO2R4ZkbFNwKq8MPKFzvy4dc+psKOUbtLOXNhBJpC+Y6QB/2yywys0Cbx6HslO/glrHyE6yWR8V5yvHDcTe/104VH0xTJYdedHpBlNaCFeo0eqQRSLdLhdWyKp0ohQqbhN1WWSpPYCitd/pS/7T2LQA8+7A5TPMcdx1WuqKvpA+rLMvXPd7x4T6ibZ5qt//Z5qPmIxnF/kgR8kqbfYGxfkXI9ZNbWc0RtVSPAdx3pVtOm5MFJ3Xqwt+QSFPwK6WxdnjPiEKMl1wTkv0EEkRQ0/QllxOtI7AoFlyL28wYy++mreHPxNgwgSm63eAl/KHGjs69X5th5GhN729tKBqw41FfkQ4yf+NA15VKFXrgLikSAQgHWmbEsApMe2HnqAE5GovKGjPhhvKfXXGVzqdPIJ13yhPXal8kkydZtl7Q6TaTxz20u62v5arSdwkA8SdSZTtfxlnaCZAPt78dGiWoUOqgrdgKMNf90V8kRrBj9VXVRemFQ77yvMd1G0Zb9SfzWojXXMH9YEQUf9DWfE+XHII5qfdL4mdH2Fyuflm3Wm6Ukoh46z+kcM8Sh7TOVA7jVotpRrcv35hpkNeii7o4f+FSRjGYCaFR9zhbruGHJkBa9beu9MlRfiBkOG0mHF8JpacPXpqMUHWeAawMpaf5AnJ8oPn5/+DwjMH6LP3YwpxMtZwURnfQN8lLSpv84MKcEXhqOjEkx2sLlYdyh5swKmVjscSJpc9Sl9legq2FhrvNXPflWdfMxtlUdVPrhmZOe5ApxWzdFqo+AA03Sxep/hB5m6sXRlUS8Jlcayx1bnPhTUbjRrYoR5VjH4o3//Jx1hq0KjoSwRiRxOBRhVnBL6OHugRoF8iKtro5zG0mErOPRcTy7ZPmUfyPk9n5IPTi4EyRMq8SBcxHv+V12tFcceBQIXRWv01MiVAgEl6m0AxLg6kff7ntoMmHFC7CHbSMKW2pdViEQ3TDR7BO/yFq10Dy8G8zmTM47YwutNjpmLslParaLn8Hr4GR3st+A/hUlEiYbchd5p2zQ4WXvWu/3SYaeDG4aUifrK/prg3dk3yI92mW30rAf2iT7cfnPj3ivVBRy4HGnHZ2zEZpqp+oEmiwEbfXLzM6aXJnp6G+krpP7TF9zkl36Sbr7EHpqRQULrxMuQ0u/N2VxbY9olX6sY9ON8Y0kX8Ja0yZpp9XeSBhKGtLD57Wp3yDCr0mdiIn66A3hGS1Jn3DjZqi76M1ahQBMm5Y//fNZqJ11XrvtochW+CXBxp1aG0f6Pqs7vdMN4mRypyANit/rUQUm8YzldRLHtIjIjprQ1mScv4ipjifpz5ICtg86q81M6GJ+kkoE+gDZ1o5DKWDKXXKdUyP/hetOFnB8zseP0ht+DdvRXpNElxhmh7wjBa1i0uBd7w9lgz59KudhNK7U2RpvEEYLhI4sNiAFAp/ftuSxxxBMYXHYejIwXc6UEAQGN4pDWcHWOtNmCVy0ESKeyj1ANPiDGuMmns++8hpnBm8kQYxxa7HOA6IZYs4E2BI4PJIojuyKemctETIxSTQGT7RkUDv1iFUZ30To8WNRo6vynpGS5Hy6FYx9xoJW/33EfNyB+TK1N8/xf05N99G7YDyWpCA/6OVyCV/QMY9/Koxmnq1hPJNDFUL9r5PNKrr0uH40CkvKY5ss4Od+0/q90Bc5JhnH7XxXYopNEPz6oZW5FoxDYgtgMQrivtapVcqVVznB0YuhDn+UwdtmXQ8s91rzZVEQeL3vQTIMH3N65ntx + hostcert.pem: AgBv+YONq/fs8rchkeHrVLSywsnhUbtN0QWYxl4HAamOTPK47bAkBzrGDxlSY/SuxKGpZ9dV5WEBgP4m1c7lRD4Bx/hhFCyOMqIE67nDJ60gMrmfD81PzKYQdlB3ZmQUMjxHijRJUGchNQDkGHveiBSyQ7iSaiGm9J3aBi8UE7VmnVPK6r+vJgvNgC5Wbo6M2vtz9sJ/RcpnE9W+NeVms5e4t0813rOnrfgCyX1/KiCo/N8d9pOYvVKcTq6mOFpeqJPu8cmfiEUeUfbwjpaKPwDYZLSjnWx/S0QfcqnpnQaN212cEAIWlriPJhtS7ngpdGaolVD+SNf6gw/CRwX+M59rvtq+98CjAFVpJVtKyomGCs73aZ71wIHd9dKp8icg+OfYHerDrZt45LQTojvm0x3E3T5OwmIRZbjYyC/DX7oB3fh9O/TGynugRZP9jmrLV3U7EOhCKPROEaHrmnXYBHGL7MCDqpr9MsN98hKHZCdcuiCwTkHhvcaozevu4E9td83zdqzMUZhr1XjTRACATcGxHbdqwhr8Nkprr6Kkt33KQNso3IrsvXIKwsqwuzQsl3D9naSss1U8R2a/6lbXvHo13Ab10lTNjYBxZtQupRW6FQLITlHGlVhXlGfNc7n/LwUe4o/pK51v+atNGF4fXN9bbVB6elSKD4Rh9/BE9OW6ZzyT1s1u16LXhjWO+/vHlzJE09VYciZBFfwxbEN6ImVrOP7YMStVx8iEpaz/4J5YgmbCVfNQvZkjQsYdZmPdsUUz5L8TiFR8ZiK8qn2IA4EEYGXyuoZOM9ewIROHLVQAQOVR9Kc5wWKdjjCZhLtah/PXQn3EiLm6v3KNOpd0VNtqON3YotCapf4CS7idnzQwWsT1yx30Xet0BsM0MufjhSUJHCmnAw0chuTWOQ2gk33dy5VL6UjdUJje4SwCMg2ea9BWXkjk4erIRVd8UWqG7btcEStrpBhf7xoToa4RKr1AZcasVDt1dVi6+huFk6zaB6i3wR3kKLimqfvev1LqE3GLEZHhvdZgfftbx5lnwez7iOIVjI6TTE61/2Bq6hoLmSxvbPLcuFJ9EKDf7FVA6OMnehg6eMi2QiEJ25clHUd/wuPmaJTcx5G6/g4TXt2w2xMsk+ih7iUs7ZFdXk0/jGWKpdHO/XtHXg5t/Bj4tApvI+M3Ae85eubrSNV1iG0TpMdgBUWT0eDHjeAlPXi6xMoY71PKMVVjQZ1zvkqLeL1heRH8TQ9HyZqVanaAvdi9DF15SAyx61gWyXHw9aAs7VSc+lT66fcxdIMpks2q4Xnr2oMkzlfI6chhEWJk4yeL7jcpaevwyTAb8ZvitW1DCoCu4IrqhKJ2/IwzaNN3wzvWWxSbY5xdRqnhLGO+daAHlihPG2YHi0l3NRp6eSCkTVqRNeU36HJei5JY+IdPIJrYU2n6R4M6AOdhWc11pzI/UYCGzN9dBhiOu+CHo3WI2Ollqnoi/Bm8Ijm7zibyh3yJJIy+nyjOgK4pInJ1q5t6Gj4OYeiNmaxWTjOHsMIm4nuqKGlyd12AGRCu3yWBQdG7fxfXgdhSx09wHESFHliO363jHOOdD90YDJRtl+pqoQ8KIgyoVhdvfd5njgStX0NmOtlVO3WZ9F7JJVhTgeXgYX/cIxpZd623x/8MV/2InebnSdD9hUbkkTmmi/H/qGl309x45pk7GPP0q5uKIsfIBsaAXYqLjX8U6b1WuS+l/w+N1jUwaE/Pccbb1cLKfyLRYfuXLem4RsD5BbbVSQOSmAFF/pVfNGDgawX/BPfylkEQ2g/XS1ILSrr965sXVGkqj4gShWqXEV0G8YHV2Of+s/U9n2RAwyXnZHSDbptl7KzCN60OA7SyDc3myS6FlMhmWhlzup/jaKAYeBsaeHKNWrqS28owCBqTZMIJV0roCoYtpNuJX3N8blIaB7JfzhCGCqeDfGtyVgJINblIikfM8QcI382As6KCGMoTa7hlO/MTFKVes9jxrmmu807vbpcLIEhG7LG+1ysI8kuDamZa8bZgq5OskwgFbEnlMPubTJhjXcqeJRDb1Yj1Chyj5CMVp+3yOq5yUow1vfuUenya0WLTMWKXqtP2QeyVU+H2dXD2AtI//ay6V3jG4Eswlpki7iNePlljbeKRAkzwiJ/6lBlp6c3VpdvOgK4AEh4frhHw+5S/OQ3RKMIUF789zmoxDNSE2j1JiOFhIaIkWy+HqAgO+ik+6eJkB9LkQTnErxUP8JfBX/9rwFiD2HbNGVK1cZncj0UMU6DvoSYdkOxDwhhy8+QrItPwqKFSlEblqlXrru7QRt9mgqmqpnyGosYB8CZpzJvG1A6IKYteQcBb49L4bzHScE3eg/R8pAiZrpp7soPKB2+860heRPm7WtgaQ0opwNess1+88lKUMMz4bADnSgWrgneb/KwpvMw+Q64Bc2u5YwGbh2XAcrTU6J7U31ivCCXpDPXAfy+CdqZb2lBId+Mm8/6KT2WeiGRY7yWcd1hngdWHw+k8Yd/pQDIFo3P77xB6so8B3YPEwdOnudvSidF8NyMXYmegircrpjFIDy2hOEyuwKRyIq/+dT6nwfNUty8299euDLfPGLfrzgx0JTm7WOelZrV3OJYXUakvjbFTjhqffxM+JW3UYFLS/iBYqO7muEaaUMmbeaRDOFdTpz0gQT+DaNZl81T2IxopJn6sEdyYpog/Df2joc7BBPgw2tvyZvaXC7e8vddO8oRaB+jODmiJyPVWeWZAcGetnxne9Tw61rYUqJ4i5pT+13kmgmyvo/F5q3+xhp16gs8O7IkODp5ONu3KVbGwyKgnu6WAD2aY+l3JKuDM1F1iZTX4g8QTyrWW3E5aHvitoowyYKsgcWHpM6a1EJRMxXJcbBovbrwOq2PUfBj/QIfg3vpmeGeA24yiidC/I4I2YpnbGt3hWka06CO4fL+hclLyZAV3z86IloprJxk3gbzLBAB7BnFWwrIjzFiFyUi1AStt+dKDQQtBcByqtLa359m3M1aCjvYfX+sRZgDPsmxOv9yi+EZavk7XqYbhMOQdJAANdybawb3D6pw9DGvLXhfJawzi8QyuxOmwd0YJBy9n5fJUyg5zPgT586Q7EHnqrArTjJM7bGWcTat+7zkpUMiq86B2uotKjF6cd/m5GZG51TV7HfTUe5EWi6LGTcA4lodk1GtW+rrBeZJYM+nt8f2rJl/7yDtDP2ueLSCUuAtD182Y/rAD59zmL9OxiUA+BCzeNOsJ6AMsibkZgFvHHIv7T06lrJzGtYN66pUDHDY/g05G82MO8YdtgjdIfMLL+LQx3wvvAePSLx03752OPmmKycXmSsXUW/MnkLYmczu20EARzXQCaUuyuRXOz2bu4pTtVosCQORN3quSIA/b7hmAu8gtc6v5BedjkCgPIWQgX0D90qw4S+Wa8ClCYnZRE+8Tj1u35jGwklhrIUFZg6T+0WeocqR/EZD96++X24Xu9ipC09TQeu+U9XZLMsi7CGfgcQ4dTwS3MobmDo7ryyWD1FJG18nUp4SIXG8gmIg5CPP/fNo2JIF43wc09lDf8DxtEfjTX3606GKBexxnh+Bkxs1Ms0X+uG73kkBOZCologwjXDj9Jfg3u6Q8Bm/kc4P4SBWhL4JDQwGQ6VjPgN1gc52x9q9Uplwh2tKVbIdCTXwiceBagb5oLAR01WUBFfrc20hKr4J5PQQVCVWKndsI3uhdXXtAIExuMefIgI3TXmBjJN0FrPwuoYN+0fYshxur+UHeWOpT9v3pwS1WRzvlAbZwQlxeCXFdybtFhycF6iGyUrEfcSiJmM57N3byebZB3QpTO/OFD7TaWRxbDJ0pnDIimNEMiqqq29yrDqQXiHau1TIb7USKgUklFhcXLbnJUb/z1NUeKrtxRIO3P3avRDOcW+wtD04iV+Jwow6BtEETzgJfjTMQwbJUyNQo+piZJd+0O/sPrZ0fA/U3k0UfOcbUTycFftrCraIBzeH+25t/0IcWGHGlj+7GCNpLFKMEuxnXow3TSA72IPgnHJEfiYBA7uP9gh+uxDWq6dt9pya9j9iWgz/+CEdp2Ab8mi5Hp4QCWniDp+XKsi5zR7+cwnV4dC9SIlsxNAPDbM/HUDv9EsZcRf3iR1IxAti0Ah+oMc/e3XxWrl+BIAYZqFtvxXF+52JuPiqJVcar4tNmDgYslf6MvH+NnUFsA+6Tfg0LgiLoxXmqCoMNHEehMH72jHHkyQZkUIkNfO71FZ5o2djoradLhwM8P7eygJ1iA6ZQ2lWHtcXpN1ktR4QtcUALWiPtH3Z6oewRAt7ylyZeyZqVq4iR6XkNa6THm2ZRpx/eTEpvJSq69I/v+8hIh31sa59RiaLg7zM7coEO9UYbmMH616NNUkRHJJ/fAqnXQkZI5rnFDdznh2eUw6kN1Z/pqufdt38UgAdpkMklck1FTRwBjjwc06/QAS/rzMiZulYq3s/MjZJXRn3SPN+0UXmSh/j+L+Fw0/qVLtV5Qh2S4ddN0jzNRub5bNfrW92V2vrIyvEjrsoReYP0inR64Wr5AFd0+RMZ3Nk9f6277zsi7nLzN4W/XK6vKdebBlwxmOiRUfwKgdY1LezzZUhCwsaAIZqCnn1MUY710TbstP9ut9Y/cNuaANPpsbCAiQS7GDGv300eD4WG6zoPaYCGrstUYBWaRVQLtmkUlSRdGIlpePON19SDusZoLZQMi4i52k8KnXs79WOoVR0NeMmDojmcbH6U9P/7Fx6vuxk8VgC+VCX54FrgnUkdfA70KGwiR8K+0Z+NKYHDQWEsD8sCCg0NpzhqThWW template: metadata: creationTimestamp: null diff --git a/infrastructure/secrets/rucio/ss_ui-hostkey.yaml b/infrastructure/secrets/rucio/ss_ui-hostkey.yaml index 737ee56..067a7e4 100644 --- a/infrastructure/secrets/rucio/ss_ui-hostkey.yaml +++ b/infrastructure/secrets/rucio/ss_ui-hostkey.yaml @@ -7,7 +7,7 @@ metadata: namespace: rucio spec: encryptedData: - hostkey.pem: AgA153IAnVMX+NwM3zaoYkA1qUTmovxzZ7unvNgXtMNAwNnerPP9WVm9U6CNg3gHHEckyEvfZ4tMh+MM5XX+F3+xfyL53uIG5mFMNm+o5MIAUQ8/HC51VfVOmE7Wb78fXrS1xTaNnrMdkeCQHWWSUOMEHKEnRFlWEd1vXrqZVan+7goQ7ez9pQTem4+Z8yXVBSSmt0Z+TWtX4NxngDst0m52o2fEupm2MbLHc9bo+uLduEKryggxRMVh+izMqP9vvBrT9TcflgS2z8xNwT9PN3D51RrUj5UWkQfug+lL0SMpM4lH3Fd2Q86fbH6NGto7zf3MuFfwU+D0ILdKJQyzzxOgBBabf4uBtFjLv3Og6/hyDZ8k8itBgLehRncGt6JeqptqoPCkbOIyQtVu1gyB/cLBFzRAH5Km98X6mP72i3y0E0Hjl//Q3oWui0pbzYR4KtO54DCGU7IP5Df6DvRmGY8aHPGNZAJJ26rNEoAr2yqL3Z/pWxkWzMJV0MBu2nFrrR48tTTYtj7hgul0CDilpWCMQNa+4lnSWWZxph8mq17YFqJcz1ESlIidDpZiNnQE8ZClIdMbzZImCzFhCDnDyErwd7Az40XzqRwdV4iS7YNc3knnUDf4wpjdulam9e3iyLgRPnn0HG1q/8rkcoTunQtEN9C2Zvz1Ec8TtUpTXCCMMZveIz4K73Zff0/eAYTLOSNj++Fl6ZUxuyRni9xueMgDwOrlhxxDfJ5WibJJtE1gkxrojxEgR2d92OQ8mtCBROAp+niI09VvF4nOCDUbmhQyueXvuLNExvnM6m4cH6HHWoQv+wjkNb9prjQPRo/uvD7tRIcHvERSvBfFR+I4llZOLgit3GjB0df+4zhWA52EAr2exktj7GCWAPk7SBBOfsfzMQQ/2njNnxGLSVFiqyhOot7yGt24SbWopZQroctiDDNgX2UC6J/U31KumkiUY+TE7fhM/kOqw9L33dsDDZu5DlAMBvd9TrTtudvndN6A34XrzzeD5NXkCOynGDoFnfBqaVpJ36653ARaX5ojM4LqaCpLuYbF3FKimdKUjTVLsJF1M8rUF6lp7oxqKSnuTJPvf5K/u/7OGOcJ2LzskVcbh2etghl0VGUAstihHEWAnpRu0N3rz3XD/RviJ6Jr7tS/U9zEKm6i+QqjOnpvKLDgaJw66MG8xvMpaT5Xd2ZPtYOdj/PkF1LOie7FZEruE6i2mIVJIU0dVrkNZRczf1YDqQg0gOMlWY1n6/qfWyqjxjKaIzyYrsCo3MxJUL+cTwTdXSZegoXkL9C0hl36h/naYnals0lXCG8t7Q+y8BUPzeWodAw6fMAlavitBJ9i23+NtVxQLaf2/ioG/UQ/d4xaEfYt53sBhCTMxa1UYAco2GSG9NktDluDxX+kfT5c6gk4XX2b+alIuE95mHCrqI7eeao/RACKILiqbBxmidflblXvqn3Mq1X4S4+ggeNNX1EdPzks9GaJzzOcCDuL+Rf3fwSWZ/ln2EvZ1oNdiqg0gcOZ4Pv47ZQJT4b45/sl1LYXG8f1gGjS102K3QKhXPywtZAvt6qXNElYZP+kpdgiC8Np8t1M42z7tMWHfgOk6dwZmU2HqTnHv+8NvJwRiVACJA2xnMjF0f43DdjsrySQ8cAyV4Ch3OxvaMfd2sdoY9kh84Ysz7f0ImvmdL5zFuakab1HuXceEwjjHyLGrcuGz2C7HkCo3D5ZIdl1K4eHMVIAnQQEqpSoiUy/qIgwnhPHzv9/QYRdfHmgeDyOo2en3N3yaetEImcONHwSTFgfDog7gWf8Qm6ZOqi3Khz5KtqEyVVo07y3JepW0Mf4mbopHF6BwIUMt49sJhdLi7HQzAr+D4iE9jAhQs00rPafZGmb6yHK9oaTQUM1QxV38aasWueDhjdKl3VZsks8AYRSZYeywvGN+WUVbT6v7dfdep4qCv1wrhBt0TUHezQgsniCu+eHqXln/M7/d+r5FpE3J9aSZTpa4mB3cvIHrWtg14OjwuBrYofAiipRvbnVkZ4j14DKa2fi4xFmHVMOQIBqzsWMWDwdSK9WIiTsRexctVpYUOoDbgzcileg4b2dWEe+DBrsseOstMadlUVJKec9ALZ41XBBi/78ZaBNm/x2DQCf/q4HgWLaP1uvQCRUyYRZXEgKaBz+sBsUIeLdCKO+nFMY80fPtLhLgFyvZ1T/XcIvJioW15/itzdjfiownLdaJyMlk0xDbTcvH1hf8kpk7MnOTWppNt2YvSM/bXRPfSZVYQYb20hS7H20ab3D3H7jRKDDC7gmdZMupPhX6CUNgetad5x+5f995BURI1Z26WAladW4fz1k2KYK5GUDzzRcxkv3f+AICpWZOL0o47veonyVDi9JfQpevQgOYlx5ECW6+fvLy9C8FldUXL15BoWTbq/YnxyJ8EX5vqBx0F9fzu99adSQtWpZMhVVc44cYdVmBJnf1vKnFHiUMW/MeZazD/H+EUXZtVRPw2IvDS207VbkCSFTuMVcYxBH3BoXBMR6YhlaCcynWTvmNVVgXVkXdr09kDNo7bigdx03MiXYJFBFxaK7HV8GwoI0wRC4bE+0C6GwqROLVo2e4gLyFZDkmkWvLm4l257uY69tWI+zr35nQklXQDUGVUdUtH5Jlbiu2y/ka239LUAts4F6cIx/ggcsBYU39j4zxIyKmzk6jQ2bKgHzO6fqNNofpaUAhRK7K9DP82/nqaMURkebE7jqyQKwd1QMxIJKnTAsrpMxljW2xQqChaOEIRHY3pUILNBMyJUG2MW3FrhFQRAITZUOO2aIVEZ/nk5v8nhg8lIXvz3BbftFW1fs/W7Te/vxPBGd2e6mqCxy1bHRibC/ufS94QVLmm3VjqQOQKvYxZiI0c1HHfw5BO7WaiAzeZMClhJT8ouH7Qr6fv14hvvUky+zWFXwsF+SIv+oGOxQH92d6ceV3bLz3r6lJnoOCC/au8tUysgsRO7OUEmnXIdy7/+4J29xi4WHfdL9pOT1EVtu33h2YNKmIoviTPqLOirvzIecDzQ9p2M6hLz7TgiLKdIUIpVQiUvmZIu/YbgD5cD11lcb0E5yN1s1Ccd0xV2ruKWOj0I+BIwnUOcI/cGD8Pn+thXFT+AsKNZqRhGK38q4oXhqRXNG + hostkey.pem: AgAYYTWkxNvkZl+MMEBf38LnioNxHF7Q6EK/DBH+6N1FWCrsqaxLGqHDAVCLy3i2wMAQvCvEeQ1jaeP8okEZz7ttK9zyXEvVDWqOQUqS97jBkYVTRu985BQ4scyqg5h2FRAw/jdtqgY1qul/XVE6m0bLZvVcna01bdyNcbtF7POJedzIEIa7yxN8rexqCXQNqRSVauQhj2b5s3BSo4+jrIapa6B34ZTVR20zPb8nyU29MyiuFpUfJ+x0Ra0EMVHPr6n1PQw/iiGUBzboeFLwDQBUSD4xwiBQFy7I7uZm2cMy+yoT85gQhrGLBrBAaSPQje2xukF09a1Bq4Mb6s4ckL4WUMyouXZvlVsy5RO1JdIc/JjKvh0o9q1zgUYrkr6Jax7ejfpxlI3C6VLLNhN5sg6/HTKHtiU7inEb0i9OG9LatJ5SlxhGM6t7OQLJyqQawkp4gD5xuDr9or5vVCnOMjH6FhEzh8QoDr77eGCOmw6SmkLFd+erlRkupZfd8xp3iaClh3ZJsme/G6k6sfMbaY//UVU4CR3TToYOOCq/m2NA0NKR0TpwXj9+L7JfQnstJucZinIieipQRqU02ZEmLBS0jfG3saHIcf1vdRUxPYNv/q0zjc0hInE34C8hJ71j1va1gfB4WS7GWkAergMXA9SAAsWBwck8XW83nS27rinssiVr7rluuRNycGDVbAbpLmNyHxctUK8ZIuZxufGjP81Xbaib0us3xi+pl0G+DH7euvsRK1/VkAog0LJ+YJ+PI9ENn3byjCbSLHONs/cIPrp63qbpg5cP5Ku9R9O3rO9QRDtfb3OqazTZ1yVLt+l8zmnrWiCTwe8uBs3U48OjBRvODKY6fsRGicUMiRwgSq4agHpM/3eiNHraUe41b/AvNN6KuuPr3ASWu1aNyXyO03yYFXZFe5IIrLJxwzVUJXhNLqxZmzCcvaG8d1e/+s3h4lmNNFXThz+5DmM8NYksf1v3XUwLL1XBK6Jgpt4QyMWeHTqfGaACbESjcnpKJM18V0jcFU8PfOGNphD4biNtVYNv/P3Rl4hkVZvlAeAD3kMb4Pq/VfconvhzQnAapqN4C/H0fjMx3xG2NX4uCcsdh1olXZUI9Ycd4w6Uhec9zRujM0bV4R0YLShWwM+K+Y7XpPouzLjt9mHhBQ8BqpHwbvKQCgJAxMrfQ66pjpjtfsoVX8WW8r2u+R84qlltRzF8TgWQDUhVVii+FDhV0lhDB2CK1GtLFBtzTpE1FtJ73K61YoWwR6vF24RFu0ph5pq9ZhkZIA5ZHySfEOigp/7NkBRd25FscdelD29ME4Q98xCaQJo8MQuTAliPW+g4SSMmOCdp1k/RiyJTjlYwsNP3i6L08ihIsBAvDhqsp+cBuZtSoY9Ie1orQPqUtR13dnNU2cnnvbAvwooMLTNhepVQCEy+d46LtQU6iClw8u1Fvd19VqQWk0bDl66wT8IOur3IFVt8LqRId9kTw9kM+wuje2OkF4MUbuKfyg5wkxACXZvfdh3pHVxuLAc9RpJtmwV8baw6h80VIfJOQT+oSWc1nFjD+9zyPjaXJ3UhzGmQxQoazZEEmGWq7Ch0sL8tCUPLT2rVOPhKbCao8telhJXKAlHsYBVjct55OWWbsD6ml3gIO4DpIChPecxbWaXQO2ZL1uPkoROtxmxLNwCe7ncZjkk24pEoFvF+nlXnTvEitriprWMDvSpdssReieLVp38r4RN/oeZVLtui0TDu59jhzuyMwR5Z5fYhVzeHtEUy2Obz/CYMWJv3HKU+avN9ALS4l65XhmkpbxJmLzoOlxTi2jOH3jUE1WAvysTCfGV+wlqpz9YZcCEBjb+XKLIrCdv8TmkiC+/B+FurhX+uLuxurWooLPT2tSAK/PFaVPiySoO9o5s9jV9ChaEH4Hyl2QjWTVEUJ0nKOrCycFqPbvGlCJnKnIFJqXJoofNYXaGR39k3BHRxhjm7plIvDoeSkUwjcsLkSrguCJvlxwj3OZSKmw4j/Q1uk/jtX3gYgohB/U/VZviMbGZJ/WK3TxChvh9l1frhYenCu6w6LbtlC5gvwGNZ2wNFB400xJTbWxulRXIWTRfDFwW1NJFRH+kpoeqXmSOfp+iAjW86JeNERb4Z85WaYyMnSh4MVxCTFmQp0fSNXs81Gth+cUoyvJcFL1CKbrrIzEc1E8+3Th9FexP44w3b+WCK/exDQ65BqVoVDUy+ybhWPvViQM8vZZHk92Ge/WYsYiuF9+wQTM56gGTTuvXQpU4lIJPqVHsT/V8yAbRiTJg63FqoWL8rDu4mPWY+e8mkUQz2RpdI9ka1oLFnbEoisFDxkg7ylYcPxkQAVoVfu01I3xeKsBuL/qYJvoYn0ZmcAbxZphUgOboHc/Pd8oUCEwDLyxAbuyBIY4co1S/jjJ1QO1fKDimzGHb/u/D6XPRobtVmfYI5lyhcvQgArajPQM3Q3er7+KasncR7h71F203YKWDKyyya0NV0nAdO/827XQLV4K9evxMOuyLMlvRxANDPnpBa8uAT9oADWsJf4y/8E5RHlSPrb6vV56Nd4nRo5JmrgcOciZCvBbTwRNrnvf705vn08zYWdPVOBG1MtXAvYzmskcMCQUSuDdBqBhhICA8mJCQVU672dbBMdDGSp0gCd+2dVb8I8Zjf9snZdai2nAlrA3l8HkjJehjwAo4JaikduT7K2XmNLMmsMHDYHWw/I5H3UEP9/zUPsgZxXFw0nqgl60DpgBiONQruhBhcc/VsAHp5NeKQMa0YpnwNVsDYJMKnV/dir64kgcR4CAes/2tg6xiEJ4tUVGOB7UuseD9eswAXvWVRrLcThK6YvBFqfoUJIE6TuQkrdJyowIZDtmNjWh4Pa7a5b5CusmAQUmIxjulgxtrHRfpkJ5kUYKHegjLmTCetBJ2CGzXPes4mmqBUgrzelUZ/Sx4e+o3p986eVZMpvGL3VNIfRkZoVidwGZt9owSDapzTkKDN7TexUnC73ceo140X6+PXD6LI7rbrakhgBji5oXAxQEnLmE7q/Y5SfaZ3hQ1OswJpZXkRsUzSMNGDa7+RERXdkS1WPj26vaqVZ5PGQOnSKlM99YzM+8DFF1JpOKYnMSDyxfxk4QGeFWs33WGiDv3l/oN9LH7N template: metadata: creationTimestamp: null From ba6d079e43c97fafe19c85c1fceadd6b50ec0cc4 Mon Sep 17 00:00:00 2001 From: garciagenrique Date: Fri, 15 Nov 2024 11:38:12 +0100 Subject: [PATCH 4/6] enable ingress for x509 auth --- .../cluster/flux/rucio/rucio-ui.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/infrastructure/cluster/flux/rucio/rucio-ui.yaml b/infrastructure/cluster/flux/rucio/rucio-ui.yaml index d4a1c0e..a55181d 100644 --- a/infrastructure/cluster/flux/rucio/rucio-ui.yaml +++ b/infrastructure/cluster/flux/rucio/rucio-ui.yaml @@ -70,15 +70,15 @@ spec: rucioAuthProxy: "vre-rucio-auth.cern.ch" rucioAuthProxyScheme: "https" - # ingress: - # enabled: true - # annotations: - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/ssl-passthrough: "true" - # nginx.ingress.kubernetes.io/ssl-redirect: "true" - # path: / - # hosts: - # - vre-rucio-ui.cern.ch + ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: nginx + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/ssl-redirect: "true" + path: / + hosts: + - vre-rucio-ui.cern.ch ## values used to configure apache # httpd_config: From 082a827d21e7df1b8aad79b643a95f44fd981203 Mon Sep 17 00:00:00 2001 From: garciagenrique Date: Fri, 15 Nov 2024 12:06:14 +0100 Subject: [PATCH 5/6] enable oidc auth for ui --- .../cluster/flux/rucio/rucio-ui.yaml | 22 +++++++++---------- infrastructure/scripts/rucio_secrets_5-ui.sh | 6 +++++ .../secrets/rucio/ss_ui-idpsecrets.yaml | 15 +++++++++++++ 3 files changed, 31 insertions(+), 12 deletions(-) create mode 100644 infrastructure/secrets/rucio/ss_ui-idpsecrets.yaml diff --git a/infrastructure/cluster/flux/rucio/rucio-ui.yaml b/infrastructure/cluster/flux/rucio/rucio-ui.yaml index a55181d..b8ae9bf 100644 --- a/infrastructure/cluster/flux/rucio/rucio-ui.yaml +++ b/infrastructure/cluster/flux/rucio/rucio-ui.yaml @@ -34,9 +34,9 @@ spec: - secretName: cafile mountPath: /etc/grid-security/ca.pem subPath: ca.pem - # - secretName: idpsecrets - # mountPath: /opt/rucio/etc/idpsecrets.json - # subPath: idpsecrets.json + - secretName: idpsecrets + mountPath: /opt/rucio/etc/idpsecrets.json + subPath: idpsecrets.json replicaCount: 1 exposeErrorLogs: True @@ -70,6 +70,7 @@ spec: rucioAuthProxy: "vre-rucio-auth.cern.ch" rucioAuthProxyScheme: "https" + ingress: enabled: true annotations: @@ -105,18 +106,15 @@ spec: # max_request_workers: "1280" # max_connections_per_child: "2048" - config: policy: - permission: "escape" # "generic" - schema: "escape" # "generic" - # lfn2pfn_algorithm_default: "identity" + permission: "generic" + schema: "generic" + lfn2pfn_algorithm_default: "identity" - # oidc: - # idpsecrets: "/opt/rucio/etc/idpsecrets.json" - # admin_issuer: "escape" - # expected_audience: "rucio" - # expected_scope: "openid profile" + oidc: + idpsecrets: "/opt/rucio/etc/idpsecrets.json" + admin_issuer: "escape" # credentials: # gcs: "/opt/rucio/etc/rse-accounts.cfg" diff --git a/infrastructure/scripts/rucio_secrets_5-ui.sh b/infrastructure/scripts/rucio_secrets_5-ui.sh index 3f13d20..d2c0a31 100644 --- a/infrastructure/scripts/rucio_secrets_5-ui.sh +++ b/infrastructure/scripts/rucio_secrets_5-ui.sh @@ -37,5 +37,11 @@ kubeseal --controller-name=${CONTROLLER_NAME} --controller-namespace=${CONTROLLE kubectl apply -f ${SECRETS_DIR}/ss_${HELM_RELEASE_UI}-ca.yaml +echo " *** Create and apply OIDC secrets for UI" + +kubectl create secret generic ${HELM_RELEASE_UI}-idpsecrets --dry-run=client --from-file=${RAW_SECRETS_IDP} -o yaml | \ +kubeseal --controller-name=${CONTROLLER_NAME} --controller-namespace=${CONTROLLER_NS} --format yaml --namespace=${RUCIO_NS} > ${SECRETS_DIR}/ss_${HELM_RELEASE_UI}-idpsecrets.yaml + +kubectl apply -f ${SECRETS_DIR}/ss_${HELM_RELEASE_UI}-idpsecrets.yaml echo " *** END rucio UI Secrets Script" \ No newline at end of file diff --git a/infrastructure/secrets/rucio/ss_ui-idpsecrets.yaml b/infrastructure/secrets/rucio/ss_ui-idpsecrets.yaml new file mode 100644 index 0000000..8f0d52d --- /dev/null +++ b/infrastructure/secrets/rucio/ss_ui-idpsecrets.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + creationTimestamp: null + name: ui-idpsecrets + namespace: rucio +spec: + encryptedData: + idpsecrets.json: AgAjOKV+6idjaFHxwhXmj54XuP5YId40EajnNpJKBimAP0WsTMczP05pVKtoq2Sc+qo2AC4ByYL6aPsNgsPogszltX9rQ8XZr3lf21IlBNl0s+ld/nG5p6MvwdE1pD11NCPyMK31xzV1ZslbO8006fv2z1xwDIazAwLtfgGU5xBqgrO8rFdwVtIX0prfFXyqR9LksEUrVDan0Y7G72AikfO+uXMaqb+apNz9v7nLy4W9h+h5Fk5TaPHy/kMouLUEkIDQrOslFPHJvsnizsWYPLOjPYHUkxjiQwClHIZDr55V5DF3TVrDMj5oW2MKSz6V8j5Kw4g+HcnZqYNdp3QVP92wnWgBFoHeCU9AeDxQCmqeQSKY81bxinGKwDwffexDLS+Ir4cg7hgv9AurhK3VgwEGpy7nVYd0e71zlLlGNW/mew+hPk8OPsK/ng/MrGPXKIrbzmto0Le+8unvhh33TGjmfCC77fYTjgHoDqeIfZxs5yywaYMPhVAfXuv69OYclTQcIyG79iajI7U0U65x1AgHGcUMh8FtzorPujjZ0UrlvTjpNRsvyqImS6FKIQ+KKqcGcPirSIQwHi88lpL4MsiJv/XgkpsvjL1m131sJX69jmUnvhRqyLNikz+sl24AqCgzF1SqqEyp3aVehIv+ARPaF3o4ICL2YqdS7jKhZeamdXey6eAgpuLKDHkWK4N6TvitlHrop6VW+6cmicsczlhXZ/xDOxp7aAuC7vquhRoodMSOJEb/ciIii5H6mMEtP+70ZnMsAsxVvnS73qX12NuLzna/eUmGpSi17L35xV/9tQDJuvTK1S27sPzOaGdBL23+rsJ+uRnThID9yNzhiHh8DQAdMGAoTQiQG0yRMpSJ7Msr8N0uh7uL993OaHAgFIHw0he8ZxzrootN2M3Cf1d31MP2A4Ns4Te7ZZI00EMEgtnoiXOAiR1Zqu6lrFE6n6p6WVR/zB+nXAjZEfO0zyhD3OnDP8dkeBS6dLza6FuNzcKYCCX7cf0WQVTgLl8MmqK7GYsyhdZBkwUFiKeqOqmUI+aLfdVDLyj98RzRIesMZfKNZw9j+HmAMYeZ5Wv0+xdv4dQUWnx/dcAd5o8NqRuNrzKqEF8l7/T5vAIXtAIICH7p/JA53RY+8C68tmmkQgyepBelzZUilVrmfDxNVZQF1d4WdCGG2UurT/jdsWIXb5wUxJ0P0xBW8bIFn7l2BXYu+Br1hIWuIt+ERgea9xNIfUdy60RIts64nAhpjyGM0ihDw+oFazGr0ygz7x6yz9UNhoCM6TI3Jt0tIZ502OOC3eTGHOFXAGkRJwKBft1J1gvVgKvrg+Nay+4WBbF1bJdi0CaDNlZIVujMDvoVVK67fynxTmoS5g+f13qRLqLtuabVXlAx7Sxj6r1U+pMv1wQDx4DVzNhemDerPkMQv2nbcfwU8TyBtIk7D1xaUDH4q0Jm0HHYbixmgrRpMB4j85ctlx38quS59kYce56be+yKOSqxghPMh4FTOkMUCnJBsT4BVh1L5EmYNi4hAIE6Jxgc1jBYw+dWAZsYxu5oqm46crYolfCU0s/8ttraGqGaCuwlwKULAgL+0Rr1uACoPbFPR2pNqAxkmDGnL1kQwYPTAQnlQq1YsksRSuO6s2xzoSAZwJT9yxbsty7FvkMBmDCsHkm6NNT3RfiKmaaK60Y2sUgoOaBOCnmtgwe5zqt+FgVZu9TFn0UPSoxiGQPKFS/ms7ZbAkHbxbNmrjNTos+gRnq54obzmfWaMQvPC7b8wWV3UFfgJ2jM4NUMBOH+1eQgvy5XMbpIt7+sAyUlfLXX0YcVT5nCFWrxIFdSI/6rIepG+yZPm1Mu0ApNGQdvEo/NGYSWxRbfXQjdh6cm1XDFJOoh5Wn69M3X5URbm/5FtlmWe9jZJRgfbf9j9u33/Yt43BB8CCscsZ6cIPPhPTp3lBhxl1znZ471X2POBQ8q5cNI/caQ6zj+sY4ERNcE5AHvHRqzWiFCIzni/WbRbie1HsUJPdh1yxqvjWb+eNsv4/0XXGggUGW127NtmLUsMjAEhiotzJBUuTpvpkhAhY/vA62G9l1icsvi4VII2GWD14LtjlH08Y8WQ+QTYTkFRrg0NiCEerpGeEyLQ6Y+KrLL5OTX57N6HMQPxV+Zeww6U39WkZU818KQg+u/c6viwafVd76KgqlWMdMsTaqgCx8W0O4EG3vVIZJpdOt8V+7bYhAB6W8KkJkMCnHCRv/sdYn1qp3iL9ZwqkLkoKOHB1N1HLNy/52xPLO/twD4DKEaljNQqB/n3jarWbwGkRAnzrpYqJ33J2S1IGWEWw9PTjocFu1neLT9rPbrod5J+sRIxiA8FqO1N5RXcTl5fEmT8bjgCM5VofeMb9+F2NoGHuOLKKRcw/zrsjvQh5D5NqkJiMi5adrJZRbL7wLguGzo6V0XKoqyOX5cVYV8osqzIWbXymojiQsNYGwFHLjkAjEDln6xvPZd42mXKktIbY2SiwHj1Ye6dweLNrYZDyFdadyIF8kTlI40hPcfunhpqK4UqvPXrZnWolz4SXf7+4ZJ4qidNFkY2DxtWZIYrUZv98/wN1c9tXwkpOvcxpPSzY44NKN+oUbn+VoKb9SlgFS0g03aQMxYfON4Ebo905B8pMmlkKnCZXcJosS+EAu7SQLsXuqgGoGkKq27DeBeych99O0PA98cL/XnCukBQtimL+o1LKKPPh0brLNlwV9pVlNsS32q/sqkoOGh4Ate3dCRnRPywqpCIfyuOGNw/cUClfrS8rQucVsjkbsbmwKiadeUMWLIMEwPkmTlu74T1TqbU325XHD+wJ2uBjWJx8XqxlyDrwKLBNGDwXvKTaxV0yNC1ifRKmROP3SWVA63u/e5uOd0D2/PxkgNirVktd672FXdXz9AnQ8932G4mFlxY1pmwrtjWxLH5sU0qwUkDncEs1IchtL/EoWMsoKBwAizerk88eBtsKW0+Faue9hwcwcy3aCgvmhIMN65v3GsWi2I4B/BnfAFaCIiVThoEWvsbMjhdb6lMU03skIcBOLMu1hfRcqHaokLGet07w1O64L3We9asvSS2LkqZyO4jvlJsChI6JFX2+OMBXcQQnqTQxlzWPU2V5QQHMza+l0+fOpysGTfB+68XTBnphgZykdyjkveiQKD3TisX3juZQmMF4zf4/dP0faRczqxEa2bOp0Pp25OqbY27vMUEUSphEy0YZFeYcQCpkXBRhH0sL8h4H0MqWwWYlOPrw== + template: + metadata: + creationTimestamp: null + name: ui-idpsecrets + namespace: rucio From 321a9bcd35c9d157a9e0f54d97be0715c7950c24 Mon Sep 17 00:00:00 2001 From: garciagenrique Date: Fri, 15 Nov 2024 15:58:57 +0100 Subject: [PATCH 6/6] remove ingress - not working correctl --- .../cluster/flux/rucio/rucio-ui.yaml | 23 +++++++++++-------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/infrastructure/cluster/flux/rucio/rucio-ui.yaml b/infrastructure/cluster/flux/rucio/rucio-ui.yaml index b8ae9bf..f482630 100644 --- a/infrastructure/cluster/flux/rucio/rucio-ui.yaml +++ b/infrastructure/cluster/flux/rucio/rucio-ui.yaml @@ -70,16 +70,19 @@ spec: rucioAuthProxy: "vre-rucio-auth.cern.ch" rucioAuthProxyScheme: "https" - - ingress: - enabled: true - annotations: - kubernetes.io/ingress.class: nginx - nginx.ingress.kubernetes.io/ssl-passthrough: "true" - nginx.ingress.kubernetes.io/ssl-redirect: "true" - path: / - hosts: - - vre-rucio-ui.cern.ch + # Followinf documentation [1] this should be enable, but when auth via x509 there is and + # error that no rucio account is mapped to that cert --> Disenabiling it + # [1] https://github.com/rucio/helm-charts/tree/master/charts/rucio-ui#ingress + + # ingress: + # enabled: true + # annotations: + # kubernetes.io/ingress.class: nginx + # nginx.ingress.kubernetes.io/ssl-passthrough: "true" + # nginx.ingress.kubernetes.io/ssl-redirect: "true" + # path: / + # hosts: + # - vre-rucio-ui.cern.ch ## values used to configure apache # httpd_config: