diff --git a/kube/.sops.yaml b/kube/.sops.yaml index bfdb0155..08cdbfcb 100644 --- a/kube/.sops.yaml +++ b/kube/.sops.yaml @@ -2,6 +2,6 @@ creation_rules: - path_regex: .*.yaml encrypted_regex: ^(NETBIRD_AUTH_AUDIENCE|NETBIRD_AUTH_CLIENT_ID|NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID|NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT|NETBIRD_DOMAIN|NETBIRD_MGMT_DNS_DOMAIN|WHOOGLE_CONFIG_URL|ZT_ALLOW_MANAGEMENT_FROM|ZU_CONTROLLER_ENDPOINT|ZU_DEFAULT_PASSWORD|ZU_DEFAULT_USERNAME|addresses|clusterDomain|commonName|config.yaml|data|dnsNames|dnsZones|domain|email|externalIPs|host|hosts|ip|ipv4NativeRoutingCIDR|k8sServiceHost|loadBalancerIP|my-asn|nameservers|peer-address|peer-asn|secretName|stringData|whitelist-source-range)$ age: >- - age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj pgp: >- 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 diff --git a/kube/1-clusters/Biohazard/2-config/3-secrets.yaml b/kube/1-clusters/Biohazard/2-config/3-secrets.yaml index dbb8db5c..d2b67f99 100644 --- a/kube/1-clusters/Biohazard/2-config/3-secrets.yaml +++ b/kube/1-clusters/Biohazard/2-config/3-secrets.yaml @@ -4,39 +4,39 @@ metadata: name: biohazard-flux-github-ssh-key namespace: flux-system data: - identity: ENC[AES256_GCM,data:wjTYJCHIZj64hkDE1gu+7DC9ELdMGMn9GR+Aurd9EWBhFRm0QuKnQbiXs/DGmNkuj08lq+GSv6qT/rjPgmWfMoOkHxkdtSbpgudz3GPksDWoVW4rMWgmOGPXIWnSm8MUxRBTXPCt76vxFJfV3cxtv7Ux9VSWCbgFtviAjuYMvBKVrlryT1Gv9L300fB5JiLMOcDMDNjivU50f/qbJYHrOQ==,iv:WMtpwHJtcW3jGKiEg0R8ewYsIP8UIxK0JI2Pw3r5dYQ=,tag:m2nVW9L55crWnuwLfGSeug==,type:str] - identity.pub: ENC[AES256_GCM,data:iDQn7VGTaTbZQoP29SmWjbYMR3kN+MJljGmWVA8fYNex5ybmL0OAzCYsJEElIqDAK2urpcUgpYZt5SEUV39aUpLVlcreOv6ST/0oQE6R4BcwBORS2EylNr7cZP+rJe7immVFR3pYZ2P9Jkxz,iv:JEUtJeUwIMQSTQpKpmA1RdFCtUpa1vhll1H8J4Bufe0=,tag:Nnz4c49VmgIh5nGrrDWwdg==,type:str] - known_hosts: ENC[AES256_GCM,data:hOPgaWqucuy6cVka2dObKPAobNiCNb9h0tLhLsWBfl5iGDhqzmrn7U60PysskXUVV3cKDE1xkUMz6/Nkv6oI/fB8rW4i8mY/Y8Z4dwL7f0Zfa0KlMKjrJFPaFV3uHTkLKQmx4c5lup3i+ml/KxJugPCavXyink550oh0la6LsaNmZIJqDXapj2ToTBdCrPuzFbz8z8H0JPnaaU4A3pQSDJDfnl/WIyQUC613pCzt6chwjFM8iA3QZb8S/LV8QzYAq+VfnW3RuY1Ft/6USEruskPnWxJqu0kwuz4Xh0VU4nrO28L1,iv:jXIY8HHZ9Q1OtYQq8mp+nmZcYGfQw+K68M/D6yIqwBE=,tag:vqeagluwJ1qlfNBU75heIg==,type:str] + identity: ENC[AES256_GCM,data:M30d03IAkXxV+3QE6wQqJ15JJ+6zSV0sa9OXkDt1sWFYuq8pRG480s+nRRglxaUC4lzLDt3D2IH6LeOLmCg7GqzFdl/JGPRAtXXFLXN5ytqOWTBt1jIzB2SKNNml5AbPn6T3NK4CIhxcLHSj9UH9pVLUso/4WzsKVXc+w2gUBeLjqnWzARBay/Bo1YxQ9tPyx5t9tEvMKLdse+nSGG8SwQ==,iv:eQUE978OUogpz/5xOqPvdQqsBOFUeWR5E8mPjTtf7GQ=,tag:7eczdHz6oyQHmZKmXwuucg==,type:str] + identity.pub: ENC[AES256_GCM,data:qPJoHvr/Z0RzMSvZvizTaeulx0ShJqtLcFeXYDvjSdhKV0hS/k4rZUSQ44wTFl2j5AaGxIheW8itHiblLZN9S0qfi8HD3iDeu/wVaLDRCiJOun1C7868BqEgwzEIuy1a0DS+45VXFZuCEVJG,iv:EV1TucD27F1mfKYXUW/FfLFMkTPgibS+WXPIjRED0bY=,tag:o+YVe6tmp2i8/PpbDB9njQ==,type:str] + known_hosts: ENC[AES256_GCM,data:+uKV1TRql7fxZB8iFTdCQ7EFOgWJPQvSpCLC4Y+HHJMTsujBASfZXcPv85rz2PYKG9BFI3VJO3rSgfX1LoYfcAnKN/D3nCASp3PbDPI/q6rZ9OwrLD6gIdKFrBlcW4suNw9P9LQMpvf2WGbbGbYHYoYkE2ybVJR4Gy/GYshTjcQO+WjhohLWaVO8v69fzSWXyg4y9YAKMqftJ5vIMgaNPv3y7PcJUbtaz0AREmEl75WsjM74pDUZ9zFxX9rA97jFdMIg2bdTUKx9fLuxOi8U7WzWAWwvn6Fl07yvaFynbajEJZJZ,iv:mF5UhY/Ly6H8k1a9U30yyJHgD0EmkOzpR8n3qu8Eqw0=,tag:d5JKpubT6ARos9EwuejPvA==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRFgySXh3cEk0TGxadXk4 - NkVjbWF1Nmtibjlld01iSVVLNHZYVjVDRldNCjcxODFIVy9DNFZkUTU4SHdmS1V2 - YzlXUGw5RVROMUtxUmpVVDZIb0Z1UVEKLS0tIExIdktrbU14MFVHcXdQRGlKTWtx - NmFKVEJXZ2lCME1BTHdLaGd4UXJRQ00KM4TAxXdro7mTi9X+Lb6ILkbm0lo3Up5i - WX6T6JG5QZqNChLAjn5SFMhUJoDB+x3AATwqKI8BnqLA7g5dZkGzZg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxSEVDZlFlU0ZXR25XV2RD + SGE3czU4TU9tVEZlYTF2R05mVzhOK000UGdrClo1TVlLOVdjc2VqOU5nYkZZR2Nv + YjRBNTNhdG5TK1MzQjlJdVlEeENQeGsKLS0tIHI5NnBreDFmVGJXNnVMVmxmalg4 + KzBCRW8wMU53ckQwZDhvdjlEZlozQlEKxX8yiEpzu+A3ItXzlCuoL/+wYaQ7IPnZ + V4vGVAKm635mkX+xacfCzReHR8Mw5jrPJAnnRA3qOAG7A+0aHBesWA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-20T21:06:36Z" - mac: ENC[AES256_GCM,data:VieVvo1lsU88eema6jVjU8YAuL41TAAlAt+VkSN/knxR0ODdAvZiI9BJztexcHCpzpSxySGx4SJqcRJsiJbncB7HaMKOoD725wi66/SmmoxjF+nAqpB0T0+8JpaWelV/vtDxwfKeD+VnyU/fm0Pn0bRRlheq48hwT63C6aG40ac=,iv:7ZFdAiFCnX0o9a9OdI7T0g0iIA6IwdfRdmX/fOs1pcg=,tag:NVCrxDwmm9QKLvmYzpHMrg==,type:str] + lastmodified: "2023-02-21T20:21:46Z" + mac: ENC[AES256_GCM,data:9gK9oHesClIv2D783nBuo0ab/NCBaRfD1z+aIt21/wewM1HStmRlCWzfzqwA7cRRJ4y7G61VGabYwBYSX6lICNQjkZF7lhJ/QP0YM09KFtlZvuXKlEKPCFuIKPwa9267w/SizM1+jxEYNUH/Sy8LrIzNTcr42zn9Njhy03W8kSc=,iv:PTGaO2lqxHwR5Y4KvNdgeGKqXGLBpFLMLSWJO0WV5jI=,tag:EFA2oXcPJUUg/+9XygNgmA==,type:str] pgp: - - created_at: "2023-02-20T19:47:30Z" + - created_at: "2023-02-21T20:21:45Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdAk+tY59UOZhiakONOzshEthBcXoy+UApVaj7Vl6ymX0Qw - k5oDNNH4uOUUKdb33GMB6pMF4LHvc/m0h237M2h+HXq1C1LhMBUToCIaZyfmgvbw - 0l4BqPAfOmrXWMPB1HEUqbswJmdNRKMSDlY3KXcE22o5Zwsq6EJXcn7uRv0mSuU4 - 08t8vr+Qyg6VG8uJZQk1ft8S6b2rewYzNWhDNmQkPj0mvRUPeiVVF47mkXyxxKh8 - =I78S + hF4DAAAAAAAAAAASAQdAa+J1MrvZbIKq2vtCBKriShdEoCz/4+VT6HIGeMfwLDQw + LxJ0cM20zCBTR5zuvae4hp9VnSL1o17o9txHK3Ubyh5jLf49CmSA97ugt26PWmAB + 0l4BFiUxtHys5tW+8ydqYU5t0FS2OqigMb2EH22wv4iBWnMiK+/T+lXoPRlcuYDG + sDahuo/0L+YhyULokfaH5GE1C/umtfVw/sE3H8gV2QniXzbyKkM8d6KTy8gpoOrY + =yxeu -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 - encrypted_regex: ^(data|stringData)$ + encrypted_regex: ^(NETBIRD_AUTH_AUDIENCE|NETBIRD_AUTH_CLIENT_ID|NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID|NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT|NETBIRD_DOMAIN|NETBIRD_MGMT_DNS_DOMAIN|WHOOGLE_CONFIG_URL|ZT_ALLOW_MANAGEMENT_FROM|ZU_CONTROLLER_ENDPOINT|ZU_DEFAULT_PASSWORD|ZU_DEFAULT_USERNAME|addresses|clusterDomain|commonName|config.yaml|data|dnsNames|dnsZones|domain|email|externalIPs|host|hosts|ip|ipv4NativeRoutingCIDR|k8sServiceHost|loadBalancerIP|my-asn|nameservers|peer-address|peer-asn|secretName|stringData|whitelist-source-range)$ version: 3.7.3 --- apiVersion: v1 @@ -45,37 +45,37 @@ metadata: name: biohazard-secrets-decrypt-sops-age namespace: flux-system data: - age.agekey: ENC[AES256_GCM,data:dvfAwlnBgucaOoeZw4WnmNphJIIhljIQkAqpzEhp3iJsVoXfmYsohz2Jeieb2yxhraJxrQ0ZLpMBwzfZheSL6Rz+es7a8fy47/+QR9Fg+eJZdni19/mn3chPpSnknu2Q8lbxzT8WGflU3R1f7Ap+CLyWmts7aIufKhGjV7i4qtRffkx0F4Ozri4ZwzmIzMiY6mv9mL9iqcCjlq5ETcw7nwab2xfwlfDbzbgLru3Vjtygj4hzv4rrBw66u3Eni805t42iTW30KH63xZrMBOrFfPJbXXJGG/So9FBy6Q0gu8wEDIVzExM8u17HB01hKW7L3g6Hur43selK10gp,iv:gOEwe0iyodSbxoWFleBWLM0HFS556kVO2Xm6f4aF5Cw=,tag:fUqjg7j0Vskouk+qqy4nxw==,type:str] + age.agekey: ENC[AES256_GCM,data:xUHoOBEAesoJQ0Hn6mx3dPCJiAkM+CVDxqOevapUMpIkIfRoZrvG5MWPL1WvpnDiJij2n60ObsdEvUTfzjk+swbK5dzIR+ZKB1UX4U2mDUpimxSTi621ZKrGzUjEgezPgEYipErhjum2Yh/5695iHSW8eOgvMzFKraUMNxXPIQ78ObeNUA+jzedjnVmj5YqV2aYy20k2FkY1C64okK0mtENS+/VGBVo3+BELAUDsSp27bVy40xeJN49bJoUbYh4vrF/JGjgotxgIIOhtcQzTYMyf5Zmgi/pCPTMEcN2CkYNqCfn5I/dvp6mtKznZgxTCp6AF9ILTh5031I/S,iv:svu9g8W/yVpost5jDlb/R8Kb5jWX20Wj0H55ndR4muI=,tag:ZHzg7bhsGnQV6rl8VrSxbw==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRFgySXh3cEk0TGxadXk4 - NkVjbWF1Nmtibjlld01iSVVLNHZYVjVDRldNCjcxODFIVy9DNFZkUTU4SHdmS1V2 - YzlXUGw5RVROMUtxUmpVVDZIb0Z1UVEKLS0tIExIdktrbU14MFVHcXdQRGlKTWtx - NmFKVEJXZ2lCME1BTHdLaGd4UXJRQ00KM4TAxXdro7mTi9X+Lb6ILkbm0lo3Up5i - WX6T6JG5QZqNChLAjn5SFMhUJoDB+x3AATwqKI8BnqLA7g5dZkGzZg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxSEVDZlFlU0ZXR25XV2RD + SGE3czU4TU9tVEZlYTF2R05mVzhOK000UGdrClo1TVlLOVdjc2VqOU5nYkZZR2Nv + YjRBNTNhdG5TK1MzQjlJdVlEeENQeGsKLS0tIHI5NnBreDFmVGJXNnVMVmxmalg4 + KzBCRW8wMU53ckQwZDhvdjlEZlozQlEKxX8yiEpzu+A3ItXzlCuoL/+wYaQ7IPnZ + V4vGVAKm635mkX+xacfCzReHR8Mw5jrPJAnnRA3qOAG7A+0aHBesWA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-20T21:06:36Z" - mac: ENC[AES256_GCM,data:VieVvo1lsU88eema6jVjU8YAuL41TAAlAt+VkSN/knxR0ODdAvZiI9BJztexcHCpzpSxySGx4SJqcRJsiJbncB7HaMKOoD725wi66/SmmoxjF+nAqpB0T0+8JpaWelV/vtDxwfKeD+VnyU/fm0Pn0bRRlheq48hwT63C6aG40ac=,iv:7ZFdAiFCnX0o9a9OdI7T0g0iIA6IwdfRdmX/fOs1pcg=,tag:NVCrxDwmm9QKLvmYzpHMrg==,type:str] + lastmodified: "2023-02-21T20:21:46Z" + mac: ENC[AES256_GCM,data:9gK9oHesClIv2D783nBuo0ab/NCBaRfD1z+aIt21/wewM1HStmRlCWzfzqwA7cRRJ4y7G61VGabYwBYSX6lICNQjkZF7lhJ/QP0YM09KFtlZvuXKlEKPCFuIKPwa9267w/SizM1+jxEYNUH/Sy8LrIzNTcr42zn9Njhy03W8kSc=,iv:PTGaO2lqxHwR5Y4KvNdgeGKqXGLBpFLMLSWJO0WV5jI=,tag:EFA2oXcPJUUg/+9XygNgmA==,type:str] pgp: - - created_at: "2023-02-20T19:47:30Z" + - created_at: "2023-02-21T20:21:45Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdAk+tY59UOZhiakONOzshEthBcXoy+UApVaj7Vl6ymX0Qw - k5oDNNH4uOUUKdb33GMB6pMF4LHvc/m0h237M2h+HXq1C1LhMBUToCIaZyfmgvbw - 0l4BqPAfOmrXWMPB1HEUqbswJmdNRKMSDlY3KXcE22o5Zwsq6EJXcn7uRv0mSuU4 - 08t8vr+Qyg6VG8uJZQk1ft8S6b2rewYzNWhDNmQkPj0mvRUPeiVVF47mkXyxxKh8 - =I78S + hF4DAAAAAAAAAAASAQdAa+J1MrvZbIKq2vtCBKriShdEoCz/4+VT6HIGeMfwLDQw + LxJ0cM20zCBTR5zuvae4hp9VnSL1o17o9txHK3Ubyh5jLf49CmSA97ugt26PWmAB + 0l4BFiUxtHys5tW+8ydqYU5t0FS2OqigMb2EH22wv4iBWnMiK+/T+lXoPRlcuYDG + sDahuo/0L+YhyULokfaH5GE1C/umtfVw/sE3H8gV2QniXzbyKkM8d6KTy8gpoOrY + =yxeu -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 - encrypted_regex: ^(data|stringData)$ + encrypted_regex: ^(NETBIRD_AUTH_AUDIENCE|NETBIRD_AUTH_CLIENT_ID|NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID|NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT|NETBIRD_DOMAIN|NETBIRD_MGMT_DNS_DOMAIN|WHOOGLE_CONFIG_URL|ZT_ALLOW_MANAGEMENT_FROM|ZU_CONTROLLER_ENDPOINT|ZU_DEFAULT_PASSWORD|ZU_DEFAULT_USERNAME|addresses|clusterDomain|commonName|config.yaml|data|dnsNames|dnsZones|domain|email|externalIPs|host|hosts|ip|ipv4NativeRoutingCIDR|k8sServiceHost|loadBalancerIP|my-asn|nameservers|peer-address|peer-asn|secretName|stringData|whitelist-source-range)$ version: 3.7.3 --- apiVersion: v1 @@ -84,35 +84,35 @@ metadata: name: biohazard-secrets namespace: flux-system stringData: - TEST: ENC[AES256_GCM,data:s6dUMn80PdTNKZKk,iv:gG6X0pnrdcwydhatN8hArfhocFACYcrUBPzkWjv7k5c=,tag:fDRKVyFrxUjL70YqVAf7Uw==,type:str] + TEST: ENC[AES256_GCM,data:y89RLWgixJ16JCfo,iv:UhMqN0jUmdl9Om+3MTObY3G8Qcpquo/7K98oycwFuko=,tag:ZqPq/XbIwFTxt08qSq/+eQ==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqRFgySXh3cEk0TGxadXk4 - NkVjbWF1Nmtibjlld01iSVVLNHZYVjVDRldNCjcxODFIVy9DNFZkUTU4SHdmS1V2 - YzlXUGw5RVROMUtxUmpVVDZIb0Z1UVEKLS0tIExIdktrbU14MFVHcXdQRGlKTWtx - NmFKVEJXZ2lCME1BTHdLaGd4UXJRQ00KM4TAxXdro7mTi9X+Lb6ILkbm0lo3Up5i - WX6T6JG5QZqNChLAjn5SFMhUJoDB+x3AATwqKI8BnqLA7g5dZkGzZg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxSEVDZlFlU0ZXR25XV2RD + SGE3czU4TU9tVEZlYTF2R05mVzhOK000UGdrClo1TVlLOVdjc2VqOU5nYkZZR2Nv + YjRBNTNhdG5TK1MzQjlJdVlEeENQeGsKLS0tIHI5NnBreDFmVGJXNnVMVmxmalg4 + KzBCRW8wMU53ckQwZDhvdjlEZlozQlEKxX8yiEpzu+A3ItXzlCuoL/+wYaQ7IPnZ + V4vGVAKm635mkX+xacfCzReHR8Mw5jrPJAnnRA3qOAG7A+0aHBesWA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-20T21:06:36Z" - mac: ENC[AES256_GCM,data:VieVvo1lsU88eema6jVjU8YAuL41TAAlAt+VkSN/knxR0ODdAvZiI9BJztexcHCpzpSxySGx4SJqcRJsiJbncB7HaMKOoD725wi66/SmmoxjF+nAqpB0T0+8JpaWelV/vtDxwfKeD+VnyU/fm0Pn0bRRlheq48hwT63C6aG40ac=,iv:7ZFdAiFCnX0o9a9OdI7T0g0iIA6IwdfRdmX/fOs1pcg=,tag:NVCrxDwmm9QKLvmYzpHMrg==,type:str] + lastmodified: "2023-02-21T20:21:46Z" + mac: ENC[AES256_GCM,data:9gK9oHesClIv2D783nBuo0ab/NCBaRfD1z+aIt21/wewM1HStmRlCWzfzqwA7cRRJ4y7G61VGabYwBYSX6lICNQjkZF7lhJ/QP0YM09KFtlZvuXKlEKPCFuIKPwa9267w/SizM1+jxEYNUH/Sy8LrIzNTcr42zn9Njhy03W8kSc=,iv:PTGaO2lqxHwR5Y4KvNdgeGKqXGLBpFLMLSWJO0WV5jI=,tag:EFA2oXcPJUUg/+9XygNgmA==,type:str] pgp: - - created_at: "2023-02-20T19:47:30Z" + - created_at: "2023-02-21T20:21:45Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdAk+tY59UOZhiakONOzshEthBcXoy+UApVaj7Vl6ymX0Qw - k5oDNNH4uOUUKdb33GMB6pMF4LHvc/m0h237M2h+HXq1C1LhMBUToCIaZyfmgvbw - 0l4BqPAfOmrXWMPB1HEUqbswJmdNRKMSDlY3KXcE22o5Zwsq6EJXcn7uRv0mSuU4 - 08t8vr+Qyg6VG8uJZQk1ft8S6b2rewYzNWhDNmQkPj0mvRUPeiVVF47mkXyxxKh8 - =I78S + hF4DAAAAAAAAAAASAQdAa+J1MrvZbIKq2vtCBKriShdEoCz/4+VT6HIGeMfwLDQw + LxJ0cM20zCBTR5zuvae4hp9VnSL1o17o9txHK3Ubyh5jLf49CmSA97ugt26PWmAB + 0l4BFiUxtHys5tW+8ydqYU5t0FS2OqigMb2EH22wv4iBWnMiK+/T+lXoPRlcuYDG + sDahuo/0L+YhyULokfaH5GE1C/umtfVw/sE3H8gV2QniXzbyKkM8d6KTy8gpoOrY + =yxeu -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 - encrypted_regex: ^(data|stringData)$ + encrypted_regex: ^(NETBIRD_AUTH_AUDIENCE|NETBIRD_AUTH_CLIENT_ID|NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID|NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT|NETBIRD_DOMAIN|NETBIRD_MGMT_DNS_DOMAIN|WHOOGLE_CONFIG_URL|ZT_ALLOW_MANAGEMENT_FROM|ZU_CONTROLLER_ENDPOINT|ZU_DEFAULT_PASSWORD|ZU_DEFAULT_USERNAME|addresses|clusterDomain|commonName|config.yaml|data|dnsNames|dnsZones|domain|email|externalIPs|host|hosts|ip|ipv4NativeRoutingCIDR|k8sServiceHost|loadBalancerIP|my-asn|nameservers|peer-address|peer-asn|secretName|stringData|whitelist-source-range)$ version: 3.7.3 diff --git a/kube/3-deploy/1-core/01-networking/.sops.yaml b/kube/3-deploy/1-core/01-networking/.sops.yaml index 15565ac3..d3d9bf5f 100644 --- a/kube/3-deploy/1-core/01-networking/.sops.yaml +++ b/kube/3-deploy/1-core/01-networking/.sops.yaml @@ -2,6 +2,6 @@ creation_rules: - path_regex: .*.yaml encrypted_regex: ^(peer-address|peer-asn|my-asn|addresses|config.yaml|ipv4NativeRoutingCIDR|k8sServiceHost|clusterDomain)$ age: >- - age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj pgp: >- 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 diff --git a/kube/3-deploy/1-core/01-networking/cilium/install.yaml b/kube/3-deploy/1-core/01-networking/cilium/install.yaml index f72806d4..fcfe44dd 100644 --- a/kube/3-deploy/1-core/01-networking/cilium/install.yaml +++ b/kube/3-deploy/1-core/01-networking/cilium/install.yaml @@ -4,34 +4,34 @@ metadata: name: bgp-config namespace: kube-system data: - config.yaml: ENC[AES256_GCM,data:EUahnRTYyRLzQ3WVp+yo5ojvtQI0Om4htEnOOJ6zVvU/5QdBBQ8eu/7+z0RkGbw8+4v4WyGfjfpSebObJZiXtQaakTwTu6fuF2qECyLDOw3d/ETzUPoEBcbRZxQ4DQLJtZEXYjmKMf3+Ky8ebtDcE/PSyEIATUYi9mSkt1zis4u2JU8j7+STDpSi4cneoCz6j07N8et4uEON31jU4FXK3P8C8RW4uCmWIJHKbJ83DwCPd1xO1VEJ2m0VjI8WfdROfhTFMpJ1csXNc59kytVa9s/nMirguoXe1ODfFhsEu8G4v8uVPKPRf5JEJMw2oVDR37qUZQaDSmsTUFX0EubGRZMr3updjqmTl81MF4fiHDV3Sw==,iv:i6suLWWbk2lK8bHzvGTV/PAOExGBSRGwt2JxZ2mJoPs=,tag:lY8oINK+7dqV8JxDauPYMQ==,type:str] + config.yaml: ENC[AES256_GCM,data:6FzdYavqFqruLKvVGaqvXsiDRaSXTlCkh9N+OF4OjEVHJ+JeBZhQyFwPzKfGwQsO5txq3GMyj6XrNiBL2FBRBUyQLiESloeBcP9CpEzXOZv/09GQ8vkeSpHUIm70M1EQvg2b+oxRnHkL8BDltzg9/J//tmpGmToAbpeh7KiMy6mJiQFT/laZi1z9XyFZ8bSo+vln4ZKdA/OPvkRsEkElPh5CbgyIoOWssZsdMSwMaf6nszifzp47X0EL5jBaSKxYn2gP+z0DR2kf6ZCFjDJfzKEROin2Dziiw/nhl18Pe4uf9OdvH6ZuNGln25zj9ggfqjgTtxe23GY3vfCnK1uLrReUWE4TGLd41VbNCs6vLNbFsA==,iv:DGKuRyB8Tp5Qsq30LPNGH7xC/IDMgaoY/io7LY1WQyw=,tag:ML93n8MesYa8rPrAbP7Rrg==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIODMzMzBtOG05MUdjWlBL - OE5jQ0Y2QVhGT2pGVytQYWszeS9mS2VLZ3hrClkrMmpINy9oRm0rSU5CbWVlVkpV - VzVIV1RYdkxSMFJxVkRLNVhIR016elUKLS0tIFM5Q2ZDTm1JaFErcjlpWVhaaEZo - MFJGWXh1UXU3REpNNGt4aExiMEQ4SmcKl2YxWWp9ABxTnLDDstwFaj9pDTZQJzDY - kj16Q+smYAmO20yKRHLQvseqSXOV7RO2AB86Pef2vYW2r04txS2/uw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzdm1VOXlmV2VNeGw0dnlj + KzlaeHJpeTRZVUZrMGJEZktVYitTZVpzN1FZCjZGZ05FeWM4Rmx5ZHQ5aWIyS3BF + UXdTZVBkdHBSNjJjZzZZVnJKb3hCVDQKLS0tIHJ3RUI5MHNPWkt1Y0k4Mk1FQTh6 + MXNvMVdLcFkyYll6bVR2dytNMWxZQ28KCraEBowKDdLork7ra+I92FXItaXLUqDj + ZjMHUvAn1lr8CgpbDxhQTog+4xvlj23S3ZPUWcnNHPP+JJUg2VIFOQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-20T21:55:20Z" - mac: ENC[AES256_GCM,data:sDj4D9exVNKlmGGuHrIlZoTaCOQMwse7yKHpCTf27tDwWs7fppob4+XP+aL5QOvGjHvthgQsXMpn1ENtsrKS/1+MGcZ6eI/13BP/p0QZe7dnWxC0+GHoAy+9bHf3xPSyJiqPl7CTJP/PqiWmJ487iHPGwMMr/RbT5U7zGKy+ndA=,iv:7ymn3fwG4W1qmblVAoJIk9R8k4LymUXmBX9ZLgphoNY=,tag:IuFWzFJ1fbRmLHMgG4GM5A==,type:str] + lastmodified: "2023-02-21T20:23:18Z" + mac: ENC[AES256_GCM,data:3fi3u7OVC3vVms31K/Fuw44iBkIZqMTvSq+9SD2Rb/ufdENCMz9ltVjW1fHhztHvmJT1ZshnUkipW147fAwH4honD/XiocetmCE5lWPeIYMhPkXVULMQgvFo5UKEfmN9nNewpEzC0t8MDSodR/5eX50CefYzqLBeK6rTkbXRhEE=,iv:mA4FRsPHYXZd5xr6j1YSCPAMJBDqOq+O0LVKnRbPUA8=,tag:dMAYkoyNxmtObgC2zLWotQ==,type:str] pgp: - - created_at: "2023-02-03T05:00:34Z" + - created_at: "2023-02-21T20:23:17Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdAibIpgsTH9MMDrZETVo3PRPyH6YHC+A+Pdth1GFTnSAMw - VqPbDlwljLzPfhfyn7AslZbURvSeJPjXQK2VoYI30k1wT/2e+Nc6NcdGBr7PAJ1d - 0l4BS6MPHgzX2i/gBr6/ZPNLaQ1Y+JGAtihxGINpX69ZZViFjxYRqKv2GXfN06V8 - DNpwnpTwfUO9uWsGqDJTV7kqujBaGf2IgOC+e4SFawndv7Xw8/mYV2LP18SgtcUE - =4ZsZ + hF4DAAAAAAAAAAASAQdArkpMhqWacWNtoxwMUu5xlRLhWCyUhG4hZyeSIia5Ohkw + AAeb3TMU07lnZoUCko0vR3rSSi91ZQt6KAsUPpI4ossVTdrJPwuahx6zvrEXwYlo + 0l4B4TvmshTkCpKPMVc4oPUJBSnViGL9SmPHYbWHZLUc+mjo1N+8wsHIOz6bXWVp + R1K0jBBx9AkJs9csVsL2JFwdPoktwXU9kRJUHu1YmKqC1iQfUQHSBWCTlMJo3dYD + =25a0 -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 encrypted_regex: ^(peer-address|peer-asn|my-asn|addresses|config.yaml|ipv4NativeRoutingCIDR|k8sServiceHost|clusterDomain)$ @@ -90,7 +90,7 @@ spec: enabled: true range: 80,32767 kubeProxyReplacement: strict - k8sServiceHost: ENC[AES256_GCM,data:Pg5VZd2nk66M,iv:JgJjaStsiBTitBTBnaEZxYUoVVmagiB9EViloT9dguw=,tag:gaNqRAwwwb9QG2w89Phb+w==,type:str] + k8sServiceHost: ENC[AES256_GCM,data:8xS3OFpXGfOT,iv:3E0bypQI/tYEMdUfbDSxLX6/WCjXf6KjyBmiZDBXi6M=,tag:ficOHmel5Rvx4M87qyRKWA==,type:str] k8sServicePort: 6443 kubeProxyReplacementHealthzBindAddr: 0.0.0.0:10256 install-no-conntrack-iptables-rules: "false" @@ -103,7 +103,7 @@ spec: integration: containerd hubble: peerService: - clusterDomain: ENC[AES256_GCM,data:gkXwEcVY7o0=,iv:+nzoVFBBezJb4WS0H5CYMMhd6fMfHCIkIR5DdvSxFqc=,tag:OxKEJNtwBeGAw9CrPHFD5Q==,type:str] + clusterDomain: ENC[AES256_GCM,data:+iLDDIppgfk=,iv:UA+jPgeZEOBZUPlJMc0E7fWsvNhw1O4TCXR2npVZ5oc=,tag:3SGe80uQI8lfCD4QptDrfQ==,type:str] enabled: true tls: enabled: false @@ -120,27 +120,27 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIODMzMzBtOG05MUdjWlBL - OE5jQ0Y2QVhGT2pGVytQYWszeS9mS2VLZ3hrClkrMmpINy9oRm0rSU5CbWVlVkpV - VzVIV1RYdkxSMFJxVkRLNVhIR016elUKLS0tIFM5Q2ZDTm1JaFErcjlpWVhaaEZo - MFJGWXh1UXU3REpNNGt4aExiMEQ4SmcKl2YxWWp9ABxTnLDDstwFaj9pDTZQJzDY - kj16Q+smYAmO20yKRHLQvseqSXOV7RO2AB86Pef2vYW2r04txS2/uw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzdm1VOXlmV2VNeGw0dnlj + KzlaeHJpeTRZVUZrMGJEZktVYitTZVpzN1FZCjZGZ05FeWM4Rmx5ZHQ5aWIyS3BF + UXdTZVBkdHBSNjJjZzZZVnJKb3hCVDQKLS0tIHJ3RUI5MHNPWkt1Y0k4Mk1FQTh6 + MXNvMVdLcFkyYll6bVR2dytNMWxZQ28KCraEBowKDdLork7ra+I92FXItaXLUqDj + ZjMHUvAn1lr8CgpbDxhQTog+4xvlj23S3ZPUWcnNHPP+JJUg2VIFOQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-20T21:55:20Z" - mac: ENC[AES256_GCM,data:sDj4D9exVNKlmGGuHrIlZoTaCOQMwse7yKHpCTf27tDwWs7fppob4+XP+aL5QOvGjHvthgQsXMpn1ENtsrKS/1+MGcZ6eI/13BP/p0QZe7dnWxC0+GHoAy+9bHf3xPSyJiqPl7CTJP/PqiWmJ487iHPGwMMr/RbT5U7zGKy+ndA=,iv:7ymn3fwG4W1qmblVAoJIk9R8k4LymUXmBX9ZLgphoNY=,tag:IuFWzFJ1fbRmLHMgG4GM5A==,type:str] + lastmodified: "2023-02-21T20:23:18Z" + mac: ENC[AES256_GCM,data:3fi3u7OVC3vVms31K/Fuw44iBkIZqMTvSq+9SD2Rb/ufdENCMz9ltVjW1fHhztHvmJT1ZshnUkipW147fAwH4honD/XiocetmCE5lWPeIYMhPkXVULMQgvFo5UKEfmN9nNewpEzC0t8MDSodR/5eX50CefYzqLBeK6rTkbXRhEE=,iv:mA4FRsPHYXZd5xr6j1YSCPAMJBDqOq+O0LVKnRbPUA8=,tag:dMAYkoyNxmtObgC2zLWotQ==,type:str] pgp: - - created_at: "2023-02-03T05:00:34Z" + - created_at: "2023-02-21T20:23:17Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdAibIpgsTH9MMDrZETVo3PRPyH6YHC+A+Pdth1GFTnSAMw - VqPbDlwljLzPfhfyn7AslZbURvSeJPjXQK2VoYI30k1wT/2e+Nc6NcdGBr7PAJ1d - 0l4BS6MPHgzX2i/gBr6/ZPNLaQ1Y+JGAtihxGINpX69ZZViFjxYRqKv2GXfN06V8 - DNpwnpTwfUO9uWsGqDJTV7kqujBaGf2IgOC+e4SFawndv7Xw8/mYV2LP18SgtcUE - =4ZsZ + hF4DAAAAAAAAAAASAQdArkpMhqWacWNtoxwMUu5xlRLhWCyUhG4hZyeSIia5Ohkw + AAeb3TMU07lnZoUCko0vR3rSSi91ZQt6KAsUPpI4ossVTdrJPwuahx6zvrEXwYlo + 0l4B4TvmshTkCpKPMVc4oPUJBSnViGL9SmPHYbWHZLUc+mjo1N+8wsHIOz6bXWVp + R1K0jBBx9AkJs9csVsL2JFwdPoktwXU9kRJUHu1YmKqC1iQfUQHSBWCTlMJo3dYD + =25a0 -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 encrypted_regex: ^(peer-address|peer-asn|my-asn|addresses|config.yaml|ipv4NativeRoutingCIDR|k8sServiceHost|clusterDomain)$ diff --git a/kube/3-deploy/1-core/02-storage/rook-ceph/cluster/.sops.yaml b/kube/3-deploy/1-core/02-storage/rook-ceph/cluster/.sops.yaml index ee645bd6..339f0d48 100644 --- a/kube/3-deploy/1-core/02-storage/rook-ceph/cluster/.sops.yaml +++ b/kube/3-deploy/1-core/02-storage/rook-ceph/cluster/.sops.yaml @@ -4,4 +4,4 @@ creation_rules: pgp: >- 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 age: >- - age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj diff --git a/kube/3-deploy/1-core/02-storage/rook-ceph/cluster/ceph-cluster.sops.yaml b/kube/3-deploy/1-core/02-storage/rook-ceph/cluster/ceph-cluster.sops.yaml index 5af671a6..13128fa1 100644 --- a/kube/3-deploy/1-core/02-storage/rook-ceph/cluster/ceph-cluster.sops.yaml +++ b/kube/3-deploy/1-core/02-storage/rook-ceph/cluster/ceph-cluster.sops.yaml @@ -19,9 +19,9 @@ spec: monitoring: enabled: true externalMgrEndpoints: - - ip: ENC[AES256_GCM,data:+4a1K43ABwLGDx4=,iv:UrNaUIeJd6CWEyxV7sLfPiQkwVeAo6J74KB1JFMjv7Y=,tag:pOwx1j9ASyqi+CNVgwWRUw==,type:str] - - ip: ENC[AES256_GCM,data:8ATpc5nRoMKweWM=,iv:afUixjRPAJuBdShseJmsWrH/cPamMgxCQtS78PFyyhA=,tag:uMm3YKnMpWFLo5bwtD/1EQ==,type:str] - - ip: ENC[AES256_GCM,data:MGsVuqssO44gsuQ=,iv:Y+dtOI4nMWdZLh/O7gQiq6exGOnxmzLyAtIB3YHZXcs=,tag:0MFFGeeqVQlNyrqAZ9klFg==,type:str] + - ip: ENC[AES256_GCM,data:/t0aMc2rL1RDPJE=,iv:TFlmjJPOTjncj0eDb9kUew7ScpAgm0SIkcDMGCo7h9I=,tag:PUv4gfuGYrseQAoJWm/wdA==,type:str] + - ip: ENC[AES256_GCM,data:QrtXEoSR/11kVsg=,iv:gS7Fs2PITGyiVa1tCM8cFiB4b8J8WlOLWJ8vq6Y7vSE=,tag:WzIEBoRJ0dGc4++Opwg/jA==,type:str] + - ip: ENC[AES256_GCM,data:xvyXANWMipBNAw8=,iv:KN/cV7rKEhguR8zbIqUDmQqbYn0jHdPFx1DVfl6ViQk=,tag:FkIAAccK1O8tRUbPS4smrg==,type:str] externalMgrPrometheusPort: 9283 sops: kms: [] @@ -29,27 +29,27 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhcGRhZlIrc280YnF4em12 - QklBcGRyYlN2NjVPUVZIYkxSNnByelFGczNrClA2TGFLNThJVksvUHFSSmpMdUFO - clNjZkRlUXJBb0lBWlZkRUkwMFpiUU0KLS0tIEhSTGNzQnBnb1RqOVU4ckVxSjc5 - MlZaRFVyandyVUROWjBPVzdoYjBCL1UKAExzR8IhQ5bLddpQIHxhRWeMy78aJX1/ - DFCS0XmXhG5/hoZHhMvP8CxO7hkJ1km4NNV/JXP7sYuDVoH6+sy92Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYTjlTZ2tOcjVVYWpBRGRN + MUdXeC9OVWRrYTFheTdTc2RQaWN3L1VHZUdrCk9USVFLRzNaZmd0ZFBheW1NMS94 + RVZicERFdS83U0kyVG1iSHh2Y3hqSkUKLS0tIDdZeTRhUmZkSkZtYjYyaW9TTnZT + SWFvZFQzc3JtTWpzbDdGUTVDcVhpc2cKsw4SzjuKnpdAPj7tXk8kmknNpPNcEgnH + v0zD5UbnYIjQcn4TjLw0ZQn53dClhVDi2FBQ+IumABGQCpscoHZ++g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-01-28T19:13:05Z" - mac: ENC[AES256_GCM,data:ObSeq/tQVFIq0E1+EbrM+p8KNNOYfTjyHK6TfGQQyE13E4QWXhctBTfwprzBsuILyhIkQxQ0XpTawGaVPE9Sn+IpElI7qVYEccVbXHpx6sF5FoLj9VpbR+V5cq0HR4Te718s62D/AP/UWkZ0G4B6la57CHcSdAVYM5Ve+7k2HGw=,iv:CZ7BhDARJodmP7N7xE+iw8jJ9M5N2LCJUt48S9ND0f4=,tag:+fSzkaEAXCxfVZ3jF47bAQ==,type:str] + lastmodified: "2023-02-21T20:23:55Z" + mac: ENC[AES256_GCM,data:nYaNCKSe7nmv++qXYKj60Z4As/TzZeR52fABT4zwp/K+OA3CsaL/oLtlYX5jsEEVrv/psfsPUpOOZlpWdF1aUaduppiUmMmUJivXp5VSg5xn2MsNahUVle2wC215MJGYY0GqQAdk2Nh1NLXTMBxGO436VSSraok6hKO9ZrU/rZs=,iv:6UPR3Qjsu6mM2pMMeEGlUeDcrcdak/ZyWuPWRRsoirg=,tag:AZryXo0cypxBYFacnuNxeQ==,type:str] pgp: - - created_at: "2023-01-28T12:32:00Z" + - created_at: "2023-02-21T20:23:54Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdA3+EVYeZCBLThyo8sOQp4ZxSZyPvM0rQvayzjqQiWmWsw - cm4Oj/0GSUYyIsqvNrw4sdm5keCEzhUnpHpvDJZgwcDFDsuVwwi9cTXSikac8fRv - 0l4BxVtfa9QSixi39eHz6xQ2+G9JQ6awQ0cU7XnyLVbyXn/3J3ojB1SY/Y0n0L5m - k3Yigl6B3RPwxFG2GIMURRB68ecX8SHwPjYkQfHCuKEh9HSImEXJ9/CgQCcKv6ns - =Uo7L + hF4DAAAAAAAAAAASAQdAK2ZEE771RSu281yiE0hTtBLOAyBVP+RuB/gf6DiQ2AEw + CdAOOylFYzHMVygm5ftmxC71gRemvG2fTKJwg6OgFaK6wNWygnbCB3HxK6wpW7Hw + 0l4Bk+zZEI0uAG1DeK2+nzKEXECSjOxDKWz2kM0KLGpGOyNAB7rMokY09LfQNw9p + sO/t8BkZ75RlBmKeaw/VZFpi9EXjtmY8HHdabLtpTB99ROiplHF3JhZ80dTT3Tga + =FjgB -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 encrypted_regex: ^(data|stringData|ip)$ diff --git a/kube/3-deploy/1-core/02-storage/rook-ceph/cluster/secret.sops.yaml b/kube/3-deploy/1-core/02-storage/rook-ceph/cluster/secret.sops.yaml index 25bb1e28..ce3f94f0 100644 --- a/kube/3-deploy/1-core/02-storage/rook-ceph/cluster/secret.sops.yaml +++ b/kube/3-deploy/1-core/02-storage/rook-ceph/cluster/secret.sops.yaml @@ -1,11 +1,11 @@ apiVersion: v1 data: - admin-secret: ENC[AES256_GCM,data:luvkYpppzopO63ehglwTtw==,iv:rTSl8HlWf3qvaG79Au+noqWPxGktySi/XVH4q1TvDes=,tag:ITip3QAE6mQ9FWMBn+vKfA==,type:str] - ceph-secret: ENC[AES256_GCM,data:E61SCU0WwPgYUK4PenEiHf8dzmSbYszCmL47CnZNJoWJ13Inlkf9JMmT1ni7O7SUE6ZVqOrKWas=,iv:9MebfswdIr9KeQEjGLgYjmoAgW9RMBDUNLS8tPICNP4=,tag:mwDLjOsBHVgYT+P3jMc4YA==,type:str] - ceph-username: ENC[AES256_GCM,data:qhDWwq28FmGUmWMvdD5QVYpNuE47B0mK+Fon+w==,iv:3HazwX44Y1nTyJgkblRQa501A4RP9w0gHU7O8cfH0X4=,tag:5BSV+7P3z2JHH3b6iYMzWw==,type:str] - cluster-name: ENC[AES256_GCM,data:bqHKNoxWKWQHmpgM,iv:h7zWwN13SkGD4FhYgwz/yVZoEdjPsdPtBrg/JmUwXGg=,tag:VD82cr5jLQ6pYI/92MATZA==,type:str] - fsid: ENC[AES256_GCM,data:cyr1GILDGw0ppYElulwcC07HPcVZf+DkUwWE6ysdpv3CUyFObOMIJmfK57TXDX2X,iv:3ucYt4WC2talnz0HUu36k2XsduXOZAxaFFQUjkbi8GI=,tag:NHVgdc6JXmkKVBvg0nIPiw==,type:str] - mon-secret: ENC[AES256_GCM,data:sn+R4kBB9q8oeFaPB4KPQg==,iv:BQLslKt/GWrsCFNM9PAHh7JQzIx1+Mqeo1pvgvLFwqY=,tag:JxVSixu+ZMxCwoPorRJKKQ==,type:str] + admin-secret: ENC[AES256_GCM,data:9vAaXKL/E4rzgyy9XMa5fw==,iv:7JZK9stMYjMvaBnjGvf6dZ9KpGWnP4OAMhOeXXnJBjI=,tag:q/FUBSKODWF/JXa/GUbfJw==,type:str] + ceph-secret: ENC[AES256_GCM,data:eiXOU0TvJ+4YVZzYCd0Aykr0m9Zw3QO2f+QvcLFf98/fTOEGHPtJ3vjbxvmvbnGPuPdlzoWqhO4=,iv:7NXeCF9vg9Y18lxKBnLHSVqU0PxO2bGsEjJKS/1WIZ8=,tag:TKpUtmGTqyDt/4PyaYbmIA==,type:str] + ceph-username: ENC[AES256_GCM,data:eGGUwpbH2Eob6oTwvJ/5Aiaj+GxPLOWOTyVOxA==,iv:qdxEwNH5tW2dw3UWDoNgugeQdy6y/xT1BMqNyT4vTac=,tag:0rXCZGmO5+MUWSq29szt/w==,type:str] + cluster-name: ENC[AES256_GCM,data:dWutLjpLQQxC4TQo,iv:duOSxFBpr12TQHe95/wezX8zoqfqOfYGZ7GwN+BjKYs=,tag:GnlzaYDGY0eevdnLKkMfzw==,type:str] + fsid: ENC[AES256_GCM,data:aBKf1hL9GuvS/MyxQtnXiuNGuoVcXQYY/9RziK5tdY/NL6sHummYGSrbtIX49Gg9,iv:LUHzBWvtfi9m87gz1z+zyzUQCIV02GPTAKqSTEwgrGo=,tag:DRTJCM9q2Bto4hyff+iewg==,type:str] + mon-secret: ENC[AES256_GCM,data:XDGESBlHoxVWxEN5Qrb/Lw==,iv:rflGOtZDoHwjS1W5cMS5th+DKIoQy2iDfahwlIjjSrM=,tag:F4o/SyvCymDa2lVMXF4Emg==,type:str] kind: Secret metadata: creationTimestamp: null @@ -18,27 +18,27 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByMldkUS9kN3crQ0NheC9M - cm5QQTFyalNwLzRYNTdVZVF3QlVCUmJRd1JrCm5UK3NkMG13RTZ2SXJ6K0xoNzFj - L3RDOGxOWmVEWjNiYjlzdjUzVHI0NkkKLS0tIHVUeGdJQ1pXZFh1WWM4ZGRmcXYy - V2xMMWswZ1BwbzgxYnJ2UEJaNWkwd0kKO88LjOvD4MYrSVryl+MTGdm6iNmXBLZE - eIha423Ryce39Ee80j+ICrkOI+HQzf4IzW6GweKq8jGK/5Ar2gqORg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArczAwVm5wbzl5TUw1c3Nx + Y09sY3BXSTFPcERUY05rcjU3K3N3UFVBRDBBCjd2UWNKTU5nTGVHemhOZUtTV3Ri + WStHUm1KUHk0bm1TNUlyblkxZDd0QzQKLS0tIEJyaGsvdURJaWhJYjV4Sk9idFpH + Wjl2Y295YXloaGJ0enJrZTF5L2VpYk0KFN2AYiNljOevNMoLV42+naMs0PL2OPom + 9ycRGjLzsgFmibwF3S26qQaK1AvI6f2nPU1sjPMcp+BBZuF1T7wJDA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-01-28T20:47:06Z" - mac: ENC[AES256_GCM,data:7xJDLJKmwdmlLPh4Jy4xihI9eRGcnpVgqN5sMAdzsQS4WLWIEb8k5iPhEs7c+nbin9gNJ6j2hrWIntNCjmn7dpo8oQweZtfIORHYF1x2vfE+WDCUwVwnSUcNrZOYHcCKrkpsCfv8uOcGSM2TdEzRPk3e7gNeZ7TYh2ScW0cEOb0=,iv:hc/RcAT9XdO+WnNQqUoklisbttZRHB4E8kGGWjsgGHk=,tag:WGn5kfTdqYxC2etMf5jI3g==,type:str] + lastmodified: "2023-02-21T20:24:05Z" + mac: ENC[AES256_GCM,data:tmyqferiEmYAqoyr5Mlm9ZExftORpyrBh2mJvQRFuGxAHhoVE01Czz8X5X4jBVuZMCKpDviPneV5bDwNDaj/l+Hy43mK3eXe4RlXd3zIKSa47Cw2EFoaF14rJ57racSuUkU7JOoFm6MYb48YxxKJTZA+ikNP7Un49Y/ITUtdv1s=,iv:+pUnUIzbJWbRN5GT3gcUSJT9i2qWYhBMvKVkYFB/uRo=,tag:iMocg3bJ3UZmsxHnKSaYhQ==,type:str] pgp: - - created_at: "2023-01-28T20:47:05Z" + - created_at: "2023-02-21T20:24:05Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdAXDFkD5HV1klayx6DMEqBW3P45DD/HiZGu1ydmth1uFIw - D4Szq+f+WaBgkbXVYYgzc3CPtPkeFAtYb96TGembaPcES+KvjTkB+I8bVwaUC+Gn - 0lwBXNGHQgnWYc0XzFawUxYmXJ4MTOlBvOwDZXZlVp9sZucF2EFcI1SL2ItwrcnO - XGCfIM9LupNf6+9/+ZVJXR45REa1OxT66wkTwzaK1a0Uc8SnsFlSqMxdBoPO1w== - =604A + hF4DAAAAAAAAAAASAQdAG6OFXTwB4bl2rxThYlrXtkZXotsQdZgf82O92ck9AVMw + bBz37ZrpbsxBBLW6Re5KD8Ygx4dAz/W2xUXXgVR+yY6uJO/hYPNSnrKPeALRPlQy + 0lwBtLihsXmHBBS476xskQ8yV4hRvt/Ufiz6V0B50W7DbzMhS2ribNRXD9v/elYS + vmdfXDPzMYBK3NLg0eidosj1mEtyZrlclAwW1gr2DGhCBbs/qbgJOEUePZJhag== + =FpTb -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 encrypted_regex: ^(data|stringData|ip)$ @@ -46,9 +46,9 @@ sops: --- apiVersion: v1 data: - data: ENC[AES256_GCM,data:9GBYInSu6+wmdbhmvD8zMPdXULCmyaA9,iv:VCgWHXZa5ZvvKD5zP/KDhPNmFpsTzuBxBekNI35Lwxs=,tag:qHYhBix/Ao9jXj1L8CW27g==,type:str] - mapping: ENC[AES256_GCM,data:cYE=,iv:14yfAbSjX9EbMADNLJTEmY/2P7GVAfXt8NfURBWoDyA=,tag:bUjCmLA461Da17LaBZ/A1w==,type:str] - maxMonId: ENC[AES256_GCM,data:uw==,iv:zeLSgiPCE0rGF+ls9YUz3nt3nDaV+9ILxPhq4oDqMcU=,tag:m+4PAVj4FOS0daYjb5aAHA==,type:str] + data: ENC[AES256_GCM,data:m/eeUnZc+Z5PJ/EBCvXQB+eBpLr05mKu,iv:dR9iAexz9VtolA6/bMQZv52R0caONjwLWcmJevb8xFY=,tag:ssvNzOIf3R2Ix4VpsgmrSQ==,type:str] + mapping: ENC[AES256_GCM,data:65o=,iv:PBKBDkgr3pw2cGfzDUHebvHCtZXr5Mtv2kIOx5C2Aj0=,tag:AgMba9tD56QvqK6whbsiow==,type:str] + maxMonId: ENC[AES256_GCM,data:Sg==,iv:+HI2GSDb1dhLkpVMRc2r2bTEKA2QMcs5WAaL05t82P4=,tag:0gzRkCgx+BVcFoguA8WdZw==,type:str] kind: ConfigMap metadata: creationTimestamp: null @@ -60,27 +60,27 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByMldkUS9kN3crQ0NheC9M - cm5QQTFyalNwLzRYNTdVZVF3QlVCUmJRd1JrCm5UK3NkMG13RTZ2SXJ6K0xoNzFj - L3RDOGxOWmVEWjNiYjlzdjUzVHI0NkkKLS0tIHVUeGdJQ1pXZFh1WWM4ZGRmcXYy - V2xMMWswZ1BwbzgxYnJ2UEJaNWkwd0kKO88LjOvD4MYrSVryl+MTGdm6iNmXBLZE - eIha423Ryce39Ee80j+ICrkOI+HQzf4IzW6GweKq8jGK/5Ar2gqORg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArczAwVm5wbzl5TUw1c3Nx + Y09sY3BXSTFPcERUY05rcjU3K3N3UFVBRDBBCjd2UWNKTU5nTGVHemhOZUtTV3Ri + WStHUm1KUHk0bm1TNUlyblkxZDd0QzQKLS0tIEJyaGsvdURJaWhJYjV4Sk9idFpH + Wjl2Y295YXloaGJ0enJrZTF5L2VpYk0KFN2AYiNljOevNMoLV42+naMs0PL2OPom + 9ycRGjLzsgFmibwF3S26qQaK1AvI6f2nPU1sjPMcp+BBZuF1T7wJDA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-01-28T20:47:06Z" - mac: ENC[AES256_GCM,data:7xJDLJKmwdmlLPh4Jy4xihI9eRGcnpVgqN5sMAdzsQS4WLWIEb8k5iPhEs7c+nbin9gNJ6j2hrWIntNCjmn7dpo8oQweZtfIORHYF1x2vfE+WDCUwVwnSUcNrZOYHcCKrkpsCfv8uOcGSM2TdEzRPk3e7gNeZ7TYh2ScW0cEOb0=,iv:hc/RcAT9XdO+WnNQqUoklisbttZRHB4E8kGGWjsgGHk=,tag:WGn5kfTdqYxC2etMf5jI3g==,type:str] + lastmodified: "2023-02-21T20:24:05Z" + mac: ENC[AES256_GCM,data:tmyqferiEmYAqoyr5Mlm9ZExftORpyrBh2mJvQRFuGxAHhoVE01Czz8X5X4jBVuZMCKpDviPneV5bDwNDaj/l+Hy43mK3eXe4RlXd3zIKSa47Cw2EFoaF14rJ57racSuUkU7JOoFm6MYb48YxxKJTZA+ikNP7Un49Y/ITUtdv1s=,iv:+pUnUIzbJWbRN5GT3gcUSJT9i2qWYhBMvKVkYFB/uRo=,tag:iMocg3bJ3UZmsxHnKSaYhQ==,type:str] pgp: - - created_at: "2023-01-28T20:47:05Z" + - created_at: "2023-02-21T20:24:05Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdAXDFkD5HV1klayx6DMEqBW3P45DD/HiZGu1ydmth1uFIw - D4Szq+f+WaBgkbXVYYgzc3CPtPkeFAtYb96TGembaPcES+KvjTkB+I8bVwaUC+Gn - 0lwBXNGHQgnWYc0XzFawUxYmXJ4MTOlBvOwDZXZlVp9sZucF2EFcI1SL2ItwrcnO - XGCfIM9LupNf6+9/+ZVJXR45REa1OxT66wkTwzaK1a0Uc8SnsFlSqMxdBoPO1w== - =604A + hF4DAAAAAAAAAAASAQdAG6OFXTwB4bl2rxThYlrXtkZXotsQdZgf82O92ck9AVMw + bBz37ZrpbsxBBLW6Re5KD8Ygx4dAz/W2xUXXgVR+yY6uJO/hYPNSnrKPeALRPlQy + 0lwBtLihsXmHBBS476xskQ8yV4hRvt/Ufiz6V0B50W7DbzMhS2ribNRXD9v/elYS + vmdfXDPzMYBK3NLg0eidosj1mEtyZrlclAwW1gr2DGhCBbs/qbgJOEUePZJhag== + =FpTb -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 encrypted_regex: ^(data|stringData|ip)$ @@ -88,8 +88,8 @@ sops: --- apiVersion: v1 data: - userID: ENC[AES256_GCM,data:LH8/9CQcmcc5BD5TmMK89Q==,iv:L1h3UiEnM8XnnIAXS9Ay3pBxxJXUk5VyOqiwY2qXtVw=,tag:UKAfy8K02EesHBPHMxBURA==,type:str] - userKey: ENC[AES256_GCM,data:S65qFXnHb7yo0DnYwd6Ip9jV8UU7KGTpM9Wv0X48fkqeE7GmOlPTlR/Q8Kpqn8u9koAsPBBuxdg=,iv:hSI31Y+e3MNcBiLpfCZTAz59za1RiBculvu4GpVMuyI=,tag:lKuIyfbMT12glNiyYL8H8g==,type:str] + userID: ENC[AES256_GCM,data:VOYukdReTyt6hxnn72BsvQ==,iv:slZqnItuRkrJ+gDEeCv/PP3ELH61QhD70tX0rKcgZM0=,tag:KWsLUDyvoDYqTeqlrA44Nw==,type:str] + userKey: ENC[AES256_GCM,data:jSASMVTg3BKkLPCPsGRqS77ipibrwM+GYjAQA7T0OEfrT0PS+XKdUrdgjcfdpY+1jMmGOrSHkkg=,iv:7TbcLgUcVUMOw06pSIPsJmt3KXeIdE1lu2L7s5CiWek=,tag:Fz6pOFOtFy2QOrj72GqtYA==,type:str] kind: Secret metadata: creationTimestamp: null @@ -102,27 +102,27 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByMldkUS9kN3crQ0NheC9M - cm5QQTFyalNwLzRYNTdVZVF3QlVCUmJRd1JrCm5UK3NkMG13RTZ2SXJ6K0xoNzFj - L3RDOGxOWmVEWjNiYjlzdjUzVHI0NkkKLS0tIHVUeGdJQ1pXZFh1WWM4ZGRmcXYy - V2xMMWswZ1BwbzgxYnJ2UEJaNWkwd0kKO88LjOvD4MYrSVryl+MTGdm6iNmXBLZE - eIha423Ryce39Ee80j+ICrkOI+HQzf4IzW6GweKq8jGK/5Ar2gqORg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArczAwVm5wbzl5TUw1c3Nx + Y09sY3BXSTFPcERUY05rcjU3K3N3UFVBRDBBCjd2UWNKTU5nTGVHemhOZUtTV3Ri + WStHUm1KUHk0bm1TNUlyblkxZDd0QzQKLS0tIEJyaGsvdURJaWhJYjV4Sk9idFpH + Wjl2Y295YXloaGJ0enJrZTF5L2VpYk0KFN2AYiNljOevNMoLV42+naMs0PL2OPom + 9ycRGjLzsgFmibwF3S26qQaK1AvI6f2nPU1sjPMcp+BBZuF1T7wJDA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-01-28T20:47:06Z" - mac: ENC[AES256_GCM,data:7xJDLJKmwdmlLPh4Jy4xihI9eRGcnpVgqN5sMAdzsQS4WLWIEb8k5iPhEs7c+nbin9gNJ6j2hrWIntNCjmn7dpo8oQweZtfIORHYF1x2vfE+WDCUwVwnSUcNrZOYHcCKrkpsCfv8uOcGSM2TdEzRPk3e7gNeZ7TYh2ScW0cEOb0=,iv:hc/RcAT9XdO+WnNQqUoklisbttZRHB4E8kGGWjsgGHk=,tag:WGn5kfTdqYxC2etMf5jI3g==,type:str] + lastmodified: "2023-02-21T20:24:05Z" + mac: ENC[AES256_GCM,data:tmyqferiEmYAqoyr5Mlm9ZExftORpyrBh2mJvQRFuGxAHhoVE01Czz8X5X4jBVuZMCKpDviPneV5bDwNDaj/l+Hy43mK3eXe4RlXd3zIKSa47Cw2EFoaF14rJ57racSuUkU7JOoFm6MYb48YxxKJTZA+ikNP7Un49Y/ITUtdv1s=,iv:+pUnUIzbJWbRN5GT3gcUSJT9i2qWYhBMvKVkYFB/uRo=,tag:iMocg3bJ3UZmsxHnKSaYhQ==,type:str] pgp: - - created_at: "2023-01-28T20:47:05Z" + - created_at: "2023-02-21T20:24:05Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdAXDFkD5HV1klayx6DMEqBW3P45DD/HiZGu1ydmth1uFIw - D4Szq+f+WaBgkbXVYYgzc3CPtPkeFAtYb96TGembaPcES+KvjTkB+I8bVwaUC+Gn - 0lwBXNGHQgnWYc0XzFawUxYmXJ4MTOlBvOwDZXZlVp9sZucF2EFcI1SL2ItwrcnO - XGCfIM9LupNf6+9/+ZVJXR45REa1OxT66wkTwzaK1a0Uc8SnsFlSqMxdBoPO1w== - =604A + hF4DAAAAAAAAAAASAQdAG6OFXTwB4bl2rxThYlrXtkZXotsQdZgf82O92ck9AVMw + bBz37ZrpbsxBBLW6Re5KD8Ygx4dAz/W2xUXXgVR+yY6uJO/hYPNSnrKPeALRPlQy + 0lwBtLihsXmHBBS476xskQ8yV4hRvt/Ufiz6V0B50W7DbzMhS2ribNRXD9v/elYS + vmdfXDPzMYBK3NLg0eidosj1mEtyZrlclAwW1gr2DGhCBbs/qbgJOEUePZJhag== + =FpTb -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 encrypted_regex: ^(data|stringData|ip)$ @@ -130,8 +130,8 @@ sops: --- apiVersion: v1 data: - userID: ENC[AES256_GCM,data:WTBeqNzD8TQWuaxkhx4gBiABEH0vjruayAu99w==,iv:PBWHpdXShRDW3Mj4ZP5AzDlwvN6Db0uO6t0YDD84Efo=,tag:nxFk7EMoYG7nh0Rzz6KYZg==,type:str] - userKey: ENC[AES256_GCM,data:+GyX6FmBDLu3JNAOHgkxGRjkRTZhYvRPuD6A7gvuySeNAoB7fzsXVm1sYXe1jcgHUbQRMu+wnqU=,iv:kpKnDM9Ink1IuGb5pL2bJB/4pwKiqkupkkzZPzRZiXU=,tag:SZR1Tcqso5ndyKAFdCNfJg==,type:str] + userID: ENC[AES256_GCM,data:5J5R38g5H7Q3OMKW4YFjPJs+HGsoF82uSdfvaA==,iv:S2OGKs54+rgkIvCduI7ygUd5BYuvFGXBwrnHm0QUbOo=,tag:eJw9ktpMNQnsOvgoo15arw==,type:str] + userKey: ENC[AES256_GCM,data:ilKWdeW0r7ySLHD7jYZ8WRvxBh47aqShpUhBgFelJRGRL+3EiWyEhix4EhlaBz9PY9bsjxMSOq0=,iv:TarpPinrPVSH/0Om7BDzOF/IpoadP/iawmosbN3cVZA=,tag:KJwu344zltgidZ2sPYBe/Q==,type:str] kind: Secret metadata: creationTimestamp: null @@ -144,27 +144,27 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByMldkUS9kN3crQ0NheC9M - cm5QQTFyalNwLzRYNTdVZVF3QlVCUmJRd1JrCm5UK3NkMG13RTZ2SXJ6K0xoNzFj - L3RDOGxOWmVEWjNiYjlzdjUzVHI0NkkKLS0tIHVUeGdJQ1pXZFh1WWM4ZGRmcXYy - V2xMMWswZ1BwbzgxYnJ2UEJaNWkwd0kKO88LjOvD4MYrSVryl+MTGdm6iNmXBLZE - eIha423Ryce39Ee80j+ICrkOI+HQzf4IzW6GweKq8jGK/5Ar2gqORg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArczAwVm5wbzl5TUw1c3Nx + Y09sY3BXSTFPcERUY05rcjU3K3N3UFVBRDBBCjd2UWNKTU5nTGVHemhOZUtTV3Ri + WStHUm1KUHk0bm1TNUlyblkxZDd0QzQKLS0tIEJyaGsvdURJaWhJYjV4Sk9idFpH + Wjl2Y295YXloaGJ0enJrZTF5L2VpYk0KFN2AYiNljOevNMoLV42+naMs0PL2OPom + 9ycRGjLzsgFmibwF3S26qQaK1AvI6f2nPU1sjPMcp+BBZuF1T7wJDA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-01-28T20:47:06Z" - mac: ENC[AES256_GCM,data:7xJDLJKmwdmlLPh4Jy4xihI9eRGcnpVgqN5sMAdzsQS4WLWIEb8k5iPhEs7c+nbin9gNJ6j2hrWIntNCjmn7dpo8oQweZtfIORHYF1x2vfE+WDCUwVwnSUcNrZOYHcCKrkpsCfv8uOcGSM2TdEzRPk3e7gNeZ7TYh2ScW0cEOb0=,iv:hc/RcAT9XdO+WnNQqUoklisbttZRHB4E8kGGWjsgGHk=,tag:WGn5kfTdqYxC2etMf5jI3g==,type:str] + lastmodified: "2023-02-21T20:24:05Z" + mac: ENC[AES256_GCM,data:tmyqferiEmYAqoyr5Mlm9ZExftORpyrBh2mJvQRFuGxAHhoVE01Czz8X5X4jBVuZMCKpDviPneV5bDwNDaj/l+Hy43mK3eXe4RlXd3zIKSa47Cw2EFoaF14rJ57racSuUkU7JOoFm6MYb48YxxKJTZA+ikNP7Un49Y/ITUtdv1s=,iv:+pUnUIzbJWbRN5GT3gcUSJT9i2qWYhBMvKVkYFB/uRo=,tag:iMocg3bJ3UZmsxHnKSaYhQ==,type:str] pgp: - - created_at: "2023-01-28T20:47:05Z" + - created_at: "2023-02-21T20:24:05Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdAXDFkD5HV1klayx6DMEqBW3P45DD/HiZGu1ydmth1uFIw - D4Szq+f+WaBgkbXVYYgzc3CPtPkeFAtYb96TGembaPcES+KvjTkB+I8bVwaUC+Gn - 0lwBXNGHQgnWYc0XzFawUxYmXJ4MTOlBvOwDZXZlVp9sZucF2EFcI1SL2ItwrcnO - XGCfIM9LupNf6+9/+ZVJXR45REa1OxT66wkTwzaK1a0Uc8SnsFlSqMxdBoPO1w== - =604A + hF4DAAAAAAAAAAASAQdAG6OFXTwB4bl2rxThYlrXtkZXotsQdZgf82O92ck9AVMw + bBz37ZrpbsxBBLW6Re5KD8Ygx4dAz/W2xUXXgVR+yY6uJO/hYPNSnrKPeALRPlQy + 0lwBtLihsXmHBBS476xskQ8yV4hRvt/Ufiz6V0B50W7DbzMhS2ribNRXD9v/elYS + vmdfXDPzMYBK3NLg0eidosj1mEtyZrlclAwW1gr2DGhCBbs/qbgJOEUePZJhag== + =FpTb -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 encrypted_regex: ^(data|stringData|ip)$ @@ -172,8 +172,8 @@ sops: --- apiVersion: v1 data: - adminID: ENC[AES256_GCM,data:JTJur1jXO8eQ2TwITNp7Jc7C1No=,iv:oDi5jJvun29HCW+cFMNO0r3D/69vVBEklzs+hB4iim8=,tag:hAtdaNfJEOJulWkGilWepw==,type:str] - adminKey: ENC[AES256_GCM,data:MuExqNm+P/rlby6TuU7CJLg0tgiKXzGKp+3pBWVGVmMPRv1qA+UG61JTmbVexcdTjtDClz56Ah8=,iv:Cgim63O/DfokuQxjuT8pEZQcIl1d/cRU7kR594NKJz0=,tag:yDjJh2ZeXlEek41AtENgyQ==,type:str] + adminID: ENC[AES256_GCM,data:yvktTrBPRbo7bcbyw4laaQOvV4M=,iv:U5pR2By9y6+rK+aNc+jT7WTjl54+MSMnos4TeOpEBb8=,tag:OXJZDCp6f6JTVlUlSMc66w==,type:str] + adminKey: ENC[AES256_GCM,data:Q8oE8sLwFyB4F5ogx4VNkQe5Zr7bu9Kuftlx/veVMFRYfPobwtlEJ7veQ+CEh3nC84MdNoQU/Bc=,iv:scC50UPdkA3+xvPHyQ2I7elNtIg++/qMcjjMNYzWK6E=,tag:UyaZbBaaiyrWbSebT2ZRfA==,type:str] kind: Secret metadata: creationTimestamp: null @@ -186,27 +186,27 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByMldkUS9kN3crQ0NheC9M - cm5QQTFyalNwLzRYNTdVZVF3QlVCUmJRd1JrCm5UK3NkMG13RTZ2SXJ6K0xoNzFj - L3RDOGxOWmVEWjNiYjlzdjUzVHI0NkkKLS0tIHVUeGdJQ1pXZFh1WWM4ZGRmcXYy - V2xMMWswZ1BwbzgxYnJ2UEJaNWkwd0kKO88LjOvD4MYrSVryl+MTGdm6iNmXBLZE - eIha423Ryce39Ee80j+ICrkOI+HQzf4IzW6GweKq8jGK/5Ar2gqORg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArczAwVm5wbzl5TUw1c3Nx + Y09sY3BXSTFPcERUY05rcjU3K3N3UFVBRDBBCjd2UWNKTU5nTGVHemhOZUtTV3Ri + WStHUm1KUHk0bm1TNUlyblkxZDd0QzQKLS0tIEJyaGsvdURJaWhJYjV4Sk9idFpH + Wjl2Y295YXloaGJ0enJrZTF5L2VpYk0KFN2AYiNljOevNMoLV42+naMs0PL2OPom + 9ycRGjLzsgFmibwF3S26qQaK1AvI6f2nPU1sjPMcp+BBZuF1T7wJDA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-01-28T20:47:06Z" - mac: ENC[AES256_GCM,data:7xJDLJKmwdmlLPh4Jy4xihI9eRGcnpVgqN5sMAdzsQS4WLWIEb8k5iPhEs7c+nbin9gNJ6j2hrWIntNCjmn7dpo8oQweZtfIORHYF1x2vfE+WDCUwVwnSUcNrZOYHcCKrkpsCfv8uOcGSM2TdEzRPk3e7gNeZ7TYh2ScW0cEOb0=,iv:hc/RcAT9XdO+WnNQqUoklisbttZRHB4E8kGGWjsgGHk=,tag:WGn5kfTdqYxC2etMf5jI3g==,type:str] + lastmodified: "2023-02-21T20:24:05Z" + mac: ENC[AES256_GCM,data:tmyqferiEmYAqoyr5Mlm9ZExftORpyrBh2mJvQRFuGxAHhoVE01Czz8X5X4jBVuZMCKpDviPneV5bDwNDaj/l+Hy43mK3eXe4RlXd3zIKSa47Cw2EFoaF14rJ57racSuUkU7JOoFm6MYb48YxxKJTZA+ikNP7Un49Y/ITUtdv1s=,iv:+pUnUIzbJWbRN5GT3gcUSJT9i2qWYhBMvKVkYFB/uRo=,tag:iMocg3bJ3UZmsxHnKSaYhQ==,type:str] pgp: - - created_at: "2023-01-28T20:47:05Z" + - created_at: "2023-02-21T20:24:05Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdAXDFkD5HV1klayx6DMEqBW3P45DD/HiZGu1ydmth1uFIw - D4Szq+f+WaBgkbXVYYgzc3CPtPkeFAtYb96TGembaPcES+KvjTkB+I8bVwaUC+Gn - 0lwBXNGHQgnWYc0XzFawUxYmXJ4MTOlBvOwDZXZlVp9sZucF2EFcI1SL2ItwrcnO - XGCfIM9LupNf6+9/+ZVJXR45REa1OxT66wkTwzaK1a0Uc8SnsFlSqMxdBoPO1w== - =604A + hF4DAAAAAAAAAAASAQdAG6OFXTwB4bl2rxThYlrXtkZXotsQdZgf82O92ck9AVMw + bBz37ZrpbsxBBLW6Re5KD8Ygx4dAz/W2xUXXgVR+yY6uJO/hYPNSnrKPeALRPlQy + 0lwBtLihsXmHBBS476xskQ8yV4hRvt/Ufiz6V0B50W7DbzMhS2ribNRXD9v/elYS + vmdfXDPzMYBK3NLg0eidosj1mEtyZrlclAwW1gr2DGhCBbs/qbgJOEUePZJhag== + =FpTb -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 encrypted_regex: ^(data|stringData|ip)$ @@ -214,8 +214,8 @@ sops: --- apiVersion: v1 data: - adminID: ENC[AES256_GCM,data:z9w7eRToC89KBiHM306MvmXLMvVlggh73vb4URemfpM=,iv:EWsONqWazWy2U/LdhXX02f+yaorD3/Y2iLB7YkfE31w=,tag:cgEXva9sf8E4BlyhL41oiQ==,type:str] - adminKey: ENC[AES256_GCM,data:zHAG92mlHT6XYpNunmlWg4Md4mnMcZYzk32GspNAcEOV/rdb+CW/Cdb9qZDPc+Ob9Y2L4qUNmU4=,iv:Gtypm2u05prWpFwTL2J5JDI3FnYyua707tQqng4nOrs=,tag:DCGC5nz2rY+sjYOduiPiNw==,type:str] + adminID: ENC[AES256_GCM,data:lfoSlkYyyEXySKcnonIP+EVhbUZo6a6zt9ziKVnoX7Q=,iv:8MHPt38dlpfupK+iclaw/nvw05j8hdbzN7z4zyiqoFs=,tag:YZmiCDHiZkvHertl5vkarA==,type:str] + adminKey: ENC[AES256_GCM,data:bh4Nbu2Hc6y0+STQx8FGtd+VU/hOwg1YwkkDTv9EqziZ/yAvLUikUnXqDqOmPfXcYG/G3jrz7XQ=,iv:LOgMoqUxYQS1yAZavMXvGC8Af94T7/hxLUBnvBlguK4=,tag:owiUJd+jPTOc8JIpK6Yilg==,type:str] kind: Secret metadata: creationTimestamp: null @@ -228,27 +228,27 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByMldkUS9kN3crQ0NheC9M - cm5QQTFyalNwLzRYNTdVZVF3QlVCUmJRd1JrCm5UK3NkMG13RTZ2SXJ6K0xoNzFj - L3RDOGxOWmVEWjNiYjlzdjUzVHI0NkkKLS0tIHVUeGdJQ1pXZFh1WWM4ZGRmcXYy - V2xMMWswZ1BwbzgxYnJ2UEJaNWkwd0kKO88LjOvD4MYrSVryl+MTGdm6iNmXBLZE - eIha423Ryce39Ee80j+ICrkOI+HQzf4IzW6GweKq8jGK/5Ar2gqORg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArczAwVm5wbzl5TUw1c3Nx + Y09sY3BXSTFPcERUY05rcjU3K3N3UFVBRDBBCjd2UWNKTU5nTGVHemhOZUtTV3Ri + WStHUm1KUHk0bm1TNUlyblkxZDd0QzQKLS0tIEJyaGsvdURJaWhJYjV4Sk9idFpH + Wjl2Y295YXloaGJ0enJrZTF5L2VpYk0KFN2AYiNljOevNMoLV42+naMs0PL2OPom + 9ycRGjLzsgFmibwF3S26qQaK1AvI6f2nPU1sjPMcp+BBZuF1T7wJDA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-01-28T20:47:06Z" - mac: ENC[AES256_GCM,data:7xJDLJKmwdmlLPh4Jy4xihI9eRGcnpVgqN5sMAdzsQS4WLWIEb8k5iPhEs7c+nbin9gNJ6j2hrWIntNCjmn7dpo8oQweZtfIORHYF1x2vfE+WDCUwVwnSUcNrZOYHcCKrkpsCfv8uOcGSM2TdEzRPk3e7gNeZ7TYh2ScW0cEOb0=,iv:hc/RcAT9XdO+WnNQqUoklisbttZRHB4E8kGGWjsgGHk=,tag:WGn5kfTdqYxC2etMf5jI3g==,type:str] + lastmodified: "2023-02-21T20:24:05Z" + mac: ENC[AES256_GCM,data:tmyqferiEmYAqoyr5Mlm9ZExftORpyrBh2mJvQRFuGxAHhoVE01Czz8X5X4jBVuZMCKpDviPneV5bDwNDaj/l+Hy43mK3eXe4RlXd3zIKSa47Cw2EFoaF14rJ57racSuUkU7JOoFm6MYb48YxxKJTZA+ikNP7Un49Y/ITUtdv1s=,iv:+pUnUIzbJWbRN5GT3gcUSJT9i2qWYhBMvKVkYFB/uRo=,tag:iMocg3bJ3UZmsxHnKSaYhQ==,type:str] pgp: - - created_at: "2023-01-28T20:47:05Z" + - created_at: "2023-02-21T20:24:05Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdAXDFkD5HV1klayx6DMEqBW3P45DD/HiZGu1ydmth1uFIw - D4Szq+f+WaBgkbXVYYgzc3CPtPkeFAtYb96TGembaPcES+KvjTkB+I8bVwaUC+Gn - 0lwBXNGHQgnWYc0XzFawUxYmXJ4MTOlBvOwDZXZlVp9sZucF2EFcI1SL2ItwrcnO - XGCfIM9LupNf6+9/+ZVJXR45REa1OxT66wkTwzaK1a0Uc8SnsFlSqMxdBoPO1w== - =604A + hF4DAAAAAAAAAAASAQdAG6OFXTwB4bl2rxThYlrXtkZXotsQdZgf82O92ck9AVMw + bBz37ZrpbsxBBLW6Re5KD8Ygx4dAz/W2xUXXgVR+yY6uJO/hYPNSnrKPeALRPlQy + 0lwBtLihsXmHBBS476xskQ8yV4hRvt/Ufiz6V0B50W7DbzMhS2ribNRXD9v/elYS + vmdfXDPzMYBK3NLg0eidosj1mEtyZrlclAwW1gr2DGhCBbs/qbgJOEUePZJhag== + =FpTb -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 encrypted_regex: ^(data|stringData|ip)$ diff --git a/kube/3-deploy/1-core/03-certs/.sops.yaml b/kube/3-deploy/1-core/03-certs/.sops.yaml index b1fc70de..57921f73 100644 --- a/kube/3-deploy/1-core/03-certs/.sops.yaml +++ b/kube/3-deploy/1-core/03-certs/.sops.yaml @@ -2,6 +2,6 @@ creation_rules: - path_regex: .*.yaml encrypted_regex: ^(email|dnsZones|stringData)$ age: >- - age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj pgp: >- 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 diff --git a/kube/3-deploy/1-core/03-certs/cert-manager/app/3-issuer.yaml b/kube/3-deploy/1-core/03-certs/cert-manager/app/3-issuer.yaml index e1dbfa8d..057178ad 100644 --- a/kube/3-deploy/1-core/03-certs/cert-manager/app/3-issuer.yaml +++ b/kube/3-deploy/1-core/03-certs/cert-manager/app/3-issuer.yaml @@ -5,49 +5,49 @@ metadata: spec: acme: server: https://acme-v02.api.letsencrypt.org/directory - email: ENC[AES256_GCM,data:uuLsQXAAIWcALTJ6orWD7MBg5w==,iv:kvyi6mf0zgPw5WCjabDtTevl9vpgc9R59HgBUvE5KsA=,tag:BO8EE0020vIqYTZdmGbIIw==,type:str] + email: ENC[AES256_GCM,data:ELkeQFGABbQ5nCdoE7dYtwWgRg==,iv:JQhoG3SS9vWoi46AKgjiXKwsoy+sGi0obuJidBHFY98=,tag:u2vgI1VPOj6nTnaSOmXNbw==,type:str] privateKeySecretRef: name: letsencrypt-production solvers: - dns01: cloudflare: - email: ENC[AES256_GCM,data:MY+x8id2bh7h325/66hgOeeoX+zO5A==,iv:PZ6mgOoC4ITjznlq0UWs8CVpaOsmH3yDx7RL9sPRJKA=,tag:N23nR51/OtHOxO20unxKwA==,type:str] + email: ENC[AES256_GCM,data:Bt5hudKdIqdzSmyqgBLgod7GW5GdiA==,iv:mpM06oGL/traLj60XvyD4GxfyblQtMPWACHYEY4qlsA=,tag:5zOuRgLo2xJbpQYX+UfrFA==,type:str] apiTokenSecretRef: name: dns01-api key: cloudflare selector: dnsZones: - - ENC[AES256_GCM,data:PPCkOrLe,iv:kbKa7Z7OGgthzi37pdNRm/ZnXkWtKLd/KFeW5VRThEk=,tag:Q6b7GEwPorxNRWeOQOr/MA==,type:str] - - ENC[AES256_GCM,data:JMSQS5ks1mkIakPBiqI=,iv:nRB4+tCh8XzJM9um1DNbfaks1kahTmdZB1Gmg+vIbMI=,tag:QAuo9QHZRJEQ5YrbM1MDxg==,type:str] - - ENC[AES256_GCM,data:fTgjL2NqXzTLPFpzBA==,iv:3hc8weLymnamZ2+ZNzobD79yGX3vElmF2M6vbNo7310=,tag:32XkUOr9JL6Wt6wHAhvw1g==,type:str] - - ENC[AES256_GCM,data:1pB3YJkNM4hs,iv:AMfS5o4z4Ryu3q7x0tu5Wi2CKNAAZYA8I4OmvOmlTXY=,tag:nSd3d52qklmIJnD/x2segg==,type:str] + - ENC[AES256_GCM,data:xqqHasdg,iv:S88A0UU0MOJeDWuBy3pt1DDQ/+hbdqpVJaVW023CgEo=,tag:zg//nGnkbNKbkSpotXsotg==,type:str] + - ENC[AES256_GCM,data:pqU9z0v/nL5fz6cIM70=,iv:hu64e7Qnv+1gXHskiZ737pWn3FOoD4vY9gmeHEQGd7M=,tag:Wke6nEiLDWKiwVX46/IDhg==,type:str] + - ENC[AES256_GCM,data:D9vOTS2PNZV4Zvr0cQ==,iv:i7zvJHTGw+9qaAV6TcSI+Ej22rJUzVPl1Dg9gYNbpyI=,tag:Ik4p0607nyOWk8rhbdxrnQ==,type:str] + - ENC[AES256_GCM,data:4MgoWDrdj//o,iv:Blc219HqI420Ul/hID6BTf3UWSuw39czAcRG3hVRkNg=,tag:JNf2kYGZt6v0rGXOOqiJDA==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHa3RKV1d5N3BhL2ZXWGRo - VjZPRFZQMDdUVm9VaWNDQ3RvQUQ2MkRDNUZvCmF0TEpjdmhDcjNpdDY3eGRicmtM - U3VGT3AyNGpyTy83OTIvWURWUFcwVnMKLS0tIGxwMklXUWUzT21GRUxPcWpXL2xl - bkhuMktzNGxSSytXYmJDOG1vOEpEemMKMwcArlt/YauK8yfxiIEpnhMFEBgpNFY7 - HeiLqiDg/BZDjYeCk1Nov8zHDADUpZ2/Im37MJwHxO1pwcH7lPARWg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Z1BmLzZabTUzbXk3eTRx + b1ZSSkVYaEw5RXRSRXJIeVZLdU0rUnZGT0ZrCm53Zk13L1I0dFFTTmhTaXdVR3hk + Zk9aSm4zamFhdnVXWkNSY3c3Yno5L28KLS0tIHAvaUdVVjc3T0FxTjhxSVA1aVgv + Rzd0ZmYzbklBdUlBU01zd25PbzQxZG8Ke06LiBELBox5EPZXgqJX/6iSNQzcdwRO + LbNEX3zn3RYcMkzLvCrHAphRjmIaMZYuc6dklzb2okZjod6HHsXHLg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-09T02:52:42Z" - mac: ENC[AES256_GCM,data:lQLYmbvSEQUPSqxvKXaAt/7ZA8gCBPRyzDXfWRciyzmxAgiTH871kex+D1o0xz1+LMEcBq3QRzChil2p8vC28ZPBDwCP4h51DrHVJwC+mVx8VzF6xKRTNz9Ll5RiLTxHyMymRn/c+4/lotyZfsdbqz2pq04kv6IzG552QrLrVzg=,iv:fQMlO4Po88i8gmTkVmkyCxT1g6xOYXnlks7gC/gh/U8=,tag:N0/JQgL5nuPeS8yRe1CLgw==,type:str] + lastmodified: "2023-02-21T20:24:50Z" + mac: ENC[AES256_GCM,data:LL1NjxWkw6/cl+H9Ot4B0fg+KlyhBDCgrz2z0DFwlfftIIGdPxAAvZYKbJeEa3TkT66dVCdAEANDfpS8WGHBquvhbfWvqFy/rzUdlXqXDsP3+oXd7DK8uDh8mrO7r9TG8NP31YCqoW8eX+SmzFyGaPrToJOrGYhKSlJ02cmysYM=,iv:Pt5XBhofthxph0ZYPQJ1Q0Lh1r2o62QtFGJnDNxiFfQ=,tag:UifL6NpDDYD1bF5c5UWjyQ==,type:str] pgp: - - created_at: "2023-01-31T01:22:56Z" + - created_at: "2023-02-21T20:24:49Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdAi25jYS+jTgkmZHsUPzrOaFxUnGuap75b0lBTILIWc08w - exBxZIt0/1Ni/jLyGxg529if+yT5hkkSO4ijn/JQAD5Y1VrdbcFAx/pIOhuNey76 - 0lwBWTpvI4sSAHs1qNdouWeqtL/Ufno0nN4KszjCvIGtdr3EUFzpO5PBQ/cQrrE8 - kerNMDXc6veD6x9YuCPuHSS9t7C9B+eYJ9+CL4HVa7oNVMtjgqfN75geaC7w/w== - =A7V1 + hF4DAAAAAAAAAAASAQdAlJaJh6Q+32DZMvSNc47uh2RRoeF+1zCTO8sud8u2tGIw + qm7rh3w4KGayQgyR8p6M3fAVNXCS7aW3T5tpF1YmvhW23smyDZi9Lv2k7HOwHQjH + 0l4B1mVE7n6hPw4+IuQF9idiGzSla0XISV/HAACK/y1RXJcwY31ZXlPWVIJyHnMp + r6G/ebXr/NhOmr3/1CixhzNEQ5zvtk2aK7PL6UFUm9WWrw8qbCogAUvc+OH4tuel + =pGWj -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 encrypted_regex: ^(email|dnsZones|stringData)$ @@ -59,34 +59,34 @@ metadata: name: dns01-api namespace: cert-manager stringData: - cloudflare: ENC[AES256_GCM,data:3Clxd4p/dbBwztU1OtdD5i8HJZiJY34Ja10KPgbjgBiAm/Z6oR5HjA==,iv:FALCaWOBWCPo+y+sTJzosFECACU3UFbqcqYVgzpQKqQ=,tag:GJpro8jGwnQU8LiPjSzjLg==,type:str] + cloudflare: ENC[AES256_GCM,data:rJxO22BvCCyCeE27/N6Uj8ZWQm7GW2iMXHpXHZIYaVC7REomvjQxGQ==,iv:+qP3h6amWa23Uz1bgTeD/2DCWb1tq5R0WGVGmHCc1yE=,tag:ukuv9FhKT4CPKZ0pjb+fpA==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHa3RKV1d5N3BhL2ZXWGRo - VjZPRFZQMDdUVm9VaWNDQ3RvQUQ2MkRDNUZvCmF0TEpjdmhDcjNpdDY3eGRicmtM - U3VGT3AyNGpyTy83OTIvWURWUFcwVnMKLS0tIGxwMklXUWUzT21GRUxPcWpXL2xl - bkhuMktzNGxSSytXYmJDOG1vOEpEemMKMwcArlt/YauK8yfxiIEpnhMFEBgpNFY7 - HeiLqiDg/BZDjYeCk1Nov8zHDADUpZ2/Im37MJwHxO1pwcH7lPARWg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Z1BmLzZabTUzbXk3eTRx + b1ZSSkVYaEw5RXRSRXJIeVZLdU0rUnZGT0ZrCm53Zk13L1I0dFFTTmhTaXdVR3hk + Zk9aSm4zamFhdnVXWkNSY3c3Yno5L28KLS0tIHAvaUdVVjc3T0FxTjhxSVA1aVgv + Rzd0ZmYzbklBdUlBU01zd25PbzQxZG8Ke06LiBELBox5EPZXgqJX/6iSNQzcdwRO + LbNEX3zn3RYcMkzLvCrHAphRjmIaMZYuc6dklzb2okZjod6HHsXHLg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-09T02:52:42Z" - mac: ENC[AES256_GCM,data:lQLYmbvSEQUPSqxvKXaAt/7ZA8gCBPRyzDXfWRciyzmxAgiTH871kex+D1o0xz1+LMEcBq3QRzChil2p8vC28ZPBDwCP4h51DrHVJwC+mVx8VzF6xKRTNz9Ll5RiLTxHyMymRn/c+4/lotyZfsdbqz2pq04kv6IzG552QrLrVzg=,iv:fQMlO4Po88i8gmTkVmkyCxT1g6xOYXnlks7gC/gh/U8=,tag:N0/JQgL5nuPeS8yRe1CLgw==,type:str] + lastmodified: "2023-02-21T20:24:50Z" + mac: ENC[AES256_GCM,data:LL1NjxWkw6/cl+H9Ot4B0fg+KlyhBDCgrz2z0DFwlfftIIGdPxAAvZYKbJeEa3TkT66dVCdAEANDfpS8WGHBquvhbfWvqFy/rzUdlXqXDsP3+oXd7DK8uDh8mrO7r9TG8NP31YCqoW8eX+SmzFyGaPrToJOrGYhKSlJ02cmysYM=,iv:Pt5XBhofthxph0ZYPQJ1Q0Lh1r2o62QtFGJnDNxiFfQ=,tag:UifL6NpDDYD1bF5c5UWjyQ==,type:str] pgp: - - created_at: "2023-01-31T01:22:56Z" + - created_at: "2023-02-21T20:24:49Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdAi25jYS+jTgkmZHsUPzrOaFxUnGuap75b0lBTILIWc08w - exBxZIt0/1Ni/jLyGxg529if+yT5hkkSO4ijn/JQAD5Y1VrdbcFAx/pIOhuNey76 - 0lwBWTpvI4sSAHs1qNdouWeqtL/Ufno0nN4KszjCvIGtdr3EUFzpO5PBQ/cQrrE8 - kerNMDXc6veD6x9YuCPuHSS9t7C9B+eYJ9+CL4HVa7oNVMtjgqfN75geaC7w/w== - =A7V1 + hF4DAAAAAAAAAAASAQdAlJaJh6Q+32DZMvSNc47uh2RRoeF+1zCTO8sud8u2tGIw + qm7rh3w4KGayQgyR8p6M3fAVNXCS7aW3T5tpF1YmvhW23smyDZi9Lv2k7HOwHQjH + 0l4B1mVE7n6hPw4+IuQF9idiGzSla0XISV/HAACK/y1RXJcwY31ZXlPWVIJyHnMp + r6G/ebXr/NhOmr3/1CixhzNEQ5zvtk2aK7PL6UFUm9WWrw8qbCogAUvc+OH4tuel + =pGWj -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 encrypted_regex: ^(email|dnsZones|stringData)$ diff --git a/kube/3-deploy/1-core/04-dns/.sops.yaml b/kube/3-deploy/1-core/04-dns/.sops.yaml index d94f94d8..9d2fa390 100644 --- a/kube/3-deploy/1-core/04-dns/.sops.yaml +++ b/kube/3-deploy/1-core/04-dns/.sops.yaml @@ -2,6 +2,6 @@ creation_rules: - path_regex: .*.yaml encrypted_regex: ^(data|stringData|domain|loadBalancerIP|externalIPs)$ age: >- - age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj pgp: >- 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 diff --git a/kube/3-deploy/1-core/04-dns/2-internal-dns.yaml b/kube/3-deploy/1-core/04-dns/2-internal-dns.yaml index 3ebe968d..da28f9c8 100644 --- a/kube/3-deploy/1-core/04-dns/2-internal-dns.yaml +++ b/kube/3-deploy/1-core/04-dns/2-internal-dns.yaml @@ -26,14 +26,14 @@ spec: keepHistory: false values: fullnameOverride: k8s-gateway - domain: ENC[AES256_GCM,data:EmBNQnYwvfcQFX6kHotUWX7Af4YgNNee0v0F2NfgNw==,iv:o6n9/yUdmDOxZUF7+x+eQjz4j+y75jJ9xrkILA0FJmE=,tag:BEdFLP6lk+u5kPG6a8Nyew==,type:str] + domain: ENC[AES256_GCM,data:wDF9Qkgpd21b/dtDqmFB65UWTz8g5mXvC4b8sUNRWQ==,iv:ZCv60ivBbcbWrV06HYhmNzfZ2oMPlJ7+bVxQJQZdT2U=,tag:oQYThticDm4txQOYNXEVRg==,type:str] ttl: 1 service: type: LoadBalancer port: 53 - loadBalancerIP: ENC[AES256_GCM,data:btrvx26+76RPMPc=,iv:sVgPzNTVr+51T0SraqomzTxh/wIf58MJy2la6OkupH8=,tag:vmXVml1kPE9liMZ+gGiVsg==,type:str] + loadBalancerIP: ENC[AES256_GCM,data:0KnSD1+LFM7VQp4=,iv:0ZyHEddRpwIGFdxmW6maIrLi35Rxz90mxKJRaldc9z8=,tag:1VXEmAy1ZHdxr1lfSwjTeQ==,type:str] externalIPs: - - ENC[AES256_GCM,data:7bqjnjHTt7lg/jQ=,iv:OBUDbBJ+dDcq0A4NmW84d26TbvFVP1OFU13NVL8YcpA=,tag:meFMZdE2ZoJdhdPnptqQ4g==,type:str] + - ENC[AES256_GCM,data:xjxb5MzVEXG6yvM=,iv:pczVgOt1IGbLY7zQaXCwikN4ZmHmDyl3kCkYArzGjLA=,tag:qyC7nn82FoYTuotsXIuxWA==,type:str] externalTrafficPolicy: Local extraZonePlugins: - name: log @@ -57,27 +57,27 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzRUpxMXRPeDFpQzUrZElQ - bWMxaFVTM3I1MklBZGk2YzcxaXZXL21melVrCnpKVHJtVTcwVERXN2o4ODNQVDA1 - RUFuS2R2SEhvMnZCdFhVdDBzVFJpa1UKLS0tIHV4ZmVZN1A4azY1bGxMRG1Ld1Fj - V0hDWlQ2OFpUa3RzN0piZEx1YUxZTkkKi2wO12IsWgvPzDcSUfUJaPS4RBWG0j5w - PjxMjgGHcjAwO8cDDCb13Shu01F/jrJ2Sz56YjPnRyr7NN5j/FQzsQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvM0xxL05pVERKU0UxSVZQ + S09VWWJuWnJEQjRSZmpNdjBrMG1JSTRNT0JRCmtRQWdTVWt2Si9xaVRHSUlVWlZF + dko5c2Z4aGlqWUxaQXUrZFVGdm1CaEkKLS0tIFhyVEREdzdqZm5HcmVyeVNIcmVo + K3lzYzZCaHRubzJ6VzVIeWJaTitFVkkKmLcRfQW/1SAamvAsX43EKGG+4HfAdlsZ + iNs2wWCAhAjUligg/wqlP03M3tK+nxfUxDL2DoLdXQN05CRIp5kAFg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-09T02:38:51Z" - mac: ENC[AES256_GCM,data:AUQ5AWSRjHhh557BuSK2XwQLKfvS5w35bdAaC+bBI524KyczOQyOVbv55jyfRCtkdt7y5vNVebx8JKiaG4kg24iYi8pgupBsmzauEaXPPYrKmDJcWwspqdtKu8zy32Jj0YU5loj/Bh9ln0BrWrQHNXAQgde1e/3ZK9FDvRot+U8=,iv:t5L3xKQXUsadx6M9sen7XEamqzLhHH8YOZJLU0gWrA4=,tag:K41iTxy0VqeHITWilr3hJQ==,type:str] + lastmodified: "2023-02-21T20:25:11Z" + mac: ENC[AES256_GCM,data:pyb3qDdaVxtWRGiGxQJkRgTUjAeEZtDDidjX/uc2Hwm4smpPzv+0ahcOwzSG8mt4gYrd2Dc43lpDWg7bx0tmT2f7+9oOIwz227ZFUSCpB6gtH48HeTmKU9BqNrVfsUdi/c4qCfwm5bck5YuIIvPydCL0vOsMnhRWKis9Elx2l8c=,iv:wat7/Nfv/1Vcr6dKIUipcHp6nDKLbjg0ioeEVnkvAC0=,tag:P94myA/2TNyrcYi+RzvQhg==,type:str] pgp: - - created_at: "2023-01-31T03:19:34Z" + - created_at: "2023-02-21T20:25:11Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdA0755aXaU1lB5hlOyfLl4nIhdKqd3Nexw2rUuIqeAEBQw - PUCUQqYYp+wncqkKqKUzGrt1aenR0wmTUfge/+idhp2zhsL4gk7OvlrwTRIdvCpN - 0l4BR5JHRxAKsqMq87Yv8ZTTmR1j+XCsAygvLY47FmhzHH+Y3xfdDqGWqpVdshHS - B1eFB//xoCnqAZDElpHEqEf5XXB2JPj0PextzynB5tbn4uE4BsH4yeapDqS/3LGB - =GHqR + hF4DAAAAAAAAAAASAQdAq3YAxVy8FTWzFlVM9i2FaHa6C0cELWxxxSNq0bnJ5xIw + 54WAUFWH6GZMiMD3xl3LP5Y7fTo+Q6QBp3rcHi4Lazpo0MgLzGRvyAIXExed/nKe + 0l4B1mAUV4/JwD877ulCLmtnoSBZw6xtQUmKbfiAEKQQpGGwZ0zgHqCV9a8yv6HY + iyVT8c0fybTVEX8x47TzUMzGkNM92koUYqIwvzAvziC1KG/MfUdbJuJD9wzGz1NJ + =x71a -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 encrypted_regex: ^(data|stringData|domain|loadBalancerIP|externalIPs)$ diff --git a/kube/3-deploy/1-core/05-ingress/.sops.yaml b/kube/3-deploy/1-core/05-ingress/.sops.yaml index 7ab8aa03..f40d653f 100644 --- a/kube/3-deploy/1-core/05-ingress/.sops.yaml +++ b/kube/3-deploy/1-core/05-ingress/.sops.yaml @@ -2,6 +2,6 @@ creation_rules: - path_regex: .*.yaml encrypted_regex: ^(data|stringData|commonName|dnsNames|externalIPs|loadBalancerIP|whitelist-source-range)$ age: >- - age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj pgp: >- 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 diff --git a/kube/3-deploy/1-core/05-ingress/2-certs.yaml b/kube/3-deploy/1-core/05-ingress/2-certs.yaml index c2bee63c..4a440dcc 100644 --- a/kube/3-deploy/1-core/05-ingress/2-certs.yaml +++ b/kube/3-deploy/1-core/05-ingress/2-certs.yaml @@ -8,40 +8,40 @@ spec: issuerRef: name: letsencrypt-production kind: ClusterIssuer - commonName: ENC[AES256_GCM,data:F17/Hbp4,iv:M/yiujqEpifompR5ftSFPxLqpof/6scR4gJoBV2V1ns=,tag:4kUoFCimX3rAVmseQeZ+JA==,type:str] + commonName: ENC[AES256_GCM,data:gjAdeUez,iv:qVkC/0wOYHXTCAxMYPyLnyxdFuxPbaXFzc+/Ihn3eO0=,tag:qk7/Wo29hDbeDpSlHG+nqg==,type:str] dnsNames: - - ENC[AES256_GCM,data:qtPipbCC,iv:yj+BGPaFo/MNiTlx66ycIn13bf9BcmqZNWrKCAFGczI=,tag:nVXDrE+So+vIokNKqe5HWA==,type:str] - - ENC[AES256_GCM,data:+8NX6rnVyrI=,iv:1NhwgteU4uofbT6MyiwitoSMK8vTchMssgoQicLC+4s=,tag:GrKDp46zBD+NqZLpLHInRg==,type:str] + - ENC[AES256_GCM,data:TtucPj0Y,iv:fHeithJhg0PzwouH0ixgSxLTAk6LW/lwxLX33oUI2h8=,tag:8qKey2VCnHF7zjDEMgoDPA==,type:str] + - ENC[AES256_GCM,data:o2jbosh0Xec=,iv:zS0DHRf3qicbqvFOlxTQi6AvFCRhbr7gAXEEruSBbQQ=,tag:x7yS6OqeFNIb0Zo/Ut49/w==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSaW51TS93b0JoaDhYSDJN - Ym9FL0lxZnZJNHJBcENDNDhwWlA3RGY5SzNVCmkyOXBFME9leEx2RVlaWTJDMXM3 - TVJqb0F3QlpnZmVTMnV2R243LzBjbTQKLS0tIEgzY1F5TTQzSCtZUG1ralJRdXBF - RWlFUkJWQmJ4REQ0dEJ1encydFlGamsKSi0qRECk9btBSszv3fVW6/vXhbmq3sqR - chGfT4Ot5JnRWarC9EfeXWStc6zTfGd2hXksTltJS4IADLlUrkpmMA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDTTJQTDdtQk01UnpYUktl + dXRLOVBGaW5Sb2Roczl4TVVLM0xZVG5leW1jCkUyNFlUVDhVLzFmZFc2MVN3VVVu + cG1rTEpFdTQrVTM5UUdsYlZ6c051QncKLS0tIFNIL01ZNDN6ekdleVNjNTFqWTVT + QWRia3lvdVRJZE5lelZCaFJIbnNteDgKi1Avr710EOljSfsqd/px+hus5bFK0AhN + nZbQw7hak3W4f/7Q+qgEfCTCixe6AYDwuD0k0bQ8qtUoZx1AzTI0DQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-02T06:30:41Z" - mac: ENC[AES256_GCM,data:UrCrmeQkUhlAHx7tk6yfLmAbwuMML7QjMeSSHju5Uce76KZTQArYtS9p/3JtZ5i20tOW7Hila7pD0xR0ZbjgBVhwVZfToSPmU+ROnYstiUQG2uqiQFCOS3ByGv2my8j4AOxBU7SJREcd8brzOvuMDOvsftP0YPUEsYz1qd/K5Wc=,iv:kFRcKzMZsBOMVShtrHrFTKpfSF2Y4pmsOgDNzlQW4Hg=,tag:kzw/j8c/D9l7dldlysb5KQ==,type:str] + lastmodified: "2023-02-21T20:22:17Z" + mac: ENC[AES256_GCM,data:tfHxN/U2uz11wauKSYwDFjao+JZopQ1KsTBhWd4vNsngntU40xhn/8JcAAWa6HGUZcAwXODcmheyf6KW693pyhCC9WxO/APPFQIbPT6MQ/4v9luzzFcZQP+37BtmUjhXNNwhRAxqlWn3tJWQBptS7cyVmRYc3ZJ/L7ON8vx9X/I=,iv:5qBaBzfXVmQ6iZNCSVcH2CJ9hl7AJPUXG/R0YpuL3Us=,tag:OOL6saLNTSXCwOT5NLZtiw==,type:str] pgp: - - created_at: "2023-01-29T08:02:26Z" + - created_at: "2023-02-21T20:22:16Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdA81QJphfeu8v+QdqR2+TGj/+lGg5zDEGyiBx79dHJQHkw - FxBYeRRjCyEFGAFtmhOw5ZEOWaDaS3TofQfBhXBevO8xouEQqW5F8YcKCBLrH6tl - 0lwBIGHtZjpAklRejcj/QzuVt9clWIKcl1cy92P/AzsNNQ0mb4h6MoO+83lIEI57 - /7vP0M3zPef7huZHV+Kfb7C4MMo+LNl59EwvhrTB+0BmHA9ZexffMuvE8VnfGA== - =m/wv + hF4DAAAAAAAAAAASAQdASUATWB+DU4HzI6TDMofFHzLflaihV/vSJhAzUV0nu0cw + RSggYpOZD2nStapBi3s2kiDkr5/OMFESz19h6iFrcQ82LSbVfTPn2vSApZDj8/E0 + 0l4BaUpZUopneDZRiOQbqi2DPbIE+JI/vEzqb/W4lEcdwdfYSiSiCsW8F+kfElGY + 4VkMR1V1VSpEW9FB1wT5dnwwmDdr7E9PBKn7ZgSPz59Oo1S61TM286JgMBWECjb2 + =zuqO -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 - encrypted_regex: ^(data|stringData|commonName|dnsNames|externalIPs)$ + encrypted_regex: ^(data|stringData|commonName|dnsNames|externalIPs|loadBalancerIP|whitelist-source-range)$ version: 3.7.3 --- apiVersion: cert-manager.io/v1 @@ -54,38 +54,38 @@ spec: issuerRef: name: letsencrypt-production kind: ClusterIssuer - commonName: ENC[AES256_GCM,data:6AQ5du+jA04arxaIHh0=,iv:IjFWHi7ywAe5JBedn0Wa1aYFBZsm01yxH4DZJXUdmuA=,tag:m9nY3q73uY7oZKE1tmlA4A==,type:str] + commonName: ENC[AES256_GCM,data:yVj4l0/mY33/NrdsODk=,iv:bcdYkeAT11MCe8Q+/xvFcs+6P4hDJMsE1/df3ungPAs=,tag:OfO2YyqBc/BXGbYPwLNMaw==,type:str] dnsNames: - - ENC[AES256_GCM,data:/Z7YFQcBpgO/giolQKE=,iv:YPQh+K8h7TAAh2QY37Yf9yVBM4m3WTb4CJKkPMUrFXQ=,tag:/hCdgXTe95CiXXW0MaNY8A==,type:str] - - ENC[AES256_GCM,data:kfG+jVzF2/RtAMkTIGExQw==,iv:DW91fsM9eL9T3rZOrzCtoF+FJ7SBO6X+hS1gh5kqCiw=,tag:atz49AD5iIkYqchEHoGA/A==,type:str] + - ENC[AES256_GCM,data:AZRP/B2MJro9YZmDcdc=,iv:ns+/FUdbhjZxbktQkvZlV/AqRwAKFTGmR8Sut/gufd0=,tag:/p6Y9eQLvlt+k7wq7baNbg==,type:str] + - ENC[AES256_GCM,data:9D8W/BrCwgUDn4L3VoW+ug==,iv:zvnC46Li+WdW5hUUcP4kTiPSTHoZuHjfcZT5W1gSKCU=,tag:Y78N2a6PWkpTsDtv+lDO8w==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSaW51TS93b0JoaDhYSDJN - Ym9FL0lxZnZJNHJBcENDNDhwWlA3RGY5SzNVCmkyOXBFME9leEx2RVlaWTJDMXM3 - TVJqb0F3QlpnZmVTMnV2R243LzBjbTQKLS0tIEgzY1F5TTQzSCtZUG1ralJRdXBF - RWlFUkJWQmJ4REQ0dEJ1encydFlGamsKSi0qRECk9btBSszv3fVW6/vXhbmq3sqR - chGfT4Ot5JnRWarC9EfeXWStc6zTfGd2hXksTltJS4IADLlUrkpmMA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDTTJQTDdtQk01UnpYUktl + dXRLOVBGaW5Sb2Roczl4TVVLM0xZVG5leW1jCkUyNFlUVDhVLzFmZFc2MVN3VVVu + cG1rTEpFdTQrVTM5UUdsYlZ6c051QncKLS0tIFNIL01ZNDN6ekdleVNjNTFqWTVT + QWRia3lvdVRJZE5lelZCaFJIbnNteDgKi1Avr710EOljSfsqd/px+hus5bFK0AhN + nZbQw7hak3W4f/7Q+qgEfCTCixe6AYDwuD0k0bQ8qtUoZx1AzTI0DQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-02T06:30:41Z" - mac: ENC[AES256_GCM,data:UrCrmeQkUhlAHx7tk6yfLmAbwuMML7QjMeSSHju5Uce76KZTQArYtS9p/3JtZ5i20tOW7Hila7pD0xR0ZbjgBVhwVZfToSPmU+ROnYstiUQG2uqiQFCOS3ByGv2my8j4AOxBU7SJREcd8brzOvuMDOvsftP0YPUEsYz1qd/K5Wc=,iv:kFRcKzMZsBOMVShtrHrFTKpfSF2Y4pmsOgDNzlQW4Hg=,tag:kzw/j8c/D9l7dldlysb5KQ==,type:str] + lastmodified: "2023-02-21T20:22:17Z" + mac: ENC[AES256_GCM,data:tfHxN/U2uz11wauKSYwDFjao+JZopQ1KsTBhWd4vNsngntU40xhn/8JcAAWa6HGUZcAwXODcmheyf6KW693pyhCC9WxO/APPFQIbPT6MQ/4v9luzzFcZQP+37BtmUjhXNNwhRAxqlWn3tJWQBptS7cyVmRYc3ZJ/L7ON8vx9X/I=,iv:5qBaBzfXVmQ6iZNCSVcH2CJ9hl7AJPUXG/R0YpuL3Us=,tag:OOL6saLNTSXCwOT5NLZtiw==,type:str] pgp: - - created_at: "2023-01-29T08:02:26Z" + - created_at: "2023-02-21T20:22:16Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdA81QJphfeu8v+QdqR2+TGj/+lGg5zDEGyiBx79dHJQHkw - FxBYeRRjCyEFGAFtmhOw5ZEOWaDaS3TofQfBhXBevO8xouEQqW5F8YcKCBLrH6tl - 0lwBIGHtZjpAklRejcj/QzuVt9clWIKcl1cy92P/AzsNNQ0mb4h6MoO+83lIEI57 - /7vP0M3zPef7huZHV+Kfb7C4MMo+LNl59EwvhrTB+0BmHA9ZexffMuvE8VnfGA== - =m/wv + hF4DAAAAAAAAAAASAQdASUATWB+DU4HzI6TDMofFHzLflaihV/vSJhAzUV0nu0cw + RSggYpOZD2nStapBi3s2kiDkr5/OMFESz19h6iFrcQ82LSbVfTPn2vSApZDj8/E0 + 0l4BaUpZUopneDZRiOQbqi2DPbIE+JI/vEzqb/W4lEcdwdfYSiSiCsW8F+kfElGY + 4VkMR1V1VSpEW9FB1wT5dnwwmDdr7E9PBKn7ZgSPz59Oo1S61TM286JgMBWECjb2 + =zuqO -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 - encrypted_regex: ^(data|stringData|commonName|dnsNames|externalIPs)$ + encrypted_regex: ^(data|stringData|commonName|dnsNames|externalIPs|loadBalancerIP|whitelist-source-range)$ version: 3.7.3 diff --git a/kube/3-deploy/1-core/05-ingress/3-nginx.yaml b/kube/3-deploy/1-core/05-ingress/3-nginx.yaml index bb16bd62..f2405a15 100644 --- a/kube/3-deploy/1-core/05-ingress/3-nginx.yaml +++ b/kube/3-deploy/1-core/05-ingress/3-nginx.yaml @@ -111,27 +111,27 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPdU9RYkFYcHEvV2lMSWJK - T24wbWJsWDFVcTg4YUQranFsMnpPZHNobUdvCmV1NUUzYUI0bWxjd3g3ekMyTnFQ - NlFwMU1CRHJTUUNNbVdVWG5zajN0RlkKLS0tIG9ESmJFZHl3eHdwQlYwMkpYRnY1 - WmZ6WCtSWU42UDBJdDZYbWdMOGsyYUEKCKQn/WSsrUipmkVB2zc+iQic7y42agyU - xmS4orBGFZz5HgMQrNp4p66Lo6nX4spBWV6mbFYyVAQk2HqOdCOuLg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4RzV3SGRlUzN0dExuYU5v + eGI2NHp5RkV6cFRkQlF1MWc2NmVHQlFuNUNFCjJ5YnlzQW1PY2x6M2pyeU9QUFRI + QnNzcGRlZmxKYWVzNDE2MjUxN3FhZmcKLS0tIGtTa29GcHNQUk8wbDE2WmlId0hR + Z21Hem1GM3RqZjRtc3lybjBodG5NMGcKHg5A7ztd0/lIvZJh31X6a18dcKHE+On/ + jkqZi9CfTz4FtLc6V5OXWhQQSkMUQ/MAujN6rndj1hgBT68IcEcHaQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-20T12:27:41Z" - mac: ENC[AES256_GCM,data:jpCpRx+wbg2nR8w1HAGKkUe3FzytUuV8Jn1o2FV1TH4nc+suBUIbSxaJOvF37OuetnaWMIcKq8ERoLPvhYkckZy/xQRCsOAik38X+kBdiSdXt5/AIZMSyVDboY5qggrGmjcz+9J4OLG1vpLxYLB4XdI6dekPsrHsY2lLITZi+no=,iv:/HLjsg0vdyaWRgR/nUusGXcdSGwB6AxlLKE5x2gQ2M0=,tag:n87cfbVdwYMgObnR4iHuNw==,type:str] + lastmodified: "2023-02-21T20:22:35Z" + mac: ENC[AES256_GCM,data:WOdPzJjdR9gdF5Hu7mMKmE4LJ7D0/OM0/o1cQjSiqJKSfHHVNFFi3VUOFAiBeqA9d8vdo94sZeQdqLicYbaTN4sK9UzJ1m2dWj3RQfq76Np9PMdFyYMXP2iImFuuTjsOEF7PIPYdHlr2FdDEHlYHuBmuyb6mUFkhqm9nlN/yZpI=,iv:1gOlBnnrWu3TjbEpz1EorvSE0RqyuETRG2gKLF8v3g0=,tag:5cje88LRHLuv68kdUBmc1w==,type:str] pgp: - - created_at: "2023-02-15T23:32:36Z" + - created_at: "2023-02-21T20:22:34Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdAkcgUWpJb59iyv9pEicH3lWdOJMcdbl2tBqZUnazsSjkw - D7qErqkhVNGsbf9ufEuZ6sgSI6j7Fj0ZJgH99mcYIcnFNmxv4+ykRpk+XgObmQXE - 0l4BgOftDV39OcsQel2XkJF7YgsyR4VRFkNS7Lx0B/y6mu2UnzXvZeX6ptZGv4oa - 7cIDYyeQvG9wRK+sqhB1uVepF1ar5wHk5G3oqZSY22TauzfZDRRx7kFnjSN6xKJe - =WiFb + hF4DAAAAAAAAAAASAQdAnb9TpVZi7fzqeFwmuiQMUCTaGr12DLWCyqeolwTOS3sw + g+r4Nm+G07LZqfu4ANrdaFQKMBVLB8YHBUayiKWuq9pOZtJMfpqVfLijGleCrtsf + 0lwBqHOwH7V2+AggJu/aXZmbnqaNJsWHwUoFwIxt3V5kBBBASmd1HiLalTpL0Kfy + TeVs6+0DMw32oLFbl4tmAOfulCclZaYbmDP2K4C7iOprRl/WwrGWGorUwjqs6w== + =FqPu -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 encrypted_regex: ^(data|stringData|commonName|dnsNames|externalIPs|loadBalancerIP|whitelist-source-range)$ @@ -145,9 +145,9 @@ metadata: spec: allocateLoadBalancerNodePorts: true externalIPs: - - ENC[AES256_GCM,data:bz/tGneRjCm0dw==,iv:gEPWVzLSyYaNkERNU5IOAcSAn6Ak6GJ3wRQNbKyZlsk=,tag:L84qRSB10uVkg82WvGPuOA==,type:str] + - ENC[AES256_GCM,data:sM6PDlrEhxqr3A==,iv:xwefcdwPbi9x7Lg65K1O11QRMwd0aUmY6g5sKwZlRA8=,tag:bp0tgY45qBOBzrIj9sbMJg==,type:str] externalTrafficPolicy: Local - loadBalancerIP: ENC[AES256_GCM,data:+ZkDXwGegYdnug==,iv:vnarIUjdhsh0WMcAzgaxplCMTBQKR57EQsJ70l98lU4=,tag:B09ZR4KmADUSdrgQrnQEpA==,type:str] + loadBalancerIP: ENC[AES256_GCM,data:cSWPOBSdAt+pSQ==,iv:SBdG8vBp+DhplwtJnzDVkw0xP7qgzvw5wWacXW9GcB4=,tag:j7DATZ8eeqQwj22qMd+qpg==,type:str] ports: - appProtocol: http name: http @@ -178,27 +178,27 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPdU9RYkFYcHEvV2lMSWJK - T24wbWJsWDFVcTg4YUQranFsMnpPZHNobUdvCmV1NUUzYUI0bWxjd3g3ekMyTnFQ - NlFwMU1CRHJTUUNNbVdVWG5zajN0RlkKLS0tIG9ESmJFZHl3eHdwQlYwMkpYRnY1 - WmZ6WCtSWU42UDBJdDZYbWdMOGsyYUEKCKQn/WSsrUipmkVB2zc+iQic7y42agyU - xmS4orBGFZz5HgMQrNp4p66Lo6nX4spBWV6mbFYyVAQk2HqOdCOuLg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4RzV3SGRlUzN0dExuYU5v + eGI2NHp5RkV6cFRkQlF1MWc2NmVHQlFuNUNFCjJ5YnlzQW1PY2x6M2pyeU9QUFRI + QnNzcGRlZmxKYWVzNDE2MjUxN3FhZmcKLS0tIGtTa29GcHNQUk8wbDE2WmlId0hR + Z21Hem1GM3RqZjRtc3lybjBodG5NMGcKHg5A7ztd0/lIvZJh31X6a18dcKHE+On/ + jkqZi9CfTz4FtLc6V5OXWhQQSkMUQ/MAujN6rndj1hgBT68IcEcHaQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-20T12:27:41Z" - mac: ENC[AES256_GCM,data:jpCpRx+wbg2nR8w1HAGKkUe3FzytUuV8Jn1o2FV1TH4nc+suBUIbSxaJOvF37OuetnaWMIcKq8ERoLPvhYkckZy/xQRCsOAik38X+kBdiSdXt5/AIZMSyVDboY5qggrGmjcz+9J4OLG1vpLxYLB4XdI6dekPsrHsY2lLITZi+no=,iv:/HLjsg0vdyaWRgR/nUusGXcdSGwB6AxlLKE5x2gQ2M0=,tag:n87cfbVdwYMgObnR4iHuNw==,type:str] + lastmodified: "2023-02-21T20:22:35Z" + mac: ENC[AES256_GCM,data:WOdPzJjdR9gdF5Hu7mMKmE4LJ7D0/OM0/o1cQjSiqJKSfHHVNFFi3VUOFAiBeqA9d8vdo94sZeQdqLicYbaTN4sK9UzJ1m2dWj3RQfq76Np9PMdFyYMXP2iImFuuTjsOEF7PIPYdHlr2FdDEHlYHuBmuyb6mUFkhqm9nlN/yZpI=,iv:1gOlBnnrWu3TjbEpz1EorvSE0RqyuETRG2gKLF8v3g0=,tag:5cje88LRHLuv68kdUBmc1w==,type:str] pgp: - - created_at: "2023-02-15T23:32:36Z" + - created_at: "2023-02-21T20:22:34Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdAkcgUWpJb59iyv9pEicH3lWdOJMcdbl2tBqZUnazsSjkw - D7qErqkhVNGsbf9ufEuZ6sgSI6j7Fj0ZJgH99mcYIcnFNmxv4+ykRpk+XgObmQXE - 0l4BgOftDV39OcsQel2XkJF7YgsyR4VRFkNS7Lx0B/y6mu2UnzXvZeX6ptZGv4oa - 7cIDYyeQvG9wRK+sqhB1uVepF1ar5wHk5G3oqZSY22TauzfZDRRx7kFnjSN6xKJe - =WiFb + hF4DAAAAAAAAAAASAQdAnb9TpVZi7fzqeFwmuiQMUCTaGr12DLWCyqeolwTOS3sw + g+r4Nm+G07LZqfu4ANrdaFQKMBVLB8YHBUayiKWuq9pOZtJMfpqVfLijGleCrtsf + 0lwBqHOwH7V2+AggJu/aXZmbnqaNJsWHwUoFwIxt3V5kBBBASmd1HiLalTpL0Kfy + TeVs6+0DMw32oLFbl4tmAOfulCclZaYbmDP2K4C7iOprRl/WwrGWGorUwjqs6w== + =FqPu -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 encrypted_regex: ^(data|stringData|commonName|dnsNames|externalIPs|loadBalancerIP|whitelist-source-range)$ diff --git a/kube/3-deploy/1-core/05-ingress/4-nginx-external.yaml b/kube/3-deploy/1-core/05-ingress/4-nginx-external.yaml index 06c09132..7a4391ad 100644 --- a/kube/3-deploy/1-core/05-ingress/4-nginx-external.yaml +++ b/kube/3-deploy/1-core/05-ingress/4-nginx-external.yaml @@ -37,7 +37,7 @@ spec: service: type: NodePort externalIPs: - - ENC[AES256_GCM,data:UFPqnan8R+Skj1mp,iv:R0LrBjRNcPBK5DsgnL3dFeI9524gGChAQkhJO2znbFs=,tag:dN/D4ItFO2NfJdI5Kv+0sg==,type:str] + - ENC[AES256_GCM,data:n46atqQ1GdAhzPAz,iv:lcWwGE0YjCOlkeUgAuqah2QBi1QMa0iE3pUxf1rr64U=,tag:EiDiOUNHOx7t2K2Sr4Ni0Q==,type:str] externalTrafficPolicy: Local ports: http: 80 @@ -70,27 +70,27 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCbWRBMWFUY0MySC9HSUxB - bHFqbTBzam5lSDFTT0s1MVFpQ01mUytFdTNVCmhhbUJHK2ZmNnZLSXNGN1ZYam9G - Q3hDKzBOZ1BqWkxLd3ZWZ2NSU2k1VTAKLS0tIEU2RmRQMXJZMVhwT2lZWUFMM0ds - aisrc3h1QmhIQmEwQkdzVE80VjV6LzAKr3e/xgLoKefqHbc/RCav+HZXTAIA3nwB - oPIkDQoXTSH5XYz57PSZQQ1K5atiJ+U/58A5TNIDyQqv1xVfE3V6RA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwcFp3NC9oSUxiTjZyc25I + U3VxVGVrZjdmOHE0Zkt5Z2F2Vy80R3M0WnlVCjhEaXBINHZqc28rUmN6YkFxZnBh + dU5QbmVYekkwM2drN25McThjNThXMTgKLS0tIHVFVmMvU0JSTS9NWTc1UGRNYVhS + NVAwV3ZOcTBhWVVrbWxFUVM0dzJqK0EKITGSZI5i8CYA2IG9nMrmASRy9HqxSZ08 + 9+bEkhtlcoJgSEqdp5ojOtlZUQSU1m2/R6UbMAgoLqlVOOndpCBlvA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-21T03:51:54Z" - mac: ENC[AES256_GCM,data:E/PxKEpinhbIAR3tq5tI5/MmiLvv0/H6o8EvqJnX5c4mhn+VSt4Q4MUPoAeWZf8nYWn5Zym9/TmXhmijPwdp4aFsNpx3IyttV5QVYkLvTfmpP57pn251KkPx5yefpYEGM+bDvQNYFxI5YMu47uLDc9AKiV/7rI6dZEyXgXpS1Tw=,iv:lj22YpMyB459m22pY2OtmqxRFNzUKl30Ok0LKSFMdQ0=,tag:htTkMzuVCxhSYYRFNB3psw==,type:str] + lastmodified: "2023-02-21T20:22:03Z" + mac: ENC[AES256_GCM,data:8ZO6u6CVM403OuBnONBTSBsTi/yEyXyFrfFuTtRN6fC+kMoJvHCh7W5jWmZ0sWaoIdI1tNy890rkwE4cw43iEoesxprG8XCKN1sG+T/PBl62zOtafR5KqJ9XcUh4Gsi2pzqX9RNbvNuQFq/Kjg8UDw3KhKtXzoYL2bMt+1yyq4k=,iv:lSiaonpgHLTZe1k6TXcnSHl9EQyb2QwKYXpElZyclFI=,tag:kWnFNWc73MLnjVQz1ttrgw==,type:str] pgp: - - created_at: "2023-02-15T23:32:45Z" + - created_at: "2023-02-21T20:22:02Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdALigKg9ofDCG0uKuaGyou74TdXQ9WRyyMUeIs8cx5hD0w - aYq+awo64gECxQdhnhotmGKXhG/G4fcnGDxnDbDPqYD8L2ljuWZgzj4irVek7+QT - 0l4B9Brrg/6R8gqmEqVW2Ji5TFYdN6j9FBiZtQUQluz6aqCdvhWnUgOcECQn5Q2M - 0sHsCLWhXBF0R4Y3EJG12cBU2dmDIiL2rcVhiBt7srj2wHxOVaiX6mv+Jl0Q1Ru5 - =yvdi + hF4DAAAAAAAAAAASAQdA+n3P3JWdp4ycvHc3DgWvaFGF3Cyg995ieJMxOhTcmkQw + ULhoeGDQSN1Wyax8zxDAErh+/65I6PQih1p2eb3pTEvp/VunSWKZ/iAaxNCEC0Mt + 0lwBbG3LK3fLBEQBq2sMlKjhmaxIZDtiibNUfe2fWvwzZV9t08dFdspZEmJqH+UH + PUcL5RBoo87jSPR/GYpcJd+S02PDQTtnEhsADGFjDYdJSTtXLYd+L7NpK/jZKg== + =SLmz -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 encrypted_regex: ^(data|stringData|commonName|dnsNames|externalIPs|loadBalancerIP|whitelist-source-range)$ diff --git a/kube/3-deploy/2-apps/gokapi/.sops.yaml b/kube/3-deploy/2-apps/gokapi/.sops.yaml index 351e9967..0031ba3c 100644 --- a/kube/3-deploy/2-apps/gokapi/.sops.yaml +++ b/kube/3-deploy/2-apps/gokapi/.sops.yaml @@ -2,6 +2,6 @@ creation_rules: - path_regex: .*.yaml encrypted_regex: ^(hosts|host)$ age: >- - age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj pgp: >- 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 diff --git a/kube/3-deploy/2-apps/gokapi/2-install.yaml b/kube/3-deploy/2-apps/gokapi/2-install.yaml index 2b971e1d..341a64f9 100644 --- a/kube/3-deploy/2-apps/gokapi/2-install.yaml +++ b/kube/3-deploy/2-apps/gokapi/2-install.yaml @@ -43,13 +43,13 @@ spec: enabled: true ingressClassName: nginx hosts: - - host: ENC[AES256_GCM,data:b88yyG5HfDDN,iv:oVlfibcNvXI7+AVLcqQxFAgrCXDwxmK5uxN2SHpbhY8=,tag:LUFsZqDvXvn4TvqRS98i4w==,type:str] + - host: ENC[AES256_GCM,data:iGBRHViY8RGC,iv:WqePEM2IwE993k6NgsUBSy+ZrAfl07gmyt4dcjQhESk=,tag:Mm6vSaLlsculjoads/nLFA==,type:str] paths: - - path: ENC[AES256_GCM,data:aA==,iv:cx/Kn5TEsqlZOBE+RZ4l1aqAM4/QECFh1QfHHGZgwro=,tag:L/+vXkpu+QAyJWPM+v/zyA==,type:str] - pathType: ENC[AES256_GCM,data:dFU2j7Ld,iv:CI3f9hGvuxUoMBrYaclRABQsvNxWg/aw9+y8Sah6z9k=,tag:2cyHcUOz9vuycOELL6MnEA==,type:str] + - path: ENC[AES256_GCM,data:Jw==,iv:l5M6sJIqbOumVLMRITp7YeSj/kLZNyL42BWTYCnoaXk=,tag:kR7JNKp6oWzDiU5Xu/0scQ==,type:str] + pathType: ENC[AES256_GCM,data:s44Q4MY6,iv:5z+qXUnRv2adT1u/cRs3efGKTNb+N8MKwSdEXHX/yLA=,tag:T3QNhv7uDN6OR1laYA9cKA==,type:str] tls: - hosts: - - ENC[AES256_GCM,data:iUt2smDhEFyM,iv:UAL/Lzab4zhjuHEsWhrQ0H5GkUXS291oxUmwdU2zljs=,tag:4oq88TbrMVT7SM3nV1QqEQ==,type:str] + - ENC[AES256_GCM,data:4mS4BfxKopdw,iv:XSyJLpXQfDxWuFiVLEdVHD0BdP+2FuRcOBPKF2tgCh0=,tag:6WTKNn6VLU5aVWEbGQSSxw==,type:str] persistence: config: enabled: true @@ -66,27 +66,27 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBadWtJNHVjR1ZQL0lPcFhl - UHVJMDdybzZJVDFwaTdKNytvelRhdE9UbVRJCmtiNmpsMERDQ3JlYllPbmtPK0th - STRuWEQwQ1ROU3lJZmxJQklnUklUMGcKLS0tIGFSVGRVZHRodEsxTHJTcVpSUFpq - eU1iQ24yT09uTENVTXR2UDdYY0YvOWcKVIGu5XXvtujn41eJSuJwTdP0Klc7yknF - qcZ8WiHzD5IIzR7Q71YB3nt/h/KZIVRkc/ydyusNvrwuuWesChPKmQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVGFCdHZOWU05Y20wTWJM + UnJqMk9KRlpYZTJZWmRpUXM3Vmg3S2Z1NEVRCjZXUlNqNFN5ZENtdXBJODMvNk1L + cFl0K0E1V2dEdjI4NFhoeHUyTFgwb3cKLS0tIDRvZWVtWllhTHNNUUJ4dnc0SzUx + MHc3cXY5ZnZBU0gva05ZME5BaG1ZWHMKO1P60Ffaes6oc2fOsPE7QwLc0d3L03ct + Gj9CzvDAp082iCPiltkFh0VYK2tvJqlcdgmUzYH9tx2htrj4vOPzdw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-03T09:13:47Z" - mac: ENC[AES256_GCM,data:sn/O+Q7utHmR4wcOWxnpz38w/8Rgnjbrt8Hy5Y5+f8j4ZA9wBOpYNjOzz2QEEo6x/CXxB1t5SyCaQivIsgeE7l8SodnIJjuR0TOYO0xAHEay0/3SUITchok7ZIeVgiVqD3bbP5+wXjxHYGiOQlqe2OmNdnIH2Nl+f4+xQ69RcuI=,iv:IzckEB/YGEbutvj5Q5C+ZyGR2gImCPJnudVluR/Tv0Y=,tag:Rb3f+Kwssct9o5+lI1O1SQ==,type:str] + lastmodified: "2023-02-21T20:13:21Z" + mac: ENC[AES256_GCM,data:Ugg0AMersR0PFfGJAmVUi1iOBvqcCopz9+UkdL06gaK7NaH5FD5NHOdHdptfIYmRKyW8f3TIxGeCuIHvj0r0YNiAdewg7TvQC+szVxFqr4tGL3bZOnRoq8wSieU+KcqpbixNWsTBzj1EDppcBbcURJE5hMEYa8Ky+kYcPCco2cM=,iv:Guh2GTV/Es4PPMxCPev+cPHyY7qOgHp7/y4Mz4oB5+U=,tag:/JtocwkkvY515Ao4xcPERQ==,type:str] pgp: - - created_at: "2023-02-02T07:12:54Z" + - created_at: "2023-02-21T20:13:20Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdAQjggg2Je53Vah+/Uy9jWY4NgMEKIrXzggHIWK7ILv30w - 4KVyAuCRO0tIhd6A0dKXUg2CSBJ1CF9vBATHckwITrCn4kVa/jI6e/ffqVxha63v - 0l4BaAXHuiMVdm9dfA7yOMxyOAfO8qSlfr5z8YTFkltIFyyqbzh3kkltG/5TwYLy - 4GWtsvK+vxjAw7bZW1PmznOYrwWaM9BUAW8CVhTHn0ul+2IZHLOOvaLEb3Vc4CHg - =8imY + hF4DAAAAAAAAAAASAQdAdPeZBy4qD/YDcKd768reWw5ek8Sm1YNO6IJpdv1t4Wcw + HdnOt+LYufbzlzELIp1lHVKOQsiCT/dXv7H3yB9CIqwNR+EJzGEjJKbc4JA7W3Tw + 0l4Bs73x9OfOfFnkhKcjUK/3kp2w4leDbtb3tEvLlCOestKc4yc0uA1Hq+dG4PnR + TfkLHmjrisapgrrtyHsEYfzvHPzuCFa0rfdxms50in3ryVR7QRRX2eZOeP8F5Wyd + =bvOF -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 encrypted_regex: ^(hosts|host)$ diff --git a/kube/3-deploy/2-apps/whoogle/.sops.yaml b/kube/3-deploy/2-apps/whoogle/.sops.yaml index 3bade766..f7c96bca 100644 --- a/kube/3-deploy/2-apps/whoogle/.sops.yaml +++ b/kube/3-deploy/2-apps/whoogle/.sops.yaml @@ -2,6 +2,6 @@ creation_rules: - path_regex: .*.yaml encrypted_regex: ^(hosts|host|WHOOGLE_CONFIG_URL|nameservers)$ age: >- - age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj pgp: >- 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 diff --git a/kube/3-deploy/2-apps/whoogle/2-install.yaml b/kube/3-deploy/2-apps/whoogle/2-install.yaml index ac3a9847..3b770c07 100644 --- a/kube/3-deploy/2-apps/whoogle/2-install.yaml +++ b/kube/3-deploy/2-apps/whoogle/2-install.yaml @@ -36,7 +36,7 @@ spec: WHOOGLE_CONFIG_THEME: dark WHOOGLE_CONFIG_SAFE: 0 WHOOGLE_CONFIG_STYLE: 'body {max-width: 100% !important} :root { --whoogle-dark-logo: #6E6C7E; --whoogle-dark-page-bg: #1E1E2E; --whoogle-dark-element-bg: #302D41; --whoogle-dark-text: #D9E0EE; --whoogle-dark-contrast-text: #F2CDCD; --whoogle-dark-secondary-text: #988BA2; --whoogle-dark-result-bg: #302D41; --whoogle-dark-result-title: #F5E0DC; --whoogle-dark-result-url: #F5E0DC; --whoogle-dark-result-visited: #C9CBFF; } #whoogle-w { fill: #96CDFB; } #whoogle-h { fill: #F28FAD; } #whoogle-o-1 { fill: #FAE3B0; } #whoogle-o-2 { fill: #96CDFB; } #whoogle-g { fill: #ABE9B3; } #whoogle-l { fill: #F28FAD; } #whoogle-e { fill: #FAE3B0; }' - WHOOGLE_CONFIG_URL: ENC[AES256_GCM,data:fi3dlJcjpAVIGmLbdRb/Nw==,iv:jiEyZXKBWb8OQkWawS3D1UlTc0Wmt8TfWJqDpSR2LDU=,tag:9U895Ic6MTD1fXQCu1QziQ==,type:str] + WHOOGLE_CONFIG_URL: ENC[AES256_GCM,data:H4gGsFTyfFDPfY7I7Ck3gQ==,iv:VxiGgP1ZYTXf04NrzbQvwNJFTyHZ7c5g9KIQmg4DBVc=,tag:AhjzYMtafjeaxVq57FRgFg==,type:str] WHOOGLE_CONFIG_GET_ONLY: 1 WHOOGLE_CONFIG_VIEW_IMAGE: 1 WHOOGLE_CONFIG_DISABLE: 1 @@ -48,7 +48,7 @@ spec: - name: ndots value: "1" nameservers: - - ENC[AES256_GCM,data:Q7+Iq5/jbf0=,iv:fSQ9ek9I1vH/nmd2u5wQ7MQzoWrUdW+LT1nGfmM5IxQ=,tag:umC/f280X2YbOVgZbHOrAw==,type:str] + - ENC[AES256_GCM,data:kk1LGDObvLM=,iv:zSIMj83AEoUthmbMJsDQKjUNtpojBOfEG4tzlKaIOwU=,tag:CDly0GxZWXrHQNPf8rZHkg==,type:str] service: main: ports: @@ -61,13 +61,13 @@ spec: ingressClassName: internal nameOverride: internal hosts: - - host: ENC[AES256_GCM,data:oM+w4Mv9sWE=,iv:L/pmSgOAtDQIrPeJL1foB5HhvhmJQAGs0XMvw7aJJQA=,tag:wGpp4GJkzY8dMKJ7WwbVEg==,type:str] + - host: ENC[AES256_GCM,data:pTf9RNyPL+8=,iv:Pa0iAOctJykVFVYAhV7RG2NZnQFyar2f4uETCDE04F4=,tag:gl6C4HDlYhwAz7N9YBH9yA==,type:str] paths: - - path: ENC[AES256_GCM,data:Vw==,iv:TWNK/+w4wV3cCcqCzsR8BdpCOeWvqOJgvdnC/DNS5vU=,tag:BTQ/7vJiCpVcTwlCaNDowQ==,type:str] - pathType: ENC[AES256_GCM,data:lOtyaBCQ,iv:1XgDu3nNYK9pwyTuw+hyXQqNV33nWEwHiZ2BgkqWEmY=,tag:5ny1eKcECyVmO+UIlaBNKg==,type:str] + - path: ENC[AES256_GCM,data:VA==,iv:zw+apwk5xXziqJdfsxgi/RiO/cS7WrR9+CTFgGArKwk=,tag:W84JCBGhTD9/NvDvZb8L2Q==,type:str] + pathType: ENC[AES256_GCM,data:rikuyvEF,iv:+gAOJmZy7QUQjsfPgdnE1VGWUfWi3gwbwY4IrumjTKo=,tag:gz1lBlxsa5XIardE3wgCoA==,type:str] tls: - hosts: - - ENC[AES256_GCM,data:0lngFtyYrp0=,iv:7ohv94qGZwkWx/rMxW2EYSAO+tP4mE33dsiyB+WZfgI=,tag:ORz6fhoh2tVUv0ZpCH/cPw==,type:str] + - ENC[AES256_GCM,data:sqr3pXgKZq8=,iv:sQh0RNxpL860NnVbd0dp3/ytj8w9cH+M1UYwxgN803Q=,tag:5f7mu0yRbs9c5AmJL/9nEw==,type:str] resources: requests: cpu: 5m @@ -80,27 +80,27 @@ sops: azure_kv: [] hc_vault: [] age: - - recipient: age1xl3fcwdw56k73lraxsjhde4ygwn7jw0js5l5qw7vsp54vc5czuwstcejxu + - recipient: age1u57l4s400gqstc0p485j4646cemntufr0pcyp32yudklsp90xpmszxvnkj enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHOS9Qa2paU21Id1FmMGhG - ZXRkNk1NYmNNbGtJSkNGR3JKdGh2STNLL2s4CjdldDJpNVpJbjR1UnRPeDJjVURN - RUdrTFNpTUZBOXhEM1Y4c24xd3JqUVkKLS0tIGlNbzZaY0g0RUdyd3U5Y3VSUDVu - U0RucGlTdjJ5eThQQ3M5N0NlVXo3ZFEKWAyldwRjR/Ep5eLngZnRFLbRfo6hBxz/ - tDQUcbgG+x/hmciKhxEHxtFLrHsOZZSKn5/9EmtRixxnl+KnknJP3g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuUVYwMm9IanhYRHlQNEJZ + Y3g1MXpRU0xKNkxuR2ErR09pRU5hMVlMeWpjCnNTa2NaaVlvUXp4WElvcE9qY29Z + SkRKV01Da2ZqQ3MrbkpTby9EdC9jZHMKLS0tIHZJOWh4THp6UU5OejRTbjFPSDJX + dUc1VmE3cGFHT0laMU1qcW1MdVRJc2sKlVVqJHHswazaRZE3NWMJ7sQaihTc7ZVV + mI/3SMD6sPoQj9vZH7+xuIyf8q1aaCWCjP8a7ROiFTMC/issrw0LkA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-02-19T18:08:00Z" - mac: ENC[AES256_GCM,data:4o8tknKdMvvcsoe/gMqxHIVW6tQCu6eZytxEodmSIb+ljEtmMs2gF64NF1a1Ply7EbPCr8hXxYkWNajI5Sgo5K7f2O/XvNoAlHVc3MIRUOICUaHF7vkwlWdAVnQz3bS0JB7GaGu2wUTncbHyQK8M2IouvNzA28lAziR7BKrPEqk=,iv:tBEXa33mgCB7JPFcu8YlC44vPRyhpMtThZtL481FPYg=,tag:THtxg+a7ZcqBkUpydnOd9Q==,type:str] + lastmodified: "2023-02-21T20:14:12Z" + mac: ENC[AES256_GCM,data:Rg46C2KEDJ4PaiQ5PJ3GN82ZaiLrtsTupOfL9KvulJrlCF2mG9Zi7if7HDuN691qKyotYyUc7l1Zhq4MgVMzNj4yCXxZjF+sIKlGjrAso8jUiz4lElP/mm619e9ED7ahQDM2qxB9cxq/fdfD71Kw/q1OoXHL9XLDQ40ENv5LL+Q=,iv:/OsQwF5XYQI3sZ7VGUSYvAHQp4FbrOMNdp1M+K5mx1I=,tag:FD1wUOIBPzRhFgMLt7iTMQ==,type:str] pgp: - - created_at: "2023-02-01T10:34:08Z" + - created_at: "2023-02-21T20:14:11Z" enc: | -----BEGIN PGP MESSAGE----- - hF4DAAAAAAAAAAASAQdAr6teP9qapjcDBwGS9e4BMYmaF40qQtX+az00OUL0KDww - V8w6ZuITDYBJWHuG9J00YFyQRODtI+hJexuIb1hEPLKpBjggICKFtUSb1UiZptFx - 0l4BmzkQ8Gb2DA1oPDIHksb/Oxv2KPUbpbQXXz+D7qiDQBFNJazZ84iSWxV4aIad - Wly2A2LvIce8oRdjCOJcYLi5T0pAUpnJFTKI6aruTkmk/D5TnKssN5ehGCDelCPS - =pMTn + hF4DAAAAAAAAAAASAQdAOuEAO9H/RLnLVNg6oR/aea3zJJp1hepBik26PNSS9How + Qa6XkJQ56GqdeYlk1ewHczP8CYZE6iaaXI00L/xJkfPPgdb8fNikDjgzUb4kmjjZ + 0l4B494UXFz22n1077EM8vP9i9NwncfFIkDwQ0JYeUmFuN8tf2PZXBvr7vvs3QLc + AiXQnTQ6m+S4EPpRD6LsJYpynOLC/DYk1+46CT/hjhxv/anxlWnyx5/eOZXsxltp + =uN9E -----END PGP MESSAGE----- fp: 31E70E5BC80C58AFF5DD649921AC5A1AC6E5B7F2 encrypted_regex: ^(hosts|host|WHOOGLE_CONFIG_URL|nameservers)$