Merge pull request #227 from Telecominfraproject/feature/wifi-11553--atlantis-token-rotation

[WIFI-11553] Chg: rotate atlantis PAT
2025-10-31 02:47:51 +00:00 · 2022-11-22 15:03:23 +03:00
parent 5db814629f d7b2020070
commit 9d31a76ee2
57 changed files with 283 additions and 1747 deletions
--- a/ansible/Ananda/README.md
+++ b/ansible/Ananda/README.md
@@ -1,20 +0,0 @@
 ## Usage
 This playbook installs and configures the Ananda agent on the lab controllers to set them up as gateways.
 You need to install the amazon.aws collection (requires Ansible version 2.9+) and it's dependencies before being able to run the playbook:
 ```
 ansible-galaxy collection install amazon.aws
 pip install botocore boto3
 ```
 Since the Ananda tokens are saved as AWS Secrets you also have to login into the SSO account with id `289708231103`. It is required to set the following environment variables:
 ```
 export AWS_PROFILE="AdministratorAccess-289708231103" # Depends on your chosen profile name
 export AWS_DEFAULT_REGION="us-east-2"
 ```
 Execute a dry-run with `ansible-playbook -i hosts.yml setup_gateways.yml --diff --check`.
 Apply the changes with `ansible-playbook -i hosts.yml setup_gateways.yml --diff`.
--- a/ansible/Ananda/hosts.yml
+++ b/ansible/Ananda/hosts.yml
@@ -1,53 +0,0 @@
 all:
  hosts:
    lab-ctlr:
    lab-ctlr2:
    lab_ctlr3:
    lab-ctlr4:
    lab-ctlr5:
    lab-ctlr9:
  children:
    ananda_gateways:
      hosts:
        lab-ctlr:
          ansible_host: 10.28.3.100
          ansible_user: lanforge
          ansible_become_pass: "{{ lookup('amazon.aws.aws_secret', 'Testbeds/UserCredentials.lanforge_user_password', nested=true) }}"
          ansible_ssh_pass: "{{ lookup('amazon.aws.aws_secret', 'Testbeds/UserCredentials.lanforge_user_password', nested=true) }}"
          ansible_ssh_common_args: -J ubuntu@3.130.51.163
          ananda_token: "{{ lookup('amazon.aws.aws_secret', 'Ananda/GatewayTokens.lab-ctlr', nested=true) }}"
        lab-ctlr2:
          ansible_host: 10.28.3.101
          ansible_user: lanforge
          ansible_become_pass: "{{ lookup('amazon.aws.aws_secret', 'Testbeds/UserCredentials.lanforge_user_password', nested=true) }}"
          ansible_ssh_pass: "{{ lookup('amazon.aws.aws_secret', 'Testbeds/UserCredentials.lanforge_user_password', nested=true) }}"
          ansible_ssh_common_args: -J ubuntu@3.130.51.163
          ananda_token: "{{ lookup('amazon.aws.aws_secret', 'Ananda/GatewayTokens.lab-ctlr2', nested=true) }}"
        lab-ctlr3:
          ansible_host: 10.28.3.102
          ansible_user: lanforge
          ansible_become_pass: "{{ lookup('amazon.aws.aws_secret', 'Testbeds/UserCredentials.lanforge_user_password', nested=true) }}"
          ansible_ssh_pass: "{{ lookup('amazon.aws.aws_secret', 'Testbeds/UserCredentials.lanforge_user_password', nested=true) }}"
          ansible_ssh_common_args: -J ubuntu@3.130.51.163
          ananda_token: "{{ lookup('amazon.aws.aws_secret', 'Ananda/GatewayTokens.lab-ctlr3', nested=true) }}"
        lab-ctlr4:
          ansible_host: 10.28.3.103
          ansible_user: lanforge
          ansible_become_pass: "{{ lookup('amazon.aws.aws_secret', 'Testbeds/UserCredentials.lanforge_user_password', nested=true) }}"
          ansible_ssh_pass: "{{ lookup('amazon.aws.aws_secret', 'Testbeds/UserCredentials.lanforge_user_password', nested=true) }}"
          ansible_ssh_common_args: -J ubuntu@3.130.51.163
          ananda_token: "{{ lookup('amazon.aws.aws_secret', 'Ananda/GatewayTokens.lab-ctlr4', nested=true) }}"
        lab-ctlr5:
          ansible_host: 10.28.3.104
          ansible_user: lanforge
          ansible_become_pass: "{{ lookup('amazon.aws.aws_secret', 'Testbeds/UserCredentials.lanforge_user_password', nested=true) }}"
          ansible_ssh_pass: "{{ lookup('amazon.aws.aws_secret', 'Testbeds/UserCredentials.lanforge_user_password', nested=true) }}"
          ansible_ssh_common_args: -J ubuntu@3.130.51.163
          ananda_token: "{{ lookup('amazon.aws.aws_secret', 'Ananda/GatewayTokens.lab-ctlr5', nested=true) }}"
        lab-ctlr9:
          ansible_host: 10.28.3.115
          ansible_user: lanforge
          ansible_become_pass: "{{ lookup('amazon.aws.aws_secret', 'Testbeds/UserCredentials.lanforge_user_password', nested=true) }}"
          ansible_ssh_pass: "{{ lookup('amazon.aws.aws_secret', 'Testbeds/UserCredentials.lanforge_user_password', nested=true) }}"
          ansible_ssh_common_args: -J ubuntu@3.130.51.163
          ananda_token: "{{ lookup('amazon.aws.aws_secret', 'Ananda/GatewayTokens.lab-ctlr9', nested=true) }}"
--- a/ansible/Ananda/roles/setup_gateways/tasks/main.yml
+++ b/ansible/Ananda/roles/setup_gateways/tasks/main.yml
@@ -1,36 +0,0 @@
 - name: Add Ananda repository on Debian based systems
  block:
    - name: Check if repo is already added to apt sources
      stat:
        path: /etc/sources.list.d/Ananda_release.list
      register: ananda_repo_debian
    - name: Add repo to apt sources if it wasn't added yet
      ansible.builtin.shell: curl -s https://packagecloud.io/install/repositories/Ananda/release/script.deb.sh | bash
      args:
        warn: false
      when: not ananda_repo_debian.stat.exists
  when: ansible_facts['os_family] == "Debian"
 - name: Add Ananda repository on RedHat based systems
  block:
    - name: Check if repo is already added to yum repos
      stat:
        path: /etc/yum.repos.d/Ananda_release.repo
      register: ananda_repo_redhat
    - name: Add repo to yum repos if it wasn't added yet
      ansible.builtin.shell: curl -s https://packagecloud.io/install/repositories/Ananda/release/script.rpm.sh | bash
      args:
        warn: false
      when: not ananda_repo_redhat.stat.exists
  when: ansible_facts['os_family'] == "RedHat"
 - name: Install ananda-core
  ansible.builtin.package:
    name: ananda-core
    state: present
 - name: Login with token
  ansible.builtin.shell: /opt/ananda/core/ananda-cli --login "{{ hostvars[inventory_hostname]['ananda_token'] }}"
  ignore_errors: yes
--- a/ansible/Ananda/setup_gateways.yml
+++ b/ansible/Ananda/setup_gateways.yml
@@ -1,5 +0,0 @@
 - hosts: ananda_gateways
  become: true
  gather_facts: true
  roles:
    - setup_gateways
--- a/helm-values/aws-cicd-testbed-deployment.yaml.sh
+++ b/helm-values/aws-cicd-testbed-deployment.yaml.sh
@@ -1,196 +0,0 @@
 #!/bin/sh
 set -e
 if [ -z "$1" ];
 then
  echo "testbed number has not been set"
  exit 1
 fi
 TESTBED_NUMBER=$1
 if [ -z "$2" ];
 then
  # using todays date
  TODAY=1.0.0-SNAPSHOT-$(date -d "yesterday" +"%Y-%m-%d")
 else
  # using provided tag
  TODAY=$2
 fi
 cat <<EOF
 shared:
  service:
    srv-https-annotations: &srv-https-annotations
      kubernetes.io/ingress.class: alb
      alb.ingress.kubernetes.io/scheme: internet-facing
      alb.ingress.kubernetes.io/group.name: wlan-cicd
      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
      alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
 global:
  pullPolicy: IfNotPresent
  monitoring:
    enableJmxPrometheusMetrics: true
    enablePrometheusPodMonitors: true
 opensync-gw-static:
  enabled: false
 common:
  efs-provisioner:
    enabled: false
 opensync-gw-cloud:
  enabled: true
  image:
    tag: $TODAY
  service:
    type: LoadBalancer
    nodePortStatic: false
    annotations:
      external-dns.alpha.kubernetes.io/hostname: wlan-filestore-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build,opensync-controller-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build,opensync-redirector-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
      service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
  externalhost:
    address:
      ovsdb: opensync-controller-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
      mqtt: opensync-mqtt-broker-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
  persistence:
    enabled: false
  filestore:
    url: https://wlan-filestore-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
 opensync-mqtt-broker:
  enabled: true
  service:
    type: LoadBalancer
    nodePortStatic: false
    annotations:
      external-dns.alpha.kubernetes.io/hostname: opensync-mqtt-broker-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
      service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
  persistence:
    enabled: true
    storageClass: gp2
 wlan-cloud-graphql-gw:
  enabled: true
  image:
    tag: $TODAY
  service:
    nodePortStatic: false
  ingress:
    annotations:
      <<: *srv-https-annotations
    enabled: true
    alb_https_redirect: true
    hosts:
    - host: wlan-graphql-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
      paths: [
        /*
      ]
  env:
    portalsvc: wlan-portal-svc-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
 wlan-cloud-static-portal:
  enabled: true
  image:
    tag: $TODAY
  env:
    graphql: https://wlan-graphql-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
  service:
    type: NodePort
  ingress:
    annotations:
      <<: *srv-https-annotations
    alb_https_redirect: true
    hosts:
      - host: wlan-ui-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
        paths: [
          /*
        ]
 wlan-portal-service:
  enabled: true
  image:
    tag: $TODAY
  service:
    type: NodePort
    nodePortStatic: false
  persistence:
    enabled: true
    storageClass: gp2
    accessMode: ReadWriteOnce
    filestoreSize: 10Gi
  tsp:
    host: wlan-portal-svc-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
  ingress:
    enabled: true
    alb_https_redirect: true
    tls: []
    annotations:
      <<: *srv-https-annotations
      alb.ingress.kubernetes.io/backend-protocol: HTTPS
      alb.ingress.kubernetes.io/healthcheck-protocol: HTTPS
      alb.ingress.kubernetes.io/healthcheck-port: traffic-port
      alb.ingress.kubernetes.io/healthcheck-path: /ping
    hosts:
      - host: wlan-portal-svc-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
        paths: [
          /*
        ]
 wlan-prov-service:
  enabled: true
  image:
    tag: $TODAY
  service:
    nodePortStatic: false
 wlan-ssc-service:
  enabled: true
  image:
    tag: $TODAY
  service:
    nodePortStatic: false
 wlan-spc-service:
  enabled: true
  image:
    tag: $TODAY
  service:
    nodePortStatic: false
 wlan-port-forwarding-gateway-service:
  enabled: true
  image:
    tag: $TODAY
  service:
    nodePortStatic: false
  creds:
    websocketSessionTokenEncKey: MyToKeN0MyToKeN1
  externallyVisible:
    host: api.wlan-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
    port: 30501
  accessPointDebugPortRange:
    length: 0
 kafka:
  enabled: true
  persistence:
    storageClass: gp2
 cassandra:
  enabled: true
  persistence:
    storageClass: gp2
 postgresql:
  enabled: true
  persistence:
    storageClass: gp2
 EOF
--- a/helm-values/aws-cicd-testing-pr-deployment.yaml.sh
+++ b/helm-values/aws-cicd-testing-pr-deployment.yaml.sh
@@ -1,161 +0,0 @@
 #!/bin/sh
 set -e
 if [ -z "$1" ];
 then
  echo "PR number has not been set";
  exit 1
 fi
 PR_NUMBER=$1
 cat <<EOF
 shared:
  service:
    srv-https-annotations: &srv-https-annotations
      kubernetes.io/ingress.class: alb
      alb.ingress.kubernetes.io/scheme: internet-facing
      alb.ingress.kubernetes.io/group.name: wlan-cicd
      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
      alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
 global:
  debugEnabled: true
  pullPolicy: IfNotPresent
 opensync-gw-static:
  enabled: false
 common:
  efs-provisioner:
    enabled: false
 opensync-gw-cloud:
  enabled: true
  service:
    type: LoadBalancer
    annotations:
      external-dns.alpha.kubernetes.io/hostname: wlan-filestore-pr-$PR_NUMBER.cicd.lab.wlan.tip.build,opensync-controller-pr-$PR_NUMBER.cicd.lab.wlan.tip.build,opensync-redirector-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
      service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
  externalhost:
    address:
      ovsdb: opensync-controller-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
      mqtt: opensync-mqtt-broker-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
  persistence:
    enabled: false
  filestore:
    url: https://wlan-filestore-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
 opensync-mqtt-broker:
  enabled: true
  service:
    type: LoadBalancer
    annotations:
      external-dns.alpha.kubernetes.io/hostname: "opensync-mqtt-broker-pr-$PR_NUMBER.cicd.lab.wlan.tip.build"
      service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
  persistence:
    enabled: true
    storageClass: gp2
 wlan-cloud-graphql-gw:
  enabled: true
  service:
    nodePortStatic: false
  ingress:
    enabled: true
    annotations:
      <<: *srv-https-annotations
    alb_https_redirect: true
    hosts:
    - host: wlan-graphql-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
      paths: [
        /*
        ]
  env:
    portalsvc: wlan-portal-svc-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
 wlan-cloud-static-portal:
  enabled: true
  env:
    graphql: https://wlan-graphql-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
  service:
    type: NodePort
  ingress:
    annotations:
      <<: *srv-https-annotations
    alb_https_redirect: true
    hosts:
      - host: wlan-ui-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
        paths: [
           /*
          ]
 wlan-portal-service:
  enabled: true
  service:
    type: NodePort
    nodePortStatic: false
  persistence:
    enabled: true
    storageClass: gp2
    accessMode: ReadWriteOnce
    filestoreSize: 10Gi
  tsp:
    host: wlan-portal-svc-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
  ingress:
    enabled: true
    alb_https_redirect: true
    tls: []
    annotations:
      <<: *srv-https-annotations
      alb.ingress.kubernetes.io/backend-protocol: HTTPS
      alb.ingress.kubernetes.io/healthcheck-protocol: HTTPS
      alb.ingress.kubernetes.io/healthcheck-port: traffic-port
      alb.ingress.kubernetes.io/healthcheck-path: /ping
    hosts:
      - host: wlan-portal-svc-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
        paths: [
           /*
          ]
 wlan-prov-service:
  enabled: true
 wlan-ssc-service:
  enabled: true
 wlan-spc-service:
  enabled: true
 wlan-port-forwarding-gateway-service:
  enabled: true
  service:
    nodePortStatic: false
  creds:
    websocketSessionTokenEncKey: MyToKeN0MyToKeN1
  externallyVisible:
    host: api.wlan-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
    port: 30501
  accessPointDebugPortRange:
    length: 0
 kafka:
  enabled: true
  persistence:
    storageClass: gp2
 cassandra:
  enabled: true
  persistence:
    storageClass: gp2
 postgresql:
  enabled: true
  persistence:
    storageClass: gp2
 EOF
--- a/helm-values/aws-cicd.yaml
+++ b/helm-values/aws-cicd.yaml
@@ -1,148 +0,0 @@
 shared:
  service:
    srv-https-annotations: &srv-https-annotations
      kubernetes.io/ingress.class: alb
      alb.ingress.kubernetes.io/scheme: internet-facing
      alb.ingress.kubernetes.io/group.name: wlan-cicd
      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
      alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
 opensync-gw-static:
  enabled: false
 common:
  efs-provisioner:
    enabled: false
 opensync-gw-cloud:
  enabled: true
  service:
    type: LoadBalancer
    annotations:
      external-dns.alpha.kubernetes.io/hostname: wlan-filestore.cicd.lab.wlan.tip.build,opensync-controller.cicd.lab.wlan.tip.build,opensync-redirector.cicd.lab.wlan.tip.build
      service.beta.kubernetes.io/aws-load-balancer-access-log-enabled: "true"
      service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-name: alb-logs-tip-wlan-cicd-wotgakesfr
      service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-prefix: opensync-gw-cloud
      service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
  externalhost:
    address:
      ovsdb: opensync-controller.cicd.lab.wlan.tip.build
      mqtt: opensync-mqtt-broker.cicd.lab.wlan.tip.build
  persistence:
    enabled: false
  filestore:
    url: https://wlan-filestore.cicd.lab.wlan.tip.build
 opensync-mqtt-broker:
  enabled: true
  service:
    type: LoadBalancer
    annotations:
      external-dns.alpha.kubernetes.io/hostname: opensync-mqtt-broker.cicd.lab.wlan.tip.build
      service.beta.kubernetes.io/aws-load-balancer-access-log-enabled: "true"
      service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-name: alb-logs-tip-wlan-cicd-wotgakesfr
      service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-prefix: opensync-mqtt-broker
      service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300"
      service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
  persistence:
    enabled: true
    storageClass: gp2
 wlan-cloud-graphql-gw:
  enabled: true
  ingress:
    annotations:
      <<: *srv-https-annotations
    enabled: true
    alb_https_redirect: true
    hosts:
    - host: wlan-graphql.cicd.lab.wlan.tip.build    
      paths: [
        /*
        ]
  env:
    portalsvc: wlan-portal-svc.cicd.lab.wlan.tip.build
 wlan-cloud-static-portal:
  enabled: true
  env:
    graphql: https://wlan-graphql.cicd.lab.wlan.tip.build
  service:
    type: NodePort
  ingress:
    annotations:
      <<: *srv-https-annotations
      alb.ingress.kubernetes.io/load-balancer-attributes: access_logs.s3.enabled=true,access_logs.s3.bucket=alb-logs-tip-wlan-cicd-wotgakesfr,access_logs.s3.prefix=wlan-cicd
    alb_https_redirect: true
    hosts:
      - host: wlan-ui.cicd.lab.wlan.tip.build
        paths: [
           /*
          ]
 wlan-portal-service:
  enabled: true
  service:
    type: NodePort
    nodePortStatic: false
  persistence:
    enabled: true
    storageClass: gp2
    accessMode: ReadWriteOnce
    filestoreSize: 10Gi
  tsp:
    host: wlan-portal-svc.cicd.lab.wlan.tip.build
  ingress:
    enabled: true
    alb_https_redirect: true
    tls: []
    annotations:
      <<: *srv-https-annotations
      alb.ingress.kubernetes.io/backend-protocol: HTTPS
      alb.ingress.kubernetes.io/healthcheck-protocol: HTTPS
      alb.ingress.kubernetes.io/healthcheck-port: traffic-port
      alb.ingress.kubernetes.io/healthcheck-path: /ping
    hosts:
      - host: wlan-portal-svc.cicd.lab.wlan.tip.build
        paths: [
           /*
          ]
 wlan-prov-service:
  enabled: true
 wlan-ssc-service:
  enabled: true
 wlan-spc-service:
  enabled: true
 wlan-port-forwarding-gateway-service:
  enabled: true
  service:
    nodePortStatic: false
  creds:
    websocketSessionTokenEncKey: MyToKeN0MyToKeN1
  externallyVisible:
    host: api.wlan.cicd.lab.wlan.tip.build
    port: 30401
  accessPointDebugPortRange:
    length: 0
 kafka:
  enabled: true
  persistence:
    storageClass: gp2
 cassandra:
  enabled: true
  persistence:
    storageClass: gp2
 postgresql:
  enabled: true
  persistence:
    storageClass: gp2
--- a/helm-values/aws-wlan-onboard.yaml
+++ b/helm-values/aws-wlan-onboard.yaml
@@ -1,27 +0,0 @@
 images:
  onboard:
    repository: tip-tip-wlan-test-bss-docker-repo.jfrog.io/wlan-onboard
    tag: latest
    pullPolicy: IfNotPresent
    regcred: eyJhdXRocyI6IHsidGlwLXRpcC13bGFuLWNsb3VkLWRvY2tlci1yZXBvLmpmcm9nLmlvIjogeyJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSJ9fX0=
 services:
  onboard:
    type: NodePort
 ingresses:
  default: 
    annotations:
      kubernetes.io/ingress.class: alb
      alb.ingress.kubernetes.io/scheme: internet-facing
      alb.ingress.kubernetes.io/group.name: test-bss-load-testing
      alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
      alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
      alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
      external-dns.alpha.kubernetes.io/hostname: onboard.cicd.lab.wlan.tip.build
    hosts:
    - onboard.cicd.lab.wlan.tip.build
    paths:
    - path: /*
      serviceName: onboard
      servicePort: http
--- a/helm-values/kafka/values.yaml
+++ b/helm-values/kafka/values.yaml
@@ -1,19 +0,0 @@
 fullnameOverride: kafka
 minBrokerId: 100
 resources:
  limits:
    cpu: 1000m
    memory: 800Mi
  requests:
    cpu: 100m
    memory: 800Mi
 zookeeper:
  resources:
    limits:
      cpu: 500m
      memory: 400Mi
    requests:
      cpu: 100m
      memory: 400Mi
--- a/helm-values/rttys/secrets.ucentral-1.yaml
+++ b/helm-values/rttys/secrets.ucentral-1.yaml
@@ -1,20 +0,0 @@
 config:
    token: ENC[AES256_GCM,data:lijqkNZM8Fxrn5GiEbDxcHAQF4s3A3i0xlF3N4RaSMg=,iv:2H+uNUtkTQ4wt4vGl464Zfw77lET04JN0N4GpH47Afs=,tag:BFDQzEbAN0qYNFlDWp3qDw==,type:str]
 certs:
    restapi-cert.pem: ENC[AES256_GCM,data:78+JkM143uS7xacD2aza6sWbmbhlkXy1hpPZs1glylN+3Iy5mgmp2I669l3eEGV+2+PXGIU8p4FVLa2m0Rw2u7Yqo/m1wiYmAq7ih24F8G+0QDLFQXvLAn7NhyaOwWkSE6S6IU6UhboLl0RmP+rf+Ejl9CwlCw98OdwMYRhDwDOIHuJDNNPPkS7V16+fRlj35rxqGrObvOygbQorQlCggI+P+PvDVGUSSpR2HZZTbKwb8FoJr3mhMwUkoy7MNDmQsxqENjtFHD/9lomPrdx8aORbtZkF9kQkPRJXdlhNupBqO4ZEtTjyI1y1gkUmVdhCUQZGuGKXOiylzKJgUJrASjo51du8n8UJRL/GpAW/uUmKCUWFgBippjFVyY8FFfSA4R1t3TEPhR+YkqcYkV/F0SgYXZMGTlGNmHBgcWnj9ZKN4j2h6UWEDC+4xHhkn9axiQDsyFz/M93bBr8I3zkJvXgA8WcpxlnJzgojJhfnqgg5JbBna3ohOBnnUMaXXBfdKqPoFfGNsO9LAHXsgMGyDxgg8dQvSJfGgpvuOPsaigmxhVQZAhmtHpP0rqh81mcErCxMzhLs3nuq04kxn4PuxLhT2gfwGnt00L73H4Q0TVGQylP05e/ip3KzUoc8PWywuJmvtV8uighpmplqTZzTACeNwW2uH77gyZu+m6jPyxTujY425pNphVHOpLN2b5l6zsfHHG2QsNjzNNxEfER+AMN4mtw+xjnBaVU88lqz0nPD9Bd33Cq9Q1zK8fjxj6iBrjqdvoN4daEWm9/OfBZJ+OLr7PHI8TXZ8I0VTEOpxarADXv+DU5h9xcBb4JStQECSX5/quamhvQeGl4y9nmn5lghfLh+pLMcNhz66aCXfGWMVizYNiKLh98W1i077tzfqD3EtIrMu9PtzWfmNRrtorqZ0YGUi7O6isKuSW2PP/4gqI416Phlcq5h9L5dlT+/qutxZ/TPur8NUAIPkq0vjH0SyoPj0MfhAlEs56dWmeprxNgHBTmTC5nd2YMLw3wGt1TGg1Q9JDmkjQsUkQtlNJKeMnWVArvwLp8sVBaLu3OMqe4Mr484DDRHh1qnxZyIg5uYscv98+gUKs96nbpdMDoWcVo5nGIfTGIMayEuiu8/4sOhMmBRv38GhbgZ57ISyxBHEssIxEENAAw03VImWqW01DTHoXbHoYb2Ih81rC0x0/AlLYOvXv+zjpJzD7gtd6SGTrom4NBTpOI3Y9STPCWN9zYQS2MbxQYXcaL/gw1xom0JDtKfyb1+4b7RrDrzNckHKUP3HsJUebQcfwCRAnAiR4a+urA4OgIz4KehcQp5GUVJQ71vl5fz5plFt+7mY6UYZUkzADGWFqM8kW+bpZwZkfsmi23e7MaxEVPb5WDVYYtRePzd8XUFt9x2j5W+tNgwDxCBLqBYi1sEOtQJKEKcLqlXZ2sGKLkwyOGt0xPx+z5BKDkC9ppDWt+/ybVMdikXPMIAhYcLKW3d7+6sHyVqSVIUjls/0cF1p0gHHu86RYvZbxl1lIRMb/cdgP9s0N9HeOBE/tDAnwQY6L3O5GlP4Fmv2Rt1jSNjEyxMLx7UO11T2kZzctV8r4tq2htVlNhxs7ZzemtqFcSdsg19ttD1u1TX0xD7orMzknH+rZChWDYiHEAKAytpbpGobA8BDx8fcL5R5Seqhto1DXtwjNc7IGo3P+vsaZM/o8uRO+/81NNOQBpCpkYo/trEIncIMjpeKGEF+fvsIt/GAaIYWlmTBJc6ra7IRafQuydaMq5PMWnDzFbCoke0/JDq6ua5VFitHt8z8aQrGWq+6+NjFcJFddhMIEY6rpcyP4H3M7IVgFOTfHdZcI94hdCn6r2vJmufueniH0M4SYF/n0ceAyvwNiQTYFNa+Qk5d1d4F2zvRR1NHOm+PnM4dyMoMo04QaxP4q6DWrsloSm9KW5by4jSDlf73YacMsB5TUhfhlqFt5e6kIhNGLZfuWuvlWynNM+Jqh/Yei3bA+MbmHG/G8YR6SQaILAOwrR37fMIAdecigvii5je6kJ5ymNDfHatcBEBpOOeYG3U7zLHOdrD9LpZlH6R+bWHDwBGCHkal0GumnLZezK6dkrcH2+I+8F3jnIGHaj92QXC4UPcJsq5H3s2MK++C5HR1z9WOozXx+sqQ20yzjgBx1BGkROF3/RcbvwjKUU2ix4Nkgq4ROI8gqy/ZQ==,iv:cx8gElC1h2nzsqCAo8XmISkyrdBmsF5klPkDRVwNk1k=,tag:Yxk7B0igv9KMAEkpU+u3LA==,type:str]
    restapi-key.pem: ENC[AES256_GCM,data:jOtZcTL3/X4gAl54ny0iAyZNJAoRDlNmKv1K5eEgctQvbhwE9xPP59ZYhnoJXYSAHjaKDtPN9FcWC19POzK25rWjsyciQgjqbmdE9muB5IP5toYBoc7lHDAVlLA+kZe9hrlkNcrMXVdLFUbZh8nYL6ZcFwamSy3j2RxDaN8AFg/qFlNR8Emrhi5+m3WBpol/FHSTNQE3uYDwQ1ffGQfU4FPNkBzF14sqkQP5YuXRXwL+xycvoRwXzlq7/DbPPtw9UW340zlmlQqzBMtnz5kErgVmh+qzCH4XJLmnxbm4CXo7foLuBVeEfqIPQGLYe4NGMFffAbmDt/mxuc9jUb0yr6XDDtAhzuqKgwLOyPY83Xv3hf0L875l/mxhh8RUmFDRGUGsLnQXLL3DrYP6aMJ/ury2CzMpoTZ6+byO7+vONXuwrrl2/YWQ4mdAoumWu91bNtEg0Y2T4D74rJIr2nJAOR5bScFcvJdwqxt4a1b21yVEwolZ0anY5m/FDDN4jxNmmuokogNFORhRxm7EwRR98xVRuSMe8ph6/s5XRmfrceYwJtoJPeZ5U0DluHTfUW+gxIOP5YNqW5RcyGmHlHdjNaljjUXGlu33zLGHB6kDHBVpE7WcRsJ6xYf5e/5juek2nUYI+6n63ZCZKduDs9u+QDkmJk0doPJ7xKc7YQKxAUHeurL0qz/CJdZlP54N5OCBTagDuAYOdOEcHTCfNdI5EfDogBlus1G7d/6oMOUClceJvN64eJKcJE2Z5M9wb+ADQ5hTIW8talpRTno80b4iirOucaa2WBsZ/LuRHIHJmBLEuq12JiGrm3Zsa1eOGf/6Sq9vGz0eHcR4+xD7ypDbLLdmH98zFpfwp5JHCaqK8hFBpw4qz4jzXPntsfDSMJQVjm/KKl/K33b95ZV6FUmOAhRd1YgOHt5tZ3gfIXGlI9+QeY0E5lp0HGxT+6+4ksTdYQ5NMVepHbG8+yoyHK0Yld2PY/uVzPuVJEs1Fc4BjpFjqJnh1jnlkr7RQ0BUNVybtr9ja4cKd7Nfe4knwGbzVSf/sITWVge6OwHDgJmhFVxMFzN9NsQ0WODS1OomnqVnyK3LP2dT0PK6V/2RKnc/X1M0DZPvkatyFchVHcdPnEtGiedED09cBoPWG404j54e5q5MMUsc1Rpflx+TppUGv+5Kjilyk3jGQg5jlz6aM9E+awK6I8OJ65uS1370e26AFKazLiiFlzGofjG2rSOP6X0qfO7JYXrLHdbTLeZLPpgO22pq5eXl7Ij0oBIlXmzp2btRmtpa8pvWXOBXJ9a9icPbpK6DvwWFUAFpzNXSouV4hOELwwFbD28+LLGFOj/tz+T4DRz2SytKDJ8i6GbS4BFdfB4YFzBbwVfHbxP3uAZWtPgY/26IuxssFtVX9QK/rKvK9zM7hj89cSykNRmPTOKJy4WCN7hRsDZFcmTlqQsl3RuZyCGoGDD1ADYTSHRloDvcLSy4LJ/3OkyfY9F5pPU2oLwa9n6bXTqFCa9LTjxnAJ6tEZL/nf1OGcVfv0HIF1AbxTx2o3H0jpb5gP1wvlcJKqzALdB1gSVPIA0y7Z7eLAlEV05/R4xwnbky1u18/Ryzj2ntxrPvzTw8kTh+QSYZY9bTHufHEZE6WEdinQdGZZGHb6nAU2qUS407uJCoqJWxcZ3Sf3f1D9CTJhOTuWq0ejuHRlkyfUqJw+pkseG4kay36cGcgXzYp4w5LyY5VooJ25simQs4RlSezKph7OIKSinnsAyMhS/EBVr/0SwHDVX1SzVNDKNWbCnIpgCI771/Ez9+E/Ss+VYDyZt8EPMxl9+fgak26Nq2RalbSMiji/jl3iBZSgyBeLNadzgFK74cwjvR3z2IOYAdFKG/DCZlwIH8bF7bd+Nfs6l7RRL932xxq8Oc5C13A0rKi1CkIu+ADq3BPJrdqIco/XGyoqpad0UXJETCCN1MQIG98C+5MX8MQ4uOhw94b9beUj9gMhQGTpSAD1moRJ+EgF9/YCj5lzGVFF2yyJK9Fj+8Cy2gs/AC6TgQiBRob1gf2JPVx0yvnuRMme/aTYJJpt5HgLh+I3v0mKD9J8q6ZbHTI4XNJ2HVcgc2QsDtVDqsdCNSsGEoXUALx4XF2UmDZcYb7r+G8r0HxeSxJx0GQVZa0Es+6yz1S1KHorI+U7XRRyenVanxOiXgMlYTxZIWSlxeOBHy1wMOzNVGWuRHv88RbPjTXrN1/TW+glmMRk3vCZo=,iv:jIVOSkyJNwNH9RxLBiZRWioXHLifsdgX+bVrNOimREM=,tag:aBUv8CRWzJoMV2nWf3YnOQ==,type:str]
 sops:
    kms:
        - arn: arn:aws:kms:us-east-2:289708231103:alias/helm-secrets
          created_at: "2021-07-05T14:16:29Z"
          enc: AQICAHiG/4CitJjM31GdYxTw9OLz/Zs5oK+DCq0cU2fAjtAA3AF8Gjqif7Ca8BIYftLWh5jCAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMkWtOtdUKXbVJNsz6AgEQgDvIJ53IfhCVuez5KOdzEGp5bCeX4J64dSkYZsiQ/yWmcw7FZuy2DnRiHvdmojadtrxTmNuvPEhf/8TI2A==
          aws_profile: ""
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age: []
    lastmodified: "2021-07-05T14:16:30Z"
    mac: ENC[AES256_GCM,data:oIiVArU5XvGHEapiKvcDoS0Q0JzJM9RmaivgQ39Xym2qQJTKRTmCCX8mP7Hi9UGCORzftzR2BZJudhjD4QpSkiJxzJoJc6rQ2BvQJMiL9BbnWki93R6Zi2FO9n9in67THoSy+UBjGR7TKMFMFi75qRXQNgnXRZeoJ9FdWyX2Y38=,iv:Gq0b5k/09by3CyUuj8MrTyr6FS/5feIHHsncPxatKsA=,tag:gMkyhXFo5d83U54I0vZI2w==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.0
--- a/helm-values/rttys/secrets.ucentral-2.yaml
+++ b/helm-values/rttys/secrets.ucentral-2.yaml
@@ -1,20 +0,0 @@
 config:
    token: ENC[AES256_GCM,data:wOpGS9nshRVGBlC4GhxBsWzZQknqDh7KENjUcXM9OnA=,iv:87NpAyWu1HDoLH6f5T4pRU745yuHe2uWzoPaXY2yZhM=,tag:hLQoqUlnAAXLzTMP9bAq1w==,type:str]
 certs:
    restapi-cert.pem: ENC[AES256_GCM,data:2aVZPNAtEEO+mM24oENlKMieogWnxIqwdzu0vdZEK5S+7Fr26ZEbfct7oAkgCsDfULxzvcsWHDxB6/bM7uTP3dADtp6Kpi6iR0c5WEbEfhBLvkkFFLJwtaRkBn85qpBhgvk/E55gyDRYEBvLTxVDal4lHkg4wN1Pevy8LvDNoaoJd6Us0luSZqJaiM+guiR0TyAHOoCIzsgFIG+EWiJRwZzeNl964RYAPFFAOHKz/g1Pmue8+tB4RYdBK0WOVQtLIOW78p5/Moq3ZN1Yyr0p2Ntf5NMk6imHejDE2ZTo99v0zXQg7YyIdhyMbvyg/0eWr3G1P2YLIMU8qWXZ3fGemDgcViwXhqEASgHg/cviEysF7j/OBfMBHoOVnOEc0x4pS3NwgvZD+6+XYS8dC0BvOcrfTvbnxurZe8uRYx/IhTgMigomw2P4/uKGvX6gUojDu3QvjaNHJo1wb7tmnKY4YmwR29CjMZOqSXtIJB1GQtEhg8qZBFy7ICyHZtk6Nj7GRlnhrCCD0SB5tvMD/lhHTxcizOEL6wTZhNnjKawfNjSrVD4R/eDjtuaMkEBS5KHbuUxQ8ejyhPF8MfGR7myj8GRlx94TPsf4uZhDaCRIzZKHQfdmmpodNu0BHPZ6kxH6bdOPIYK5Xm4YdMGYsRVwNqM96xrO2MvwOjEUB//Ha3i1fZvMl8p2xN/B2OwtV1cds1gu4QSLFoZenFpUcbDswRL2z+X0sVaiC0dpYQ/6a592q9YS4BhS/QhuoA/Io8WzJ+Y8SCHcOx0x7/1clEdA3b1puUVypQFR+Uom5O+Mk6NfEUOGhfG5hO1KRivq6ezW2i++hs0jLzUHZJF2pObXFlZheBeJ6nOC5nzSBHvGaGapt6M64fjeF4lpQJ7/jlT2Aj+UgQ5hMEYU6wKajTa1sypiIca5Vipo2i7v1/J6XV2rHjxGkWEgWD2AWP82LttFCBS/SA8+c1eYcp4Fx1Gd7R9fm5QFa8gxD95QGZbgtvXWgukCHatIfNEc0Zkns6LAiANwocv3/pRiWeqMXwLBU/mfaig910zSdY4nYeIO/vQ2rTn735qE61Uz+2Anehves2zgX8dlvc3S4SJrgRBxdjfOFtyxBcKjFVYNEFnzaUVoXcv+VojZVFwF6xov6S8nScSxFMZkP/yYHOD2vNEyoXwMfLkQ99bvn8vCdigSk2YXVUKCleycFGptk81PdeJFQjMT7W/MkOEd9t5scemKTs+Dw+/FQiKkuMXiuuiyfmgHUr4iZEwlrmh6KMvNY+0zCVWuNf2ZfMdpR2oef6bRW6bg2xndmxGNbHylQfuxAtPUVDrITYphgO5jOpUA4gWapPZv0rcasr/wa/hh+d6Uqqo9ZYQOSumh6cMIXACRm6z8lIuCeWMyoKXmJEKS9ny/jkrgD+24AqUZ6pOprOzOD6qIxK/5iZP19QkrA1mPPbKgcdWJxY3Bi+6WpaFzKDOP5bofZLZAJPMf/vDmymhja9oRAGd1GrCeEiZFEKySoBcrAx4nR6v8H9ggocOxvODtvitw40HVDW5KCSTR3tSFQxaeGJYOcxVq0nbLnjJMAF7683VQWY9wTSGcRog4wrWciK66XEJvFq35o0EACZeatBe67SuIF7ggxosh2gKak0kJuJ4Q3nBVjqsqRkxGZ6HBiKuDb7KBwvoZaCrpfU51H5kQ1NklFDX58NFTB7wYQNv63IsvNA5kDxyL00ptfo5Wbukfv3UNjepJ3H7WiE3x3uM1BVaCZp3Jn03ntWsMIVBV7fH2f+k9ehqCQPJO6BMwgIcIjB8FrP339HbRQiXJEhKoKIPcWjR/ktsmxhUMFnk0OLVmfJcmSx0JqPlY6mDTgThbyqkXzuCcW2eQrFiI+mQym0Y5O4oz8YL5MpVXeB+9MojnHuiGaZ8HBSmjSrx0l5N7nvcloU0WES7khPzGN33R6ml7X/uXwECBvr7n75FL4C6ySjbB7t5xUJQYhqNfgCDrU42g2RbNT7SHT+kTLhh7vwBC/WS5qrIuS+rHr1wlv04VsvToiUkNyCOCw++ghV+Xgr004yKoYKNXF+RqqYwseH7wL2lHwNqftV244nNzOnb3rXdo6FINeRMsBcCu5ujiAhkd+mRvNGziHLxCQYuTl8oHD1u8qPCN94tWNGjbcyM0hnVu7E82Y33Cra19cqeOKKljRA2anELdaqFNdqyppA==,iv:++ZVAC42r7zS/VEXit5h3jlodbVAWstm+QLVn1fGovE=,tag:VdBnWxId5udzdsn97tNBsg==,type:str]
    restapi-key.pem: ENC[AES256_GCM,data:9tc+pzoxAwUmn6+qEISx4JlavSaHPA5+Hn0WOy/7hm7oeBV9jLKluAycqt+w2iIywZM7DzpQxXtIJDF7aBmygpjrRiMZXUtuFuddCogdpX4qhK1Fuja/oht1b43iOHQmDQBG3s3axjWpNjCpwlcOOz4qQzBrEV255w34BHezj9qqFKhSZ5MHZhKWYpOOi4Wd2nT3Ieyj432nZvlpkSMQtZ5ghsx498bBj7q6O5c1fph6E2I5DLmgi4YHL6CmWeV6fUYeHxKtjB2zBRSg76/iQMLAYgJVve2aOBzDwO4fDBLoGKRXYHXqg+OwXn+YE69CmLOCkP7K5CQwoRbB+S7DzhyHjaqXSMS9lEU+dfwrDmukMroGgBhIxr9ZgOmaD2v7DCtWjoDeH7iSzJOcBvBwnF7R1Q7iLwB8nctnRmoV7mjVyP9DT5LbBR7EXjwTkMJI4vbXDD/uvwoOfXJULUIUMDSAJ/HiF3JGs+aj0NBhBIi+fAdhVzOeKqUtm03uel7X+zVQHLW87H/0U0xC8NfeKYhkUcyJ6s5LHeA1O+Y2lxyPZz1kvfN65UW5IAFSfUDOwf/O5lTmcAvskF3q984l32UCjgnvmlBe1LvCRW70d7GsWVuwfUMoSu6RGmrCZTbByuuwL8fyniX0ViBDaH1sJNdyE9nl7GskX439+TnAgsn0kxEQtvp+UWUxKWxDdOO3dUduQDfiJoy6C7IVylZ2AOv9RW1y+YrzpY6sGk+tmNgKn6hAB3Xi0EKBrAYwsBHnD/hoem1YrsPvqIfDpp0HJoca1AadB9hJC+EGm9FM2oJgbvZ9pqT8e8uyIhGvLVAUkmE6gIqb+oyMoYFQdL4gsKjahd+1sZ+IAHXw6JSlNRKsrAxuULhrveB/Kc79j0feyDEFlM1UdKladlcTBmgn6VLW7dwuaCTzwoP/ua/NVry5pZKnBULkPG3ybfK0OtBDFu3/+5o2DXduoyV3SWMUqF+oEIBfYkQRbl3appvLptntmIxuDLTXNE1yePQ/axF6SVwmiTT/ln11o+Qcl0w3GGvg3AeHS3JklRsBvT1ODPKade0wx2k3lX5Ja25wMXxiEHx0JEb4ITjo/ju2oDTSNgG22tH1zEaxqvDKT2NLb3WswFy3CMTcAOGl2k+Mw6ArcKMMsnIzq8r3qrgWx8cALo54p6nj7lKWLqTs+x5NjuF3BG0kg1yawkQeHP2hk3VtcJV/MhAvaifMq7fV4wZFJWoKhk0aKcZcnVEWI6/aTISKAUlMu7K3Tp9WFKv2KweahFDRMzCJUlsAWZkK/oeYecAD9KgPxSwrc7DMzJmbWlrWbs7l3A9TBYR2LpMwl5AK9SRqXKIVl0WvW9oFZQPhY8nYrNOI/nU+09slDNjB6FI8UTbvP4E5RAAGm3ugMXRc1l1KB5oqdlkvbCm6tRJgE1/88q10mGqhF8haKt+T9cr7W1MV1zNBdY+G0tJHvUz9FMPjwwxzG4+ySPz8yQP/vhMLD7Do0o0+Ddp8LgYaLo4I7mRW02MiCuu+XcsVgdHCgUhjgaPayQPYnX6YW3AQeYzZQX+Vz9cap4eD5qxXZ7wXpNNnqAYJhJuSGFt/yos/rPjc3dZM+0Hvb7KCW4Ji4MZ1YcBR0KRVFQYyl51X+fkuaBdcTgw3Wpv/t9YBsA4nqqOwEAgXkZJT9Tpa+LFOnSDFWq/ipV1AYXCc7pY/1KFgfpKh/BJ7iOmPzZ6/KzGEYHom30gOuNUZphJyk9Pq4uWsDKUYmikzGjJwFoGnu0O5u+a+yQP/07N+Qsho7bIGPMV4IyYfMvarGpF/oLt1ufX9tgJmMdHKdKumc3Td8TtFV2eGUYbhlIrXEGalaU4IbztT9f2JHYK6dMhun0T/O7yZ/bpRNF/32UADMPD5qgrF6/KQ9kTjHt+P95+8BIbZ5eQrkBy5oWhZzKiFbbvG68J+64/TKBVpHVa2zwdK1t1sLwQt5L/efcGTLG3aj52sfwtL++oxZ9E9sU7DV+lggRrPXDXlQb7BXjtNrvQ7UyHGPLrVMJVqBQv5nik52+uSg1IZDiJwbpUQI523qQNdNCLUZOKq/kCLk4T48IQAEKCCsclZX5m0zJgGqXcx2zLqfq4v0nxdWsUjQeEp0veRV/0HBcM9wzsVG/fbxdKRWbpuO9VKlHm62Jy+xLOZw7oGvdG5UOjvceutj8VbuzyOQK1vHrlHn3bqBOJKFO14v17RGYOVXFzuWWkNvuO0nDM=,iv:OWZElsFSOp/Hr7NmwtmeGvs9VXuyTwEe8+dOXfir0MU=,tag:JIq1rVX86WTdsv9E1aq0Lw==,type:str]
 sops:
    kms:
        - arn: arn:aws:kms:us-east-2:289708231103:alias/helm-secrets
          created_at: "2021-07-05T14:16:32Z"
          enc: AQICAHiG/4CitJjM31GdYxTw9OLz/Zs5oK+DCq0cU2fAjtAA3AHGLrViXnTaZsU59LpYhDUgAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMNbexr7sZbDL7xP74AgEQgDtehZZKoZC9L0R3DGZBHxgF8MTlyKxtSyynMdGCVBJxKthSeCthBQn/TeePMMd/aqqmn6Ac7mMc6lgXng==
          aws_profile: ""
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age: []
    lastmodified: "2021-07-05T14:16:32Z"
    mac: ENC[AES256_GCM,data:HqRqX/Bi+dK4/Jl0VoICJpn+kCirX3VZ9fvSZdLeOGhvieCxKlWlZZpT9d2u1DcjyVD/He770ImUFFuAJ6CMjxy8bKuZXdaJHl/R984tQysZENZwp60403izSnb9cOJqV6QWWCyVYKHEn5iGfvelgBXy1rMRaKCWGGi9ClvkrgQ=,iv:hp1YOqh7EwBODfcihClw//ZrU5TdjLaGZIWCPAQHkeY=,tag:JPMWhbzNzwgoq2G4YAVmMg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.0
--- a/helm-values/rttys/values.ucentral-1.yaml
+++ b/helm-values/rttys/values.ucentral-1.yaml
@@ -1,21 +0,0 @@
 services:
  rttys:
    type: LoadBalancer
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
      external-dns.alpha.kubernetes.io/hostname: rtty-ucentral-1.cicd.lab.wlan.tip.build
      service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "5914"
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "5912,5913"
 mysql:
  enabled: true
  primary:
    resources:
      requests:
        memory: 256Mi
        cpu: 250m
      limits:
        memory: 256Mi
        cpu: 250m
--- a/helm-values/rttys/values.ucentral-2.yaml
+++ b/helm-values/rttys/values.ucentral-2.yaml
@@ -1,21 +0,0 @@
 services:
  rttys:
    type: LoadBalancer
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
      external-dns.alpha.kubernetes.io/hostname: rtty-ucentral-2.cicd.lab.wlan.tip.build
      service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "5914"
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "5912,5913"
 mysql:
  enabled: true
  primary:
    resources:
      requests:
        memory: 256Mi
        cpu: 250m
      limits:
        memory: 256Mi
        cpu: 250m
--- a/helm-values/ucentralgw/.sops.yaml
+++ b/helm-values/ucentralgw/.sops.yaml
@@ -1,2 +0,0 @@
 creation_rules:
 - kms: 'arn:aws:kms:us-east-2:289708231103:alias/helm-secrets'
--- a/helm-values/ucentralgw/secrets.ucentral-1.yaml
+++ b/helm-values/ucentralgw/secrets.ucentral-1.yaml
@@ -1,28 +0,0 @@
 configProperties:
    #ENC[AES256_GCM,data:+c49rbkEm1ozRZlwl9nV,iv:THHrCLlnbg3UDEPvjPfSfr8P/tlyYYOqX8c+5rkpdmo=,tag:SJXvPrtJIHtMPDJUbFsvNw==,type:comment]
    #ENC[AES256_GCM,data:jWUNFKE=,iv:0XU513sV8U+WnDr5xJZyga8KNW0yryXmydz8xethm6o=,tag:TKQmTDSuHqRSwoasCfFu0A==,type:comment]
    rtty.token: ENC[AES256_GCM,data:dAAP4z4SOK0TK+QKTQjaDyFfZIOchm6NanbhtmC0+Zw=,iv:JOg/fN/ZATot+HNlkGpeEmdxJU9VBS8yUhs14ueG2sc=,tag:KvoNNFoUMJgfXI3K4bFTiA==,type:str]
    #ENC[AES256_GCM,data:83t2iADdDfvHvElMpg/a,iv:ygCOCMb478KZR/okBNXy64U1fhyGHiTJT06cB4yCs7M=,tag:blrf2zHXmNIAywyKqYaX9Q==,type:comment]
    authentication.default.username: ENC[AES256_GCM,data:3CED1holJj8U3fDy7p1PJw==,iv:gaTY+fIp93hhfnsjMj0FihvqPLhgEuIVY1eNY2q06y8=,tag:4/giHZtHoR0h8NVP7+bS0w==,type:str]
    authentication.default.password: ENC[AES256_GCM,data:K1Tsklf/SreGxdV53QgRM7SRnmaoz5jCA367L5TxbygD8BiTCuzOxHb08kKxQkg+lt+/MCJYZaG47seUqfBANw==,iv:0jUs9WH0Qe21h5bvJLl6B0/+im8tgsmPcG3mdI89h+Y=,tag:5ar+CvNPAKXATt5oVBV8rA==,type:str]
 certs:
    restapi-ca.pem: ENC[AES256_GCM,data:Fk0XvqEOGmPiV2K4MhinupWOv3ghCVABPa8zSsM7FI1o0PMx7t8uC3dG3IG1Iu6zdbdotPtnLXB7uUybfUsVQEyuU6zdEQPLWZHVhPImib45iT5d9SkwgQdN/DcgoOaQK3rDRxZ8DvqwnrEIHPl6PP5WBFn0gunRGK5hIhuouCicmSQS9dKuHlEIZcnqu4/7zIPvBf/UDkX/3rY5kO0PsmzUlHKH6+ZspNZbGBAiAGGetpZs9Ej1gO9E/sRSAcI3DEUJcbm+jMZrWneyZHLjX6su3vTX1+ZJUF6yJmALSChFLDLsuAiDUi3pqXSBkC3m/k1CE7uVyeJtJcfY5APMCx8q4XMdu1rg/zNlpWpHZ5/fD3JYK2U5EsptpyVOK/JJ2lOmskOSZtIgBk/iTnQC+QRBvTdQp3JCc6MA+Dt8CJ9iBsgxhfZHte69AlBha/kwUeDIOWcZ/yeMRVUd4bMnkS3tH8jYnga+u0bmHIn1+x1KX/PTM5TuFP6Fv7+drvrMVodbC65GfL+2bfaK23NMH1sJtbC7k7SkiJ7tlLwb1D3noF+HDR1Cd+DyE4AOXpWDrcaM5SbPATp56AN74T2Q0wI7SDKIpmEojs51pIgQQs01ki+t0eJuuo5nYPR8tyqd5TcbWrBkPrjEUBbKfFN2mrm2RnFqVnfGYF7yyH/6bGanQ8EZMsFq0w8ehxDRFEa+L2bydyFuRH7hC58PEnctZdwRycS5tfPWPKMF1wQ9uontcl4/E4l0wv+mOxL+iYsMqzDhkpxFDx2Pm3ZVAmQ7rt12PRpFUaAtpG+Ee2b00KocNHw2GPAcQQYOAeb6r6GuY72NEQdBjx2xDx+cOPO2kEAeo+f37MMtINOhMc9a0aPVRVlFRX1rWTJm7voqN8sSrfnZgKJlojzFC8uPxwxEUyK9RzzBbzb7m/cFIDCcP8GqEI0SJexu+AkaxxVmUg9JtoN57i9G59nhn9wbe7IVUOay7lb3i3Wb5o+S4np+uFLRIOZJSXl7TwgxUI2EYebFi/vBB2Wqg3kJr95rTyY6KDtv0wmRcxMTdA8gGf10Rt2CxYDZrRkTpM+UWpjAGvFkrAT05lNdJPzit2CPJhnLuvgTeQiqUR1g/KOHeYIZTH02JO6zROmgEGEaW3+fTV0h+jtMrogny9XbBrnt79g042aNT9cEgp4nIr6+LVJ9NZzHYxXBXCwaZDSVDIMZ9/tsrakU/UhctL2Tenf9wQjaesVfVSW+k2uXrmsUFadQsADGE7zCcdl2pssyGEG/VOBaWym9eA1S9G1qWn2orfpFTzrvYef6WubRbki/ts1uhznZLu7RL78gLFAlJ8u/UoKjkulsZ8JCLhmxIKLXqYRxiykh5wpO6CUMqTHFU/WzubyiNz7Mr0+SvoDOpQLoVj/uDfliWqLpNTtsi4udlaO2tQiFuo81logBrGgWEJbvmvOZS2Tec+kl/btRZ2QYnKh9uw5Ss9dqxzzVKVajVWVtf1XUH+kF5s8zwWoGYoyTcEtMHga5gRWB5IumMR7/sGTsak1Hv1+5lUVVQpG13EJrR4a/U5tP1iQZ/ChGrl6CoU2n+mkKMQb/XHUwYENeCcp+JO1uyf+8VyvhRfBpUF4oXDoC0/FAqPqEDu/VKmcHYXMye/b8G2aEAt92J8v41cnyLTRvpUADVmvkgPdaOMlFj9gf1EFwbe9lWHGZbD8wxAf84GrHsIamj0hfMg/wCEdkcbGMB3K8WDt+0fis9XznMXC1qfoSinUMe4I=,iv:feceTmrh15z2G1228PJuLKoiCiBvns3oPTBO508N8hA=,tag:MiHbZ59J5KfN1vmxzLjPiA==,type:str]
    restapi-cert.pem: ENC[AES256_GCM,data:b4iL5vQTUDVziO9jgLB0mO7CKQfBBR0XNghxV1G3Xvyus50zhYZtlyTq+jSW4HP5K1etsCDAcwgRw1/oM3YIo/VTLRYJg3VxAcn0LtE4Ldk2lUcLfkKEKCYA8ong1oEZD0nMtXtn32KGbQqNp1slRxvvRC8waWP54wMFcHFhPSfxns94LQuxn/h4oZ1cbGgIxoCi9ei01Q41DFrgHpDMl3odvcIgV3xhbsMWcZyo00/4GsynnnLd5arqTKGucdbWTUjj26cWI8xllCo5IR9qwN1hYIKCtEwOzZ9/U5FCZ+JSrzwQIJwOS3OLej3DmYOZJaUt8umwY+fltXkBwbxdzi8pIn0b5r5zaO/xefp+Gq0Kfo0J9ffD3BI5ZCmH5YL9a072lZUwZAfyqS3rzNPAHZYLg3KcfdnHwMBmS4QDNXUJaBQDlb34guqdkFlw2vAxGBGQSz7XirsSpta0bPKFlqOjUgO1u5w29/zafB+JUn/3EotOatUmOxNm8DN2Q+WwXegWn1JFf25mf1u8Aj3X8RdlcYXhX6iXv+EqUbLpFKvuNm+EyVbCpxycJ2Fa9/0ppDYbk8bUFx6/mSpR2ROxaF5b8umbfLSEP1Vm+PV5QtVkJm8+e0cJZhzOKTeVSVboCj5KMEDiNUpryPVv0q2zPTtI4ylnywD2MfVY/iqcuG5UVBIWFwFjjXV/p7lb8SVXaqZTgq/cNiiaJo8gCpk1prj2SipHOoGY+BtVFm07i38fvkhmV0MHJd0UaHfNSyaJiA9VTUkgEnsdG/crF4S6RgqUC+R8qqPw1zTQPOIGrwnMARq/039R6l+b0skv6kSv2/0ZUIfK8U/DEsaKiuJ7YMyOZZ1nime5ATyXQnCwQqgqnkG+qyqq8TNnJlKtDQCoqPGaVyDG78QEjvTImQ654HbKExHTEEQqLRA8+LUosrBRxbnfD1nrGIXtMAX5TCS5k9OliJ9euClqlUxUS+tO2xDtgcbvd1EsZ7EY63112gdeVWsI38/ZwiLux87LIee5KqvphQxyPQmiHwsHmAwSYx6elYnZRKn2y/TrEAWaq7tdwMyJWWYKN0K8RwJglI1UADQS+uZMHTkubAk8TM+fX+zB9/mzX8P2hZbOvbQKTBvpWdWWF2ERnibN4xhmBSX3fE5jjH1V/oEo+LZUC2/Xs8DEiIJrxiuSQGdDQkerrIf6n1TASVALWR0hMum44yikH9qTFz26c8+YYC/g8U+u6MvWEENg65TN0izB212zC3d/2gvJygJutbpJNPX1oNzEjIUFGpYFmDjMu9HO2SSte6os/1aWaReN4yvmJeIbqOP/0zYKlb6NNxqZkb55bi/rAHcMqqiXLVG/Gah/4wGvrHXrr01XUNDZeurxPXB270lFVOXOoEI0qkUri8RuZNM9o4D3Uz673U9qfgWZfu9Nd7oImSXsiIiemdeLgo0bnDZ7s6vzt6dwm5gjEmPcLrJiwd/0LMoxaWizUoTbWhCMm/1Bb7AYw9r1sg9ItuwCyzz8dGqh7NtAsmVU5zii8zSjjqtsZR8YjKuxqJRJwQhS088+Am/L44yKYFQaxhwpjp6woIdBhog9JrhkBufYUNAAdkIIBB9Bv/RaRvtZXM4WgYG7wG8Fy4iPOsoA2luvuPBVjwK+wQxeXN7TDv5nBbbVBoemcRdPBgByDPRWZL7+N25M55aQ70hZAs/89ARzBqCBcWf3m9LJFYayci3JYhdXTMstXK6qr4I1bd+yeXzyLhD9Msx7GVkM/0kWGt4Ljsk5Nl7g5bw62TsdOiH8X/0QQknEn8Lhay6MRDqwdrd62XHYumH5CwXJOdVd2zeDtolD6ck7OA2ZZVE4mC833E47GBNZ4gzu8fnZlCdIYv2+BpmUQFXCliETKoWZMsCShJQBZmNBUSRCk5HtPZpemSv5IjKllXolsU7Zc8dvZu8sSo/l6zw3Tw5Ng3K9iABNrqFeuAj1HITJwclU9o/3tS6BPKx7ivv8BEXarzegzwuLUX+Qn4C65GWqA3Amn2oMyRR8ZQPPf5gfFadMFT19wvtws/XB8QwCiGiypBAqSGr/p+0m74hM+1orcrUEkLph2ojsVUZcqhB/5nJwuw/6pC8koq6Hb2VqH1YRr3k5BJfKqj4U8qsv6pMDS7T4mxMLL+9ideoYmGHrNoQ4dCTeWDbanEKJa9pMY+EG+luNRgXu3Xpt1w==,iv:0KbL0uVzQuSzEjHbQq20+U9PloG5SgVnc0mhVGRkOO0=,tag:YRyuvkkxdKsX1KIiDndf/g==,type:str]
    restapi-key.pem: ENC[AES256_GCM,data:niSLZtVMVRlnSUJ/EyN/L6bisGiC4eOqhGmvK9B9Qd94UPUxNNjFV18CMKv4Kn5xvPb3tRRUPZMROo19ysGpKyphJBr81uHIfZlaIo33v7v1adnPK3ucLIbcas3hEDNCwpycm7TfGCSew2YDE7xm4hYE2wtJ8Fp5aFkVOFncu+Kq0Nt8iWAZcwvZlq/+5JAxOG4MsUomLBp4HDHOZmN7Zu7PsuFc9OSv+Cwm7mcM5FUxdulLkAMoPPw3fAUrO42pMmjwZXm3JfFdt/3+EsIEFM0rkE3Hcyl6SAnTC+YEShH89OLqoJUofg2eoj7OwYnFQdg35cFgVqh+fJ5M3JHpuixgB3L6YZP8tIfQMKRTWWVSO/UR/d9/dztYOjCRJGDEuuunwD2U+uPZD1zPqH50Ageirktf4/QWTbmzCLI2ZpxqNHtPfOD8yjtWlf6qWScBOvDHZ9Wxqhkqav+YTg5lH3pvp0Khvgu58aAroPwmE1V/KiVHYmxbPazMPsxOcEbpnS6H2VxwnEoCmHnT0K4H8m9DUfUz6LTmvuaN/H+L7pBjVOp2D3jckl6MPPWPV23R422l0viskNJvV8208QXjC75SE2WJMf1TJcEhKayQOYZBaEmuEuLYUR8mJ2Z1Y5LhnERluukzkm72zTFr0WfV9mT/vJgJEO7iRkw7ZUPkyHpeQcJepQDWMelxPgl5NZoMCN639rJYtqpdlXsrPADQa7XqOjbU0ecVs2mfIL5un3pY97SqvJ9MaHqp+1iw0MrWs4tSTou40UgKSAg2fpwvUlXgv5TxHeaXqwN7GoZVsb+Zy5E8MT9/hdW2LVyj30xbgSX806gpOZvLGvdTG5haOowJzAA9Sk+sdyMz5znKCBbBwkW0UYHUus13Q3+Lx5R+7+6EuB6oFJtHXxXMwxs6vL/RyXtY6XfuIAlzNh8v21e5T+U8rtTD6OPD6s4UX0uSSlt6qyGqqUcM/QYGX2UvRGefkxCePErCz5uZjV4kreTudM9ltlYYTPH2eXChWAre45Nu5DaXeE8kpkM+5nI4GjunXWXauHeLR22wK8DqGozMUGCXtNxFV5GRJvigiOQGoR0RhjMMmGYuAAhdP7+kHstkZPxyuMzfoCMo/Ejbu9v/ubkcIBCtTDRLteHNE/L/WrUngM1uZ0M6Fk3BXM3xSGxmtiszGjhuezUDSVtRV4Kn2f2RTHYa8ySL5w8CEi7anfDIx5uv3iN7KoSl385t4jUSgGruiyKCr+1iFXHcYp1XvXpz3BA0iC5nSeXTu7GpO70fqwgikaC/dQ2FAqzH5CV4C+raS0FV9ds55JFAnIUA2jV+d6bS8vPQAJ54XONB1yH5z9oLadKUiR5jS8R+8sYeSrPuXg332odWEZak2lUi50G73B3ZCoXmwcz01JCnpsKUKkeO9Dm5JNVWdIQbcVbHg6cgBs//m7iM0I24ozcDtHX6rviyVCou2tTL20rjMQviHqYgOJXDVDP+OQ5/NnYq0Az/1rUiNc25Z+rFZvkwKhctNO3jcTMK1jyIkgdIBLCzgch+AQsm2W9taUxZ9yxlyLJocZ2uvYvt7DAH5tSSaDrlJdOPar7sUzE6m1Wjgo+m8DGx+3FibDFu2a7T0cafEulWoxeNw6MnEwWVGzUK/Dk+Pq+SpBCYZeWoftPnx86TEAGeRQ30p9d/gQp7NtP+bJfz3/TcO4FgufIPObdDbdHskixh3JnPbisGpcW4O1GUpDum1LIc5giOjBS2C1s9cVu5b2K4UVVfEqSlLfx2AwtYEp6ZCRNYU7knuczahKvXr5syJfj68osDnHhbWnETfg22+F2WN9GFQa7CHFUU2d9NgJgiq8qOa4lPMkypKwHxvEaGcI1pjmLSmbfiQT6sXM4RkcMOAhvicD9hPjW+kXHBHkkzAwPz8r2PRfqZ+6qx6NgXsvnEOOc7qH4cx+ybBW8qDzoqzD7UhSZn1Y5GYzskfwimTYKC/IrfRBYFkFHbn2qr9d/9Pm44ICe+1qZBzNyJjMXCf1iwJoQ92hCtVCIk2yOb5GKX33synq9s4sfCek19cKbIjHw6Rgkbgr6jQUxXmjWkmN4TZVU1wLsdl1tbwhHsD3dSPtAp857RAQkK20EInSYGScfaVs3rGoLoZWpAI1NpPj5ShWoATa7f5lA/HRDCAiMRExoySSxRw3ktxffTMPk4P5nZxUOV598AHaALIjhN0ySidCI5CLKxgcnwgot8KLufmutBbMo=,iv:Ke55HqFnndEWbdngi+6EbrjNaLf82q7JEkO9FY+qS4o=,tag:nBIgDCrde5gB4xpRt5Er5g==,type:str]
    websocket-cert.pem: ENC[AES256_GCM,data:c5LkX/bZAfrIqX+Awv6IQVQFFxpUX3kaT5W7A28v7RDSqEcbEjfUrx0nO4xyUtWFtrEmviyB0KFWXlKYXu36rTW16LCmPpQLEp/oQdPidWWrmne0YJ2jtnw/7b3NA5L26xRAdseorPEqUzplavtXpLrJ/E3+ZfnI+o+J4h9X2eG/2xM6BMHOEH4A57eEVNnFgzTJHxXdbjp1yltHqtDQO55GCKptHZIBPTm8hbkBOVuwFPkArCOjj4owYV8T1L+5Os6vUZ43YquHNcySP6/DHQJKeKQ4pU342ARsGNpsR2YvKUc8aakJSUzYVthGWNKw+YpEva+qAk6MjPJ9dSAT3uh2ziSngRPXU1q2WOSHbuz3g10eTEdvN+9J6zzaJZOVD6jBWQgynXwwFaUb/VhKKBkwluk8otNJCVSshgKL4nOsI4B4b1zwzQWSO8tVovvL0hZ9Up6FAcsA9d/N3DJLxRydAENbaYLXg0x5AuDNWFOq2/21VFpWEGpJOMxeDWGETBZkVP22AD9pHC2QrZFGbfkVxU1A3PzZk4kxp2C9gITDjPlLnsyILxoccVhOcn3d/bFqIcu4mIpBufCKHPRVz9+P5R9LaFcGEgGZcXHIy2/hQJAEjpVUfIMeb3Fa8IUgjFAH82K43n7Y9S3AZxmQAWAyIJ8ULHKveTf+2g4K5az5GSeL2YCvwlOSqGAFP+OAsKBKUAVX40GCAczP1P4PStMd8tf4Vlg846Z0E2LL7TY63xszzUfm9lDdsEIqn33brlM+vvSghTGHTG+3XfRa4d4lN0Ag4BGHwa6ypiXUEZMQFLRbghFIDgtqiOk1tnEnfsWV+0qFhPZZvjSLLX2XY8Yq7ec28Icfp/FmK2qzA3cC7xblJisPdZzGLuzVKwziUdAHGOpPWJe2uQJVgI2aTIxcwsMjwEEbXtBcC4J8OBpQZpGAWXaIs25g7RYgJj66xIAxXPXlVIz8td1YuYkXqdG5MLPWt2kRfzSGWzzKybCEY9DEHuoHSP4uKd/7gJC4a+kBRTYrp3S8lZUcFZu5O5XEjEG3zEhpZkJkM5Ekdf2SPRwrtDsxubqOqMHxe2BW3vlhJtLF8NsL9E9T2vLqcQ2ACEfm29j7VfLXVbi8NDfB9pVaL72G5Tghn3Wk77fChTnP2VL0SnYdoJhBWPqPWzu3w9Ahu1ETU4qYnhjVWxiL0MPoQMrqI0/9ejsQTyN8spTTVtRz+aa9T1wJjeMUKjU8GoPtJE9k1Awl3cM1+bNebp1MI5Kpjvjj1rg8955tp+wREXXUd3csx2JRV/epmY3IA1SbhLZI4+ScnsNR+pR1eBmAe2Fob4W7S0ttyP42bT139TxjEpUPmD2mkrCUdX4Mf2NP0iOSHTc8k/gelUgqbVb2R+T6P/oO3SzKHw++0W1Bw+92MsikKLK1MRvzEhSmE/AeJMLRinQ12HLgSSPSC44m3zP/hvmAom+4sJnRKsu/HX1Kex8a2XOahUDi8/s3Y+PLOSg4uUvhn5f0w8teNGaws1+7N7jPDLTnt+rIfOV9/JBu8lDemX4Sce0o8+D3xdCyWxuPx9TwvidtiwlPdJEr7Z3lK2wFdnZmNg4G7uj4PI2VrR+/kWcQ3YCmA2EzFjJTyXwqL2t2MzjlK2e5AqXCt3dG7v0sKqbUfn1zWG07RUx5z6dQELr++oTJrSfoq1WRArsDfkZMIpwOqV/U5kk6TU3kua/H3TbSlbrlQF+Isz/9OCRANi+8Cwqfd64nSxuLCOO+x2owi6xS5OJgRwUmvBABcI/7gT+hpYcUh9MK9mi8NuJQs+yx05lZQskd6vNMs4M6xRS69BBUVACbW7/L7aVyycAd9lHIH8ZeCcwR7F+yQKpYNWm9j0DMW39JP2pyfApUbDxZEBNiNrdw2SA89CxQTAHTGgtA5iOUjontDxAM7WuYj3Zh1fD1T+91UWYSzCN4+CFPLXcLpkeJiZyvpu9BL04cb3XrBka50jtvn5K3EhcteIWTzkkndm1JI1szkvslUAr/yKJGHiggGzihZWtdSvymaxyiFJCYnaWLGFnPtnokjADDM3Z8SxmCB/Ty7E8NDND4eAVaOCDCjPLQdee+MCPDKuQMc7O1zEHboJHJv0EyH4lgbXFZmkN+BvBFEOc5kUS0JpeK4lExvtNGoSqrcmV4at61SnG7utSvwnH5NCjjBJWOF2MTB6spgg==,iv:YALFG9i7jKzykKnBtb/W7w/5NdaO4+IZJOv78WZNtd4=,tag:r2LwJpqDOeAmhLPSKtRwWA==,type:str]
    websocket-key.pem: ENC[AES256_GCM,data:37Grdp9HRtoKsspxY4gI1M23WDdMqiDZciwU23nwRb2K+DbclC0ahBvNZkFIU9Qw/TsFZiXTTKCMthx9zTJZDDxYKJJ+HXsGK2UnLxeJ7w0IZd73soTFO0Y0zrdBGlfMpWT1EOJ8CTmt1V/pgSXix2KhS5q+Nn/goLUzf/lqswITEF6LGZLcPGgP63JuyhpRgNYlUI8Y/xMX+S9cq08ojFgguwVKyVb6u6jzQH5Hs8M7LUWMxk8oxBav5uF1MY0UCbqnojWEFk2wHEChMwgMP2A46JIP8ayvV26GhlYLR9BSNz1kWfzf/LQpi2TG2eEIIqpKU33MfeM+nkgfsEjw7f5qGuHZnqFHd7NLBmqsFz99Wco9VL34Zuqi1vQu6C6l6/r3NmT2LTfOaXav+DfKIBp5ZKKzGjRBgeuuk8BUj7LrPiBx0WnfZqX5zSqpZbvLLdLtOIfa2ceeBOe7sqDE74WBd5lx1cQbD3i+BjUZVW8BCXwQ/0I6r7e1iBh7AHFbPP5lJExnVywI5buk8JkR8h6LMO5MGht5IgBLZNaaj9HSxFMwwgCqLp7PnAPeziRIxx2pdZKP4ugc05az9PjXgJkOQSrtL4nhKuUbAIDd4up2kmSAgDJK1wNuGsExTy28Vmk8g4ut+2pnq9n6XtE9cu5lOtGerrb6Hm++R9cr9HW3vTwwNNnEHxEXHc5t6RcSkik2O4HQBz4yKliAZVKod4vIdOW2MR8giqtHlEUNZpZHCGoJ+rmQPCD9BOQ4iK4QpS4/4GwUgBLkQo6HVdOgInZxaj7dOxMbPa1+CIVzYSedyzKJ7YcUzPd/jiVMC2BE0qT2ngTjD5z4l5uUyab93z4UK2n99NABpdHjdRFqKsxaGb6Ce4C/sDIFXDLk0Me9xZu4weJNWoSKt+UOixHr4g2x8+LRdSZYxFZdsxwv3UzCWLPNlRjRjvS1LHJl0a0j+JiXnMtsDzQrAXgpQuC8sj3VTbITiFqCNsET/J9hc0iT15frG6ghXINvjqmOE+Pt0lJ9Y3Xj5dmFV3ItMOmOodGpusDtjsv896CN4GLTEzrfgSr1KW2X3Zmk0hmql6pkm6Yu1Byh/bNrFaCbgrAZVg529soO5yeiUKp7dTwFzV/0K43R0BIjTMhq6sq6PiPQ7jOcxO2fYlTaSlrF71xraCbpwI1blu4il1P/Vu9kyfUyfopyCooYl8+ELf9QHaeFxkaY93oNWaLRVIC4C212HUuqbHZItmSCI4ORvKMgXG6zffdL2XdEvXB5usB6Xi026TWKOkp4ptvPRG2m9vttaibTKGsdgXlOGWvJvCAPjDb60nYbUvTCA3T1krB03dl5b3gYnMNwCzGrp+2Cl+75hMH6vAIaZwziyPc3eEbPRLcGkOLEfbavqVJozp1P9oBBIUTqasxJHysLxv9G2ihYCFFVJyyK9gPI2eFKANPdoqMmrcvmDiorOJWacAkgF1mgVY0Q19lE8M6PD1/ExEwaMNsX35wJOuD35NYW/Pr0wA6Hj5yfo/4Vqv8NqriNUTdbv+N+/8AZZsZUReSjjySl/040yeQk9auTABufnjW9eUuRGPBl/ePycltcoq8KzGRSLKi/XLaJ0Wb15i8emOl4fjykLzqZXfFOAZ+FDnjmLv8nDAATxa3DEmF9BGkzAJ1RD9iYYq6Rt7gqIWGAwpRCj/UrajovK6eUDHnFY8UY+nPweXWGE6LuUazOjATD9bDsIxit6VJe3nI1gZwVF0tcwW+uktZgt8mC8+KqKBBB51qG7L+Wy70L7HRyWwZBHBRaUPmCH58/5acxD7qpsFeGAv3L6y66s97D7QzSwIaRn+OsAs0mCPAqTiW8HiIjsgBoQL6qFiIDApoSIZBfrCBedfJH9kj3sPvs3Yjo0TX6d5IFZxWx08n4u95Np3YXf/ZDP1dQRF1VSU+9L4grdKkLBTWqyZEEjwcLW9OFcWylR9vtAAZ7/Y7n1eZFOtkgQdanlzaWzEJAdyKejjqEOu4sGH75T6dFg7KsxMe8aQlmoX8PkhWDFI532lA3ieM6ea/0tJc3jX+hLCAdR6Q7hkKE+gg7hSwbiqTHfIibzVYUPDinUGp5PZONknc+Ty3GcJQJAxFDwzBC7xDD1Xz36bUMZwVwwDnQpdlJ2b8kYH9jNguSWRufk8fqWZo1sBowUYuE8UK899RcwqjYL2xKWiaKzkq8Fuape0fcPiIICwmYWpfNFQELa9YV3fU2ujYt+Mg=,iv:QnJ0UArbF4+cbtTEQ/uK3d4VUbN6BGDzIYw/xMmQT6E=,tag:UXpEJGYtU/GIDG0xnDQGLg==,type:str]
 sops:
    kms:
        - arn: arn:aws:kms:us-east-2:289708231103:alias/helm-secrets
          created_at: "2021-06-30T15:35:52Z"
          enc: AQICAHiG/4CitJjM31GdYxTw9OLz/Zs5oK+DCq0cU2fAjtAA3AEDQ//gxlEyJ56QvE+sOH81AAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMDmVBhM+C4Rn26DnKAgEQgDsbha/VRkGjD/aQo4QPze+80fmKIxfsvsRRwdg5Qxn/XvBZmyUe+vZzD6yQ5t/PB6jiE+eNEHO+253FUQ==
          aws_profile: ""
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age: []
    lastmodified: "2021-06-30T15:35:53Z"
    mac: ENC[AES256_GCM,data:5R6dzBwdLh0Kvhq32Sveqo/9mLYoEYL2sqQST8P4AUiJOQRCRp3jkNUbWLoWVwqOZzL2XNfsAVWxcIUtt/Zb2TtdvGNVi7ud1UNZ4cXKJ3+Jj4bXHOanauPgFT0MsKmfnSsE5QGgAf0fMjR7ozeXDpaf7aBVqfL0YY0uXyng0xM=,iv:PyC0Loe0i3I2WHoQASaj8c6GMSYsepdakTk3CxXa2qg=,tag:wcfw/Ar/l3SwnVGZr+XQZw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.0
--- a/helm-values/ucentralgw/secrets.ucentral-2.yaml
+++ b/helm-values/ucentralgw/secrets.ucentral-2.yaml
@@ -1,28 +0,0 @@
 configProperties:
    #ENC[AES256_GCM,data:6ZWY9fW+XTihrY/cCSj/,iv:5Ti5re+mLZqgamqGO6vktddWcUUS9eLWZOImKel6TOM=,tag:0jOE05r+tzx6Nq0JC9YEyg==,type:comment]
    #ENC[AES256_GCM,data:OU1ncbA=,iv:fpIfcKdPvq+AzdnT2KWfdQ5IeP5CrUPFk9fxRHFDMlc=,tag:pfw7dhqwS9mV+FUbJwbMlA==,type:comment]
    rtty.token: ENC[AES256_GCM,data:R5bFG3eZp/lrca/D94C/isxi+EK/VwVfJumNjAYzZBI=,iv:/ZFdiSCZhqmcuggfiYOdL/OQQ1htY+UgqDlvi95ocDA=,tag:wrfklROJ5lBooVXRC4CRgA==,type:str]
    #ENC[AES256_GCM,data:WJGaDmA+68j7irZjRdA4,iv:N4S60MeY04MKaU+0s2eQ9fcdIG4oUUzWaO3Ht1brYpU=,tag:f0ZATUN84m+HWDmfSKOxhw==,type:comment]
    authentication.default.username: ENC[AES256_GCM,data:qRx+rsqL3HMCL0hBKbqgzw==,iv:xgonD56NjotZJgI4kjjT5ODaEYJMMgUR6nW1Wxbw0e4=,tag:T5aJqvAex6pCfajj6Xeh6A==,type:str]
    authentication.default.password: ENC[AES256_GCM,data:InNzsPZW5hmhic39/ngfdBVq+Rd/KLyladILxjZvJtslLnT1BGKT0hTFgAepV651fRvyVEVEH/a29E+825W2Hg==,iv:K/y1l6+Vqbjcu0hoAeNiD4IY8WSFpkmG1Ixyu3KI6y8=,tag:uVukMzeZo3bMHieRLPZ6rA==,type:str]
 certs:
    restapi-ca.pem: ENC[AES256_GCM,data:Xgwb3HvPlZbiZsG2vJo8mvUjts6YSzkaZXAzJ6lcZRIrKC0Fqvtr9+2jsd/KHLy0wnZ1wTITRliPMlol+oAxFFDdjS5iF6Mg2+EHseeB53Bt/xiYdbG8+sFIRZVq3TV2ExD18jHIHs/qmsE25lhIeHVl1EqsJwE7OzwBRxiAsnTeJyA0c5XDE/GwoCVmGRhG7qBID9qScgWIm9hc6/L63XEpCcPsTOmzLLqmsWnWR0OfDwV3S115dYNwE+YwFmGe+/unvm2CIAoA8nSo8bGjEx+rTaBpCEmI0npLGmp8s1EcMmLbpRx4tseWnqGAALrUaMASEm/74INdGH69dmlBwGo3d23YjUbNXNjzDEAsO8hoeADDfk71m1HcrLtJBUlxexNRXLFBgtugp2+5deY4wTjexdW+hO36gGUG4IceSpqjwmL1O0fSNk6XhpMswUeltzOnPidMeRvgnIopZ4VO/L8PFC5PJ2Pze9q/rNKxLLNMGyPPaJ8GN+TQjp5AZcLJrhXsZPAxZ10fLDCjANpWuXrj8GsdO6eveHBzVhK6iY15kh3orJ7Pw/u7dIP082q9TCpERkjsFFWoFFf8xfmc1WmjZvPs3DmyBU0Bfci5oW9PBeHZrQUaJplmeC5wkACE896p1gE6IM3hT698aBJho/YmWrOP/4mZoUtJwzBHJfavNlmNynxiFCYaZmvB56DqvclmrHEr7caYgaUIJ2QsqlrCF1jrXEq85A2VDW47IR0cJyFa6UEfefr/kDdAAxECJHjLJsGCvsrn0ilP9GpJTBlIr163MAkx/jBRu26e0gZSItkfxStv6KVLj4t4EQ0hm/fpdDkPotmN6IwwgpTZL/ROjxzi12mFnqJyY9WhCYNrxSVYRxj5ZxIif8MuoadzpFUxgOYjK0/XGFEHMkSrZGSXojqRdwIwkjtrkNKXQh1epHg+MAjBKybqaN0jttwd1CqPCCPATcwa4iuXRodwlOYYBhCvXS3c10tOTRAS4+JmEvSYk5PBulCPPJjqGgBQNQN17gudSlNnOIJYlOokdmWE2oMEBnt4kuoGfj7pxRN12Kxckz+5hDznLATc1M0HzvEsCmKJzthUj4jIIf8WdTD9un0HxWb9sSkMQNcfkTozy4lGnxpymFBDZNNumdVmk7lpDmxJHBNlGK1wGevH0nvGGw+Y4T/C1impECNAjtyFN+Qt0OgFBwwK0dDmHgoQYiMvyOas7YK4WZ81XYSfS+WzWDp9qrH+i0TCgE0ia3+YZlKnBS7FfkRjWPjeqrbz4V/AmL4alaucwv6PdxBIDvJ+F9qHJwMqs3CKb3FEvRokskbp74DgUwPlrTGqVed/gVsSYUgGKHunebi0mS1qbyScg5PKIkeMgEI/zUs7U6j7MbHWsHLkq4dpzgLff94tH63olWC1j+XvlTIxci20rbo8QYhTCBz/HFJMlRvx9LQTg0gsdyT27OqUKOOjf+k9JdTJMA0SIuWw1T2dXrlnNuSGUjLc7QWk83pZIRdVAHtZ+Xw880/tz3wvyb2s5bt+nvthtH2SpxqMUfA5nPIk1zzJnCBo16ORX7aHlJXSHFst5azeJGDHFZ5yBBztlJctfWhrqItAJlEGbwkSMwSMbUjGsIjB+MiuVmFLLPEufj4H/sqPxCXl7wq9FVmCJ/k9Dc6b57s3GNM5Gb6D3KAI0xSIn+dmJXWLOPR0EKe1Hcj4hqCT66CQ7FgIXZ3t5C6GRjzTUDIUW0BWNthZaDwsgNiywXiF1HAvxHU=,iv:02eZOOo+L/H8GEQxN5EzfRS8yN9KZnwUi8vEyaSO3Lg=,tag:ecFpbyk7YtJnF3kKpoXdfg==,type:str]
    restapi-cert.pem: ENC[AES256_GCM,data:mXiPRx1CfTkvYNFWs5YoIhFF7ZhXjupyKcNr6WbNUv6xtaM5jaWS4nBw+6Z9vLXqzIbsZB3kDsXDV/ht4LasEzR4Zl5hS0QJm2fl8qYwnze0WOUotfdk1L2+GvODhOUF0MArRrr0nw/oW28MY/PsVbqhldSIaoX0+SrmKZsdHagJMTOi0NNjj2wOq5EzVhnrNe0VKMARst5tU7+Jvpq9uLHJWty595e80N5osbEbevRB4agLilEobcKebQ6LZacf6zDFGRusmf1YwBmWDyqXt57jAVpH9TDcXSPmdJvbUMPdY/VtaTQdF8u7rNfv3v8iz/BeuDmNFlYBdChoaUTaC0v92hzdmrAea/AQsKKQDHuOk3Z/K2YRjUqwQXYcVeenA3pPQ9t9zuU1Pwg7ytBiH1T+b0fsCH/247S+1Aa7dRoKwSihOH83NL23tu7YPB25G41fx6jYibop22SiGvy9B54mbzWbC6YXpjYj18gm3LYFVMJSpS1NSKOrTY0nDGlKYBEhyO9BmgeZG1lFDsZjQgzkGbZCl37p1gWvdeLw265OWwbw3vDtrcBqExFazuLtNAPP0PTbVzhxvC1UMYdTEbNNAx8sRyh46GQ2oZb5C70BIYb/Qgf2BJqfWUcskQU8BzKTZTtlacfOvVYeQRl6Wm2UnmeRSfkUFjvlaOtOLBIV+2HR5o6D3iN86j2XVmCLZcjVjIh/TjrMm2OHDNEY1LuG8oTD+NtYX+3pi1G/+25K1loFHPOicmcjsJs3+fQnWSjVW39ji1fdJ//OnFZSK3cP4ZYZGQULlhRaSbWnZkg1Q7Brg7HUodw6I2kP8p3+T3luZ7uCCY0HvywCsTIYKZpV4CSZauYPaHo5Jx/YWJO/7bMmDSDa5MpDHQ4Kgvp6dBZXMOBh1SquZKapsqBwU3gvzzdImqUkEg6VlXobumJDpvQrMUoDeu1jXiuY5UVKqqqVY3fgk7A2czgqFpyy/bG3orwpLCCL4EyY26UlIjiFBxC5WxP1qH1pZgPWwaROr/gGiw90xXWzCAyJzW5y00L6uy/NXLVgFGXIWvhx8vyd48Rb42GMmEdL/RwWiHH7sYDXBKss/4saqNcSgy046q3B4INuI63V8efLsmSTF2P5iZyEzHwb0//lQqLleIdmfJjrAHWITwaVw/aYOa/Lfuh4J2nEutK7gUZh3otTOF0QweC+AX33Rbx8DhTt2h/oSO6oj51adGG4IKunKnuX6ehJEc40gBBxV+fQIew1ephbGXoP1VyKOYR706GeGgRu9VhLB89zhJalfaDe64FRRjqXefutIvlAnsaJzcI2GWq0JKhrznK1ApnBOXzS6Xu/RbUlcd85oVvCPyZAebC46okBnLdUrclrZsaL7V2e0Sy8Lyc3MvxGsvolTCB4V+12l4kF3eP3tSVcsXqhkRE4WS6Tt+sY1L4TKrZmLxVqwaO6BpTftI4PAOcM1nDqCOunZOkGNy7smJD/U1aaYL0yZdStQM/fMVDq6NGqivVt7iXGkbivg3FLxma6A4xh5+tLTMt1DBYlO5v11lyBPhKmL6BW1EUo05UtWts6zlAf72QSn9bdPrfwY2DBnqMYbS/bY0Z91e2yhV4+nx+QLSzGiz2omDn3HliINgRZToTb5m1M1pQFZ6pG2+uxPZon30zznlUOscsCYX0NCz7GSK9WQvGGX+MC2/ZwhTCVRPH7b3n3euD4UJwVDDZztJGKf0wvVADOgGGi1DKqoufAmPFeWF1H7bIwPKHpRRKwIrCSkGEEbV+LATBX2lc3YbYbNSKbkZ0zEaqWdrRJbPCgk/zGs2kKMdTVPFv+6T5EYwrNVZYJ2AoKG+S2KDTkzDPJgRWyLoSHCDBeVkWltSWrXPQSQ5XADKzuhWUEQLba1cMWiwDWDlSyy3/fn+GWGnmLKdYd76foPNTx1h67mdw+ZpNz1KveC16ue5tzdCjC4ciWKX/GJh7v90ekYSlgH/iXaBgEZ2uuUVsW4/E4uEUct8fPj223VlBBXR0vPvlr7IunHNrj0pVUP5SOEilZ2UWnHF1fP5me3CrkB7n8lWpOoyGYXprU4KDbtu/FeZbi09Lp1dgxJVx21zpXsYBk0FMW1Qmr0ax/1ME7lJQGjsU3OImZvp9JhLAkMummIbUCw98rS3KAK4ErqGkSD5AHE9oOMP0/UyZL79KiaM2/cKUMXSNz2BuGRQ==,iv:EoVKVWCYHXxj9U7fsxaLDOygUH+57oTQ+reFjLA10MU=,tag:+sT/5Hb/Y3sMh1Ff5V93VA==,type:str]
    restapi-key.pem: ENC[AES256_GCM,data:LdM7j13vNThRCAFFur/js05G6kXELe8TQUnsXdzDUpTF7MiKLC2R/g0aOYspH+2VoWPFpvp9W1Zhijf8x7kAfq2rQHXmMtutQ03gwf3UOv4d1RyVppesJ859y11QPjG2W3oBg4hWO3e6dzo4r/T7gyn8n4O5Iji6PKUHl6EXgTYy0LPvKUnyG7GA+d+O3pbxP732WPRhGN+LQDgPvmppGZFDKSU9J4RDR1HirUsw+ZK8U2ttwkUOjH6X7i65X4ZkQqULOifzEI4MSDCOUcPWUnCm17LKjQQGxZ0CDFEE6ZtUOTAlyNe/Aivv+FE9CNnEhU/Mip2TOh+JK32MTRXc15MEO/XYU+NKHXaktWFL7M6rmCPzqy0ssBFXFW8/5+Z8NUfiIijA84v3UL371uZF6q5RUqhVAc44Rh27qyx28fgqdz/7gy4X5O9go1s2G9763PvTPkrh5KeKtpcWLTFpbCG9ay80/ahnpJzuDBQP77NVV7cBIDqhyUDiDwbL388dgT6Si/W1P0U+gHLX7A/Q5/Lz89oGSR+YqKqt2IRXfi0iKCF9cTzJ2L7h+46GD9/ZgiXxf9dvhGLRI/HdTrqyR4cQH58UYL1M28KUVhaLPVJsSwC+8NUh0q/wLntqusVeXzH1zBY3eLmNJAeilXTEutRWLQpABU60/jn/9sWFv3OUaaKjqC9UpgMfMZOYDGlmJWsLR8doeAvi/r1M9QG9v1Q/WbhyRkvoZLk08aTQrb3C9WU0+g1YpcE/D3RVNrtIAyyiU3TU4KsvZsGN2GOWkOesJALiyKwjPtBTeyVjHL1pBIywpLCIwl74REwJd5OPtVhL5vHN7mYJWtUdT/1Q95zbvA2oiJecBYEHfsbt0p36k7HMo1fy4A5g1T/xDeTXOxa0b+J2QfP8BqOLMppjDAe2vIH1DctHBN85dhWuKKemXPN0B5gMlD3ofGImEg6X2PBuFFrxK6NC9EOjHh0KM8aVqYoy/w2dkEOvpp7xDWtDkH0NeFEqWXCygxp643rLCb3s3uOXg6PhgE94Txq8JH+APCU4bXOeinKLOADUv2pJgrAm8xZM9Nt/YIHORpVvDSwd8Z0GxY99vIHijFWHL+bb0MN8YW57Yqj89JttXnqaeyy4gEeOMs2LXmbOwyBn1QsxceFgzNNVG6wsPNBPwBAbXl1hkP6sliLEdM3lqxZHWn7zLWIZuvCfeFL+OwtnuNIkAI9iqvnOh/3c5S+LoYFPDEjI0VFgCLu0RaVIATRLuuNeO8i+AldgFo9Amo8LSuaSXC9VyyR3AkP5dIU/Hp2BIWP1xBslgiDUj1F9lvdtShKrKrn6UaMoAAoZ+a1lHNuzsEYGF526gGoytBWPKfYW/A2pUKrzkyAu7O0Qtw9jhN4lt/92ZuvvTm+pmmXrnXh6NGIE9RQ6+Sl2xcB222bQOWNKb0nPduWExZGcOT0mtOFHBjmw/JnutupOtc0mtIMKJftyFB77dK6Ee1amd/03RtQgadrovZW8GKIJdWsXaxUgS1uXmEukX4Gt8R1NUH1pmfAAc1X8OHPAXJY9JDqSX2Dpqft7LF0jBMQb0mptpCyzNXQLAwy5umZY6xrcriyIKHOAicXE30zec4HtMFurymSgNDjd71AaMFnszcZ1y0gIon0tbGFtgAmJHksTrQBeSmJdm0LV6jkw5/WbDrhBToFF/S7dwOwavZZM1EmOXZ9lJwOlr42XZ+6KIDlQ4NcMgMgC4xMLg5BTpk2ohFP9VDFVgox6+Tx2K6ygswjrbX6tRHtbCQ+LqmGdMlWStXNHbuvUFbzWPBYZ5ZQnhXNK5LMklIL0vgsL45EKk1fSTv4Zfp0MWPp+CosPnfrRZ0gKF9NSZmxA9/PYt5QKl6YuyJ5f/yqZwZay4TIxJk1XEAKtAP4tQevFf4Lm+t15cic7dWV6wrraFTxmbAeZPTNOx11DeKq14rfoi/18+folHIbUiakzirc0mxxvZuLI2YVIpGOdxcPeYcAkGOpVNhPgYh4af+C/Yh+UBx0ilH00tp0OA7fxZQkifZGhODkzQ2REmB0EDgfvrk76PCqQ7jJ7bQh9hnJlrfEksZhl6nYJJwfyAUGNQTYxE5B+xK1n54oZ30Mzbpqokt26sZbSURsJhFzlBAsUCL2oEwklbDxQblrN71vDovjcq7Vdnhcdn7/GcvFH9HMwxtD8ZcO7akTaHUokLcrCP7jEUu+mhykDLrI0Utn3uhCSjC+REYk=,iv:/6lbbXyZxf7BOjLfKwFXACbYYLz0WqbBUfbz7U1SWSA=,tag:zwpwFyGBxs1fIyOTwMLkSg==,type:str]
    websocket-cert.pem: ENC[AES256_GCM,data:qNhD9w/gfVjp+zQMsBVKj+qS3SlfYBD1eusWpmkgGyzzTOyRetx2aFIgfD/V1xFPnk/ZSP0ui+WcV2F1fjjP0mhurc7YtnquAn+8cLa94PAFPpGUFTogZ/GHRSaiMSnWYFFkgl7Zau3nmYfKKYSjSmfvKtkCz3voTXlUmVd8zrvoGRQK31DHgbykAOTxjo8zKt5/CTz2+YoCMyAbDpm3exgIGKGDQZa8s1f8Es1aEN2iPvrSNaNsxui/+Q72cUH+v0ldSy/JX1fKIgcge/eA9/c0jb5q1AJaMYbVEiVNan1SiiZhwV1IyNhTohm/31f64AVtfW/Kf+xz3OPTWGZX6SwAqzuPZGnAbsXsgia2QyDiGIFlUtBIOpYDOxgpoY3bsoFU0y68lXuys2cTqBR6FD6jSCcgtMts+nMnccUsDZP9B7ExpD2SXry/yb6gSdyCZSkJfyCTmbAww3MmQqDIsT0C/FU75fo4i3G39TBG69lurcOqAdKhnc2+0SzRipNHAEEegjGJ/N+6ISO8hOikqiMfMW0S5mCUdO7DZxK3luzlAj6tqb8YrFn4Llup1u2gupTPBBj5PfC/NfqVOyus6ktAQKaBEXYRBA3No5GCufA2dh0EeSkYZfR54FcUrbbR1hT6BVvdxiKthJgo2eCYVw2zjWAZI/gkNV07ww0bb5IhRKJotsdoWLrFpXYqZwf0v6mmMaKABICvxdx2Ek7lHxkT1EaKjF3SaB6nrQPtIxS9fO1JfnTwAxJ8nHz7cjXXffQwLvFbFCrf2qp63TrDyiUpVK2MiznT3MkD59usU8+VGNOpzKMov+NnYaFC7O0ugGiYtTBjop8sfcphMPs1hoAyISXJlCve5kE+sQV0HIGbmZuEOQcqxLPyMFN8h4b/cjMIuPGMzDLmo0H/yDOTgZrxRQjhcgsqRokVQMsb1xzBRKKdKhue7fxT11GQC7cc8+EN66+zT4d6tG2g3Ls0gFh/e8t7gSyYysCsKkpsuU+Ae6x+Yr1lGz+lhBInNwBrjiHBBe8JPXs04LZxA85BvRxYArZ25mjT7EG6J17bXx9oBGlBQHQJwShLBvOarlXBHDu8yyyRtBVKLaGbvTHSvbi/NSHPPwLa93UAQ2g3yc945COYOsIFOme5kP0PcL3dPFD12a0c9P/Fg8dx8XQ9qD85SRPezJSMUAMMwB4BjVJmvwjrnUerEvYFEK7U71R9PaWCEhaA5nqBwXh93ZA+E3SeM5tCcx8crYevCC3Bw5XiQxyJ7hfFy0XnJDIZlp7LVR/k1cwbe9Iz6QUjsSqUPClLLAoMH2ITh1SD1lTTNit4p7tPrM06lvmx5WjUECNRYw2CHGsZoS98oBz3QJZ9ou8xbAuJ7uKjmzzbW4QS35YvA/2Mbkz9CAHyIXUtIAKKBGtZaBUTh5Ot/CbWJBVqdueZbudYgNBxhtnAmnyov99NY7yv2oYFDGVZoHvrcZgDBOBvZ4MceLjf3aAnVKleiF7Ixfs8DHm64nIpcq3wKACIvYUUbayc2wsUEa/tPmJSIZKKtXLF3UzxRXBbAkOMv+WtLoI1m9rP9aOLTLWjk7wq1Q3IcbuDhwb2KrNuH1DPf/yaqMz7EwRzaJWDQwWSw7XWmIM7bFg1tO8NByfFcXGuqhX6IwHsOE25MVbFztR/LqcImfl50uHHKDhPysFRtVbIKmmcaDxkYD+Oz3LaM7pcZhYhnezJY4UYmLPSTfVeZJwdBsoXRJv9rQUXT+Or0KFwgxhrUYVGtj32g4dR+bPRHnXuWW/rRlnbCpbUREM7KdAhzMR0r0wMw9OSDkibc1m/1jCP3XrTZicWwFzIEBUqBpfndzGMLTKNFoZAxh2inTMjPqK8ANGM4W6hPcwjKYimI76W+X0VTDoTamDwK8tvlqM1AVJovnLyVJbZP63W7Dq9e4UstcacvrPLW/90mPzuYhYBf0kJVxfGvqTh4rgA9ZMk8RxXW/P56Q6zT34GCNFvrwzWjnsLuooP02wDHl116/vM95v/EcZzfsQWPLS0rebR77sEQxDPF6P90Eb1IZ0hKz25nyvuCyriWJ3xKFmOzFGHWu5ZigFuZone53ikNf3DMF+00FvVvxI1MYWWSvDv+Lk/Zdp5jKHpSe2WYoX0CBldscX2ZU17Cjj7TywpuNCufOtlrddw26f0/8mGoSrGQV3xy+H5tswMqxes+Qckzg==,iv:ukURtEVVkNLda4A32+Lop6zfIAGDBrZP4dNTg2BKM+w=,tag:Uo4FK/BXaIFyBdnVU7VfZA==,type:str]
    websocket-key.pem: ENC[AES256_GCM,data:zjDyuSFvRwR0M13ealPVZzTaIQ4bOfN7ZGNKq/T1b7F/5AaROw1WgPZADi6bQTcihdcJYGa2+aup4wosts7KTeO/yRHnVwRYMIJ07njwMCXSMKMcjrd8XE//aGC3tSzfZXOMeY+REB+5jpTipvmcugLgyj+DhATUZ3JmD2Qh/M7rLvyInyY55Yt4ef0gf/ENHUi8habUNGIxUarVyGg84ml///DpPR02aWgiMV6KjJcpo5oPUQrXT2eIiSeQSB0D+4f7RcelbdgbVHfSA6CKLmUcjTyve2HiIrPWatFtlhm/Za7tOX5KLRdiqRSWiaOxJLztvOaBvf2+2RLTBv05v29NwUDr/GcNsNiZSHWI83TLY7m7KfHeyxAflaJ+SrIxZAMA4tNiRM2TZ6ewW13DReiQdmhcsj+W7h1ajNeAstAFFj1cNRxLm0KYlrvuUCFTg+jF8sQs/ZzGdOQEP9n3bxgT5Z0i7r7zZKvsa/fICfQOnbQik9vWzG25WqMOmhhwfSfPmZ2d8DnYi3WGbgIvYRHakSuNcGYHA+fmQzASMfBYqfIpKL76VbCRWHNMMuISzNyA55zmRHT0WnOHF3L2f4huYK3hCQlNo1eS3zixtdkD7ZuWIV6vF7zn2fIQEiIOnMR+/o0Fv4dKrTPAJSrgxqS6cKbBKbmTWvC/Y4vNYhv54cqgdEfxC5UXUUNPSiCGhx33J6JqlDLk9mdMgH8Ao2+gzHzXQD9D6PdAClYsTO6cC1zpcIW4RpyRprvzRFxCyuIdcyVXdMZV5KUoRmOAekprlvKhjylC5utzD/PKw2NN7SNDFez4GRZTK9nXV5luMaSCvQxcycU9AvwDcJB0UwRtyZ7pV6xs5+sGdrAYjZMaayYvcEYnpzXCA98nAwZ+vJZP3HwK58J2FNBgBN0rnVrbPEApn7lo7JhTRgddrAqF7G9yDQAUhYynyJmJEtcgGmWw8OLXBAG5x4t8uGr188O/eNZiuZzQLfy7J7wSwb0yKUiX/9/zo7x/9TzJMrUidl0PHLdcDFCx+p29MeQPtrYPcwev92XqD1oo/3iPyx3ttkiedYWVC/XWK3T2GRVsTqknOO90b5J7pT4/t4PAyNWv+60zbGg7R75W5iYpzoZpq5vKIkU6M/kmRcV5hPY7SylTRhqdlA2ISAdcFjcRsW9ROiKOFk6l2o6hFsjqOKoCN8z071JgHEq+9FIXeb3kW/umLNjaM5Istiq0aRzEcVE3LPFE/BEY9BQkCgVIyNsL5xAdW1RvZTST08G/1MfVzArt0CJQKdxJf40qY/25bWF2jwqXtpoPQ9oO/VSZHKZpcIwPjV442VkXvqmHuNB/vDv9V57hohPRggylGs1JnaHx4UtFPV1VLhdmxSmVXZjCnq+iCqE30e/0Z/iHQY9/JjDh4nxCQDciGXZtjxIIViV/5QJrqIa0MBOjoEtdXOCFTS6K1A9uv+Z3VA2zsrCf9Yo92rcEEYn3lOJiOnHibniKETm9xBoEvFgi0j97s+xHyI2Ymwf+2SLgZ0Nk3cOqCi6VhogTL+mLqTx1gY5Kdae4hdGnWQMoF8Tshgnylv6ryZlmy+HuUM9H5yCBYH5uxN7Mp/bbjCru7DxDQht1qZlvun19JLR+KDAdzYuuq6JAYQrMmBoNhtzlLHylQ63xeUdNRBnrEdAGOKPTPM2oJT24BWyzPFNZUIJTaStFGPShLhnZFZFmyKwhYdmHV8EvL6AQ1VG/o7J61pywSxtXC2oXofx5ZdjByrDhKRAfcMJMIo/w8KAvYpDC3VvXgIPjgQjxZIj/HkkduQCIq4rz69ds4hgolNQ4nTEtyCn6hS2aBqW3dNdUxQv6bKS3jgKc9y4mwAD8hz5XmMFuj5pH5MX3buYb+NZuqO06Kgctluc01AgQThhVmUNC5IKuqrnN2Q75f9U10USZSjbC89w4oVL+g4mmWWTpFiGir7edqoeXUUeYcVyjecR3n6A2Qra6JfU2ErolZ3niuWNWMBm2XN2xAVc1ZDOGqfQtQmWuSBoClfzD0dkU01aOlSNo9fQInVOz59EZAU1ems01FaXaJdaco6Z7zo8riXpL14NxxXWWbjEaO9FOZlnNUJ7xxTghlsmHQcp7p+6kz2dsMnrw/HNSe/VuL+BnO7+k1O+sxPOUCqT59TwD5sMBJZkr1/mBeJk9uPf2ICyLn2zRxwsxfDd1XiHePgwE2CdtsJ9qGF2BzhySXidqaIhGMmHzF3Y=,iv:rNLRX/NVF/U6TgRYXQcQavZRzTFjKM0kHzoERripPaM=,tag:cBKj8wsF7ZqKt73u9aWvGg==,type:str]
 sops:
    kms:
        - arn: arn:aws:kms:us-east-2:289708231103:alias/helm-secrets
          created_at: "2021-06-30T15:35:55Z"
          enc: AQICAHiG/4CitJjM31GdYxTw9OLz/Zs5oK+DCq0cU2fAjtAA3AGWGnTOLXnAi4SYINzUpgzlAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMwLrW4hbgV/ip/J0pAgEQgDtR71udGvSeXNynfi3yUnbwonS/ej0zFevWElznELN8zC5PfqEAzI+GoR3NsDUXMUdgK3ABWihtYrWnwg==
          aws_profile: ""
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age: []
    lastmodified: "2021-06-30T15:35:56Z"
    mac: ENC[AES256_GCM,data:boYlTHBflklc6wuim2muZLGyPbmYFrDAy/M79DJhiwwRqZtfYQCW0sk4ItaK3VI8rEugUpZ5FngEJHfF0xKGlgNNzd3ak/GRbrOe8JI6yMxSn6s8W9ksr3HGjglf0L+u+/IiG706m6uT1UuNAyOgjT7sdKFxHnPcB+31Yl4k0Fo=,iv:F6LrNIl4kKzOM28MCtfCzUMthHuHhfTrv7tjKcSBJJw=,tag:T/oiC1bbPtw6SoGovx+sCw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.0
--- a/helm-values/ucentralgw/values.ucentral-1.yaml
+++ b/helm-values/ucentralgw/values.ucentral-1.yaml
@@ -1,56 +0,0 @@
 services:
  ucentralgw:
    type: LoadBalancer
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
      external-dns.alpha.kubernetes.io/hostname: sdk-ucentral-1.cicd.lab.wlan.tip.build
      service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "15015"
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16001,16003"
    ports:
      websocket:
        servicePort: 15002
        targetPort: 15002
        protocol: TCP
      restapi:
        servicePort: 16001
        targetPort: 16001
        protocol: TCP
      fileuploader:
        servicePort: 16003
        targetPort: 16003
        protocol: TCP
 persistence:
  enabled: true
  storageClassName: "gp2"
 configProperties:
  # -> Public part
  # File uploader
  ucentral.fileuploader.host.0.name: sdk-ucentral-1.cicd.lab.wlan.tip.build
  # rtty
  rtty.enabled: "true"
  rtty.server: rtty-ucentral-1.cicd.lab.wlan.tip.build
  # Kafka
  ucentral.kafka.enable: "true"
  ucentral.kafka.group.id: 1
  ucentral.kafka.brokerlist: kafka:9092
  ucentral.kafka.auto.commit: false
  ucentral.kafka.queue.buffering.max.ms: 50
  # Storage
  storage.type: sqlite # (sqlite|postgresql|mysql|odbc)
  ## SQLite
  storage.type.sqlite.db: devices.db
  storage.type.sqlite.idletime: 120
  storage.type.sqlite.maxsessions: 128
 resources:
  limits:
    cpu: 100m
    memory: 50Mi
  requests:
    cpu: 100m
    memory: 50Mi
--- a/helm-values/ucentralgw/values.ucentral-2.yaml
+++ b/helm-values/ucentralgw/values.ucentral-2.yaml
@@ -1,56 +0,0 @@
 services:
  ucentralgw:
    type: LoadBalancer
    annotations:
      service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
      service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
      external-dns.alpha.kubernetes.io/hostname: sdk-ucentral-2.cicd.lab.wlan.tip.build
      service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "15015"
      service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
      service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
      service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16001,16003"
    ports:
      websocket:
        servicePort: 15002
        targetPort: 15002
        protocol: TCP
      restapi:
        servicePort: 16001
        targetPort: 16001
        protocol: TCP
      fileuploader:
        servicePort: 16003
        targetPort: 16003
        protocol: TCP
 persistence:
  enabled: true
  storageClassName: "gp2"
 configProperties:
  # -> Public part
  # File uploader
  ucentral.fileuploader.host.0.name: sdk-ucentral-2.cicd.lab.wlan.tip.build
  # rtty
  rtty.enabled: "true"
  rtty.server: rtty-ucentral-2.cicd.lab.wlan.tip.build
  # Kafka
  ucentral.kafka.enable: "true"
  ucentral.kafka.group.id: 1
  ucentral.kafka.brokerlist: kafka:9092
  ucentral.kafka.auto.commit: false
  ucentral.kafka.queue.buffering.max.ms: 50
  # Storage
  storage.type: sqlite # (sqlite|postgresql|mysql|odbc)
  ## SQLite
  storage.type.sqlite.db: devices.db
  storage.type.sqlite.idletime: 120
  storage.type.sqlite.maxsessions: 128
 resources:
  limits:
    cpu: 100m
    memory: 50Mi
  requests:
    cpu: 100m
    memory: 50Mi
--- a/helmfile/cloud-sdk/helmfile.yaml
+++ b/helmfile/cloud-sdk/helmfile.yaml
@@ -31,25 +31,6 @@ repositories:
  url: https://ibm.github.io/core-dump-handler
 environments:
  azure:
    values:
    - monitoring:
        namespace: monitoring
    - domain: tip.4c74356b41.com
    - storageClass: default
    - autoscaler:
        enabled: true
    - ingress:
        enabled: true
    - elastic:
        enabled: true
    - kibana:
        enabled: true
    - prometheus:
        enabled: true
    - external-dns:
        enabled: true
  amazon-cicd:
    secrets:
      - secrets/influxdb.yaml
--- a/helmfile/custom-nginx-ingress-errors/404-screenshot.png
+++ b/helmfile/custom-nginx-ingress-errors/404-screenshot.png
--- a/helmfile/custom-nginx-ingress-errors/Dockerfile
+++ b/helmfile/custom-nginx-ingress-errors/Dockerfile
@@ -1,3 +0,0 @@
 FROM quay.io/kubernetes-ingress-controller/custom-error-pages-amd64:0.4
 COPY www /www
--- a/helmfile/custom-nginx-ingress-errors/README.md
+++ b/helmfile/custom-nginx-ingress-errors/README.md
@@ -1,31 +0,0 @@
 # IMPORTANT
 clone of: https://github.com/kenmoini/custom-nginx-ingress-errors with slight modifications  
 used dockerfile was built manually
 # custom-nginx-ingress-errors
 Assets to build a container to provide a custom default backend to the nginx-ingress Kubernetes Ingress controller
 ![404 Screenshot](https://github.com/kenmoini/custom-nginx-ingress-errors/raw/master/404-screenshot.png)
 ## Editing Error Pages
 The container has a set of error HTML and JSON files that are returned based on the error code.  These files are stored in the `www/` directory and are copied to the `/www/` directory in the container.
 1. Fork this repo, modify the error pages as you see fit.
 2. Connect to Docker Hub/Quay.io to build an image you have access to.
 3. Modify the `k8s-deployment.yaml` file to point to your custom built image.
 ## Deploying a custom default-backend for Nginx Ingress
 ***Note:*** This is for the Kubernetes Nginx Ingress, not the one made by Nginx.
 If you haven't deployed it yet, here ya go: https://kubernetes.github.io/ingress-nginx/deploy/
 These instructions assume that you deployed this in the default `ingress-nginx` namespace.
 1. Modify the `k8s-deployment.yaml` file to point to your custom built image, or use it as is for some snazzy error pages
 2. Deploy to the Kubernetes cluster: `kubectl apply -f k8s-deployment.yaml`
 3. Modify the `ingress-nginx/ingress-nginx-controller` Deployment and set the value of the `--default-backend-service` flag to the name of the newly created error backend, which should be `ingress-nginx/nginx-errors` by default.
 4. Edit the `ingress-nginx/nginx-configuration` ConfigMap  and add the key:value pair of `"custom-http-errors": "404,500,503"`
 5. ??????
 6. PROFIT!!!!1
--- a/helmfile/custom-nginx-ingress-errors/k8s-deployment.yaml
+++ b/helmfile/custom-nginx-ingress-errors/k8s-deployment.yaml
@@ -1,48 +0,0 @@
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: nginx-errors
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: nginx-errors
    app.kubernetes.io/part-of: ingress-nginx
 spec:
  selector:
    app.kubernetes.io/name: nginx-errors
    app.kubernetes.io/part-of: ingress-nginx
  ports:
  - port: 80
    targetPort: 8080
    name: http
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: nginx-errors
  namespace: ingress-nginx
  labels:
    app.kubernetes.io/name: nginx-errors
    app.kubernetes.io/part-of: ingress-nginx
 spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: nginx-errors
      app.kubernetes.io/part-of: ingress-nginx
  template:
    metadata:
      labels:
        app.kubernetes.io/name: nginx-errors
        app.kubernetes.io/part-of: ingress-nginx
    spec:
      containers:
      - name: nginx-error-server
        image: kenmoini/custom-nginx-ingress-errors:latest
        ports:
        - containerPort: 8080
        # Setting the environment variable DEBUG we can see the headers sent 
        # by the ingress controller to the backend in the client response.
        # env:
        # - name: DEBUG
        #   value: "true"
--- a/helmfile/custom-nginx-ingress-errors/www/404.html
+++ b/helmfile/custom-nginx-ingress-errors/www/404.html
@@ -1,34 +0,0 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
 <meta charset="utf-8">
 <meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="viewport" content="width=device-width, initial-scale=1">
 <title>Error 404</title>
 <link href="https://fonts.googleapis.com/css?family=Montserrat:700,900" rel="stylesheet">
 <style type="text/css" rel="stylesheet">
 	*{-webkit-box-sizing:border-box;box-sizing:border-box}body{padding:0;margin:0}#notfound{position:relative;height:100vh;background:#030005}#notfound .notfound{position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%)}.notfound{max-width:767px;width:100%;line-height:1.4;text-align:center}.notfound .notfound-404{position:relative;height:180px;margin-bottom:20px;z-index:-1}.notfound .notfound-404 h1{font-family:montserrat,sans-serif;position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%);font-size:224px;font-weight:900;margin-top:0;margin-bottom:0;margin-left:-12px;color:#030005;text-transform:uppercase;text-shadow:-1px -1px 0 #8400ff,1px 1px 0 #ff005a;letter-spacing:-20px}.notfound .notfound-404 h2{font-family:montserrat,sans-serif;position:absolute;left:0;right:0;top:110px;font-size:42px;font-weight:700;color:#fff;text-transform:uppercase;text-shadow:0 2px 0 #8400ff;letter-spacing:13px;margin:0}.notfound a{font-family:montserrat,sans-serif;display:inline-block;text-transform:uppercase;color:#ff005a;text-decoration:none;border:2px solid;background:0 0;padding:10px 40px;font-size:14px;font-weight:700;-webkit-transition:.2s all;transition:.2s all}.notfound a:hover{color:#8400ff}@media only screen and (max-width:767px){.notfound .notfound-404 h2{font-size:24px}}@media only screen and (max-width:480px){.notfound .notfound-404 h1{font-size:182px}}
 </style>
 <!--[if lt IE 9]>
 		  <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
 		  <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
 		<![endif]-->
 </head>
 <body>
 <div id="notfound">
 <div class="notfound">
 <div class="notfound-404">
 <h1>404</h1>
 <h2>Page not found</h2>
 </div>
 </div>
 </div>
 <!-- Could insert Google Analytics if you like, or don't -->
 </html>
--- a/helmfile/custom-nginx-ingress-errors/www/500.html
+++ b/helmfile/custom-nginx-ingress-errors/www/500.html
@@ -1,156 +0,0 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
 	<meta charset="utf-8">
 	<meta http-equiv="X-UA-Compatible" content="IE=edge">
 	<meta name="viewport" content="width=device-width, initial-scale=1">
 	<title>Error 500</title>
 	<link href="https://fonts.googleapis.com/css?family=Montserrat:700,900" rel="stylesheet">
 	<style type="text/css" rel="stylesheet">
 		* {
 			-webkit-box-sizing: border-box;
 			box-sizing: border-box
 		}
 		body {
 			padding: 0;
 			margin: 0
 		}
 		#notfound {
 			position: relative;
 			height: 100vh;
 			background: #030005
 		}
 		#notfound .notfound {
 			position: absolute;
 			left: 50%;
 			top: 50%;
 			-webkit-transform: translate(-50%, -50%);
 			-ms-transform: translate(-50%, -50%);
 			transform: translate(-50%, -50%)
 		}
 		.notfound {
 			max-width: 767px;
 			width: 100%;
 			line-height: 1.4;
 			text-align: center
 		}
 		.notfound .notfound-404 {
 			position: relative;
 			height: 180px;
 			margin-bottom: 20px;
 			z-index: -1
 		}
 		.notfound .notfound-404 h1 {
 			font-family: montserrat, sans-serif;
 			position: absolute;
 			left: 50%;
 			top: 50%;
 			-webkit-transform: translate(-50%, -50%);
 			-ms-transform: translate(-50%, -50%);
 			transform: translate(-50%, -50%);
 			font-size: 224px;
 			font-weight: 900;
 			margin-top: 0;
 			margin-bottom: 0;
 			margin-left: -12px;
 			color: #030005;
 			text-transform: uppercase;
 			text-shadow: -1px -1px 0 #8400ff, 1px 1px 0 #ff005a;
 			letter-spacing: -20px
 		}
 		.notfound .notfound-404 h2 {
 			font-family: montserrat, sans-serif;
 			position: absolute;
 			left: 0;
 			right: 0;
 			top: 110px;
 			font-size: 42px;
 			font-weight: 700;
 			color: #fff;
 			text-transform: uppercase;
 			text-shadow: 0 2px 0 #8400ff;
 			letter-spacing: 13px;
 			margin: 0
 		}
 		.notfound .notfound-404 h3 {
 			font-family: montserrat, sans-serif;
 			position: absolute;
 			left: 0;
 			right: 0;
 			top: 250px;
 			font-size: 14px;
 			font-weight: 700;
 			color: #fff;
 			text-transform: uppercase;
 			text-shadow: 0 2px 0 #8400ff;
 			letter-spacing: 13px;
 			margin: 0
 		}
 		.notfound a {
 			font-family: montserrat, sans-serif;
 			display: inline-block;
 			text-transform: uppercase;
 			color: #ff005a;
 			text-decoration: none;
 			border: 2px solid;
 			background: 0 0;
 			padding: 10px 40px;
 			font-size: 14px;
 			font-weight: 700;
 			-webkit-transition: .2s all;
 			transition: .2s all
 		}
 		.notfound a:hover {
 			color: #8400ff
 		}
 		@media only screen and (max-width:767px) {
 			.notfound .notfound-404 h2 {
 				font-size: 14px
 			}
 		}
 		@media only screen and (max-width:767px) {
 			.notfound .notfound-404 h2 {
 				font-size: 24px
 			}
 		}
 		@media only screen and (max-width:480px) {
 			.notfound .notfound-404 h1 {
 				font-size: 182px
 			}
 		}
 	</style>
 </head>
 <body>
 	<div id="notfound">
 		<div class="notfound">
 			<div class="notfound-404">
 				<h1>500</h1>
 				<h2>Internal Server Error</h2>
 				<h3>Most likely your email isnt verified, please verify your email and try
 					again</h3>
 			</div>
 		</div>
 	</div>
 	<!-- Could insert Google Analytics if you like, or don't -->
 </html>
--- a/helmfile/custom-nginx-ingress-errors/www/503.html
+++ b/helmfile/custom-nginx-ingress-errors/www/503.html
@@ -1,33 +0,0 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
 <meta charset="utf-8">
 <meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="viewport" content="width=device-width, initial-scale=1">
 <title>Error 503</title>
 <link href="https://fonts.googleapis.com/css?family=Montserrat:700,900" rel="stylesheet">
 <style type="text/css" rel="stylesheet">
 	*{-webkit-box-sizing:border-box;box-sizing:border-box}body{padding:0;margin:0}#notfound{position:relative;height:100vh;background:#030005}#notfound .notfound{position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%)}.notfound{max-width:767px;width:100%;line-height:1.4;text-align:center}.notfound .notfound-404{position:relative;height:180px;margin-bottom:20px;z-index:-1}.notfound .notfound-404 h1{font-family:montserrat,sans-serif;position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%);font-size:224px;font-weight:900;margin-top:0;margin-bottom:0;margin-left:-12px;color:#030005;text-transform:uppercase;text-shadow:-1px -1px 0 #8400ff,1px 1px 0 #ff005a;letter-spacing:-20px}.notfound .notfound-404 h2{font-family:montserrat,sans-serif;position:absolute;left:0;right:0;top:110px;font-size:42px;font-weight:700;color:#fff;text-transform:uppercase;text-shadow:0 2px 0 #8400ff;letter-spacing:13px;margin:0}.notfound a{font-family:montserrat,sans-serif;display:inline-block;text-transform:uppercase;color:#ff005a;text-decoration:none;border:2px solid;background:0 0;padding:10px 40px;font-size:14px;font-weight:700;-webkit-transition:.2s all;transition:.2s all}.notfound a:hover{color:#8400ff}@media only screen and (max-width:767px){.notfound .notfound-404 h2{font-size:24px}}@media only screen and (max-width:480px){.notfound .notfound-404 h1{font-size:182px}}
 </style>
 <!--[if lt IE 9]>
 		  <script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
 		  <script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
 		<![endif]-->
 </head>
 <body>
 <div id="notfound">
 <div class="notfound">
 <div class="notfound-404">
 <h1>503</h1>
 <h2>Service Unavailable</h2>
 </div>
 </div>
 </div>
 <!-- Could insert Google Analytics if you like, or don't -->
 </html>
--- a/helmfile/custom-nginx-ingress-errors/www/css/style.css
+++ b/helmfile/custom-nginx-ingress-errors/www/css/style.css
@@ -1 +0,0 @@
 *{-webkit-box-sizing:border-box;box-sizing:border-box}body{padding:0;margin:0}#notfound{position:relative;height:100vh;background:#030005}#notfound .notfound{position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%)}.notfound{max-width:767px;width:100%;line-height:1.4;text-align:center}.notfound .notfound-404{position:relative;height:180px;margin-bottom:20px;z-index:-1}.notfound .notfound-404 h1{font-family:montserrat,sans-serif;position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%);font-size:224px;font-weight:900;margin-top:0;margin-bottom:0;margin-left:-12px;color:#030005;text-transform:uppercase;text-shadow:-1px -1px 0 #8400ff,1px 1px 0 #ff005a;letter-spacing:-20px}.notfound .notfound-404 h2{font-family:montserrat,sans-serif;position:absolute;left:0;right:0;top:110px;font-size:42px;font-weight:700;color:#fff;text-transform:uppercase;text-shadow:0 2px 0 #8400ff;letter-spacing:13px;margin:0}.notfound a{font-family:montserrat,sans-serif;display:inline-block;text-transform:uppercase;color:#ff005a;text-decoration:none;border:2px solid;background:0 0;padding:10px 40px;font-size:14px;font-weight:700;-webkit-transition:.2s all;transition:.2s all}.notfound a:hover{color:#8400ff}@media only screen and (max-width:767px){.notfound .notfound-404 h2{font-size:24px}}@media only screen and (max-width:480px){.notfound .notfound-404 h1{font-size:182px}}
--- a/helmfile/windows-support/Dockerfile
+++ b/helmfile/windows-support/Dockerfile
@@ -1,77 +0,0 @@
 # Setup build arguments with default versions
 ARG AWS_CLI_VERSION=1.18.105
 ARG TERRAFORM_VERSION=0.12.29
 ARG PYTHON_MAJOR_VERSION=3.7
 ARG KUBE_VERSION=v1.18.6
 ARG HELM_VERSION=v3.2.4
 # Download Terraform binary
 FROM debian:buster-20191224-slim as terraform
 ARG TERRAFORM_VERSION
 RUN apt-get update
 RUN apt-get install --no-install-recommends -y curl=7.64.0-4+deb10u1
 RUN apt-get install --no-install-recommends -y ca-certificates=20190110
 RUN apt-get install --no-install-recommends -y unzip=6.0-23+deb10u1
 RUN apt-get install --no-install-recommends -y gnupg=2.2.12-1+deb10u1
 RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS
 RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip
 RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig
 COPY hashicorp.asc hashicorp.asc
 RUN gpg --import hashicorp.asc
 RUN gpg --verify terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig terraform_${TERRAFORM_VERSION}_SHA256SUMS
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN grep terraform_${TERRAFORM_VERSION}_linux_amd64.zip terraform_${TERRAFORM_VERSION}_SHA256SUMS | sha256sum -c -
 RUN unzip -j terraform_${TERRAFORM_VERSION}_linux_amd64.zip
 # Install AWS CLI using PIP
 FROM debian:buster-20191224-slim as aws-cli
 ARG AWS_CLI_VERSION
 ARG PYTHON_MAJOR_VERSION
 RUN apt-get update
 RUN apt-get install -y --no-install-recommends python3=${PYTHON_MAJOR_VERSION}.3-1
 RUN apt-get install -y --no-install-recommends python3-pip=18.1-5
 RUN pip3 install setuptools==46.1.3
 RUN pip3 install wheel==0.34.2
 RUN pip3 install pyyaml==5.3.1
 RUN pip3 install awscli==${AWS_CLI_VERSION}
 # Download Helm\Kubectl binary
 FROM debian:buster-20191224-slim as wget
 ARG KUBE_VERSION
 ARG HELM_VERSION
 RUN apt-get update && \
    apt-get install --no-install-recommends -y wget ca-certificates=20190110
 RUN wget -q https://storage.googleapis.com/kubernetes-release/release/${KUBE_VERSION}/bin/linux/amd64/kubectl -O /usr/local/bin/kubectl
 RUN wget -q https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz -O - | tar -xzO linux-amd64/helm > /usr/local/bin/helm
 # Build final image
 FROM debian:buster-20191224-slim
 ARG PYTHON_MAJOR_VERSION
 RUN apt-get update \
  && apt-get install -y --no-install-recommends \
    ca-certificates=20190110 \
    git \
    curl \
    jq=1.5+dfsg-2+b1 \
    python3=${PYTHON_MAJOR_VERSION}.3-1 \
    sudo \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/* \
  && update-alternatives --install /usr/bin/python python /usr/bin/python${PYTHON_MAJOR_VERSION} 1
 COPY --from=terraform /terraform /usr/local/bin/terraform
 COPY --from=aws-cli /usr/local/bin/aws* /usr/local/bin/
 COPY --from=aws-cli /usr/local/lib/python${PYTHON_MAJOR_VERSION}/dist-packages /usr/local/lib/python${PYTHON_MAJOR_VERSION}/dist-packages
 COPY --from=aws-cli /usr/lib/python3/dist-packages /usr/lib/python3/dist-packages
 COPY --from=wget /usr/local/bin/helm /usr/local/bin/helm
 COPY --from=wget /usr/local/bin/kubectl /usr/local/bin/kubectl
 # this requires helmfile binary in the same folder with the Dockerfile
 COPY helmfile /usr/local/bin/ 
 RUN chmod +x /usr/local/bin/helmfile /usr/local/bin/helm /usr/local/bin/kubectl
 RUN helm plugin install https://github.com/databus23/helm-diff --version v3.0.0-rc.7 && \
    helm plugin install https://github.com/futuresimple/helm-secrets && \
    helm plugin install https://github.com/hypnoglow/helm-s3.git && \
    helm plugin install https://github.com/aslafy-z/helm-git.git
 WORKDIR /workspace
 CMD ["bash"]
--- a/helmfile/windows-support/README.md
+++ b/helmfile/windows-support/README.md
@@ -1,5 +0,0 @@
 ## purpose
 this is needed because helmfile didn't work properly for me on windows (the helm diff plugin), as well as helmfile docker files and helmfile make. hence this dockerfile that works on windows. I needed to include compiled helmfile for the same reason.
 Build this dockerfile like you normally would and after that you can just use the docker image to run helmfile. The provided dockerfile has got aws cli, kubectl, terraform, helm, helm plugins and helmfile.
--- a/helmfile/windows-support/dockerfile.v2
+++ b/helmfile/windows-support/dockerfile.v2
@@ -1,50 +0,0 @@
 # Setup build arguments with default versions
 ARG TERRAFORM_VERSION=0.12.29
 ARG KUBE_VERSION=v1.18.8
 ARG HELM_VERSION=v3.3.0
 ARG HELMFILE_VERSION=v0.126.2
 ARG KUSTOMIZE_VERSION=v3.8.1
 # Download Terraform\Kubectl\Helm binaries
 FROM debian:buster-slim as binaries
 ARG TERRAFORM_VERSION
 ARG KUBE_VERSION
 ARG HELM_VERSION
 RUN apt-get update
 RUN apt-get install --no-install-recommends -y curl=7.64.0-4+deb10u1
 RUN apt-get install --no-install-recommends -y ca-certificates=20190110
 RUN apt-get install --no-install-recommends -y unzip=6.0-23+deb10u1
 RUN apt-get install --no-install-recommends -y gnupg=2.2.12-1+deb10u1
 RUN apt-get install --no-install-recommends -y wget
 RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS
 RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip
 RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig
 RUN wget -q https://storage.googleapis.com/kubernetes-release/release/${KUBE_VERSION}/bin/linux/amd64/kubectl -O /usr/local/bin/kubectl
 RUN wget -q https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz -O - | tar -xzO linux-amd64/helm > /usr/local/bin/helm
 COPY hashicorp.asc hashicorp.asc
 RUN gpg --import hashicorp.asc
 RUN gpg --verify terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig terraform_${TERRAFORM_VERSION}_SHA256SUMS
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN grep terraform_${TERRAFORM_VERSION}_linux_amd64.zip terraform_${TERRAFORM_VERSION}_SHA256SUMS | sha256sum -c -
 RUN unzip -j terraform_${TERRAFORM_VERSION}_linux_amd64.zip
 # Layer to get helmfile stuff
 FROM quay.io/roboll/helmfile:${HELMFILE_VERSION} as helmfile
 ARG KUSTOMIZE_VERSION
 RUN curl -L https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz | \
      tar zxv && mv kustomize /usr/local/bin
 # Build final image
 FROM amazon/aws-cli
 WORKDIR /ci
 ENV XDG_DATA_HOME=/home
 COPY --from=binaries /terraform /usr/local/bin/terraform
 COPY --from=binaries /usr/local/bin/helm /usr/local/bin/helm
 COPY --from=binaries /usr/local/bin/kubectl /usr/local/bin/kubectl
 COPY --from=helmfile /usr/local/bin/helmfile /usr/local/bin
 COPY --from=helmfile /usr/local/bin/kustomize /usr/local/bin
 COPY --from=helmfile /root/.helm/cache/plugins/ /home/helm/plugins
 RUN chmod +x /usr/local/bin/helmfile && chmod +x /usr/local/bin/helm && chmod +x /usr/local/bin/kubectl && chmod +x /usr/local/bin/kustomize
 WORKDIR /ci
 ENTRYPOINT ["/bin/bash"]
--- a/helmfile/windows-support/hashicorp.asc
+++ b/helmfile/windows-support/hashicorp.asc
@@ -1,30 +0,0 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: GnuPG v1
 mQENBFMORM0BCADBRyKO1MhCirazOSVwcfTr1xUxjPvfxD3hjUwHtjsOy/bT6p9f
 W2mRPfwnq2JB5As+paL3UGDsSRDnK9KAxQb0NNF4+eVhr/EJ18s3wwXXDMjpIifq
 fIm2WyH3G+aRLTLPIpscUNKDyxFOUbsmgXAmJ46Re1fn8uKxKRHbfa39aeuEYWFA
 3drdL1WoUngvED7f+RnKBK2G6ZEpO+LDovQk19xGjiMTtPJrjMjZJ3QXqPvx5wca
 KSZLr4lMTuoTI/ZXyZy5bD4tShiZz6KcyX27cD70q2iRcEZ0poLKHyEIDAi3TM5k
 SwbbWBFd5RNPOR0qzrb/0p9ksKK48IIfH2FvABEBAAG0K0hhc2hpQ29ycCBTZWN1
 cml0eSA8c2VjdXJpdHlAaGFzaGljb3JwLmNvbT6JATgEEwECACIFAlMORM0CGwMG
 CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEFGFLYc0j/xMyWIIAIPhcVqiQ59n
 Jc07gjUX0SWBJAxEG1lKxfzS4Xp+57h2xxTpdotGQ1fZwsihaIqow337YHQI3q0i
 SqV534Ms+j/tU7X8sq11xFJIeEVG8PASRCwmryUwghFKPlHETQ8jJ+Y8+1asRydi
 psP3B/5Mjhqv/uOK+Vy3zAyIpyDOMtIpOVfjSpCplVRdtSTFWBu9Em7j5I2HMn1w
 sJZnJgXKpybpibGiiTtmnFLOwibmprSu04rsnP4ncdC2XRD4wIjoyA+4PKgX3sCO
 klEzKryWYBmLkJOMDdo52LttP3279s7XrkLEE7ia0fXa2c12EQ0f0DQ1tGUvyVEW
 WmJVccm5bq25AQ0EUw5EzQEIANaPUY04/g7AmYkOMjaCZ6iTp9hB5Rsj/4ee/ln9
 wArzRO9+3eejLWh53FoN1rO+su7tiXJA5YAzVy6tuolrqjM8DBztPxdLBbEi4V+j
 2tK0dATdBQBHEh3OJApO2UBtcjaZBT31zrG9K55D+CrcgIVEHAKY8Cb4kLBkb5wM
 skn+DrASKU0BNIV1qRsxfiUdQHZfSqtp004nrql1lbFMLFEuiY8FZrkkQ9qduixo
 mTT6f34/oiY+Jam3zCK7RDN/OjuWheIPGj/Qbx9JuNiwgX6yRj7OE1tjUx6d8g9y
 0H1fmLJbb3WZZbuuGFnK6qrE3bGeY8+AWaJAZ37wpWh1p0cAEQEAAYkBHwQYAQIA
 CQUCUw5EzQIbDAAKCRBRhS2HNI/8TJntCAClU7TOO/X053eKF1jqNW4A1qpxctVc
 z8eTcY8Om5O4f6a/rfxfNFKn9Qyja/OG1xWNobETy7MiMXYjaa8uUx5iFy6kMVaP
 0BXJ59NLZjMARGw6lVTYDTIvzqqqwLxgliSDfSnqUhubGwvykANPO+93BBx89MRG
 unNoYGXtPlhNFrAsB1VR8+EyKLv2HQtGCPSFBhrjuzH3gxGibNDDdFQLxxuJWepJ
 EK1UbTS4ms0NgZ2Uknqn1WRU1Ki7rE4sTy68iZtWpKQXZEJa0IGnuI2sSINGcXCJ
 oEIgXTMyCILo34Fa/C6VCm2WBgz9zZO8/rHIiQm1J5zqz0DrDwKBUM9C
 =LYpS
 -----END PGP PUBLIC KEY BLOCK-----
--- a/terraform/root-162540680133/sops_key/.terraform.lock.hcl
+++ b/terraform/root-162540680133/sops_key/.terraform.lock.hcl
@@ -0,0 +1,25 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
 provider "registry.terraform.io/hashicorp/aws" {
  version     = "4.40.0"
  constraints = ">= 2.63.0"
  hashes = [
    "h1:ZNYcP0N4WfRiuCmkXJkPrTS/4BG7PfkbXBUhbA77WTg=",
    "zh:04ca7287b7f5a2a310b60308cc08df11e97714d32d1a10c34a94454d330af66e",
    "zh:13c28ba9b324c526580783a3807007a296ce58c607c7bdc94ae2bb72b35b6495",
    "zh:2c84dbc0701b9724802f7343f916f50b6914a044dfbfc6654f264c9347f02dac",
    "zh:33255a22e1d1ecec2ad8ccfec1e4a54dc33a8d71f3edad098c25d822958a138b",
    "zh:4583b5e92b8de3662c8d8ff8a6527572ec23ad8c64dd686ff9dd528bc6934a4f",
    "zh:4a9f502c0b8abe45abda846e0601f8d8ef582e62e0b92cb747b4200a711ba739",
    "zh:558959e19935ec5e7f0647e900fc8561f4961a377be0178496a6495805136721",
    "zh:6b3dc4b034d34885db620d73c75d3bb9abeee539e61ca9d0670fb995353e165d",
    "zh:72f0dac5dbba355bce88599ded2baabc7d109ee786b89c6648ae720cb00a4bbf",
    "zh:77981b87e2bcbb278402e8ff863d5e50aafbdc03629d7a57273c06989884a22f",
    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
    "zh:c5b4dd61558a4887a23847d23cd3b41a97ad03a9f3624d0687cb5461fee514b0",
    "zh:c8949bc6600ec10ea5c0abdd4c1ffee8f82519c0cda8cc7a651e6258960e6249",
    "zh:d1c88ab98f126d65cd0c7b6c9e1d06d59e766217ae374d5a908052817e3692a3",
    "zh:ff2e921440bcbfd440ef84f5127ba881c930b2b70773e725de35c0fa3baddc4b",
  ]
 }
--- a/terraform/root-162540680133/sops_key/kms.tf
+++ b/terraform/root-162540680133/sops_key/kms.tf
@@ -0,0 +1,95 @@
 data "aws_iam_policy_document" "kms" {
  statement {
    sid       = "Enable IAM User Permissions"
    actions   = ["kms:*"]
    resources = ["arn:aws:s3:::*"]
    effect    = "Allow"
    principals {
      type        = "AWS"
      identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"]
    }
  }
  statement {
    sid = "Allow access for Key Administrators"
    actions = [
      "kms:Create*",
      "kms:Describe*",
      "kms:Enable*",
      "kms:List*",
      "kms:Put*",
      "kms:Update*",
      "kms:Revoke*",
      "kms:Disable*",
      "kms:Get*",
      "kms:Delete*",
      "kms:TagResource",
      "kms:UntagResource",
      "kms:ScheduleKeyDeletion",
      "kms:CancelKeyDeletion"
    ]
    resources = ["*"]
    effect    = "Allow"
    principals {
      type = "AWS"
      identifiers = [
        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AdministratorAccess_91b52266e9732916",
        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_SystemAdministrator_2bf11eb9a2b37c20",
      ]
    }
  }
  statement {
    sid = "Allow use of the key"
    actions = [
      "kms:Encrypt",
      "kms:Decrypt",
      "kms:ReEncrypt*",
      "kms:GenerateDataKey*",
      "kms:DescribeKey"
    ]
    resources = ["*"]
    effect    = "Allow"
    principals {
      type = "AWS"
      identifiers = [
        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AdministratorAccess_91b52266e9732916",
        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_SystemAdministrator_2bf11eb9a2b37c20",
      ]
    }
  }
  statement {
    sid = "Allow attachment of persistent resources"
    actions = [
      "kms:CreateGrant",
      "kms:ListGrants",
      "kms:RevokeGrant"
    ]
    resources = ["*"]
    effect    = "Allow"
    principals {
      type = "AWS"
      identifiers = [
        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AdministratorAccess_91b52266e9732916",
        "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_SystemAdministrator_2bf11eb9a2b37c20",
      ]
    }
    condition {
      test     = "Bool"
      variable = "kms:GrantIsForAWSResource"
      values   = ["true"]
    }
  }
 }
 resource "aws_kms_key" "kms" {
  description = "Helm secrets key"
  policy      = data.aws_iam_policy_document.kms.json
 }
 resource "aws_kms_alias" "kms" {
  name          = "alias/helm-secrets"
  target_key_id = aws_kms_key.kms.key_id
 }
--- a/terraform/root-162540680133/sops_key/main.tf
+++ b/terraform/root-162540680133/sops_key/main.tf
@@ -1,16 +1,18 @@
 provider "aws" {
-  version = ">= 2.59.0"
+  version = ">= 2.63.0"
  region  = var.aws_region
 }
 terraform {
-  required_version = ">= 0.12.2"
+  required_version = ">= 1.0.0, < 2.0.0"
  backend "s3" {
    region         = "us-east-1"
-    bucket         = "tip-wifi-tfstate"
+    bucket         = "tip-org-tfstate"
-    key            = "wlan-main"
+    key            = "tip-sops"
    dynamodb_table = "terraform-state-lock"
    encrypt        = true
  }
 }
 data "aws_caller_identity" "current" {}
--- a/terraform/root-162540680133/sops_key/terraform.tfvars
+++ b/terraform/root-162540680133/sops_key/terraform.tfvars
@@ -0,0 +1 @@
 aws_region = "us-east-1"
--- a/terraform/root-162540680133/sops_key/variables.tf
+++ b/terraform/root-162540680133/sops_key/variables.tf
@@ -0,0 +1,4 @@
 variable "aws_region" {
  description = "AWS region"
  type        = string
 }
--- a/terraform/root-162540680133/tf_organization/.sops.yaml
+++ b/terraform/root-162540680133/tf_organization/.sops.yaml
@@ -0,0 +1,2 @@
 creation_rules:
 - kms: 'arn:aws:kms:us-east-1:162540680133:alias/helm-secrets'
--- a/terraform/root-162540680133/tf_organization/billing_alarm.tf
+++ b/terraform/root-162540680133/tf_organization/billing_alarm.tf
@@ -1,5 +1,5 @@
 resource "aws_budgets_budget" "default" {
-  for_each          = var.org_accounts
+  for_each          = jsondecode(data.sops_file.secrets.raw).org_accounts
  name              = "${each.key}-budget"
  budget_type       = "COST"
  limit_amount      = each.value["monthly_budget"]
--- a/terraform/root-162540680133/tf_organization/main.tf
+++ b/terraform/root-162540680133/tf_organization/main.tf
@@ -8,9 +8,20 @@ terraform {
    dynamodb_table = "terraform-state-lock"
    encrypt        = true
  }
  required_providers {
    sops = {
      source  = "carlpett/sops"
      version = "~> 0.5"
    }
  }
 }
 provider "aws" {
  version = ">= 2.63.0"
  region  = var.aws_region
 }
 data "sops_file" "secrets" {
  source_file = "secrets.enc.json"
 }
--- a/terraform/root-162540680133/tf_organization/organization.tf
+++ b/terraform/root-162540680133/tf_organization/organization.tf
@@ -13,7 +13,7 @@ resource "aws_organizations_organizational_unit" "default" {
 }
 resource "aws_organizations_account" "default" {
-  for_each  = var.org_accounts
+  for_each  = jsondecode(data.sops_file.secrets.raw).org_accounts
  name      = each.key
  email     = each.value["email"]
  parent_id = aws_organizations_organizational_unit.default.id
--- a/terraform/root-162540680133/tf_organization/secrets.enc.json
+++ b/terraform/root-162540680133/tf_organization/secrets.enc.json
@@ -0,0 +1,48 @@
 {
 	"org_accounts": {
 		"cicd": {
 			"email": "ENC[AES256_GCM,data:w+A2Y0Exkle7so5gWfIgnoCqRL8FH0+fXwG3yindZYNVZQ==,iv:9+pHL0zsbRJ+ysW0zoEA+/hfcWROEeLy7TCj0L+e7Eo=,tag:/Co2xGMjLqFEegmRm6LH5Q==,type:str]",
 			"monthly_budget": "ENC[AES256_GCM,data:7/+H+V0=,iv:/sGSwJEamMNWP0kD86k4rgWmlvaztCgqnve+amF1twA=,tag:slwv9fixGjI4+gVD2A65yA==,type:str]",
 			"billing_alarm_notify_emails": [
 				"ENC[AES256_GCM,data:hJzTn6zBNHy21Xr/ebZt5TUB,iv:6vGbAvjblpXoGOG5INrY74IZAL3/3CZaCtOzCC7yjgo=,tag:lznl3K88QVrOCBgeb054iQ==,type:str]",
 				"ENC[AES256_GCM,data:U6GZrBV/7p0PnISLAtbDxUohhjE=,iv:8xvvjI6ypRdFKpZpkWq6GCKOe35Hl9GPElIbNXDNyLM=,tag:d2X8B7bTatIwsMG1o2Z7LA==,type:str]"
 			]
 		},
 		"wifi": {
 			"email": "ENC[AES256_GCM,data:ZF/RJC3iUY7r35k1n7X2InBqhwsiSzH1u+IAslKYYna9Yw==,iv:Ze9a7uCE7vQTvvxToTBB2njMIJUE+cWWSryhYQGwdDs=,tag:ntuOOx9S6z51E+zmNwosyw==,type:str]",
 			"monthly_budget": "ENC[AES256_GCM,data:Cx1RjR6z,iv:jKibjwHFaMHUC9S5k24Reww3nSBWrjphCZM0naYSnTI=,tag:bLjHZC4F2Vlf8fxOCoQ/0g==,type:str]",
 			"billing_alarm_notify_emails": [
 				"ENC[AES256_GCM,data:gVZREZAFuDO70s6Psf9/AA+Z2g/IbuND,iv:pXj/RaRISryf5UPnJaHx/zAWT00GXxhY3zMUJAFnnJE=,tag:pSvqz6tODo9Qb1qt0FIG1w==,type:str]",
 				"ENC[AES256_GCM,data:3a3J1QJDH32TkLD5Qo8CTXUOVBYg2WI=,iv:btVPVNQUeoHvvCkeAp8u/PAJBbDcIEB1LLk0SPpq68U=,tag:72xpp+7I4OynvFpgoFV4tA==,type:str]",
 				"ENC[AES256_GCM,data:+Yye97K9a/14p0H6GyNfuNWuWQ==,iv:5qLSSl74dDNAGCG9fZrZH2pzIsLzw0Qi4GeZXtz4ybk=,tag:8/Wgm9URP8Q9YpGJJ/1mrg==,type:str]"
 			]
 		},
 		"openautomation": {
 			"email": "ENC[AES256_GCM,data:9IHAeBPnIo9W6JGtfd6twleqVBGu0TP4TrM1Rsj1+6s7S7An5g==,iv:uGocTojTHz/O8uxmFVv/4M3o7ma0C6FaCiqPmu6UaEE=,tag:NA0vY6wd32rDRs30VltQJw==,type:str]",
 			"monthly_budget": "ENC[AES256_GCM,data:WvG9Ijk=,iv:v+llc1tiuqwBBwDoFKcAagWjFhuoUuSSz5LH5Xt8Dbw=,tag:Mrfyllp+4+UgPzLXXR862g==,type:str]",
 			"billing_alarm_notify_emails": [
 				"ENC[AES256_GCM,data:v9PEhhGfPiF0/BQyuFkKLhVL,iv:2MifI4GsP3ANt51Noymdebxybf+JZrd09lQb9OacR5w=,tag:kc4Jt545KllcTH6gD376Uw==,type:str]",
 				"ENC[AES256_GCM,data:89B2fcgDa+2nYbg1EfdafbHIZIc=,iv:c1NwTcLHHv7dBg5SIQ2GVwt1vAIcQDvV7HhWUYAthaM=,tag:hTiEWaIK01BlNPc9oInZXg==,type:str]"
 			]
 		}
 	},
 	"sops": {
 		"kms": [
 			{
 				"arn": "arn:aws:kms:us-east-1:162540680133:alias/helm-secrets",
 				"created_at": "2022-11-21T14:26:23Z",
 				"enc": "AQICAHi1PeBBVgOTmYIxfm2OeQV6Js1L6sK2WYypQs3n0SEJtgH49MkfD5xT/GyTTOU4sOV7AAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMQLp3bASG3zvc2T8/AgEQgDtP58RwjvLOv830CZfdKMxxc58qwqaQrkpANmUYec/5j7uy807kz+mpvhY1ATZrtkVGUDjjUTFEZSnqbQ==",
 				"aws_profile": ""
 			}
 		],
 		"gcp_kms": null,
 		"azure_kv": null,
 		"hc_vault": null,
 		"age": null,
 		"lastmodified": "2022-11-21T14:29:01Z",
 		"mac": "ENC[AES256_GCM,data:F1a6uJP2AJNjVLWITz7f41lglPlUassiqfjcylmdVXbJpY9sS7gnpYbxBO5h3KhSGshq5iRf2tmOhLpDSeb2SnznW5EhWf6V2d7G2kETsRm2Yk3z5RwUjp9eoixDEG0MWinrDRo0CnvBf+npLNg3SgOFWi0thwzSTs5uP3x7kcA=,iv:vNnD5+Oi2jsV28Zy+MWJPN26BbcZlW7nHsb/qtsOc6I=,tag:W1caIEvzTsiCnrvr8Iu7Bg==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.7.3"
 	}
 }
--- a/terraform/root-162540680133/tf_organization/terraform.tfvars
+++ b/terraform/root-162540680133/tf_organization/terraform.tfvars
@@ -1,40 +1 @@
 aws_region = "us-east-1"
 billing_alarm_notify_emails = [
  "tip-alerts@opsfleet.com"
 ]
 budget_monthly_limit = {
  "cicd" = "100.0"
  "wifi" = "100.0"
 }
 org_accounts = {
  "cicd" = {
    "email"          = "cicd-admin@telecominfraproject.com"
    "monthly_budget" = "500.0"
    "billing_alarm_notify_emails" = [
      "dorongivoni@fb.com",
      "jcrosby@launchcg.com",
    ]
  }
  "wifi" = {
    "email"          = "wifi-admin@telecominfraproject.com"
    "monthly_budget" = "5000.0"
    "billing_alarm_notify_emails" = [
      "jaspreetsachdev@meta.com",
      "tip-alerts@opsfleet.com",
      "chrisbusch@meta.com",
    ]
  }
  "openautomation" = {
    "email"          = "netauto-admin@telecominfraproject.com"
    "monthly_budget" = "500.0"
    "billing_alarm_notify_emails" = [
      "dorongivoni@fb.com",
      "jcrosby@launchcg.com",
    ]
  }
 }
--- a/terraform/root-162540680133/tf_organization/variables.tf
+++ b/terraform/root-162540680133/tf_organization/variables.tf
@@ -2,17 +2,3 @@ variable "aws_region" {
  description = "AWS region"
  type        = string
 }
 variable "billing_alarm_notify_emails" {
  description = "Billing alarm notification emails"
  type        = set(string)
 }
 variable "budget_monthly_limit" {
  description = "Monthly budget limit, USD"
  type        = map(string)
 }
 variable "org_accounts" {
  description = "Organization accounts"
 }
--- a/terraform/wifi-289708231103/atlantis/secrets.enc.json
+++ b/terraform/wifi-289708231103/atlantis/secrets.enc.json
@@ -1,5 +1,5 @@
 {
-	"atlantis_github_user_token": "ENC[AES256_GCM,data:x5ql3nUmjUaCrbRUmffJ1tuUEhGFsLmNkCVoUumGdfe4cFXI6gsw4g==,iv:QEw4hkrZrlhDOH+CMd/lni5aS+rTzCZgcZPNbL9Fw9I=,tag:dnKoKSPJMp8bO9tL/GmNrw==,type:str]",
+	"atlantis_github_user_token": "ENC[AES256_GCM,data:IIAaJizfK+PanRd7C27eQECQOHSvWonWY813b8z+xuXqGYA+2kIDfg==,iv:CoVriwQq2EjJP4lxjoaGypas9YWh1quLcLsrWYg0mNM=,tag:Ojfy91MO3CQ4mkrSCtSxlA==,type:str]",
 	"sops": {
 		"kms": [
 			{
@@ -13,10 +13,10 @@
 		"azure_kv": null,
 		"hc_vault": null,
 		"age": null,
-		"lastmodified": "2021-05-31T11:59:27Z",
+		"lastmodified": "2022-11-17T11:32:47Z",
-		"mac": "ENC[AES256_GCM,data:Uqj1ZPhM0XWjxGiV+399F0rVC12cNWlXzpzRpUPjOemNfSREe2bGt3MnnoGdVVuNAy1rvPJHS3eNdTx089d31X4JAfo93osy0I7YQqKR2FmeUWHHPi8NJBkZ1f7/FEYzkN0ztWwxdHRc5ncokj3jEk0Uv1OEVuEWvhdCjiR7rzc=,iv:eymoHyUg0RhcOOQQ9B3/ifd9nx9bk9PfYHfA7egIz1A=,tag:nOejqTpSnDSz0aq67nUORw==,type:str]",
+		"mac": "ENC[AES256_GCM,data:59uh9D0z272tnpSTB/p0hFZgW7xoDg1HttEacSH/r9ko0vpEZK+MwtqLIRVdccNUHaKBI8cNCjbvBUEZSXA0cv6X22O2OQoxJWxiWSur9eIe9ENsZfsaBteYtPR14SsFu9fJuUxy1IPmeLB1f1O6c3UkbLMppAC/XUr1DdkXGM4=,iv:T7XS6Oxtrcrr/kxfMJFS+sZiKrAjclna+Ab5L8Y4jOA=,tag:6BbS4zgyQ0YiEgW6E9U+bw==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
-		"version": "3.7.0"
+		"version": "3.7.3"
 	}
 }
--- a/terraform/wifi-289708231103/tip-wifi-vpn/.sops.yaml
+++ b/terraform/wifi-289708231103/tip-wifi-vpn/.sops.yaml
--- a/terraform/wifi-289708231103/tip-wifi-vpn/.terraform.lock.hcl
+++ b/terraform/wifi-289708231103/tip-wifi-vpn/.terraform.lock.hcl
@@ -1,21 +1,40 @@
 # This file is maintained automatically by "terraform init".
 # Manual edits may be lost in future updates.
-provider "registry.terraform.io/hashicorp/aws" {
+provider "registry.terraform.io/carlpett/sops" {
-  version     = "3.71.0"
+  version     = "0.7.1"
-  constraints = ">= 3.15.0"
+  constraints = "~> 0.5"
  hashes = [
-    "h1:wnTd0krep3mqRz650U7TSv/tCkA0LoXKe0QFlnsg/7Q=",
+    "h1:/LNLI9qKgRjlHhyl1M/6BA+HVUMQ9RQApZgyfV4RAJ4=",
-    "zh:173134d8861a33ed60a48942ad2b96b9d06e85c506d7f927bead47a28f4ebdd2",
+    "zh:203d5ab6af38efb9fc84fdbb303218aa5012dc8d28e700642be41bbc4b1c2fa1",
-    "zh:2996c8e96930f526f1761e99d14c0b18d83e287b1362aa2fa1444cf848ece613",
+    "zh:5684a2dc65da50824fb4275c10ac452e6512dd0d60a9abd5f505e67e7b9d759a",
-    "zh:43903da1e0a809a1fb5832e957dbe2321b86630d6bfdd8b47728647a72fd912d",
+    "zh:b4311d7cae0b29f2dcf5a18a8297ed0787f59b140102547da9f8b61af27e15b6",
-    "zh:43e71fd8924e7f7b56a0b2a82e29edf07c53c2b41ee7bb442a2f1c27e03e86ae",
+    "zh:bbf9e6956191a95dfbb8336b1cc8a059ceba4d3f1f22a83e4f08662cd1cabe9b",
-    "zh:4f4c73711f64a3ff85f88bf6b2594e5431d996b7a59041ff6cbc352f069fc122",
+    "zh:cd8f244d26f9733b9b238db22b520e69cdc68262093db3389ec466b1df2cadd8",
-    "zh:5045241b8695ffbd0730bdcd91393b10ffd0cfbeaad6254036e42ead6687d8fd",
+    "zh:d855e4dc2ad41d8a877dd5dcd51061233fc5976c5c9afceb5a973e6a9f76b1d9",
-    "zh:6a8811a0fb1035c09aebf1f9b15295523a9a7a2627fd783f50c6168a82e192dd",
+    "zh:ed584cf42015e1f10359cc2d85b12e348c5c1581ae781be29e0e3dfb7f43590b",
-    "zh:8d273c04d7a8c36d4366329adf041c480a0f1be10a7269269c88413300aebdb8",
+  ]
-    "zh:b90505897ae4943a74de2b88b6a9e7d97bf6dc325a0222235996580edff28656",
+}
-    "zh:ea5e422942ac6fc958229d27d4381c89d21d70c5c2c67a6c06ff357bcded76f6",
+
-    "zh:f1536d7ff2d3bfd668e3ac33d8956b4f988f87fdfdcc371c7d94b98d5dba53e2",
+provider "registry.terraform.io/hashicorp/aws" {
  version     = "4.40.0"
  constraints = ">= 4.4.0"
  hashes = [
    "h1:ZNYcP0N4WfRiuCmkXJkPrTS/4BG7PfkbXBUhbA77WTg=",
    "zh:04ca7287b7f5a2a310b60308cc08df11e97714d32d1a10c34a94454d330af66e",
    "zh:13c28ba9b324c526580783a3807007a296ce58c607c7bdc94ae2bb72b35b6495",
    "zh:2c84dbc0701b9724802f7343f916f50b6914a044dfbfc6654f264c9347f02dac",
    "zh:33255a22e1d1ecec2ad8ccfec1e4a54dc33a8d71f3edad098c25d822958a138b",
    "zh:4583b5e92b8de3662c8d8ff8a6527572ec23ad8c64dd686ff9dd528bc6934a4f",
    "zh:4a9f502c0b8abe45abda846e0601f8d8ef582e62e0b92cb747b4200a711ba739",
    "zh:558959e19935ec5e7f0647e900fc8561f4961a377be0178496a6495805136721",
    "zh:6b3dc4b034d34885db620d73c75d3bb9abeee539e61ca9d0670fb995353e165d",
    "zh:72f0dac5dbba355bce88599ded2baabc7d109ee786b89c6648ae720cb00a4bbf",
    "zh:77981b87e2bcbb278402e8ff863d5e50aafbdc03629d7a57273c06989884a22f",
    "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
    "zh:c5b4dd61558a4887a23847d23cd3b41a97ad03a9f3624d0687cb5461fee514b0",
    "zh:c8949bc6600ec10ea5c0abdd4c1ffee8f82519c0cda8cc7a651e6258960e6249",
    "zh:d1c88ab98f126d65cd0c7b6c9e1d06d59e766217ae374d5a908052817e3692a3",
    "zh:ff2e921440bcbfd440ef84f5127ba881c930b2b70773e725de35c0fa3baddc4b",
  ]
 }
--- a/terraform/wifi-289708231103/tip-wifi-vpn/alerts.tf
+++ b/terraform/wifi-289708231103/tip-wifi-vpn/alerts.tf
@@ -128,7 +128,7 @@ resource "aws_cloudformation_stack" "atlassian_cloud_backup_email_notification"
  template_body = <<EOT
 AWSTemplateFormatVersion: 2010-09-09
 Resources:
-%{~for subscription in var.sns_alarm_subscriptions}
+%{~for subscription in jsondecode(data.sops_file.secrets.raw).sns_alarm_subscriptions}
  Subscription${md5(subscription["endpoint"])}:
    Type: AWS::SNS::Subscription
    Properties:
--- a/terraform/wifi-289708231103/tip-wifi-vpn/main.tf
+++ b/terraform/wifi-289708231103/tip-wifi-vpn/main.tf
@@ -12,6 +12,13 @@ terraform {
    dynamodb_table = "terraform-state-lock"
    encrypt        = true
  }
  required_providers {
    sops = {
      source  = "carlpett/sops"
      version = "~> 0.5"
    }
  }
 }
 data "terraform_remote_state" "wlan_main" {
@@ -26,6 +33,10 @@ data "terraform_remote_state" "wlan_main" {
  }
 }
 data "sops_file" "secrets" {
  source_file = "secrets.enc.json"
 }
 locals {
  common_tags = {
    "ManagedBy" = "terraform"
--- a/terraform/wifi-289708231103/tip-wifi-vpn/perfecto-vpn.tf
+++ b/terraform/wifi-289708231103/tip-wifi-vpn/perfecto-vpn.tf
@@ -1,6 +1,6 @@
 resource "aws_customer_gateway" "tunnel_perfecto" {
  bgp_asn    = 65000
-  ip_address = "23.21.201.213"
+  ip_address = data.sops_file.secrets.data["perfecto_ip"]
  type       = "ipsec.1"
  tags       = merge({ Name = "tunnel-perfecto" }, local.common_tags)
 }
@@ -12,9 +12,3 @@ resource "aws_vpn_connection" "tunnel-perfecto" {
  static_routes_only  = true
  tags                = merge({ Name = "tunnel-perfecto" }, local.common_tags)
 }
 # resource "aws_ec2_transit_gateway_route" "tunnel-perfecto" {
 #   destination_cidr_block         = "198.160.7.240/32"
 #   transit_gateway_attachment_id  = aws_vpn_connection.tunnel-perfecto.transit_gateway_attachment_id
 #   transit_gateway_route_table_id = module.tgw_main.ec2_transit_gateway_association_default_route_table_id
 # }
--- a/terraform/wifi-289708231103/tip-wifi-vpn/secrets.enc.json
+++ b/terraform/wifi-289708231103/tip-wifi-vpn/secrets.enc.json
@@ -0,0 +1,35 @@
 {
 	"perfecto_ip": "ENC[AES256_GCM,data:/IY0aCN2eHcL0RucVw==,iv:R7ZeKlKpKHMQsUjGHsZbiVEFsGmwUciqReGd9l+5Ttw=,tag:5fAf9wnxVkKK05EATbskzw==,type:str]",
 	"vpn_endpoint_ip": "ENC[AES256_GCM,data:3nuiwTivzdxWCoz3LpY=,iv:fVXXVTd0uEMGCSsQoz5G2TBMyN8j2kdIjkWVxFbS1ZE=,tag:xpKDqJGPvLc3VSLsMSyYxw==,type:str]",
 	"nrg_vpn_endpoint_ip": "ENC[AES256_GCM,data:DLdU2Zty4catmeZWcZq2,iv:zJNSGSrNyHUthGYy6SnJx24qHx8DSr+9AelstchTAGs=,tag:vHDgU3d53SjEOyt4mIVuNg==,type:str]",
 	"vpn_endpoint_cidr": "ENC[AES256_GCM,data:zFuYNiOQ8CuSnKsnMXc=,iv:NjT8TBjU7t+TFDabF1qQ4fOzJpJBbnDAN3ZVNQOi8ig=,tag:RNnfvoXxaRgEPjpvL/PGGA==,type:str]",
 	"sns_alarm_subscriptions": [
 		{
 			"protocol": "ENC[AES256_GCM,data:YOJqHTg=,iv:H/fdlPeKnotz5F3iRCRomaXzurl9w2JZj+zWuCyhDSc=,tag:EaFi41DuHiE7zYJCO+g8hA==,type:str]",
 			"endpoint": "ENC[AES256_GCM,data:82w01TQr6f/r58QwPaXOvmdJtvbHVyU=,iv:PDAW0llXFGnjXFr+vefRXFDogLkN93dxRd2k+wk3Pg4=,tag:vCwpaHFHhTgQnufqMt6Zhg==,type:str]"
 		},
 		{
 			"protocol": "ENC[AES256_GCM,data:nytYN7Y=,iv:G0TvH0k77GTsxpO5oe1Lbzlw0PpxOytRHy0AsBW+BsA=,tag:W3amDCbgp0p3kBVlCYoq9g==,type:str]",
 			"endpoint": "ENC[AES256_GCM,data:V5plQfypyyS1E5HWeyMOuFhjpZhHmA==,iv:YvZTkaSJoWBpSLCMHdbSDz2ZI45WEKfSHHIC3l8Krpk=,tag:FPOdvy1POHgFSwxsCZaeXQ==,type:str]"
 		}
 	],
 	"sops": {
 		"kms": [
 			{
 				"arn": "arn:aws:kms:us-east-2:289708231103:alias/helm-secrets",
 				"created_at": "2022-11-21T14:47:10Z",
 				"enc": "AQICAHiG/4CitJjM31GdYxTw9OLz/Zs5oK+DCq0cU2fAjtAA3AG3CR4Uexo9ZJ5nJPwdaLBkAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQM6OsLcrzyAYuuYnDmAgEQgDs3YMMRGuRKMIw5Pa5t6V5PugAdomPvN2oLwVpPA9d34I8wyrD2QcOlNNMr3bgNIRSGWzgtS/fk9/c7+A==",
 				"aws_profile": ""
 			}
 		],
 		"gcp_kms": null,
 		"azure_kv": null,
 		"hc_vault": null,
 		"age": null,
 		"lastmodified": "2022-11-21T14:53:55Z",
 		"mac": "ENC[AES256_GCM,data:LNvZI/pz05pOyhLO3uWHLv/0EyAKfQ3JHNf/CLT9ezcJm2UPNPPxjEmknjm6J222ox1pWFFStWS0t8GMLdfgF7vackG2n+VqLHT4OTmHXLekVxrCJBLKPQmHeIIoAHQNyenzNatwkiAxHZa/PyprzFrv8sb7yb8yE7/YJpl6fOQ=,iv:5b9rE+qKrU3x21b0XQcOOJQrN1hx00EiXoU4HJOeZ4I=,tag:wG3zunaVaUAo0RD9Tyqgeg==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.7.3"
 	}
 }
--- a/terraform/wifi-289708231103/tip-wifi-vpn/terraform.tfvars
+++ b/terraform/wifi-289708231103/tip-wifi-vpn/terraform.tfvars
@@ -1,18 +1 @@
 aws_region = "us-east-2"
 vpn_endpoint_ip = "209.249.227.25"
 nrg_vpn_endpoint_ip = "163.114.132.128"
 vpn_endpoint_cidr = "100.97.55.0/24"
 sns_alarm_subscriptions = [
  {
    protocol = "email",
    endpoint = "tip-alerts@opsfleet.com"
  },
  {
    protocol = "email",
    endpoint = "tipdevops@launchcg.com"
  },
 ]
--- a/terraform/wifi-289708231103/tip-wifi-vpn/transit_gateway.tf
+++ b/terraform/wifi-289708231103/tip-wifi-vpn/transit_gateway.tf
@@ -26,7 +26,7 @@ resource "aws_route" "private" {
 }
 resource "aws_ec2_transit_gateway_route" "vpn" {
-  destination_cidr_block         = var.vpn_endpoint_cidr
+  destination_cidr_block         = data.sops_file.secrets.data["vpn_endpoint_cidr"]
  transit_gateway_attachment_id  = aws_vpn_connection.tunnel_tip_wifi_nrg.transit_gateway_attachment_id
  transit_gateway_route_table_id = module.tgw_main.ec2_transit_gateway_association_default_route_table_id
 }
--- a/terraform/wifi-289708231103/tip-wifi-vpn/vars.tf
+++ b/terraform/wifi-289708231103/tip-wifi-vpn/vars.tf
@@ -1,22 +1 @@
 variable "aws_region" {}
 variable "vpn_endpoint_ip" {
  description = "IP address of the VPN endpoint connecting to AWS"
  type        = string
 }
 variable "vpn_endpoint_cidr" {
  description = "Subnet behind the VPN endpoint $vpn_endpoint_ip"
  type        = string
 }
 variable "nrg_vpn_endpoint_ip" {
  description = "IP address of the VPN endpoint connecting to AWS"
  type        = string
 }
 variable "sns_alarm_subscriptions" {
  description = "SNS VPN alarm subscriptions"
  type        = set(map(string))
  default     = []
 }
--- a/terraform/wifi-289708231103/tip-wifi-vpn/vpn.tf
+++ b/terraform/wifi-289708231103/tip-wifi-vpn/vpn.tf
@@ -1,6 +1,6 @@
 resource "aws_customer_gateway" "tunnel_tip_wifi_nrg" {
  bgp_asn    = 65000
-  ip_address = var.nrg_vpn_endpoint_ip
+  ip_address = data.sops_file.secrets.data["nrg_vpn_endpoint_ip"]
  type       = "ipsec.1"
  tags       = merge({ Name = "tip-wifi-fre" }, local.common_tags)
 }
--- a/tf_modules/eks/eks.tf
+++ b/tf_modules/eks/eks.tf
@@ -1,122 +0,0 @@
 provider "kubernetes" {
  host                   = data.aws_eks_cluster.cluster.endpoint
  cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
  token                  = data.aws_eks_cluster_auth.cluster.token
  load_config_file       = false
  version                = "~> 1.9"
 }
 data "aws_eks_cluster" "cluster" {
  name = module.eks.cluster_id
 }
 data "aws_eks_cluster_auth" "cluster" {
  name = module.eks.cluster_id
 }
 module "eks" {
  source       = "git::https://github.com/terraform-aws-modules/terraform-aws-eks?ref=v12.2.0"
  cluster_name = var.cluster_name
  subnets      = length(var.vpc_id) > 0 ? module.vpc_main.private_subnets : var.private_subnets
  vpc_id       = length(var.vpc_id) > 0 ? module.vpc_main.vpc_id : var.vpc_id
  tags         = { "Name" = var.cluster_name }
  node_groups_defaults = {
    ami_type  = "AL2_x86_64"
    disk_size = var.node_group_settings["disk_size"]
  }
  node_groups = {
    main = {
      desired_capacity = var.node_group_settings["desired_capacity"]
      max_capacity     = var.node_group_settings["max_capacity"]
      min_capacity     = var.node_group_settings["min_capacity"]
      instance_type    = var.node_group_settings["instance_type"]
      k8s_labels = {
        role = "default"
      }
    }
  }
  enable_irsa = true
  cluster_enabled_log_types = [
    "api",
    "audit",
    "authenticator",
    "controllerManager",
    "scheduler",
  ]
  cluster_version               = var.cluster_version
  write_kubeconfig              = false
  cluster_log_retention_in_days = var.cluster_log_retention_in_days
 }
 locals {
  oidc_provider_url           = split("https://", module.eks.cluster_oidc_issuer_url)[1]
  cluster_main_node_group_asg = length(module.eks.node_groups) > 0 ? module.eks.node_groups["main"]["resources"][0]["autoscaling_groups"][0]["name"] : ""
 }
 module "cluster_autoscaler_cluster_role" {
  source           = "git::https://github.com/terraform-aws-modules/terraform-aws-iam.git//modules/iam-assumable-role-with-oidc?ref=v2.12.0"
  role_name        = "${module.eks.cluster_id}-cluster-autoscaler"
  provider_url     = local.oidc_provider_url
  role_policy_arns = [aws_iam_policy.cluster_autoscaler.arn]
  create_role      = true
 }
 resource "aws_iam_policy" "cluster_autoscaler" {
  name_prefix = "cluster-autoscaler"
  description = "EKS cluster-autoscaler policy for cluster ${var.cluster_name}"
  policy      = data.aws_iam_policy_document.cluster_autoscaler.json
 }
 data "aws_iam_policy_document" "cluster_autoscaler" {
  statement {
    sid    = "clusterAutoscalerAll"
    effect = "Allow"
    actions = [
      "autoscaling:DescribeAutoScalingGroups",
      "autoscaling:DescribeAutoScalingInstances",
      "autoscaling:DescribeLaunchConfigurations",
      "autoscaling:DescribeTags",
      "ec2:DescribeLaunchTemplateVersions",
    ]
    resources = ["*"]
  }
  statement {
    sid    = "clusterAutoscalerOwn"
    effect = "Allow"
    actions = [
      "autoscaling:SetDesiredCapacity",
      "autoscaling:TerminateInstanceInAutoScalingGroup",
      "autoscaling:UpdateAutoScalingGroup",
    ]
    resources = ["*"]
    condition {
      test     = "StringEquals"
      variable = "autoscaling:ResourceTag/kubernetes.io/cluster/${var.cluster_name}"
      values   = ["owned"]
    }
    condition {
      test     = "StringEquals"
      variable = "autoscaling:ResourceTag/k8s.io/cluster-autoscaler/enabled"
      values   = ["true"]
    }
  }
 }
 output "cluster_autoscaler_role_arn" {
  value = module.cluster_autoscaler_cluster_role.this_iam_role_arn
 }
 output "kubeconfig" {
  value = module.eks.kubeconfig
 }
--- a/tf_modules/eks/variables.tf
+++ b/tf_modules/eks/variables.tf
@@ -1,60 +0,0 @@
 variable "aws_region" {
  description = "AWS zone"
  type        = string
 }
 variable "vpc_cidr" {
  type    = string
  default = ""
 }
 variable "az" {
  default = ["a", "b", "c"]
 }
 variable "node_group_settings" {
  description = "Cluster node group settings"
  type        = map(string)
  default = {
    desired_capacity = 1
    max_capacity     = 1
    min_capacity     = 1
    instance_type    = "t3.small"
    disk_size        = 20
  }
 }
 variable "cluster_log_retention_in_days" {
  description = "Cloudwatch logs retention (days)"
  type        = number
  default     = 35
 }
 variable "cluster_version" {
  description = "EKS cluster version"
  type        = string
 }
 variable "vpc_id" {
  description = "VPC id, will be created if parameter is omitted"
  type        = string
  default     = ""
 }
 variable "cluster_name" {
  description = "EKS cluster name"
  type        = string
  default     = ""
 }
 variable "public_subnets" {
  description = "List of public subnet ids"
  type        = set(string)
  default     = [""]
 }
 variable "private_subnets" {
  description = "List of private subnet ids"
  type        = set(string)
  default     = [""]
 }
--- a/tf_modules/eks/vpc.tf
+++ b/tf_modules/eks/vpc.tf
@@ -1,34 +0,0 @@
 module "vpc_main" {
  source               = "github.com/terraform-aws-modules/terraform-aws-vpc?ref=v2.33.0"
  create_vpc           = length(var.vpc_id) > 0 ? false : true
  name                 = var.cluster_name
  cidr                 = var.vpc_cidr
  azs                  = [for az in var.az : format("%s%s", var.aws_region, az)]
  public_subnets       = [cidrsubnet(var.vpc_cidr, 9, 0), cidrsubnet(var.vpc_cidr, 9, 1), cidrsubnet(var.vpc_cidr, 9, 2)]
  private_subnets      = [cidrsubnet(var.vpc_cidr, 9, 10), cidrsubnet(var.vpc_cidr, 9, 11), cidrsubnet(var.vpc_cidr, 9, 12)]
  enable_nat_gateway   = true
  single_nat_gateway   = false
  enable_dns_hostnames = true
  public_subnet_tags = {
    "kubernetes.io/cluster/${var.cluster_name}" = "shared"
    "kubernetes.io/role/elb"                    = "1"
  }
  private_subnet_tags = {
    "kubernetes.io/cluster/${var.cluster_name}" = "shared"
    "kubernetes.io/role/internal-elb"           = "1"
  }
 }
 output "public_subnets" {
  value = module.vpc_main.public_subnets
 }
 output "private_subnets" {
  value = module.vpc_main.private_subnets
 }
 output "vpc_id" {
  value = module.vpc_main.vpc_id
 }
		`@@ -1,2 +0,0 @@`
			`creation_rules:`
			`- kms: 'arn:aws:kms:us-east-2:289708231103:alias/helm-secrets'`
		`@@ -1,3 +0,0 @@`
			`FROM quay.io/kubernetes-ingress-controller/custom-error-pages-amd64:0.4`

			`COPY www /www`
		`@@ -1 +0,0 @@`
			*{-webkit-box-sizing:border-box;box-sizing:border-box}body{padding:0;margin:0}#notfound{position:relative;height:100vh;background:#030005}#notfound .notfound{position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%)}.notfound{max-width:767px;width:100%;line-height:1.4;text-align:center}.notfound .notfound-404{position:relative;height:180px;margin-bottom:20px;z-index:-1}.notfound .notfound-404 h1{font-family:montserrat,sans-serif;position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%);font-size:224px;font-weight:900;margin-top:0;margin-bottom:0;margin-left:-12px;color:#030005;text-transform:uppercase;text-shadow:-1px -1px 0 #8400ff,1px 1px 0 #ff005a;letter-spacing:-20px}.notfound .notfound-404 h2{font-family:montserrat,sans-serif;position:absolute;left:0;right:0;top:110px;font-size:42px;font-weight:700;color:#fff;text-transform:uppercase;text-shadow:0 2px 0 #8400ff;letter-spacing:13px;margin:0}.notfound a{font-family:montserrat,sans-serif;display:inline-block;text-transform:uppercase;color:#ff005a;text-decoration:none;border:2px solid;background:0 0;padding:10px 40px;font-size:14px;font-weight:700;-webkit-transition:.2s all;transition:.2s all}.notfound a:hover{color:#8400ff}@media only screen and (max-width:767px){.notfound .notfound-404 h2{font-size:24px}}@media only screen and (max-width:480px){.notfound .notfound-404 h1{font-size:182px}}
		`@@ -0,0 +1,2 @@`
							`creation_rules:`
							`- kms: 'arn:aws:kms:us-east-1:162540680133:alias/helm-secrets'`