scottk/wlan-toolsmith
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-toolsmith.git synced 2025-10-29 10:02:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

[WIFI-11553] Chg: cleanup

Browse Source
This commit is contained in:
Dmitry Dunaev
2022-11-22 14:24:43 +03:00
parent 74566d1471
commit e3fd692910
44 changed files with 206 additions and 1579 deletions
Download Patch File Download Diff File Expand all files Collapse all files

196
helm-values/aws-cicd-testbed-deployment.yaml.sh
View File

@@ -1,196 +0,0 @@
#!/bin/sh
set -e
if [ -z "$1" ];
then
echo "testbed number has not been set"
exit 1
fi
TESTBED_NUMBER=$1
if [ -z "$2" ];
then
# using todays date
TODAY=1.0.0-SNAPSHOT-$(date -d "yesterday" +"%Y-%m-%d")
else
# using provided tag
TODAY=$2
fi
cat <<EOF
shared:
service:
srv-https-annotations: &srv-https-annotations
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/group.name: wlan-cicd
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
global:
pullPolicy: IfNotPresent
monitoring:
enableJmxPrometheusMetrics: true
enablePrometheusPodMonitors: true
opensync-gw-static:
enabled: false
common:
efs-provisioner:
enabled: false
opensync-gw-cloud:
enabled: true
image:
tag: $TODAY
service:
type: LoadBalancer
nodePortStatic: false
annotations:
external-dns.alpha.kubernetes.io/hostname: wlan-filestore-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build,opensync-controller-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build,opensync-redirector-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
externalhost:
address:
ovsdb: opensync-controller-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
mqtt: opensync-mqtt-broker-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
persistence:
enabled: false
filestore:
url: https://wlan-filestore-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
opensync-mqtt-broker:
enabled: true
service:
type: LoadBalancer
nodePortStatic: false
annotations:
external-dns.alpha.kubernetes.io/hostname: opensync-mqtt-broker-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
persistence:
enabled: true
storageClass: gp2
wlan-cloud-graphql-gw:
enabled: true
image:
tag: $TODAY
service:
nodePortStatic: false
ingress:
annotations:
<<: *srv-https-annotations
enabled: true
alb_https_redirect: true
hosts:
- host: wlan-graphql-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
paths: [
/*
]
env:
portalsvc: wlan-portal-svc-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
wlan-cloud-static-portal:
enabled: true
image:
tag: $TODAY
env:
graphql: https://wlan-graphql-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
service:
type: NodePort
ingress:
annotations:
<<: *srv-https-annotations
alb_https_redirect: true
hosts:
- host: wlan-ui-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
paths: [
/*
]
wlan-portal-service:
enabled: true
image:
tag: $TODAY
service:
type: NodePort
nodePortStatic: false
persistence:
enabled: true
storageClass: gp2
accessMode: ReadWriteOnce
filestoreSize: 10Gi
tsp:
host: wlan-portal-svc-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
ingress:
enabled: true
alb_https_redirect: true
tls: []
annotations:
<<: *srv-https-annotations
alb.ingress.kubernetes.io/backend-protocol: HTTPS
alb.ingress.kubernetes.io/healthcheck-protocol: HTTPS
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
alb.ingress.kubernetes.io/healthcheck-path: /ping
hosts:
- host: wlan-portal-svc-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
paths: [
/*
]
wlan-prov-service:
enabled: true
image:
tag: $TODAY
service:
nodePortStatic: false
wlan-ssc-service:
enabled: true
image:
tag: $TODAY
service:
nodePortStatic: false
wlan-spc-service:
enabled: true
image:
tag: $TODAY
service:
nodePortStatic: false
wlan-port-forwarding-gateway-service:
enabled: true
image:
tag: $TODAY
service:
nodePortStatic: false
creds:
websocketSessionTokenEncKey: MyToKeN0MyToKeN1
externallyVisible:
host: api.wlan-nola-$TESTBED_NUMBER.cicd.lab.wlan.tip.build
port: 30501
accessPointDebugPortRange:
length: 0
kafka:
enabled: true
persistence:
storageClass: gp2
cassandra:
enabled: true
persistence:
storageClass: gp2
postgresql:
enabled: true
persistence:
storageClass: gp2
EOF

161
helm-values/aws-cicd-testing-pr-deployment.yaml.sh
View File

@@ -1,161 +0,0 @@
#!/bin/sh
set -e
if [ -z "$1" ];
then
echo "PR number has not been set";
exit 1
fi
PR_NUMBER=$1
cat <<EOF
shared:
service:
srv-https-annotations: &srv-https-annotations
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/group.name: wlan-cicd
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
global:
debugEnabled: true
pullPolicy: IfNotPresent
opensync-gw-static:
enabled: false
common:
efs-provisioner:
enabled: false
opensync-gw-cloud:
enabled: true
service:
type: LoadBalancer
annotations:
external-dns.alpha.kubernetes.io/hostname: wlan-filestore-pr-$PR_NUMBER.cicd.lab.wlan.tip.build,opensync-controller-pr-$PR_NUMBER.cicd.lab.wlan.tip.build,opensync-redirector-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
externalhost:
address:
ovsdb: opensync-controller-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
mqtt: opensync-mqtt-broker-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
persistence:
enabled: false
filestore:
url: https://wlan-filestore-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
opensync-mqtt-broker:
enabled: true
service:
type: LoadBalancer
annotations:
external-dns.alpha.kubernetes.io/hostname: "opensync-mqtt-broker-pr-$PR_NUMBER.cicd.lab.wlan.tip.build"
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
persistence:
enabled: true
storageClass: gp2
wlan-cloud-graphql-gw:
enabled: true
service:
nodePortStatic: false
ingress:
enabled: true
annotations:
<<: *srv-https-annotations
alb_https_redirect: true
hosts:
- host: wlan-graphql-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
paths: [
/*
]
env:
portalsvc: wlan-portal-svc-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
wlan-cloud-static-portal:
enabled: true
env:
graphql: https://wlan-graphql-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
service:
type: NodePort
ingress:
annotations:
<<: *srv-https-annotations
alb_https_redirect: true
hosts:
- host: wlan-ui-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
paths: [
/*
]
wlan-portal-service:
enabled: true
service:
type: NodePort
nodePortStatic: false
persistence:
enabled: true
storageClass: gp2
accessMode: ReadWriteOnce
filestoreSize: 10Gi
tsp:
host: wlan-portal-svc-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
ingress:
enabled: true
alb_https_redirect: true
tls: []
annotations:
<<: *srv-https-annotations
alb.ingress.kubernetes.io/backend-protocol: HTTPS
alb.ingress.kubernetes.io/healthcheck-protocol: HTTPS
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
alb.ingress.kubernetes.io/healthcheck-path: /ping
hosts:
- host: wlan-portal-svc-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
paths: [
/*
]
wlan-prov-service:
enabled: true
wlan-ssc-service:
enabled: true
wlan-spc-service:
enabled: true
wlan-port-forwarding-gateway-service:
enabled: true
service:
nodePortStatic: false
creds:
websocketSessionTokenEncKey: MyToKeN0MyToKeN1
externallyVisible:
host: api.wlan-pr-$PR_NUMBER.cicd.lab.wlan.tip.build
port: 30501
accessPointDebugPortRange:
length: 0
kafka:
enabled: true
persistence:
storageClass: gp2
cassandra:
enabled: true
persistence:
storageClass: gp2
postgresql:
enabled: true
persistence:
storageClass: gp2
EOF

148
helm-values/aws-cicd.yaml
View File

@@ -1,148 +0,0 @@
shared:
service:
srv-https-annotations: &srv-https-annotations
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/group.name: wlan-cicd
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
opensync-gw-static:
enabled: false
common:
efs-provisioner:
enabled: false
opensync-gw-cloud:
enabled: true
service:
type: LoadBalancer
annotations:
external-dns.alpha.kubernetes.io/hostname: wlan-filestore.cicd.lab.wlan.tip.build,opensync-controller.cicd.lab.wlan.tip.build,opensync-redirector.cicd.lab.wlan.tip.build
service.beta.kubernetes.io/aws-load-balancer-access-log-enabled: "true"
service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-name: alb-logs-tip-wlan-cicd-wotgakesfr
service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-prefix: opensync-gw-cloud
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
externalhost:
address:
ovsdb: opensync-controller.cicd.lab.wlan.tip.build
mqtt: opensync-mqtt-broker.cicd.lab.wlan.tip.build
persistence:
enabled: false
filestore:
url: https://wlan-filestore.cicd.lab.wlan.tip.build
opensync-mqtt-broker:
enabled: true
service:
type: LoadBalancer
annotations:
external-dns.alpha.kubernetes.io/hostname: opensync-mqtt-broker.cicd.lab.wlan.tip.build
service.beta.kubernetes.io/aws-load-balancer-access-log-enabled: "true"
service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-name: alb-logs-tip-wlan-cicd-wotgakesfr
service.beta.kubernetes.io/aws-load-balancer-access-log-s3-bucket-prefix: opensync-mqtt-broker
service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: "300"
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
persistence:
enabled: true
storageClass: gp2
wlan-cloud-graphql-gw:
enabled: true
ingress:
annotations:
<<: *srv-https-annotations
enabled: true
alb_https_redirect: true
hosts:
- host: wlan-graphql.cicd.lab.wlan.tip.build
paths: [
/*
]
env:
portalsvc: wlan-portal-svc.cicd.lab.wlan.tip.build
wlan-cloud-static-portal:
enabled: true
env:
graphql: https://wlan-graphql.cicd.lab.wlan.tip.build
service:
type: NodePort
ingress:
annotations:
<<: *srv-https-annotations
alb.ingress.kubernetes.io/load-balancer-attributes: access_logs.s3.enabled=true,access_logs.s3.bucket=alb-logs-tip-wlan-cicd-wotgakesfr,access_logs.s3.prefix=wlan-cicd
alb_https_redirect: true
hosts:
- host: wlan-ui.cicd.lab.wlan.tip.build
paths: [
/*
]
wlan-portal-service:
enabled: true
service:
type: NodePort
nodePortStatic: false
persistence:
enabled: true
storageClass: gp2
accessMode: ReadWriteOnce
filestoreSize: 10Gi
tsp:
host: wlan-portal-svc.cicd.lab.wlan.tip.build
ingress:
enabled: true
alb_https_redirect: true
tls: []
annotations:
<<: *srv-https-annotations
alb.ingress.kubernetes.io/backend-protocol: HTTPS
alb.ingress.kubernetes.io/healthcheck-protocol: HTTPS
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
alb.ingress.kubernetes.io/healthcheck-path: /ping
hosts:
- host: wlan-portal-svc.cicd.lab.wlan.tip.build
paths: [
/*
]
wlan-prov-service:
enabled: true
wlan-ssc-service:
enabled: true
wlan-spc-service:
enabled: true
wlan-port-forwarding-gateway-service:
enabled: true
service:
nodePortStatic: false
creds:
websocketSessionTokenEncKey: MyToKeN0MyToKeN1
externallyVisible:
host: api.wlan.cicd.lab.wlan.tip.build
port: 30401
accessPointDebugPortRange:
length: 0
kafka:
enabled: true
persistence:
storageClass: gp2
cassandra:
enabled: true
persistence:
storageClass: gp2
postgresql:
enabled: true
persistence:
storageClass: gp2

27
helm-values/aws-wlan-onboard.yaml
View File

@@ -1,27 +0,0 @@
images:
onboard:
repository: tip-tip-wlan-test-bss-docker-repo.jfrog.io/wlan-onboard
tag: latest
pullPolicy: IfNotPresent
regcred: eyJhdXRocyI6IHsidGlwLXRpcC13bGFuLWNsb3VkLWRvY2tlci1yZXBvLmpmcm9nLmlvIjogeyJhdXRoIjogImRHbHdMWEpsWVdRNmRHbHdMWEpsWVdRPSJ9fX0=
services:
onboard:
type: NodePort
ingresses:
default:
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/group.name: test-bss-load-testing
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS": 443}]'
alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_302"}}'
external-dns.alpha.kubernetes.io/hostname: onboard.cicd.lab.wlan.tip.build
hosts:
- onboard.cicd.lab.wlan.tip.build
paths:
- path: /*
serviceName: onboard
servicePort: http

19
helm-values/kafka/values.yaml
View File

@@ -1,19 +0,0 @@
fullnameOverride: kafka
minBrokerId: 100
resources:
limits:
cpu: 1000m
memory: 800Mi
requests:
cpu: 100m
memory: 800Mi
zookeeper:
resources:
limits:
cpu: 500m
memory: 400Mi
requests:
cpu: 100m
memory: 400Mi

2
helm-values/rttys/.sops.yaml
View File

@@ -1,2 +0,0 @@
creation_rules:
- kms: 'arn:aws:kms:us-east-2:289708231103:alias/helm-secrets'

20
helm-values/rttys/secrets.ucentral-1.yaml
View File

@@ -1,20 +0,0 @@
config:
token: ENC[AES256_GCM,data:lijqkNZM8Fxrn5GiEbDxcHAQF4s3A3i0xlF3N4RaSMg=,iv:2H+uNUtkTQ4wt4vGl464Zfw77lET04JN0N4GpH47Afs=,tag:BFDQzEbAN0qYNFlDWp3qDw==,type:str]
certs:
restapi-cert.pem: ENC[AES256_GCM,data:78+JkM143uS7xacD2aza6sWbmbhlkXy1hpPZs1glylN+3Iy5mgmp2I669l3eEGV+2+PXGIU8p4FVLa2m0Rw2u7Yqo/m1wiYmAq7ih24F8G+0QDLFQXvLAn7NhyaOwWkSE6S6IU6UhboLl0RmP+rf+Ejl9CwlCw98OdwMYRhDwDOIHuJDNNPPkS7V16+fRlj35rxqGrObvOygbQorQlCggI+P+PvDVGUSSpR2HZZTbKwb8FoJr3mhMwUkoy7MNDmQsxqENjtFHD/9lomPrdx8aORbtZkF9kQkPRJXdlhNupBqO4ZEtTjyI1y1gkUmVdhCUQZGuGKXOiylzKJgUJrASjo51du8n8UJRL/GpAW/uUmKCUWFgBippjFVyY8FFfSA4R1t3TEPhR+YkqcYkV/F0SgYXZMGTlGNmHBgcWnj9ZKN4j2h6UWEDC+4xHhkn9axiQDsyFz/M93bBr8I3zkJvXgA8WcpxlnJzgojJhfnqgg5JbBna3ohOBnnUMaXXBfdKqPoFfGNsO9LAHXsgMGyDxgg8dQvSJfGgpvuOPsaigmxhVQZAhmtHpP0rqh81mcErCxMzhLs3nuq04kxn4PuxLhT2gfwGnt00L73H4Q0TVGQylP05e/ip3KzUoc8PWywuJmvtV8uighpmplqTZzTACeNwW2uH77gyZu+m6jPyxTujY425pNphVHOpLN2b5l6zsfHHG2QsNjzNNxEfER+AMN4mtw+xjnBaVU88lqz0nPD9Bd33Cq9Q1zK8fjxj6iBrjqdvoN4daEWm9/OfBZJ+OLr7PHI8TXZ8I0VTEOpxarADXv+DU5h9xcBb4JStQECSX5/quamhvQeGl4y9nmn5lghfLh+pLMcNhz66aCXfGWMVizYNiKLh98W1i077tzfqD3EtIrMu9PtzWfmNRrtorqZ0YGUi7O6isKuSW2PP/4gqI416Phlcq5h9L5dlT+/qutxZ/TPur8NUAIPkq0vjH0SyoPj0MfhAlEs56dWmeprxNgHBTmTC5nd2YMLw3wGt1TGg1Q9JDmkjQsUkQtlNJKeMnWVArvwLp8sVBaLu3OMqe4Mr484DDRHh1qnxZyIg5uYscv98+gUKs96nbpdMDoWcVo5nGIfTGIMayEuiu8/4sOhMmBRv38GhbgZ57ISyxBHEssIxEENAAw03VImWqW01DTHoXbHoYb2Ih81rC0x0/AlLYOvXv+zjpJzD7gtd6SGTrom4NBTpOI3Y9STPCWN9zYQS2MbxQYXcaL/gw1xom0JDtKfyb1+4b7RrDrzNckHKUP3HsJUebQcfwCRAnAiR4a+urA4OgIz4KehcQp5GUVJQ71vl5fz5plFt+7mY6UYZUkzADGWFqM8kW+bpZwZkfsmi23e7MaxEVPb5WDVYYtRePzd8XUFt9x2j5W+tNgwDxCBLqBYi1sEOtQJKEKcLqlXZ2sGKLkwyOGt0xPx+z5BKDkC9ppDWt+/ybVMdikXPMIAhYcLKW3d7+6sHyVqSVIUjls/0cF1p0gHHu86RYvZbxl1lIRMb/cdgP9s0N9HeOBE/tDAnwQY6L3O5GlP4Fmv2Rt1jSNjEyxMLx7UO11T2kZzctV8r4tq2htVlNhxs7ZzemtqFcSdsg19ttD1u1TX0xD7orMzknH+rZChWDYiHEAKAytpbpGobA8BDx8fcL5R5Seqhto1DXtwjNc7IGo3P+vsaZM/o8uRO+/81NNOQBpCpkYo/trEIncIMjpeKGEF+fvsIt/GAaIYWlmTBJc6ra7IRafQuydaMq5PMWnDzFbCoke0/JDq6ua5VFitHt8z8aQrGWq+6+NjFcJFddhMIEY6rpcyP4H3M7IVgFOTfHdZcI94hdCn6r2vJmufueniH0M4SYF/n0ceAyvwNiQTYFNa+Qk5d1d4F2zvRR1NHOm+PnM4dyMoMo04QaxP4q6DWrsloSm9KW5by4jSDlf73YacMsB5TUhfhlqFt5e6kIhNGLZfuWuvlWynNM+Jqh/Yei3bA+MbmHG/G8YR6SQaILAOwrR37fMIAdecigvii5je6kJ5ymNDfHatcBEBpOOeYG3U7zLHOdrD9LpZlH6R+bWHDwBGCHkal0GumnLZezK6dkrcH2+I+8F3jnIGHaj92QXC4UPcJsq5H3s2MK++C5HR1z9WOozXx+sqQ20yzjgBx1BGkROF3/RcbvwjKUU2ix4Nkgq4ROI8gqy/ZQ==,iv:cx8gElC1h2nzsqCAo8XmISkyrdBmsF5klPkDRVwNk1k=,tag:Yxk7B0igv9KMAEkpU+u3LA==,type:str]
restapi-key.pem: ENC[AES256_GCM,data:jOtZcTL3/X4gAl54ny0iAyZNJAoRDlNmKv1K5eEgctQvbhwE9xPP59ZYhnoJXYSAHjaKDtPN9FcWC19POzK25rWjsyciQgjqbmdE9muB5IP5toYBoc7lHDAVlLA+kZe9hrlkNcrMXVdLFUbZh8nYL6ZcFwamSy3j2RxDaN8AFg/qFlNR8Emrhi5+m3WBpol/FHSTNQE3uYDwQ1ffGQfU4FPNkBzF14sqkQP5YuXRXwL+xycvoRwXzlq7/DbPPtw9UW340zlmlQqzBMtnz5kErgVmh+qzCH4XJLmnxbm4CXo7foLuBVeEfqIPQGLYe4NGMFffAbmDt/mxuc9jUb0yr6XDDtAhzuqKgwLOyPY83Xv3hf0L875l/mxhh8RUmFDRGUGsLnQXLL3DrYP6aMJ/ury2CzMpoTZ6+byO7+vONXuwrrl2/YWQ4mdAoumWu91bNtEg0Y2T4D74rJIr2nJAOR5bScFcvJdwqxt4a1b21yVEwolZ0anY5m/FDDN4jxNmmuokogNFORhRxm7EwRR98xVRuSMe8ph6/s5XRmfrceYwJtoJPeZ5U0DluHTfUW+gxIOP5YNqW5RcyGmHlHdjNaljjUXGlu33zLGHB6kDHBVpE7WcRsJ6xYf5e/5juek2nUYI+6n63ZCZKduDs9u+QDkmJk0doPJ7xKc7YQKxAUHeurL0qz/CJdZlP54N5OCBTagDuAYOdOEcHTCfNdI5EfDogBlus1G7d/6oMOUClceJvN64eJKcJE2Z5M9wb+ADQ5hTIW8talpRTno80b4iirOucaa2WBsZ/LuRHIHJmBLEuq12JiGrm3Zsa1eOGf/6Sq9vGz0eHcR4+xD7ypDbLLdmH98zFpfwp5JHCaqK8hFBpw4qz4jzXPntsfDSMJQVjm/KKl/K33b95ZV6FUmOAhRd1YgOHt5tZ3gfIXGlI9+QeY0E5lp0HGxT+6+4ksTdYQ5NMVepHbG8+yoyHK0Yld2PY/uVzPuVJEs1Fc4BjpFjqJnh1jnlkr7RQ0BUNVybtr9ja4cKd7Nfe4knwGbzVSf/sITWVge6OwHDgJmhFVxMFzN9NsQ0WODS1OomnqVnyK3LP2dT0PK6V/2RKnc/X1M0DZPvkatyFchVHcdPnEtGiedED09cBoPWG404j54e5q5MMUsc1Rpflx+TppUGv+5Kjilyk3jGQg5jlz6aM9E+awK6I8OJ65uS1370e26AFKazLiiFlzGofjG2rSOP6X0qfO7JYXrLHdbTLeZLPpgO22pq5eXl7Ij0oBIlXmzp2btRmtpa8pvWXOBXJ9a9icPbpK6DvwWFUAFpzNXSouV4hOELwwFbD28+LLGFOj/tz+T4DRz2SytKDJ8i6GbS4BFdfB4YFzBbwVfHbxP3uAZWtPgY/26IuxssFtVX9QK/rKvK9zM7hj89cSykNRmPTOKJy4WCN7hRsDZFcmTlqQsl3RuZyCGoGDD1ADYTSHRloDvcLSy4LJ/3OkyfY9F5pPU2oLwa9n6bXTqFCa9LTjxnAJ6tEZL/nf1OGcVfv0HIF1AbxTx2o3H0jpb5gP1wvlcJKqzALdB1gSVPIA0y7Z7eLAlEV05/R4xwnbky1u18/Ryzj2ntxrPvzTw8kTh+QSYZY9bTHufHEZE6WEdinQdGZZGHb6nAU2qUS407uJCoqJWxcZ3Sf3f1D9CTJhOTuWq0ejuHRlkyfUqJw+pkseG4kay36cGcgXzYp4w5LyY5VooJ25simQs4RlSezKph7OIKSinnsAyMhS/EBVr/0SwHDVX1SzVNDKNWbCnIpgCI771/Ez9+E/Ss+VYDyZt8EPMxl9+fgak26Nq2RalbSMiji/jl3iBZSgyBeLNadzgFK74cwjvR3z2IOYAdFKG/DCZlwIH8bF7bd+Nfs6l7RRL932xxq8Oc5C13A0rKi1CkIu+ADq3BPJrdqIco/XGyoqpad0UXJETCCN1MQIG98C+5MX8MQ4uOhw94b9beUj9gMhQGTpSAD1moRJ+EgF9/YCj5lzGVFF2yyJK9Fj+8Cy2gs/AC6TgQiBRob1gf2JPVx0yvnuRMme/aTYJJpt5HgLh+I3v0mKD9J8q6ZbHTI4XNJ2HVcgc2QsDtVDqsdCNSsGEoXUALx4XF2UmDZcYb7r+G8r0HxeSxJx0GQVZa0Es+6yz1S1KHorI+U7XRRyenVanxOiXgMlYTxZIWSlxeOBHy1wMOzNVGWuRHv88RbPjTXrN1/TW+glmMRk3vCZo=,iv:jIVOSkyJNwNH9RxLBiZRWioXHLifsdgX+bVrNOimREM=,tag:aBUv8CRWzJoMV2nWf3YnOQ==,type:str]
sops:
kms:
- arn: arn:aws:kms:us-east-2:289708231103:alias/helm-secrets
created_at: "2021-07-05T14:16:29Z"
enc: AQICAHiG/4CitJjM31GdYxTw9OLz/Zs5oK+DCq0cU2fAjtAA3AF8Gjqif7Ca8BIYftLWh5jCAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMkWtOtdUKXbVJNsz6AgEQgDvIJ53IfhCVuez5KOdzEGp5bCeX4J64dSkYZsiQ/yWmcw7FZuy2DnRiHvdmojadtrxTmNuvPEhf/8TI2A==
aws_profile: ""
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2021-07-05T14:16:30Z"
mac: ENC[AES256_GCM,data:oIiVArU5XvGHEapiKvcDoS0Q0JzJM9RmaivgQ39Xym2qQJTKRTmCCX8mP7Hi9UGCORzftzR2BZJudhjD4QpSkiJxzJoJc6rQ2BvQJMiL9BbnWki93R6Zi2FO9n9in67THoSy+UBjGR7TKMFMFi75qRXQNgnXRZeoJ9FdWyX2Y38=,iv:Gq0b5k/09by3CyUuj8MrTyr6FS/5feIHHsncPxatKsA=,tag:gMkyhXFo5d83U54I0vZI2w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.0

20
helm-values/rttys/secrets.ucentral-2.yaml
View File

@@ -1,20 +0,0 @@
config:
token: ENC[AES256_GCM,data:wOpGS9nshRVGBlC4GhxBsWzZQknqDh7KENjUcXM9OnA=,iv:87NpAyWu1HDoLH6f5T4pRU745yuHe2uWzoPaXY2yZhM=,tag:hLQoqUlnAAXLzTMP9bAq1w==,type:str]
certs:
restapi-cert.pem: ENC[AES256_GCM,data:2aVZPNAtEEO+mM24oENlKMieogWnxIqwdzu0vdZEK5S+7Fr26ZEbfct7oAkgCsDfULxzvcsWHDxB6/bM7uTP3dADtp6Kpi6iR0c5WEbEfhBLvkkFFLJwtaRkBn85qpBhgvk/E55gyDRYEBvLTxVDal4lHkg4wN1Pevy8LvDNoaoJd6Us0luSZqJaiM+guiR0TyAHOoCIzsgFIG+EWiJRwZzeNl964RYAPFFAOHKz/g1Pmue8+tB4RYdBK0WOVQtLIOW78p5/Moq3ZN1Yyr0p2Ntf5NMk6imHejDE2ZTo99v0zXQg7YyIdhyMbvyg/0eWr3G1P2YLIMU8qWXZ3fGemDgcViwXhqEASgHg/cviEysF7j/OBfMBHoOVnOEc0x4pS3NwgvZD+6+XYS8dC0BvOcrfTvbnxurZe8uRYx/IhTgMigomw2P4/uKGvX6gUojDu3QvjaNHJo1wb7tmnKY4YmwR29CjMZOqSXtIJB1GQtEhg8qZBFy7ICyHZtk6Nj7GRlnhrCCD0SB5tvMD/lhHTxcizOEL6wTZhNnjKawfNjSrVD4R/eDjtuaMkEBS5KHbuUxQ8ejyhPF8MfGR7myj8GRlx94TPsf4uZhDaCRIzZKHQfdmmpodNu0BHPZ6kxH6bdOPIYK5Xm4YdMGYsRVwNqM96xrO2MvwOjEUB//Ha3i1fZvMl8p2xN/B2OwtV1cds1gu4QSLFoZenFpUcbDswRL2z+X0sVaiC0dpYQ/6a592q9YS4BhS/QhuoA/Io8WzJ+Y8SCHcOx0x7/1clEdA3b1puUVypQFR+Uom5O+Mk6NfEUOGhfG5hO1KRivq6ezW2i++hs0jLzUHZJF2pObXFlZheBeJ6nOC5nzSBHvGaGapt6M64fjeF4lpQJ7/jlT2Aj+UgQ5hMEYU6wKajTa1sypiIca5Vipo2i7v1/J6XV2rHjxGkWEgWD2AWP82LttFCBS/SA8+c1eYcp4Fx1Gd7R9fm5QFa8gxD95QGZbgtvXWgukCHatIfNEc0Zkns6LAiANwocv3/pRiWeqMXwLBU/mfaig910zSdY4nYeIO/vQ2rTn735qE61Uz+2Anehves2zgX8dlvc3S4SJrgRBxdjfOFtyxBcKjFVYNEFnzaUVoXcv+VojZVFwF6xov6S8nScSxFMZkP/yYHOD2vNEyoXwMfLkQ99bvn8vCdigSk2YXVUKCleycFGptk81PdeJFQjMT7W/MkOEd9t5scemKTs+Dw+/FQiKkuMXiuuiyfmgHUr4iZEwlrmh6KMvNY+0zCVWuNf2ZfMdpR2oef6bRW6bg2xndmxGNbHylQfuxAtPUVDrITYphgO5jOpUA4gWapPZv0rcasr/wa/hh+d6Uqqo9ZYQOSumh6cMIXACRm6z8lIuCeWMyoKXmJEKS9ny/jkrgD+24AqUZ6pOprOzOD6qIxK/5iZP19QkrA1mPPbKgcdWJxY3Bi+6WpaFzKDOP5bofZLZAJPMf/vDmymhja9oRAGd1GrCeEiZFEKySoBcrAx4nR6v8H9ggocOxvODtvitw40HVDW5KCSTR3tSFQxaeGJYOcxVq0nbLnjJMAF7683VQWY9wTSGcRog4wrWciK66XEJvFq35o0EACZeatBe67SuIF7ggxosh2gKak0kJuJ4Q3nBVjqsqRkxGZ6HBiKuDb7KBwvoZaCrpfU51H5kQ1NklFDX58NFTB7wYQNv63IsvNA5kDxyL00ptfo5Wbukfv3UNjepJ3H7WiE3x3uM1BVaCZp3Jn03ntWsMIVBV7fH2f+k9ehqCQPJO6BMwgIcIjB8FrP339HbRQiXJEhKoKIPcWjR/ktsmxhUMFnk0OLVmfJcmSx0JqPlY6mDTgThbyqkXzuCcW2eQrFiI+mQym0Y5O4oz8YL5MpVXeB+9MojnHuiGaZ8HBSmjSrx0l5N7nvcloU0WES7khPzGN33R6ml7X/uXwECBvr7n75FL4C6ySjbB7t5xUJQYhqNfgCDrU42g2RbNT7SHT+kTLhh7vwBC/WS5qrIuS+rHr1wlv04VsvToiUkNyCOCw++ghV+Xgr004yKoYKNXF+RqqYwseH7wL2lHwNqftV244nNzOnb3rXdo6FINeRMsBcCu5ujiAhkd+mRvNGziHLxCQYuTl8oHD1u8qPCN94tWNGjbcyM0hnVu7E82Y33Cra19cqeOKKljRA2anELdaqFNdqyppA==,iv:++ZVAC42r7zS/VEXit5h3jlodbVAWstm+QLVn1fGovE=,tag:VdBnWxId5udzdsn97tNBsg==,type:str]
restapi-key.pem: ENC[AES256_GCM,data:9tc+pzoxAwUmn6+qEISx4JlavSaHPA5+Hn0WOy/7hm7oeBV9jLKluAycqt+w2iIywZM7DzpQxXtIJDF7aBmygpjrRiMZXUtuFuddCogdpX4qhK1Fuja/oht1b43iOHQmDQBG3s3axjWpNjCpwlcOOz4qQzBrEV255w34BHezj9qqFKhSZ5MHZhKWYpOOi4Wd2nT3Ieyj432nZvlpkSMQtZ5ghsx498bBj7q6O5c1fph6E2I5DLmgi4YHL6CmWeV6fUYeHxKtjB2zBRSg76/iQMLAYgJVve2aOBzDwO4fDBLoGKRXYHXqg+OwXn+YE69CmLOCkP7K5CQwoRbB+S7DzhyHjaqXSMS9lEU+dfwrDmukMroGgBhIxr9ZgOmaD2v7DCtWjoDeH7iSzJOcBvBwnF7R1Q7iLwB8nctnRmoV7mjVyP9DT5LbBR7EXjwTkMJI4vbXDD/uvwoOfXJULUIUMDSAJ/HiF3JGs+aj0NBhBIi+fAdhVzOeKqUtm03uel7X+zVQHLW87H/0U0xC8NfeKYhkUcyJ6s5LHeA1O+Y2lxyPZz1kvfN65UW5IAFSfUDOwf/O5lTmcAvskF3q984l32UCjgnvmlBe1LvCRW70d7GsWVuwfUMoSu6RGmrCZTbByuuwL8fyniX0ViBDaH1sJNdyE9nl7GskX439+TnAgsn0kxEQtvp+UWUxKWxDdOO3dUduQDfiJoy6C7IVylZ2AOv9RW1y+YrzpY6sGk+tmNgKn6hAB3Xi0EKBrAYwsBHnD/hoem1YrsPvqIfDpp0HJoca1AadB9hJC+EGm9FM2oJgbvZ9pqT8e8uyIhGvLVAUkmE6gIqb+oyMoYFQdL4gsKjahd+1sZ+IAHXw6JSlNRKsrAxuULhrveB/Kc79j0feyDEFlM1UdKladlcTBmgn6VLW7dwuaCTzwoP/ua/NVry5pZKnBULkPG3ybfK0OtBDFu3/+5o2DXduoyV3SWMUqF+oEIBfYkQRbl3appvLptntmIxuDLTXNE1yePQ/axF6SVwmiTT/ln11o+Qcl0w3GGvg3AeHS3JklRsBvT1ODPKade0wx2k3lX5Ja25wMXxiEHx0JEb4ITjo/ju2oDTSNgG22tH1zEaxqvDKT2NLb3WswFy3CMTcAOGl2k+Mw6ArcKMMsnIzq8r3qrgWx8cALo54p6nj7lKWLqTs+x5NjuF3BG0kg1yawkQeHP2hk3VtcJV/MhAvaifMq7fV4wZFJWoKhk0aKcZcnVEWI6/aTISKAUlMu7K3Tp9WFKv2KweahFDRMzCJUlsAWZkK/oeYecAD9KgPxSwrc7DMzJmbWlrWbs7l3A9TBYR2LpMwl5AK9SRqXKIVl0WvW9oFZQPhY8nYrNOI/nU+09slDNjB6FI8UTbvP4E5RAAGm3ugMXRc1l1KB5oqdlkvbCm6tRJgE1/88q10mGqhF8haKt+T9cr7W1MV1zNBdY+G0tJHvUz9FMPjwwxzG4+ySPz8yQP/vhMLD7Do0o0+Ddp8LgYaLo4I7mRW02MiCuu+XcsVgdHCgUhjgaPayQPYnX6YW3AQeYzZQX+Vz9cap4eD5qxXZ7wXpNNnqAYJhJuSGFt/yos/rPjc3dZM+0Hvb7KCW4Ji4MZ1YcBR0KRVFQYyl51X+fkuaBdcTgw3Wpv/t9YBsA4nqqOwEAgXkZJT9Tpa+LFOnSDFWq/ipV1AYXCc7pY/1KFgfpKh/BJ7iOmPzZ6/KzGEYHom30gOuNUZphJyk9Pq4uWsDKUYmikzGjJwFoGnu0O5u+a+yQP/07N+Qsho7bIGPMV4IyYfMvarGpF/oLt1ufX9tgJmMdHKdKumc3Td8TtFV2eGUYbhlIrXEGalaU4IbztT9f2JHYK6dMhun0T/O7yZ/bpRNF/32UADMPD5qgrF6/KQ9kTjHt+P95+8BIbZ5eQrkBy5oWhZzKiFbbvG68J+64/TKBVpHVa2zwdK1t1sLwQt5L/efcGTLG3aj52sfwtL++oxZ9E9sU7DV+lggRrPXDXlQb7BXjtNrvQ7UyHGPLrVMJVqBQv5nik52+uSg1IZDiJwbpUQI523qQNdNCLUZOKq/kCLk4T48IQAEKCCsclZX5m0zJgGqXcx2zLqfq4v0nxdWsUjQeEp0veRV/0HBcM9wzsVG/fbxdKRWbpuO9VKlHm62Jy+xLOZw7oGvdG5UOjvceutj8VbuzyOQK1vHrlHn3bqBOJKFO14v17RGYOVXFzuWWkNvuO0nDM=,iv:OWZElsFSOp/Hr7NmwtmeGvs9VXuyTwEe8+dOXfir0MU=,tag:JIq1rVX86WTdsv9E1aq0Lw==,type:str]
sops:
kms:
- arn: arn:aws:kms:us-east-2:289708231103:alias/helm-secrets
created_at: "2021-07-05T14:16:32Z"
enc: AQICAHiG/4CitJjM31GdYxTw9OLz/Zs5oK+DCq0cU2fAjtAA3AHGLrViXnTaZsU59LpYhDUgAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMNbexr7sZbDL7xP74AgEQgDtehZZKoZC9L0R3DGZBHxgF8MTlyKxtSyynMdGCVBJxKthSeCthBQn/TeePMMd/aqqmn6Ac7mMc6lgXng==
aws_profile: ""
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2021-07-05T14:16:32Z"
mac: ENC[AES256_GCM,data:HqRqX/Bi+dK4/Jl0VoICJpn+kCirX3VZ9fvSZdLeOGhvieCxKlWlZZpT9d2u1DcjyVD/He770ImUFFuAJ6CMjxy8bKuZXdaJHl/R984tQysZENZwp60403izSnb9cOJqV6QWWCyVYKHEn5iGfvelgBXy1rMRaKCWGGi9ClvkrgQ=,iv:hp1YOqh7EwBODfcihClw//ZrU5TdjLaGZIWCPAQHkeY=,tag:JPMWhbzNzwgoq2G4YAVmMg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.0

21
helm-values/rttys/values.ucentral-1.yaml
View File

@@ -1,21 +0,0 @@
services:
rttys:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
external-dns.alpha.kubernetes.io/hostname: rtty-ucentral-1.cicd.lab.wlan.tip.build
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "5914"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "5912,5913"
mysql:
enabled: true
primary:
resources:
requests:
memory: 256Mi
cpu: 250m
limits:
memory: 256Mi
cpu: 250m

21
helm-values/rttys/values.ucentral-2.yaml
View File

@@ -1,21 +0,0 @@
services:
rttys:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
external-dns.alpha.kubernetes.io/hostname: rtty-ucentral-2.cicd.lab.wlan.tip.build
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "5914"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "5912,5913"
mysql:
enabled: true
primary:
resources:
requests:
memory: 256Mi
cpu: 250m
limits:
memory: 256Mi
cpu: 250m

2
helm-values/ucentralgw/.sops.yaml
View File

@@ -1,2 +0,0 @@
creation_rules:
- kms: 'arn:aws:kms:us-east-2:289708231103:alias/helm-secrets'

28
helm-values/ucentralgw/secrets.ucentral-1.yaml
View File

@@ -1,28 +0,0 @@
configProperties:
#ENC[AES256_GCM,data:+c49rbkEm1ozRZlwl9nV,iv:THHrCLlnbg3UDEPvjPfSfr8P/tlyYYOqX8c+5rkpdmo=,tag:SJXvPrtJIHtMPDJUbFsvNw==,type:comment]
#ENC[AES256_GCM,data:jWUNFKE=,iv:0XU513sV8U+WnDr5xJZyga8KNW0yryXmydz8xethm6o=,tag:TKQmTDSuHqRSwoasCfFu0A==,type:comment]
rtty.token: ENC[AES256_GCM,data:dAAP4z4SOK0TK+QKTQjaDyFfZIOchm6NanbhtmC0+Zw=,iv:JOg/fN/ZATot+HNlkGpeEmdxJU9VBS8yUhs14ueG2sc=,tag:KvoNNFoUMJgfXI3K4bFTiA==,type:str]
#ENC[AES256_GCM,data:83t2iADdDfvHvElMpg/a,iv:ygCOCMb478KZR/okBNXy64U1fhyGHiTJT06cB4yCs7M=,tag:blrf2zHXmNIAywyKqYaX9Q==,type:comment]
authentication.default.username: ENC[AES256_GCM,data:3CED1holJj8U3fDy7p1PJw==,iv:gaTY+fIp93hhfnsjMj0FihvqPLhgEuIVY1eNY2q06y8=,tag:4/giHZtHoR0h8NVP7+bS0w==,type:str]
authentication.default.password: ENC[AES256_GCM,data:K1Tsklf/SreGxdV53QgRM7SRnmaoz5jCA367L5TxbygD8BiTCuzOxHb08kKxQkg+lt+/MCJYZaG47seUqfBANw==,iv:0jUs9WH0Qe21h5bvJLl6B0/+im8tgsmPcG3mdI89h+Y=,tag:5ar+CvNPAKXATt5oVBV8rA==,type:str]
certs:
restapi-ca.pem: ENC[AES256_GCM,data:Fk0XvqEOGmPiV2K4MhinupWOv3ghCVABPa8zSsM7FI1o0PMx7t8uC3dG3IG1Iu6zdbdotPtnLXB7uUybfUsVQEyuU6zdEQPLWZHVhPImib45iT5d9SkwgQdN/DcgoOaQK3rDRxZ8DvqwnrEIHPl6PP5WBFn0gunRGK5hIhuouCicmSQS9dKuHlEIZcnqu4/7zIPvBf/UDkX/3rY5kO0PsmzUlHKH6+ZspNZbGBAiAGGetpZs9Ej1gO9E/sRSAcI3DEUJcbm+jMZrWneyZHLjX6su3vTX1+ZJUF6yJmALSChFLDLsuAiDUi3pqXSBkC3m/k1CE7uVyeJtJcfY5APMCx8q4XMdu1rg/zNlpWpHZ5/fD3JYK2U5EsptpyVOK/JJ2lOmskOSZtIgBk/iTnQC+QRBvTdQp3JCc6MA+Dt8CJ9iBsgxhfZHte69AlBha/kwUeDIOWcZ/yeMRVUd4bMnkS3tH8jYnga+u0bmHIn1+x1KX/PTM5TuFP6Fv7+drvrMVodbC65GfL+2bfaK23NMH1sJtbC7k7SkiJ7tlLwb1D3noF+HDR1Cd+DyE4AOXpWDrcaM5SbPATp56AN74T2Q0wI7SDKIpmEojs51pIgQQs01ki+t0eJuuo5nYPR8tyqd5TcbWrBkPrjEUBbKfFN2mrm2RnFqVnfGYF7yyH/6bGanQ8EZMsFq0w8ehxDRFEa+L2bydyFuRH7hC58PEnctZdwRycS5tfPWPKMF1wQ9uontcl4/E4l0wv+mOxL+iYsMqzDhkpxFDx2Pm3ZVAmQ7rt12PRpFUaAtpG+Ee2b00KocNHw2GPAcQQYOAeb6r6GuY72NEQdBjx2xDx+cOPO2kEAeo+f37MMtINOhMc9a0aPVRVlFRX1rWTJm7voqN8sSrfnZgKJlojzFC8uPxwxEUyK9RzzBbzb7m/cFIDCcP8GqEI0SJexu+AkaxxVmUg9JtoN57i9G59nhn9wbe7IVUOay7lb3i3Wb5o+S4np+uFLRIOZJSXl7TwgxUI2EYebFi/vBB2Wqg3kJr95rTyY6KDtv0wmRcxMTdA8gGf10Rt2CxYDZrRkTpM+UWpjAGvFkrAT05lNdJPzit2CPJhnLuvgTeQiqUR1g/KOHeYIZTH02JO6zROmgEGEaW3+fTV0h+jtMrogny9XbBrnt79g042aNT9cEgp4nIr6+LVJ9NZzHYxXBXCwaZDSVDIMZ9/tsrakU/UhctL2Tenf9wQjaesVfVSW+k2uXrmsUFadQsADGE7zCcdl2pssyGEG/VOBaWym9eA1S9G1qWn2orfpFTzrvYef6WubRbki/ts1uhznZLu7RL78gLFAlJ8u/UoKjkulsZ8JCLhmxIKLXqYRxiykh5wpO6CUMqTHFU/WzubyiNz7Mr0+SvoDOpQLoVj/uDfliWqLpNTtsi4udlaO2tQiFuo81logBrGgWEJbvmvOZS2Tec+kl/btRZ2QYnKh9uw5Ss9dqxzzVKVajVWVtf1XUH+kF5s8zwWoGYoyTcEtMHga5gRWB5IumMR7/sGTsak1Hv1+5lUVVQpG13EJrR4a/U5tP1iQZ/ChGrl6CoU2n+mkKMQb/XHUwYENeCcp+JO1uyf+8VyvhRfBpUF4oXDoC0/FAqPqEDu/VKmcHYXMye/b8G2aEAt92J8v41cnyLTRvpUADVmvkgPdaOMlFj9gf1EFwbe9lWHGZbD8wxAf84GrHsIamj0hfMg/wCEdkcbGMB3K8WDt+0fis9XznMXC1qfoSinUMe4I=,iv:feceTmrh15z2G1228PJuLKoiCiBvns3oPTBO508N8hA=,tag:MiHbZ59J5KfN1vmxzLjPiA==,type:str]
restapi-cert.pem: ENC[AES256_GCM,data:b4iL5vQTUDVziO9jgLB0mO7CKQfBBR0XNghxV1G3Xvyus50zhYZtlyTq+jSW4HP5K1etsCDAcwgRw1/oM3YIo/VTLRYJg3VxAcn0LtE4Ldk2lUcLfkKEKCYA8ong1oEZD0nMtXtn32KGbQqNp1slRxvvRC8waWP54wMFcHFhPSfxns94LQuxn/h4oZ1cbGgIxoCi9ei01Q41DFrgHpDMl3odvcIgV3xhbsMWcZyo00/4GsynnnLd5arqTKGucdbWTUjj26cWI8xllCo5IR9qwN1hYIKCtEwOzZ9/U5FCZ+JSrzwQIJwOS3OLej3DmYOZJaUt8umwY+fltXkBwbxdzi8pIn0b5r5zaO/xefp+Gq0Kfo0J9ffD3BI5ZCmH5YL9a072lZUwZAfyqS3rzNPAHZYLg3KcfdnHwMBmS4QDNXUJaBQDlb34guqdkFlw2vAxGBGQSz7XirsSpta0bPKFlqOjUgO1u5w29/zafB+JUn/3EotOatUmOxNm8DN2Q+WwXegWn1JFf25mf1u8Aj3X8RdlcYXhX6iXv+EqUbLpFKvuNm+EyVbCpxycJ2Fa9/0ppDYbk8bUFx6/mSpR2ROxaF5b8umbfLSEP1Vm+PV5QtVkJm8+e0cJZhzOKTeVSVboCj5KMEDiNUpryPVv0q2zPTtI4ylnywD2MfVY/iqcuG5UVBIWFwFjjXV/p7lb8SVXaqZTgq/cNiiaJo8gCpk1prj2SipHOoGY+BtVFm07i38fvkhmV0MHJd0UaHfNSyaJiA9VTUkgEnsdG/crF4S6RgqUC+R8qqPw1zTQPOIGrwnMARq/039R6l+b0skv6kSv2/0ZUIfK8U/DEsaKiuJ7YMyOZZ1nime5ATyXQnCwQqgqnkG+qyqq8TNnJlKtDQCoqPGaVyDG78QEjvTImQ654HbKExHTEEQqLRA8+LUosrBRxbnfD1nrGIXtMAX5TCS5k9OliJ9euClqlUxUS+tO2xDtgcbvd1EsZ7EY63112gdeVWsI38/ZwiLux87LIee5KqvphQxyPQmiHwsHmAwSYx6elYnZRKn2y/TrEAWaq7tdwMyJWWYKN0K8RwJglI1UADQS+uZMHTkubAk8TM+fX+zB9/mzX8P2hZbOvbQKTBvpWdWWF2ERnibN4xhmBSX3fE5jjH1V/oEo+LZUC2/Xs8DEiIJrxiuSQGdDQkerrIf6n1TASVALWR0hMum44yikH9qTFz26c8+YYC/g8U+u6MvWEENg65TN0izB212zC3d/2gvJygJutbpJNPX1oNzEjIUFGpYFmDjMu9HO2SSte6os/1aWaReN4yvmJeIbqOP/0zYKlb6NNxqZkb55bi/rAHcMqqiXLVG/Gah/4wGvrHXrr01XUNDZeurxPXB270lFVOXOoEI0qkUri8RuZNM9o4D3Uz673U9qfgWZfu9Nd7oImSXsiIiemdeLgo0bnDZ7s6vzt6dwm5gjEmPcLrJiwd/0LMoxaWizUoTbWhCMm/1Bb7AYw9r1sg9ItuwCyzz8dGqh7NtAsmVU5zii8zSjjqtsZR8YjKuxqJRJwQhS088+Am/L44yKYFQaxhwpjp6woIdBhog9JrhkBufYUNAAdkIIBB9Bv/RaRvtZXM4WgYG7wG8Fy4iPOsoA2luvuPBVjwK+wQxeXN7TDv5nBbbVBoemcRdPBgByDPRWZL7+N25M55aQ70hZAs/89ARzBqCBcWf3m9LJFYayci3JYhdXTMstXK6qr4I1bd+yeXzyLhD9Msx7GVkM/0kWGt4Ljsk5Nl7g5bw62TsdOiH8X/0QQknEn8Lhay6MRDqwdrd62XHYumH5CwXJOdVd2zeDtolD6ck7OA2ZZVE4mC833E47GBNZ4gzu8fnZlCdIYv2+BpmUQFXCliETKoWZMsCShJQBZmNBUSRCk5HtPZpemSv5IjKllXolsU7Zc8dvZu8sSo/l6zw3Tw5Ng3K9iABNrqFeuAj1HITJwclU9o/3tS6BPKx7ivv8BEXarzegzwuLUX+Qn4C65GWqA3Amn2oMyRR8ZQPPf5gfFadMFT19wvtws/XB8QwCiGiypBAqSGr/p+0m74hM+1orcrUEkLph2ojsVUZcqhB/5nJwuw/6pC8koq6Hb2VqH1YRr3k5BJfKqj4U8qsv6pMDS7T4mxMLL+9ideoYmGHrNoQ4dCTeWDbanEKJa9pMY+EG+luNRgXu3Xpt1w==,iv:0KbL0uVzQuSzEjHbQq20+U9PloG5SgVnc0mhVGRkOO0=,tag:YRyuvkkxdKsX1KIiDndf/g==,type:str]
restapi-key.pem: ENC[AES256_GCM,data:niSLZtVMVRlnSUJ/EyN/L6bisGiC4eOqhGmvK9B9Qd94UPUxNNjFV18CMKv4Kn5xvPb3tRRUPZMROo19ysGpKyphJBr81uHIfZlaIo33v7v1adnPK3ucLIbcas3hEDNCwpycm7TfGCSew2YDE7xm4hYE2wtJ8Fp5aFkVOFncu+Kq0Nt8iWAZcwvZlq/+5JAxOG4MsUomLBp4HDHOZmN7Zu7PsuFc9OSv+Cwm7mcM5FUxdulLkAMoPPw3fAUrO42pMmjwZXm3JfFdt/3+EsIEFM0rkE3Hcyl6SAnTC+YEShH89OLqoJUofg2eoj7OwYnFQdg35cFgVqh+fJ5M3JHpuixgB3L6YZP8tIfQMKRTWWVSO/UR/d9/dztYOjCRJGDEuuunwD2U+uPZD1zPqH50Ageirktf4/QWTbmzCLI2ZpxqNHtPfOD8yjtWlf6qWScBOvDHZ9Wxqhkqav+YTg5lH3pvp0Khvgu58aAroPwmE1V/KiVHYmxbPazMPsxOcEbpnS6H2VxwnEoCmHnT0K4H8m9DUfUz6LTmvuaN/H+L7pBjVOp2D3jckl6MPPWPV23R422l0viskNJvV8208QXjC75SE2WJMf1TJcEhKayQOYZBaEmuEuLYUR8mJ2Z1Y5LhnERluukzkm72zTFr0WfV9mT/vJgJEO7iRkw7ZUPkyHpeQcJepQDWMelxPgl5NZoMCN639rJYtqpdlXsrPADQa7XqOjbU0ecVs2mfIL5un3pY97SqvJ9MaHqp+1iw0MrWs4tSTou40UgKSAg2fpwvUlXgv5TxHeaXqwN7GoZVsb+Zy5E8MT9/hdW2LVyj30xbgSX806gpOZvLGvdTG5haOowJzAA9Sk+sdyMz5znKCBbBwkW0UYHUus13Q3+Lx5R+7+6EuB6oFJtHXxXMwxs6vL/RyXtY6XfuIAlzNh8v21e5T+U8rtTD6OPD6s4UX0uSSlt6qyGqqUcM/QYGX2UvRGefkxCePErCz5uZjV4kreTudM9ltlYYTPH2eXChWAre45Nu5DaXeE8kpkM+5nI4GjunXWXauHeLR22wK8DqGozMUGCXtNxFV5GRJvigiOQGoR0RhjMMmGYuAAhdP7+kHstkZPxyuMzfoCMo/Ejbu9v/ubkcIBCtTDRLteHNE/L/WrUngM1uZ0M6Fk3BXM3xSGxmtiszGjhuezUDSVtRV4Kn2f2RTHYa8ySL5w8CEi7anfDIx5uv3iN7KoSl385t4jUSgGruiyKCr+1iFXHcYp1XvXpz3BA0iC5nSeXTu7GpO70fqwgikaC/dQ2FAqzH5CV4C+raS0FV9ds55JFAnIUA2jV+d6bS8vPQAJ54XONB1yH5z9oLadKUiR5jS8R+8sYeSrPuXg332odWEZak2lUi50G73B3ZCoXmwcz01JCnpsKUKkeO9Dm5JNVWdIQbcVbHg6cgBs//m7iM0I24ozcDtHX6rviyVCou2tTL20rjMQviHqYgOJXDVDP+OQ5/NnYq0Az/1rUiNc25Z+rFZvkwKhctNO3jcTMK1jyIkgdIBLCzgch+AQsm2W9taUxZ9yxlyLJocZ2uvYvt7DAH5tSSaDrlJdOPar7sUzE6m1Wjgo+m8DGx+3FibDFu2a7T0cafEulWoxeNw6MnEwWVGzUK/Dk+Pq+SpBCYZeWoftPnx86TEAGeRQ30p9d/gQp7NtP+bJfz3/TcO4FgufIPObdDbdHskixh3JnPbisGpcW4O1GUpDum1LIc5giOjBS2C1s9cVu5b2K4UVVfEqSlLfx2AwtYEp6ZCRNYU7knuczahKvXr5syJfj68osDnHhbWnETfg22+F2WN9GFQa7CHFUU2d9NgJgiq8qOa4lPMkypKwHxvEaGcI1pjmLSmbfiQT6sXM4RkcMOAhvicD9hPjW+kXHBHkkzAwPz8r2PRfqZ+6qx6NgXsvnEOOc7qH4cx+ybBW8qDzoqzD7UhSZn1Y5GYzskfwimTYKC/IrfRBYFkFHbn2qr9d/9Pm44ICe+1qZBzNyJjMXCf1iwJoQ92hCtVCIk2yOb5GKX33synq9s4sfCek19cKbIjHw6Rgkbgr6jQUxXmjWkmN4TZVU1wLsdl1tbwhHsD3dSPtAp857RAQkK20EInSYGScfaVs3rGoLoZWpAI1NpPj5ShWoATa7f5lA/HRDCAiMRExoySSxRw3ktxffTMPk4P5nZxUOV598AHaALIjhN0ySidCI5CLKxgcnwgot8KLufmutBbMo=,iv:Ke55HqFnndEWbdngi+6EbrjNaLf82q7JEkO9FY+qS4o=,tag:nBIgDCrde5gB4xpRt5Er5g==,type:str]
websocket-cert.pem: ENC[AES256_GCM,data:c5LkX/bZAfrIqX+Awv6IQVQFFxpUX3kaT5W7A28v7RDSqEcbEjfUrx0nO4xyUtWFtrEmviyB0KFWXlKYXu36rTW16LCmPpQLEp/oQdPidWWrmne0YJ2jtnw/7b3NA5L26xRAdseorPEqUzplavtXpLrJ/E3+ZfnI+o+J4h9X2eG/2xM6BMHOEH4A57eEVNnFgzTJHxXdbjp1yltHqtDQO55GCKptHZIBPTm8hbkBOVuwFPkArCOjj4owYV8T1L+5Os6vUZ43YquHNcySP6/DHQJKeKQ4pU342ARsGNpsR2YvKUc8aakJSUzYVthGWNKw+YpEva+qAk6MjPJ9dSAT3uh2ziSngRPXU1q2WOSHbuz3g10eTEdvN+9J6zzaJZOVD6jBWQgynXwwFaUb/VhKKBkwluk8otNJCVSshgKL4nOsI4B4b1zwzQWSO8tVovvL0hZ9Up6FAcsA9d/N3DJLxRydAENbaYLXg0x5AuDNWFOq2/21VFpWEGpJOMxeDWGETBZkVP22AD9pHC2QrZFGbfkVxU1A3PzZk4kxp2C9gITDjPlLnsyILxoccVhOcn3d/bFqIcu4mIpBufCKHPRVz9+P5R9LaFcGEgGZcXHIy2/hQJAEjpVUfIMeb3Fa8IUgjFAH82K43n7Y9S3AZxmQAWAyIJ8ULHKveTf+2g4K5az5GSeL2YCvwlOSqGAFP+OAsKBKUAVX40GCAczP1P4PStMd8tf4Vlg846Z0E2LL7TY63xszzUfm9lDdsEIqn33brlM+vvSghTGHTG+3XfRa4d4lN0Ag4BGHwa6ypiXUEZMQFLRbghFIDgtqiOk1tnEnfsWV+0qFhPZZvjSLLX2XY8Yq7ec28Icfp/FmK2qzA3cC7xblJisPdZzGLuzVKwziUdAHGOpPWJe2uQJVgI2aTIxcwsMjwEEbXtBcC4J8OBpQZpGAWXaIs25g7RYgJj66xIAxXPXlVIz8td1YuYkXqdG5MLPWt2kRfzSGWzzKybCEY9DEHuoHSP4uKd/7gJC4a+kBRTYrp3S8lZUcFZu5O5XEjEG3zEhpZkJkM5Ekdf2SPRwrtDsxubqOqMHxe2BW3vlhJtLF8NsL9E9T2vLqcQ2ACEfm29j7VfLXVbi8NDfB9pVaL72G5Tghn3Wk77fChTnP2VL0SnYdoJhBWPqPWzu3w9Ahu1ETU4qYnhjVWxiL0MPoQMrqI0/9ejsQTyN8spTTVtRz+aa9T1wJjeMUKjU8GoPtJE9k1Awl3cM1+bNebp1MI5Kpjvjj1rg8955tp+wREXXUd3csx2JRV/epmY3IA1SbhLZI4+ScnsNR+pR1eBmAe2Fob4W7S0ttyP42bT139TxjEpUPmD2mkrCUdX4Mf2NP0iOSHTc8k/gelUgqbVb2R+T6P/oO3SzKHw++0W1Bw+92MsikKLK1MRvzEhSmE/AeJMLRinQ12HLgSSPSC44m3zP/hvmAom+4sJnRKsu/HX1Kex8a2XOahUDi8/s3Y+PLOSg4uUvhn5f0w8teNGaws1+7N7jPDLTnt+rIfOV9/JBu8lDemX4Sce0o8+D3xdCyWxuPx9TwvidtiwlPdJEr7Z3lK2wFdnZmNg4G7uj4PI2VrR+/kWcQ3YCmA2EzFjJTyXwqL2t2MzjlK2e5AqXCt3dG7v0sKqbUfn1zWG07RUx5z6dQELr++oTJrSfoq1WRArsDfkZMIpwOqV/U5kk6TU3kua/H3TbSlbrlQF+Isz/9OCRANi+8Cwqfd64nSxuLCOO+x2owi6xS5OJgRwUmvBABcI/7gT+hpYcUh9MK9mi8NuJQs+yx05lZQskd6vNMs4M6xRS69BBUVACbW7/L7aVyycAd9lHIH8ZeCcwR7F+yQKpYNWm9j0DMW39JP2pyfApUbDxZEBNiNrdw2SA89CxQTAHTGgtA5iOUjontDxAM7WuYj3Zh1fD1T+91UWYSzCN4+CFPLXcLpkeJiZyvpu9BL04cb3XrBka50jtvn5K3EhcteIWTzkkndm1JI1szkvslUAr/yKJGHiggGzihZWtdSvymaxyiFJCYnaWLGFnPtnokjADDM3Z8SxmCB/Ty7E8NDND4eAVaOCDCjPLQdee+MCPDKuQMc7O1zEHboJHJv0EyH4lgbXFZmkN+BvBFEOc5kUS0JpeK4lExvtNGoSqrcmV4at61SnG7utSvwnH5NCjjBJWOF2MTB6spgg==,iv:YALFG9i7jKzykKnBtb/W7w/5NdaO4+IZJOv78WZNtd4=,tag:r2LwJpqDOeAmhLPSKtRwWA==,type:str]
websocket-key.pem: ENC[AES256_GCM,data:37Grdp9HRtoKsspxY4gI1M23WDdMqiDZciwU23nwRb2K+DbclC0ahBvNZkFIU9Qw/TsFZiXTTKCMthx9zTJZDDxYKJJ+HXsGK2UnLxeJ7w0IZd73soTFO0Y0zrdBGlfMpWT1EOJ8CTmt1V/pgSXix2KhS5q+Nn/goLUzf/lqswITEF6LGZLcPGgP63JuyhpRgNYlUI8Y/xMX+S9cq08ojFgguwVKyVb6u6jzQH5Hs8M7LUWMxk8oxBav5uF1MY0UCbqnojWEFk2wHEChMwgMP2A46JIP8ayvV26GhlYLR9BSNz1kWfzf/LQpi2TG2eEIIqpKU33MfeM+nkgfsEjw7f5qGuHZnqFHd7NLBmqsFz99Wco9VL34Zuqi1vQu6C6l6/r3NmT2LTfOaXav+DfKIBp5ZKKzGjRBgeuuk8BUj7LrPiBx0WnfZqX5zSqpZbvLLdLtOIfa2ceeBOe7sqDE74WBd5lx1cQbD3i+BjUZVW8BCXwQ/0I6r7e1iBh7AHFbPP5lJExnVywI5buk8JkR8h6LMO5MGht5IgBLZNaaj9HSxFMwwgCqLp7PnAPeziRIxx2pdZKP4ugc05az9PjXgJkOQSrtL4nhKuUbAIDd4up2kmSAgDJK1wNuGsExTy28Vmk8g4ut+2pnq9n6XtE9cu5lOtGerrb6Hm++R9cr9HW3vTwwNNnEHxEXHc5t6RcSkik2O4HQBz4yKliAZVKod4vIdOW2MR8giqtHlEUNZpZHCGoJ+rmQPCD9BOQ4iK4QpS4/4GwUgBLkQo6HVdOgInZxaj7dOxMbPa1+CIVzYSedyzKJ7YcUzPd/jiVMC2BE0qT2ngTjD5z4l5uUyab93z4UK2n99NABpdHjdRFqKsxaGb6Ce4C/sDIFXDLk0Me9xZu4weJNWoSKt+UOixHr4g2x8+LRdSZYxFZdsxwv3UzCWLPNlRjRjvS1LHJl0a0j+JiXnMtsDzQrAXgpQuC8sj3VTbITiFqCNsET/J9hc0iT15frG6ghXINvjqmOE+Pt0lJ9Y3Xj5dmFV3ItMOmOodGpusDtjsv896CN4GLTEzrfgSr1KW2X3Zmk0hmql6pkm6Yu1Byh/bNrFaCbgrAZVg529soO5yeiUKp7dTwFzV/0K43R0BIjTMhq6sq6PiPQ7jOcxO2fYlTaSlrF71xraCbpwI1blu4il1P/Vu9kyfUyfopyCooYl8+ELf9QHaeFxkaY93oNWaLRVIC4C212HUuqbHZItmSCI4ORvKMgXG6zffdL2XdEvXB5usB6Xi026TWKOkp4ptvPRG2m9vttaibTKGsdgXlOGWvJvCAPjDb60nYbUvTCA3T1krB03dl5b3gYnMNwCzGrp+2Cl+75hMH6vAIaZwziyPc3eEbPRLcGkOLEfbavqVJozp1P9oBBIUTqasxJHysLxv9G2ihYCFFVJyyK9gPI2eFKANPdoqMmrcvmDiorOJWacAkgF1mgVY0Q19lE8M6PD1/ExEwaMNsX35wJOuD35NYW/Pr0wA6Hj5yfo/4Vqv8NqriNUTdbv+N+/8AZZsZUReSjjySl/040yeQk9auTABufnjW9eUuRGPBl/ePycltcoq8KzGRSLKi/XLaJ0Wb15i8emOl4fjykLzqZXfFOAZ+FDnjmLv8nDAATxa3DEmF9BGkzAJ1RD9iYYq6Rt7gqIWGAwpRCj/UrajovK6eUDHnFY8UY+nPweXWGE6LuUazOjATD9bDsIxit6VJe3nI1gZwVF0tcwW+uktZgt8mC8+KqKBBB51qG7L+Wy70L7HRyWwZBHBRaUPmCH58/5acxD7qpsFeGAv3L6y66s97D7QzSwIaRn+OsAs0mCPAqTiW8HiIjsgBoQL6qFiIDApoSIZBfrCBedfJH9kj3sPvs3Yjo0TX6d5IFZxWx08n4u95Np3YXf/ZDP1dQRF1VSU+9L4grdKkLBTWqyZEEjwcLW9OFcWylR9vtAAZ7/Y7n1eZFOtkgQdanlzaWzEJAdyKejjqEOu4sGH75T6dFg7KsxMe8aQlmoX8PkhWDFI532lA3ieM6ea/0tJc3jX+hLCAdR6Q7hkKE+gg7hSwbiqTHfIibzVYUPDinUGp5PZONknc+Ty3GcJQJAxFDwzBC7xDD1Xz36bUMZwVwwDnQpdlJ2b8kYH9jNguSWRufk8fqWZo1sBowUYuE8UK899RcwqjYL2xKWiaKzkq8Fuape0fcPiIICwmYWpfNFQELa9YV3fU2ujYt+Mg=,iv:QnJ0UArbF4+cbtTEQ/uK3d4VUbN6BGDzIYw/xMmQT6E=,tag:UXpEJGYtU/GIDG0xnDQGLg==,type:str]
sops:
kms:
- arn: arn:aws:kms:us-east-2:289708231103:alias/helm-secrets
created_at: "2021-06-30T15:35:52Z"
enc: AQICAHiG/4CitJjM31GdYxTw9OLz/Zs5oK+DCq0cU2fAjtAA3AEDQ//gxlEyJ56QvE+sOH81AAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMDmVBhM+C4Rn26DnKAgEQgDsbha/VRkGjD/aQo4QPze+80fmKIxfsvsRRwdg5Qxn/XvBZmyUe+vZzD6yQ5t/PB6jiE+eNEHO+253FUQ==
aws_profile: ""
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2021-06-30T15:35:53Z"
mac: ENC[AES256_GCM,data:5R6dzBwdLh0Kvhq32Sveqo/9mLYoEYL2sqQST8P4AUiJOQRCRp3jkNUbWLoWVwqOZzL2XNfsAVWxcIUtt/Zb2TtdvGNVi7ud1UNZ4cXKJ3+Jj4bXHOanauPgFT0MsKmfnSsE5QGgAf0fMjR7ozeXDpaf7aBVqfL0YY0uXyng0xM=,iv:PyC0Loe0i3I2WHoQASaj8c6GMSYsepdakTk3CxXa2qg=,tag:wcfw/Ar/l3SwnVGZr+XQZw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.0

28
helm-values/ucentralgw/secrets.ucentral-2.yaml
View File

@@ -1,28 +0,0 @@
configProperties:
#ENC[AES256_GCM,data:6ZWY9fW+XTihrY/cCSj/,iv:5Ti5re+mLZqgamqGO6vktddWcUUS9eLWZOImKel6TOM=,tag:0jOE05r+tzx6Nq0JC9YEyg==,type:comment]
#ENC[AES256_GCM,data:OU1ncbA=,iv:fpIfcKdPvq+AzdnT2KWfdQ5IeP5CrUPFk9fxRHFDMlc=,tag:pfw7dhqwS9mV+FUbJwbMlA==,type:comment]
rtty.token: ENC[AES256_GCM,data:R5bFG3eZp/lrca/D94C/isxi+EK/VwVfJumNjAYzZBI=,iv:/ZFdiSCZhqmcuggfiYOdL/OQQ1htY+UgqDlvi95ocDA=,tag:wrfklROJ5lBooVXRC4CRgA==,type:str]
#ENC[AES256_GCM,data:WJGaDmA+68j7irZjRdA4,iv:N4S60MeY04MKaU+0s2eQ9fcdIG4oUUzWaO3Ht1brYpU=,tag:f0ZATUN84m+HWDmfSKOxhw==,type:comment]
authentication.default.username: ENC[AES256_GCM,data:qRx+rsqL3HMCL0hBKbqgzw==,iv:xgonD56NjotZJgI4kjjT5ODaEYJMMgUR6nW1Wxbw0e4=,tag:T5aJqvAex6pCfajj6Xeh6A==,type:str]
authentication.default.password: ENC[AES256_GCM,data:InNzsPZW5hmhic39/ngfdBVq+Rd/KLyladILxjZvJtslLnT1BGKT0hTFgAepV651fRvyVEVEH/a29E+825W2Hg==,iv:K/y1l6+Vqbjcu0hoAeNiD4IY8WSFpkmG1Ixyu3KI6y8=,tag:uVukMzeZo3bMHieRLPZ6rA==,type:str]
certs:
restapi-ca.pem: ENC[AES256_GCM,data:Xgwb3HvPlZbiZsG2vJo8mvUjts6YSzkaZXAzJ6lcZRIrKC0Fqvtr9+2jsd/KHLy0wnZ1wTITRliPMlol+oAxFFDdjS5iF6Mg2+EHseeB53Bt/xiYdbG8+sFIRZVq3TV2ExD18jHIHs/qmsE25lhIeHVl1EqsJwE7OzwBRxiAsnTeJyA0c5XDE/GwoCVmGRhG7qBID9qScgWIm9hc6/L63XEpCcPsTOmzLLqmsWnWR0OfDwV3S115dYNwE+YwFmGe+/unvm2CIAoA8nSo8bGjEx+rTaBpCEmI0npLGmp8s1EcMmLbpRx4tseWnqGAALrUaMASEm/74INdGH69dmlBwGo3d23YjUbNXNjzDEAsO8hoeADDfk71m1HcrLtJBUlxexNRXLFBgtugp2+5deY4wTjexdW+hO36gGUG4IceSpqjwmL1O0fSNk6XhpMswUeltzOnPidMeRvgnIopZ4VO/L8PFC5PJ2Pze9q/rNKxLLNMGyPPaJ8GN+TQjp5AZcLJrhXsZPAxZ10fLDCjANpWuXrj8GsdO6eveHBzVhK6iY15kh3orJ7Pw/u7dIP082q9TCpERkjsFFWoFFf8xfmc1WmjZvPs3DmyBU0Bfci5oW9PBeHZrQUaJplmeC5wkACE896p1gE6IM3hT698aBJho/YmWrOP/4mZoUtJwzBHJfavNlmNynxiFCYaZmvB56DqvclmrHEr7caYgaUIJ2QsqlrCF1jrXEq85A2VDW47IR0cJyFa6UEfefr/kDdAAxECJHjLJsGCvsrn0ilP9GpJTBlIr163MAkx/jBRu26e0gZSItkfxStv6KVLj4t4EQ0hm/fpdDkPotmN6IwwgpTZL/ROjxzi12mFnqJyY9WhCYNrxSVYRxj5ZxIif8MuoadzpFUxgOYjK0/XGFEHMkSrZGSXojqRdwIwkjtrkNKXQh1epHg+MAjBKybqaN0jttwd1CqPCCPATcwa4iuXRodwlOYYBhCvXS3c10tOTRAS4+JmEvSYk5PBulCPPJjqGgBQNQN17gudSlNnOIJYlOokdmWE2oMEBnt4kuoGfj7pxRN12Kxckz+5hDznLATc1M0HzvEsCmKJzthUj4jIIf8WdTD9un0HxWb9sSkMQNcfkTozy4lGnxpymFBDZNNumdVmk7lpDmxJHBNlGK1wGevH0nvGGw+Y4T/C1impECNAjtyFN+Qt0OgFBwwK0dDmHgoQYiMvyOas7YK4WZ81XYSfS+WzWDp9qrH+i0TCgE0ia3+YZlKnBS7FfkRjWPjeqrbz4V/AmL4alaucwv6PdxBIDvJ+F9qHJwMqs3CKb3FEvRokskbp74DgUwPlrTGqVed/gVsSYUgGKHunebi0mS1qbyScg5PKIkeMgEI/zUs7U6j7MbHWsHLkq4dpzgLff94tH63olWC1j+XvlTIxci20rbo8QYhTCBz/HFJMlRvx9LQTg0gsdyT27OqUKOOjf+k9JdTJMA0SIuWw1T2dXrlnNuSGUjLc7QWk83pZIRdVAHtZ+Xw880/tz3wvyb2s5bt+nvthtH2SpxqMUfA5nPIk1zzJnCBo16ORX7aHlJXSHFst5azeJGDHFZ5yBBztlJctfWhrqItAJlEGbwkSMwSMbUjGsIjB+MiuVmFLLPEufj4H/sqPxCXl7wq9FVmCJ/k9Dc6b57s3GNM5Gb6D3KAI0xSIn+dmJXWLOPR0EKe1Hcj4hqCT66CQ7FgIXZ3t5C6GRjzTUDIUW0BWNthZaDwsgNiywXiF1HAvxHU=,iv:02eZOOo+L/H8GEQxN5EzfRS8yN9KZnwUi8vEyaSO3Lg=,tag:ecFpbyk7YtJnF3kKpoXdfg==,type:str]
restapi-cert.pem: ENC[AES256_GCM,data:mXiPRx1CfTkvYNFWs5YoIhFF7ZhXjupyKcNr6WbNUv6xtaM5jaWS4nBw+6Z9vLXqzIbsZB3kDsXDV/ht4LasEzR4Zl5hS0QJm2fl8qYwnze0WOUotfdk1L2+GvODhOUF0MArRrr0nw/oW28MY/PsVbqhldSIaoX0+SrmKZsdHagJMTOi0NNjj2wOq5EzVhnrNe0VKMARst5tU7+Jvpq9uLHJWty595e80N5osbEbevRB4agLilEobcKebQ6LZacf6zDFGRusmf1YwBmWDyqXt57jAVpH9TDcXSPmdJvbUMPdY/VtaTQdF8u7rNfv3v8iz/BeuDmNFlYBdChoaUTaC0v92hzdmrAea/AQsKKQDHuOk3Z/K2YRjUqwQXYcVeenA3pPQ9t9zuU1Pwg7ytBiH1T+b0fsCH/247S+1Aa7dRoKwSihOH83NL23tu7YPB25G41fx6jYibop22SiGvy9B54mbzWbC6YXpjYj18gm3LYFVMJSpS1NSKOrTY0nDGlKYBEhyO9BmgeZG1lFDsZjQgzkGbZCl37p1gWvdeLw265OWwbw3vDtrcBqExFazuLtNAPP0PTbVzhxvC1UMYdTEbNNAx8sRyh46GQ2oZb5C70BIYb/Qgf2BJqfWUcskQU8BzKTZTtlacfOvVYeQRl6Wm2UnmeRSfkUFjvlaOtOLBIV+2HR5o6D3iN86j2XVmCLZcjVjIh/TjrMm2OHDNEY1LuG8oTD+NtYX+3pi1G/+25K1loFHPOicmcjsJs3+fQnWSjVW39ji1fdJ//OnFZSK3cP4ZYZGQULlhRaSbWnZkg1Q7Brg7HUodw6I2kP8p3+T3luZ7uCCY0HvywCsTIYKZpV4CSZauYPaHo5Jx/YWJO/7bMmDSDa5MpDHQ4Kgvp6dBZXMOBh1SquZKapsqBwU3gvzzdImqUkEg6VlXobumJDpvQrMUoDeu1jXiuY5UVKqqqVY3fgk7A2czgqFpyy/bG3orwpLCCL4EyY26UlIjiFBxC5WxP1qH1pZgPWwaROr/gGiw90xXWzCAyJzW5y00L6uy/NXLVgFGXIWvhx8vyd48Rb42GMmEdL/RwWiHH7sYDXBKss/4saqNcSgy046q3B4INuI63V8efLsmSTF2P5iZyEzHwb0//lQqLleIdmfJjrAHWITwaVw/aYOa/Lfuh4J2nEutK7gUZh3otTOF0QweC+AX33Rbx8DhTt2h/oSO6oj51adGG4IKunKnuX6ehJEc40gBBxV+fQIew1ephbGXoP1VyKOYR706GeGgRu9VhLB89zhJalfaDe64FRRjqXefutIvlAnsaJzcI2GWq0JKhrznK1ApnBOXzS6Xu/RbUlcd85oVvCPyZAebC46okBnLdUrclrZsaL7V2e0Sy8Lyc3MvxGsvolTCB4V+12l4kF3eP3tSVcsXqhkRE4WS6Tt+sY1L4TKrZmLxVqwaO6BpTftI4PAOcM1nDqCOunZOkGNy7smJD/U1aaYL0yZdStQM/fMVDq6NGqivVt7iXGkbivg3FLxma6A4xh5+tLTMt1DBYlO5v11lyBPhKmL6BW1EUo05UtWts6zlAf72QSn9bdPrfwY2DBnqMYbS/bY0Z91e2yhV4+nx+QLSzGiz2omDn3HliINgRZToTb5m1M1pQFZ6pG2+uxPZon30zznlUOscsCYX0NCz7GSK9WQvGGX+MC2/ZwhTCVRPH7b3n3euD4UJwVDDZztJGKf0wvVADOgGGi1DKqoufAmPFeWF1H7bIwPKHpRRKwIrCSkGEEbV+LATBX2lc3YbYbNSKbkZ0zEaqWdrRJbPCgk/zGs2kKMdTVPFv+6T5EYwrNVZYJ2AoKG+S2KDTkzDPJgRWyLoSHCDBeVkWltSWrXPQSQ5XADKzuhWUEQLba1cMWiwDWDlSyy3/fn+GWGnmLKdYd76foPNTx1h67mdw+ZpNz1KveC16ue5tzdCjC4ciWKX/GJh7v90ekYSlgH/iXaBgEZ2uuUVsW4/E4uEUct8fPj223VlBBXR0vPvlr7IunHNrj0pVUP5SOEilZ2UWnHF1fP5me3CrkB7n8lWpOoyGYXprU4KDbtu/FeZbi09Lp1dgxJVx21zpXsYBk0FMW1Qmr0ax/1ME7lJQGjsU3OImZvp9JhLAkMummIbUCw98rS3KAK4ErqGkSD5AHE9oOMP0/UyZL79KiaM2/cKUMXSNz2BuGRQ==,iv:EoVKVWCYHXxj9U7fsxaLDOygUH+57oTQ+reFjLA10MU=,tag:+sT/5Hb/Y3sMh1Ff5V93VA==,type:str]
restapi-key.pem: ENC[AES256_GCM,data:LdM7j13vNThRCAFFur/js05G6kXELe8TQUnsXdzDUpTF7MiKLC2R/g0aOYspH+2VoWPFpvp9W1Zhijf8x7kAfq2rQHXmMtutQ03gwf3UOv4d1RyVppesJ859y11QPjG2W3oBg4hWO3e6dzo4r/T7gyn8n4O5Iji6PKUHl6EXgTYy0LPvKUnyG7GA+d+O3pbxP732WPRhGN+LQDgPvmppGZFDKSU9J4RDR1HirUsw+ZK8U2ttwkUOjH6X7i65X4ZkQqULOifzEI4MSDCOUcPWUnCm17LKjQQGxZ0CDFEE6ZtUOTAlyNe/Aivv+FE9CNnEhU/Mip2TOh+JK32MTRXc15MEO/XYU+NKHXaktWFL7M6rmCPzqy0ssBFXFW8/5+Z8NUfiIijA84v3UL371uZF6q5RUqhVAc44Rh27qyx28fgqdz/7gy4X5O9go1s2G9763PvTPkrh5KeKtpcWLTFpbCG9ay80/ahnpJzuDBQP77NVV7cBIDqhyUDiDwbL388dgT6Si/W1P0U+gHLX7A/Q5/Lz89oGSR+YqKqt2IRXfi0iKCF9cTzJ2L7h+46GD9/ZgiXxf9dvhGLRI/HdTrqyR4cQH58UYL1M28KUVhaLPVJsSwC+8NUh0q/wLntqusVeXzH1zBY3eLmNJAeilXTEutRWLQpABU60/jn/9sWFv3OUaaKjqC9UpgMfMZOYDGlmJWsLR8doeAvi/r1M9QG9v1Q/WbhyRkvoZLk08aTQrb3C9WU0+g1YpcE/D3RVNrtIAyyiU3TU4KsvZsGN2GOWkOesJALiyKwjPtBTeyVjHL1pBIywpLCIwl74REwJd5OPtVhL5vHN7mYJWtUdT/1Q95zbvA2oiJecBYEHfsbt0p36k7HMo1fy4A5g1T/xDeTXOxa0b+J2QfP8BqOLMppjDAe2vIH1DctHBN85dhWuKKemXPN0B5gMlD3ofGImEg6X2PBuFFrxK6NC9EOjHh0KM8aVqYoy/w2dkEOvpp7xDWtDkH0NeFEqWXCygxp643rLCb3s3uOXg6PhgE94Txq8JH+APCU4bXOeinKLOADUv2pJgrAm8xZM9Nt/YIHORpVvDSwd8Z0GxY99vIHijFWHL+bb0MN8YW57Yqj89JttXnqaeyy4gEeOMs2LXmbOwyBn1QsxceFgzNNVG6wsPNBPwBAbXl1hkP6sliLEdM3lqxZHWn7zLWIZuvCfeFL+OwtnuNIkAI9iqvnOh/3c5S+LoYFPDEjI0VFgCLu0RaVIATRLuuNeO8i+AldgFo9Amo8LSuaSXC9VyyR3AkP5dIU/Hp2BIWP1xBslgiDUj1F9lvdtShKrKrn6UaMoAAoZ+a1lHNuzsEYGF526gGoytBWPKfYW/A2pUKrzkyAu7O0Qtw9jhN4lt/92ZuvvTm+pmmXrnXh6NGIE9RQ6+Sl2xcB222bQOWNKb0nPduWExZGcOT0mtOFHBjmw/JnutupOtc0mtIMKJftyFB77dK6Ee1amd/03RtQgadrovZW8GKIJdWsXaxUgS1uXmEukX4Gt8R1NUH1pmfAAc1X8OHPAXJY9JDqSX2Dpqft7LF0jBMQb0mptpCyzNXQLAwy5umZY6xrcriyIKHOAicXE30zec4HtMFurymSgNDjd71AaMFnszcZ1y0gIon0tbGFtgAmJHksTrQBeSmJdm0LV6jkw5/WbDrhBToFF/S7dwOwavZZM1EmOXZ9lJwOlr42XZ+6KIDlQ4NcMgMgC4xMLg5BTpk2ohFP9VDFVgox6+Tx2K6ygswjrbX6tRHtbCQ+LqmGdMlWStXNHbuvUFbzWPBYZ5ZQnhXNK5LMklIL0vgsL45EKk1fSTv4Zfp0MWPp+CosPnfrRZ0gKF9NSZmxA9/PYt5QKl6YuyJ5f/yqZwZay4TIxJk1XEAKtAP4tQevFf4Lm+t15cic7dWV6wrraFTxmbAeZPTNOx11DeKq14rfoi/18+folHIbUiakzirc0mxxvZuLI2YVIpGOdxcPeYcAkGOpVNhPgYh4af+C/Yh+UBx0ilH00tp0OA7fxZQkifZGhODkzQ2REmB0EDgfvrk76PCqQ7jJ7bQh9hnJlrfEksZhl6nYJJwfyAUGNQTYxE5B+xK1n54oZ30Mzbpqokt26sZbSURsJhFzlBAsUCL2oEwklbDxQblrN71vDovjcq7Vdnhcdn7/GcvFH9HMwxtD8ZcO7akTaHUokLcrCP7jEUu+mhykDLrI0Utn3uhCSjC+REYk=,iv:/6lbbXyZxf7BOjLfKwFXACbYYLz0WqbBUfbz7U1SWSA=,tag:zwpwFyGBxs1fIyOTwMLkSg==,type:str]
websocket-cert.pem: ENC[AES256_GCM,data:qNhD9w/gfVjp+zQMsBVKj+qS3SlfYBD1eusWpmkgGyzzTOyRetx2aFIgfD/V1xFPnk/ZSP0ui+WcV2F1fjjP0mhurc7YtnquAn+8cLa94PAFPpGUFTogZ/GHRSaiMSnWYFFkgl7Zau3nmYfKKYSjSmfvKtkCz3voTXlUmVd8zrvoGRQK31DHgbykAOTxjo8zKt5/CTz2+YoCMyAbDpm3exgIGKGDQZa8s1f8Es1aEN2iPvrSNaNsxui/+Q72cUH+v0ldSy/JX1fKIgcge/eA9/c0jb5q1AJaMYbVEiVNan1SiiZhwV1IyNhTohm/31f64AVtfW/Kf+xz3OPTWGZX6SwAqzuPZGnAbsXsgia2QyDiGIFlUtBIOpYDOxgpoY3bsoFU0y68lXuys2cTqBR6FD6jSCcgtMts+nMnccUsDZP9B7ExpD2SXry/yb6gSdyCZSkJfyCTmbAww3MmQqDIsT0C/FU75fo4i3G39TBG69lurcOqAdKhnc2+0SzRipNHAEEegjGJ/N+6ISO8hOikqiMfMW0S5mCUdO7DZxK3luzlAj6tqb8YrFn4Llup1u2gupTPBBj5PfC/NfqVOyus6ktAQKaBEXYRBA3No5GCufA2dh0EeSkYZfR54FcUrbbR1hT6BVvdxiKthJgo2eCYVw2zjWAZI/gkNV07ww0bb5IhRKJotsdoWLrFpXYqZwf0v6mmMaKABICvxdx2Ek7lHxkT1EaKjF3SaB6nrQPtIxS9fO1JfnTwAxJ8nHz7cjXXffQwLvFbFCrf2qp63TrDyiUpVK2MiznT3MkD59usU8+VGNOpzKMov+NnYaFC7O0ugGiYtTBjop8sfcphMPs1hoAyISXJlCve5kE+sQV0HIGbmZuEOQcqxLPyMFN8h4b/cjMIuPGMzDLmo0H/yDOTgZrxRQjhcgsqRokVQMsb1xzBRKKdKhue7fxT11GQC7cc8+EN66+zT4d6tG2g3Ls0gFh/e8t7gSyYysCsKkpsuU+Ae6x+Yr1lGz+lhBInNwBrjiHBBe8JPXs04LZxA85BvRxYArZ25mjT7EG6J17bXx9oBGlBQHQJwShLBvOarlXBHDu8yyyRtBVKLaGbvTHSvbi/NSHPPwLa93UAQ2g3yc945COYOsIFOme5kP0PcL3dPFD12a0c9P/Fg8dx8XQ9qD85SRPezJSMUAMMwB4BjVJmvwjrnUerEvYFEK7U71R9PaWCEhaA5nqBwXh93ZA+E3SeM5tCcx8crYevCC3Bw5XiQxyJ7hfFy0XnJDIZlp7LVR/k1cwbe9Iz6QUjsSqUPClLLAoMH2ITh1SD1lTTNit4p7tPrM06lvmx5WjUECNRYw2CHGsZoS98oBz3QJZ9ou8xbAuJ7uKjmzzbW4QS35YvA/2Mbkz9CAHyIXUtIAKKBGtZaBUTh5Ot/CbWJBVqdueZbudYgNBxhtnAmnyov99NY7yv2oYFDGVZoHvrcZgDBOBvZ4MceLjf3aAnVKleiF7Ixfs8DHm64nIpcq3wKACIvYUUbayc2wsUEa/tPmJSIZKKtXLF3UzxRXBbAkOMv+WtLoI1m9rP9aOLTLWjk7wq1Q3IcbuDhwb2KrNuH1DPf/yaqMz7EwRzaJWDQwWSw7XWmIM7bFg1tO8NByfFcXGuqhX6IwHsOE25MVbFztR/LqcImfl50uHHKDhPysFRtVbIKmmcaDxkYD+Oz3LaM7pcZhYhnezJY4UYmLPSTfVeZJwdBsoXRJv9rQUXT+Or0KFwgxhrUYVGtj32g4dR+bPRHnXuWW/rRlnbCpbUREM7KdAhzMR0r0wMw9OSDkibc1m/1jCP3XrTZicWwFzIEBUqBpfndzGMLTKNFoZAxh2inTMjPqK8ANGM4W6hPcwjKYimI76W+X0VTDoTamDwK8tvlqM1AVJovnLyVJbZP63W7Dq9e4UstcacvrPLW/90mPzuYhYBf0kJVxfGvqTh4rgA9ZMk8RxXW/P56Q6zT34GCNFvrwzWjnsLuooP02wDHl116/vM95v/EcZzfsQWPLS0rebR77sEQxDPF6P90Eb1IZ0hKz25nyvuCyriWJ3xKFmOzFGHWu5ZigFuZone53ikNf3DMF+00FvVvxI1MYWWSvDv+Lk/Zdp5jKHpSe2WYoX0CBldscX2ZU17Cjj7TywpuNCufOtlrddw26f0/8mGoSrGQV3xy+H5tswMqxes+Qckzg==,iv:ukURtEVVkNLda4A32+Lop6zfIAGDBrZP4dNTg2BKM+w=,tag:Uo4FK/BXaIFyBdnVU7VfZA==,type:str]
websocket-key.pem: ENC[AES256_GCM,data:zjDyuSFvRwR0M13ealPVZzTaIQ4bOfN7ZGNKq/T1b7F/5AaROw1WgPZADi6bQTcihdcJYGa2+aup4wosts7KTeO/yRHnVwRYMIJ07njwMCXSMKMcjrd8XE//aGC3tSzfZXOMeY+REB+5jpTipvmcugLgyj+DhATUZ3JmD2Qh/M7rLvyInyY55Yt4ef0gf/ENHUi8habUNGIxUarVyGg84ml///DpPR02aWgiMV6KjJcpo5oPUQrXT2eIiSeQSB0D+4f7RcelbdgbVHfSA6CKLmUcjTyve2HiIrPWatFtlhm/Za7tOX5KLRdiqRSWiaOxJLztvOaBvf2+2RLTBv05v29NwUDr/GcNsNiZSHWI83TLY7m7KfHeyxAflaJ+SrIxZAMA4tNiRM2TZ6ewW13DReiQdmhcsj+W7h1ajNeAstAFFj1cNRxLm0KYlrvuUCFTg+jF8sQs/ZzGdOQEP9n3bxgT5Z0i7r7zZKvsa/fICfQOnbQik9vWzG25WqMOmhhwfSfPmZ2d8DnYi3WGbgIvYRHakSuNcGYHA+fmQzASMfBYqfIpKL76VbCRWHNMMuISzNyA55zmRHT0WnOHF3L2f4huYK3hCQlNo1eS3zixtdkD7ZuWIV6vF7zn2fIQEiIOnMR+/o0Fv4dKrTPAJSrgxqS6cKbBKbmTWvC/Y4vNYhv54cqgdEfxC5UXUUNPSiCGhx33J6JqlDLk9mdMgH8Ao2+gzHzXQD9D6PdAClYsTO6cC1zpcIW4RpyRprvzRFxCyuIdcyVXdMZV5KUoRmOAekprlvKhjylC5utzD/PKw2NN7SNDFez4GRZTK9nXV5luMaSCvQxcycU9AvwDcJB0UwRtyZ7pV6xs5+sGdrAYjZMaayYvcEYnpzXCA98nAwZ+vJZP3HwK58J2FNBgBN0rnVrbPEApn7lo7JhTRgddrAqF7G9yDQAUhYynyJmJEtcgGmWw8OLXBAG5x4t8uGr188O/eNZiuZzQLfy7J7wSwb0yKUiX/9/zo7x/9TzJMrUidl0PHLdcDFCx+p29MeQPtrYPcwev92XqD1oo/3iPyx3ttkiedYWVC/XWK3T2GRVsTqknOO90b5J7pT4/t4PAyNWv+60zbGg7R75W5iYpzoZpq5vKIkU6M/kmRcV5hPY7SylTRhqdlA2ISAdcFjcRsW9ROiKOFk6l2o6hFsjqOKoCN8z071JgHEq+9FIXeb3kW/umLNjaM5Istiq0aRzEcVE3LPFE/BEY9BQkCgVIyNsL5xAdW1RvZTST08G/1MfVzArt0CJQKdxJf40qY/25bWF2jwqXtpoPQ9oO/VSZHKZpcIwPjV442VkXvqmHuNB/vDv9V57hohPRggylGs1JnaHx4UtFPV1VLhdmxSmVXZjCnq+iCqE30e/0Z/iHQY9/JjDh4nxCQDciGXZtjxIIViV/5QJrqIa0MBOjoEtdXOCFTS6K1A9uv+Z3VA2zsrCf9Yo92rcEEYn3lOJiOnHibniKETm9xBoEvFgi0j97s+xHyI2Ymwf+2SLgZ0Nk3cOqCi6VhogTL+mLqTx1gY5Kdae4hdGnWQMoF8Tshgnylv6ryZlmy+HuUM9H5yCBYH5uxN7Mp/bbjCru7DxDQht1qZlvun19JLR+KDAdzYuuq6JAYQrMmBoNhtzlLHylQ63xeUdNRBnrEdAGOKPTPM2oJT24BWyzPFNZUIJTaStFGPShLhnZFZFmyKwhYdmHV8EvL6AQ1VG/o7J61pywSxtXC2oXofx5ZdjByrDhKRAfcMJMIo/w8KAvYpDC3VvXgIPjgQjxZIj/HkkduQCIq4rz69ds4hgolNQ4nTEtyCn6hS2aBqW3dNdUxQv6bKS3jgKc9y4mwAD8hz5XmMFuj5pH5MX3buYb+NZuqO06Kgctluc01AgQThhVmUNC5IKuqrnN2Q75f9U10USZSjbC89w4oVL+g4mmWWTpFiGir7edqoeXUUeYcVyjecR3n6A2Qra6JfU2ErolZ3niuWNWMBm2XN2xAVc1ZDOGqfQtQmWuSBoClfzD0dkU01aOlSNo9fQInVOz59EZAU1ems01FaXaJdaco6Z7zo8riXpL14NxxXWWbjEaO9FOZlnNUJ7xxTghlsmHQcp7p+6kz2dsMnrw/HNSe/VuL+BnO7+k1O+sxPOUCqT59TwD5sMBJZkr1/mBeJk9uPf2ICyLn2zRxwsxfDd1XiHePgwE2CdtsJ9qGF2BzhySXidqaIhGMmHzF3Y=,iv:rNLRX/NVF/U6TgRYXQcQavZRzTFjKM0kHzoERripPaM=,tag:cBKj8wsF7ZqKt73u9aWvGg==,type:str]
sops:
kms:
- arn: arn:aws:kms:us-east-2:289708231103:alias/helm-secrets
created_at: "2021-06-30T15:35:55Z"
enc: AQICAHiG/4CitJjM31GdYxTw9OLz/Zs5oK+DCq0cU2fAjtAA3AGWGnTOLXnAi4SYINzUpgzlAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMwLrW4hbgV/ip/J0pAgEQgDtR71udGvSeXNynfi3yUnbwonS/ej0zFevWElznELN8zC5PfqEAzI+GoR3NsDUXMUdgK3ABWihtYrWnwg==
aws_profile: ""
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2021-06-30T15:35:56Z"
mac: ENC[AES256_GCM,data:boYlTHBflklc6wuim2muZLGyPbmYFrDAy/M79DJhiwwRqZtfYQCW0sk4ItaK3VI8rEugUpZ5FngEJHfF0xKGlgNNzd3ak/GRbrOe8JI6yMxSn6s8W9ksr3HGjglf0L+u+/IiG706m6uT1UuNAyOgjT7sdKFxHnPcB+31Yl4k0Fo=,iv:F6LrNIl4kKzOM28MCtfCzUMthHuHhfTrv7tjKcSBJJw=,tag:T/oiC1bbPtw6SoGovx+sCw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.0

56
helm-values/ucentralgw/values.ucentral-1.yaml
View File

@@ -1,56 +0,0 @@
services:
ucentralgw:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
external-dns.alpha.kubernetes.io/hostname: sdk-ucentral-1.cicd.lab.wlan.tip.build
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "15015"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16001,16003"
ports:
websocket:
servicePort: 15002
targetPort: 15002
protocol: TCP
restapi:
servicePort: 16001
targetPort: 16001
protocol: TCP
fileuploader:
servicePort: 16003
targetPort: 16003
protocol: TCP
persistence:
enabled: true
storageClassName: "gp2"
configProperties:
# -> Public part
# File uploader
ucentral.fileuploader.host.0.name: sdk-ucentral-1.cicd.lab.wlan.tip.build
# rtty
rtty.enabled: "true"
rtty.server: rtty-ucentral-1.cicd.lab.wlan.tip.build
# Kafka
ucentral.kafka.enable: "true"
ucentral.kafka.group.id: 1
ucentral.kafka.brokerlist: kafka:9092
ucentral.kafka.auto.commit: false
ucentral.kafka.queue.buffering.max.ms: 50
# Storage
storage.type: sqlite # (sqlite|postgresql|mysql|odbc)
## SQLite
storage.type.sqlite.db: devices.db
storage.type.sqlite.idletime: 120
storage.type.sqlite.maxsessions: 128
resources:
limits:
cpu: 100m
memory: 50Mi
requests:
cpu: 100m
memory: 50Mi

56
helm-values/ucentralgw/values.ucentral-2.yaml
View File

@@ -1,56 +0,0 @@
services:
ucentralgw:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip"
service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing
external-dns.alpha.kubernetes.io/hostname: sdk-ucentral-2.cicd.lab.wlan.tip.build
service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "15015"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285"
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16001,16003"
ports:
websocket:
servicePort: 15002
targetPort: 15002
protocol: TCP
restapi:
servicePort: 16001
targetPort: 16001
protocol: TCP
fileuploader:
servicePort: 16003
targetPort: 16003
protocol: TCP
persistence:
enabled: true
storageClassName: "gp2"
configProperties:
# -> Public part
# File uploader
ucentral.fileuploader.host.0.name: sdk-ucentral-2.cicd.lab.wlan.tip.build
# rtty
rtty.enabled: "true"
rtty.server: rtty-ucentral-2.cicd.lab.wlan.tip.build
# Kafka
ucentral.kafka.enable: "true"
ucentral.kafka.group.id: 1
ucentral.kafka.brokerlist: kafka:9092
ucentral.kafka.auto.commit: false
ucentral.kafka.queue.buffering.max.ms: 50
# Storage
storage.type: sqlite # (sqlite|postgresql|mysql|odbc)
## SQLite
storage.type.sqlite.db: devices.db
storage.type.sqlite.idletime: 120
storage.type.sqlite.maxsessions: 128
resources:
limits:
cpu: 100m
memory: 50Mi
requests:
cpu: 100m
memory: 50Mi

19
helmfile/cloud-sdk/helmfile.yaml
View File

@@ -31,25 +31,6 @@ repositories:
url: https://ibm.github.io/core-dump-handler
environments:
azure:
values:
- monitoring:
namespace: monitoring
- domain: tip.4c74356b41.com
- storageClass: default
- autoscaler:
enabled: true
- ingress:
enabled: true
- elastic:
enabled: true
- kibana:
enabled: true
- prometheus:
enabled: true
- external-dns:
enabled: true
amazon-cicd:
secrets:
- secrets/influxdb.yaml

BIN
helmfile/custom-nginx-ingress-errors/404-screenshot.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 29 KiB

3
helmfile/custom-nginx-ingress-errors/Dockerfile
View File

@@ -1,3 +0,0 @@
FROM quay.io/kubernetes-ingress-controller/custom-error-pages-amd64:0.4
COPY www /www

31
helmfile/custom-nginx-ingress-errors/README.md
View File

@@ -1,31 +0,0 @@
# IMPORTANT
clone of: https://github.com/kenmoini/custom-nginx-ingress-errors with slight modifications
used dockerfile was built manually
# custom-nginx-ingress-errors
Assets to build a container to provide a custom default backend to the nginx-ingress Kubernetes Ingress controller
![404 Screenshot](https://github.com/kenmoini/custom-nginx-ingress-errors/raw/master/404-screenshot.png)
## Editing Error Pages
The container has a set of error HTML and JSON files that are returned based on the error code. These files are stored in the `www/` directory and are copied to the `/www/` directory in the container.
1. Fork this repo, modify the error pages as you see fit.
2. Connect to Docker Hub/Quay.io to build an image you have access to.
3. Modify the `k8s-deployment.yaml` file to point to your custom built image.
## Deploying a custom default-backend for Nginx Ingress
***Note:*** This is for the Kubernetes Nginx Ingress, not the one made by Nginx.
If you haven't deployed it yet, here ya go: https://kubernetes.github.io/ingress-nginx/deploy/
These instructions assume that you deployed this in the default `ingress-nginx` namespace.
1. Modify the `k8s-deployment.yaml` file to point to your custom built image, or use it as is for some snazzy error pages
2. Deploy to the Kubernetes cluster: `kubectl apply -f k8s-deployment.yaml`
3. Modify the `ingress-nginx/ingress-nginx-controller` Deployment and set the value of the `--default-backend-service` flag to the name of the newly created error backend, which should be `ingress-nginx/nginx-errors` by default.
4. Edit the `ingress-nginx/nginx-configuration` ConfigMap and add the key:value pair of `"custom-http-errors": "404,500,503"`
5. ??????
6. PROFIT!!!!1

48
helmfile/custom-nginx-ingress-errors/k8s-deployment.yaml
View File

@@ -1,48 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: nginx-errors
namespace: ingress-nginx
labels:
app.kubernetes.io/name: nginx-errors
app.kubernetes.io/part-of: ingress-nginx
spec:
selector:
app.kubernetes.io/name: nginx-errors
app.kubernetes.io/part-of: ingress-nginx
ports:
- port: 80
targetPort: 8080
name: http
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-errors
namespace: ingress-nginx
labels:
app.kubernetes.io/name: nginx-errors
app.kubernetes.io/part-of: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: nginx-errors
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: nginx-errors
app.kubernetes.io/part-of: ingress-nginx
spec:
containers:
- name: nginx-error-server
image: kenmoini/custom-nginx-ingress-errors:latest
ports:
- containerPort: 8080
# Setting the environment variable DEBUG we can see the headers sent
# by the ingress controller to the backend in the client response.
# env:
# - name: DEBUG
# value: "true"

34
helmfile/custom-nginx-ingress-errors/www/404.html
View File

@@ -1,34 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Error 404</title>
<link href="https://fonts.googleapis.com/css?family=Montserrat:700,900" rel="stylesheet">
<style type="text/css" rel="stylesheet">
*{-webkit-box-sizing:border-box;box-sizing:border-box}body{padding:0;margin:0}#notfound{position:relative;height:100vh;background:#030005}#notfound .notfound{position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%)}.notfound{max-width:767px;width:100%;line-height:1.4;text-align:center}.notfound .notfound-404{position:relative;height:180px;margin-bottom:20px;z-index:-1}.notfound .notfound-404 h1{font-family:montserrat,sans-serif;position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%);font-size:224px;font-weight:900;margin-top:0;margin-bottom:0;margin-left:-12px;color:#030005;text-transform:uppercase;text-shadow:-1px -1px 0 #8400ff,1px 1px 0 #ff005a;letter-spacing:-20px}.notfound .notfound-404 h2{font-family:montserrat,sans-serif;position:absolute;left:0;right:0;top:110px;font-size:42px;font-weight:700;color:#fff;text-transform:uppercase;text-shadow:0 2px 0 #8400ff;letter-spacing:13px;margin:0}.notfound a{font-family:montserrat,sans-serif;display:inline-block;text-transform:uppercase;color:#ff005a;text-decoration:none;border:2px solid;background:0 0;padding:10px 40px;font-size:14px;font-weight:700;-webkit-transition:.2s all;transition:.2s all}.notfound a:hover{color:#8400ff}@media only screen and (max-width:767px){.notfound .notfound-404 h2{font-size:24px}}@media only screen and (max-width:480px){.notfound .notfound-404 h1{font-size:182px}}
</style>
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<div id="notfound">
<div class="notfound">
<div class="notfound-404">
<h1>404</h1>
<h2>Page not found</h2>
</div>
</div>
</div>
<!-- Could insert Google Analytics if you like, or don't -->
</html>

156
helmfile/custom-nginx-ingress-errors/www/500.html
View File

@@ -1,156 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Error 500</title>
<link href="https://fonts.googleapis.com/css?family=Montserrat:700,900" rel="stylesheet">
<style type="text/css" rel="stylesheet">
* {
-webkit-box-sizing: border-box;
box-sizing: border-box
}
body {
padding: 0;
margin: 0
}
#notfound {
position: relative;
height: 100vh;
background: #030005
}
#notfound .notfound {
position: absolute;
left: 50%;
top: 50%;
-webkit-transform: translate(-50%, -50%);
-ms-transform: translate(-50%, -50%);
transform: translate(-50%, -50%)
}
.notfound {
max-width: 767px;
width: 100%;
line-height: 1.4;
text-align: center
}
.notfound .notfound-404 {
position: relative;
height: 180px;
margin-bottom: 20px;
z-index: -1
}
.notfound .notfound-404 h1 {
font-family: montserrat, sans-serif;
position: absolute;
left: 50%;
top: 50%;
-webkit-transform: translate(-50%, -50%);
-ms-transform: translate(-50%, -50%);
transform: translate(-50%, -50%);
font-size: 224px;
font-weight: 900;
margin-top: 0;
margin-bottom: 0;
margin-left: -12px;
color: #030005;
text-transform: uppercase;
text-shadow: -1px -1px 0 #8400ff, 1px 1px 0 #ff005a;
letter-spacing: -20px
}
.notfound .notfound-404 h2 {
font-family: montserrat, sans-serif;
position: absolute;
left: 0;
right: 0;
top: 110px;
font-size: 42px;
font-weight: 700;
color: #fff;
text-transform: uppercase;
text-shadow: 0 2px 0 #8400ff;
letter-spacing: 13px;
margin: 0
}
.notfound .notfound-404 h3 {
font-family: montserrat, sans-serif;
position: absolute;
left: 0;
right: 0;
top: 250px;
font-size: 14px;
font-weight: 700;
color: #fff;
text-transform: uppercase;
text-shadow: 0 2px 0 #8400ff;
letter-spacing: 13px;
margin: 0
}
.notfound a {
font-family: montserrat, sans-serif;
display: inline-block;
text-transform: uppercase;
color: #ff005a;
text-decoration: none;
border: 2px solid;
background: 0 0;
padding: 10px 40px;
font-size: 14px;
font-weight: 700;
-webkit-transition: .2s all;
transition: .2s all
}
.notfound a:hover {
color: #8400ff
}
@media only screen and (max-width:767px) {
.notfound .notfound-404 h2 {
font-size: 14px
}
}
@media only screen and (max-width:767px) {
.notfound .notfound-404 h2 {
font-size: 24px
}
}
@media only screen and (max-width:480px) {
.notfound .notfound-404 h1 {
font-size: 182px
}
}
</style>
</head>
<body>
<div id="notfound">
<div class="notfound">
<div class="notfound-404">
<h1>500</h1>
<h2>Internal Server Error</h2>
<h3>Most likely your email isnt verified, please verify your email and try
again</h3>
</div>
</div>
</div>
<!-- Could insert Google Analytics if you like, or don't -->
</html>

33
helmfile/custom-nginx-ingress-errors/www/503.html
View File

@@ -1,33 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Error 503</title>
<link href="https://fonts.googleapis.com/css?family=Montserrat:700,900" rel="stylesheet">
<style type="text/css" rel="stylesheet">
*{-webkit-box-sizing:border-box;box-sizing:border-box}body{padding:0;margin:0}#notfound{position:relative;height:100vh;background:#030005}#notfound .notfound{position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%)}.notfound{max-width:767px;width:100%;line-height:1.4;text-align:center}.notfound .notfound-404{position:relative;height:180px;margin-bottom:20px;z-index:-1}.notfound .notfound-404 h1{font-family:montserrat,sans-serif;position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%);font-size:224px;font-weight:900;margin-top:0;margin-bottom:0;margin-left:-12px;color:#030005;text-transform:uppercase;text-shadow:-1px -1px 0 #8400ff,1px 1px 0 #ff005a;letter-spacing:-20px}.notfound .notfound-404 h2{font-family:montserrat,sans-serif;position:absolute;left:0;right:0;top:110px;font-size:42px;font-weight:700;color:#fff;text-transform:uppercase;text-shadow:0 2px 0 #8400ff;letter-spacing:13px;margin:0}.notfound a{font-family:montserrat,sans-serif;display:inline-block;text-transform:uppercase;color:#ff005a;text-decoration:none;border:2px solid;background:0 0;padding:10px 40px;font-size:14px;font-weight:700;-webkit-transition:.2s all;transition:.2s all}.notfound a:hover{color:#8400ff}@media only screen and (max-width:767px){.notfound .notfound-404 h2{font-size:24px}}@media only screen and (max-width:480px){.notfound .notfound-404 h1{font-size:182px}}
</style>
<!--[if lt IE 9]>
<script src="https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js"></script>
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js"></script>
<![endif]-->
</head>
<body>
<div id="notfound">
<div class="notfound">
<div class="notfound-404">
<h1>503</h1>
<h2>Service Unavailable</h2>
</div>
</div>
</div>
<!-- Could insert Google Analytics if you like, or don't -->
</html>

1
helmfile/custom-nginx-ingress-errors/www/css/style.css
View File

@@ -1 +0,0 @@
*{-webkit-box-sizing:border-box;box-sizing:border-box}body{padding:0;margin:0}#notfound{position:relative;height:100vh;background:#030005}#notfound .notfound{position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%)}.notfound{max-width:767px;width:100%;line-height:1.4;text-align:center}.notfound .notfound-404{position:relative;height:180px;margin-bottom:20px;z-index:-1}.notfound .notfound-404 h1{font-family:montserrat,sans-serif;position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%);font-size:224px;font-weight:900;margin-top:0;margin-bottom:0;margin-left:-12px;color:#030005;text-transform:uppercase;text-shadow:-1px -1px 0 #8400ff,1px 1px 0 #ff005a;letter-spacing:-20px}.notfound .notfound-404 h2{font-family:montserrat,sans-serif;position:absolute;left:0;right:0;top:110px;font-size:42px;font-weight:700;color:#fff;text-transform:uppercase;text-shadow:0 2px 0 #8400ff;letter-spacing:13px;margin:0}.notfound a{font-family:montserrat,sans-serif;display:inline-block;text-transform:uppercase;color:#ff005a;text-decoration:none;border:2px solid;background:0 0;padding:10px 40px;font-size:14px;font-weight:700;-webkit-transition:.2s all;transition:.2s all}.notfound a:hover{color:#8400ff}@media only screen and (max-width:767px){.notfound .notfound-404 h2{font-size:24px}}@media only screen and (max-width:480px){.notfound .notfound-404 h1{font-size:182px}}

77
helmfile/windows-support/Dockerfile
View File

@@ -1,77 +0,0 @@
# Setup build arguments with default versions
ARG AWS_CLI_VERSION=1.18.105
ARG TERRAFORM_VERSION=0.12.29
ARG PYTHON_MAJOR_VERSION=3.7
ARG KUBE_VERSION=v1.18.6
ARG HELM_VERSION=v3.2.4
# Download Terraform binary
FROM debian:buster-20191224-slim as terraform
ARG TERRAFORM_VERSION
RUN apt-get update
RUN apt-get install --no-install-recommends -y curl=7.64.0-4+deb10u1
RUN apt-get install --no-install-recommends -y ca-certificates=20190110
RUN apt-get install --no-install-recommends -y unzip=6.0-23+deb10u1
RUN apt-get install --no-install-recommends -y gnupg=2.2.12-1+deb10u1
RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS
RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip
RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig
COPY hashicorp.asc hashicorp.asc
RUN gpg --import hashicorp.asc
RUN gpg --verify terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig terraform_${TERRAFORM_VERSION}_SHA256SUMS
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN grep terraform_${TERRAFORM_VERSION}_linux_amd64.zip terraform_${TERRAFORM_VERSION}_SHA256SUMS | sha256sum -c -
RUN unzip -j terraform_${TERRAFORM_VERSION}_linux_amd64.zip
# Install AWS CLI using PIP
FROM debian:buster-20191224-slim as aws-cli
ARG AWS_CLI_VERSION
ARG PYTHON_MAJOR_VERSION
RUN apt-get update
RUN apt-get install -y --no-install-recommends python3=${PYTHON_MAJOR_VERSION}.3-1
RUN apt-get install -y --no-install-recommends python3-pip=18.1-5
RUN pip3 install setuptools==46.1.3
RUN pip3 install wheel==0.34.2
RUN pip3 install pyyaml==5.3.1
RUN pip3 install awscli==${AWS_CLI_VERSION}
# Download Helm\Kubectl binary
FROM debian:buster-20191224-slim as wget
ARG KUBE_VERSION
ARG HELM_VERSION
RUN apt-get update && \
apt-get install --no-install-recommends -y wget ca-certificates=20190110
RUN wget -q https://storage.googleapis.com/kubernetes-release/release/${KUBE_VERSION}/bin/linux/amd64/kubectl -O /usr/local/bin/kubectl
RUN wget -q https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz -O - | tar -xzO linux-amd64/helm > /usr/local/bin/helm
# Build final image
FROM debian:buster-20191224-slim
ARG PYTHON_MAJOR_VERSION
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
ca-certificates=20190110 \
git \
curl \
jq=1.5+dfsg-2+b1 \
python3=${PYTHON_MAJOR_VERSION}.3-1 \
sudo \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
&& update-alternatives --install /usr/bin/python python /usr/bin/python${PYTHON_MAJOR_VERSION} 1
COPY --from=terraform /terraform /usr/local/bin/terraform
COPY --from=aws-cli /usr/local/bin/aws* /usr/local/bin/
COPY --from=aws-cli /usr/local/lib/python${PYTHON_MAJOR_VERSION}/dist-packages /usr/local/lib/python${PYTHON_MAJOR_VERSION}/dist-packages
COPY --from=aws-cli /usr/lib/python3/dist-packages /usr/lib/python3/dist-packages
COPY --from=wget /usr/local/bin/helm /usr/local/bin/helm
COPY --from=wget /usr/local/bin/kubectl /usr/local/bin/kubectl
# this requires helmfile binary in the same folder with the Dockerfile
COPY helmfile /usr/local/bin/
RUN chmod +x /usr/local/bin/helmfile /usr/local/bin/helm /usr/local/bin/kubectl
RUN helm plugin install https://github.com/databus23/helm-diff --version v3.0.0-rc.7 && \
helm plugin install https://github.com/futuresimple/helm-secrets && \
helm plugin install https://github.com/hypnoglow/helm-s3.git && \
helm plugin install https://github.com/aslafy-z/helm-git.git
WORKDIR /workspace
CMD ["bash"]

5
helmfile/windows-support/README.md
View File

@@ -1,5 +0,0 @@
## purpose
this is needed because helmfile didn't work properly for me on windows (the helm diff plugin), as well as helmfile docker files and helmfile make. hence this dockerfile that works on windows. I needed to include compiled helmfile for the same reason.
Build this dockerfile like you normally would and after that you can just use the docker image to run helmfile. The provided dockerfile has got aws cli, kubectl, terraform, helm, helm plugins and helmfile.

50
helmfile/windows-support/dockerfile.v2
View File

@@ -1,50 +0,0 @@
# Setup build arguments with default versions
ARG TERRAFORM_VERSION=0.12.29
ARG KUBE_VERSION=v1.18.8
ARG HELM_VERSION=v3.3.0
ARG HELMFILE_VERSION=v0.126.2
ARG KUSTOMIZE_VERSION=v3.8.1
# Download Terraform\Kubectl\Helm binaries
FROM debian:buster-slim as binaries
ARG TERRAFORM_VERSION
ARG KUBE_VERSION
ARG HELM_VERSION
RUN apt-get update
RUN apt-get install --no-install-recommends -y curl=7.64.0-4+deb10u1
RUN apt-get install --no-install-recommends -y ca-certificates=20190110
RUN apt-get install --no-install-recommends -y unzip=6.0-23+deb10u1
RUN apt-get install --no-install-recommends -y gnupg=2.2.12-1+deb10u1
RUN apt-get install --no-install-recommends -y wget
RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS
RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip
RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig
RUN wget -q https://storage.googleapis.com/kubernetes-release/release/${KUBE_VERSION}/bin/linux/amd64/kubectl -O /usr/local/bin/kubectl
RUN wget -q https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz -O - | tar -xzO linux-amd64/helm > /usr/local/bin/helm
COPY hashicorp.asc hashicorp.asc
RUN gpg --import hashicorp.asc
RUN gpg --verify terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig terraform_${TERRAFORM_VERSION}_SHA256SUMS
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
RUN grep terraform_${TERRAFORM_VERSION}_linux_amd64.zip terraform_${TERRAFORM_VERSION}_SHA256SUMS | sha256sum -c -
RUN unzip -j terraform_${TERRAFORM_VERSION}_linux_amd64.zip
# Layer to get helmfile stuff
FROM quay.io/roboll/helmfile:${HELMFILE_VERSION} as helmfile
ARG KUSTOMIZE_VERSION
RUN curl -L https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz | \
tar zxv && mv kustomize /usr/local/bin
# Build final image
FROM amazon/aws-cli
WORKDIR /ci
ENV XDG_DATA_HOME=/home
COPY --from=binaries /terraform /usr/local/bin/terraform
COPY --from=binaries /usr/local/bin/helm /usr/local/bin/helm
COPY --from=binaries /usr/local/bin/kubectl /usr/local/bin/kubectl
COPY --from=helmfile /usr/local/bin/helmfile /usr/local/bin
COPY --from=helmfile /usr/local/bin/kustomize /usr/local/bin
COPY --from=helmfile /root/.helm/cache/plugins/ /home/helm/plugins
RUN chmod +x /usr/local/bin/helmfile && chmod +x /usr/local/bin/helm && chmod +x /usr/local/bin/kubectl && chmod +x /usr/local/bin/kustomize
WORKDIR /ci
ENTRYPOINT ["/bin/bash"]

30
helmfile/windows-support/hashicorp.asc
View File

@@ -1,30 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1
mQENBFMORM0BCADBRyKO1MhCirazOSVwcfTr1xUxjPvfxD3hjUwHtjsOy/bT6p9f
W2mRPfwnq2JB5As+paL3UGDsSRDnK9KAxQb0NNF4+eVhr/EJ18s3wwXXDMjpIifq
fIm2WyH3G+aRLTLPIpscUNKDyxFOUbsmgXAmJ46Re1fn8uKxKRHbfa39aeuEYWFA
3drdL1WoUngvED7f+RnKBK2G6ZEpO+LDovQk19xGjiMTtPJrjMjZJ3QXqPvx5wca
KSZLr4lMTuoTI/ZXyZy5bD4tShiZz6KcyX27cD70q2iRcEZ0poLKHyEIDAi3TM5k
SwbbWBFd5RNPOR0qzrb/0p9ksKK48IIfH2FvABEBAAG0K0hhc2hpQ29ycCBTZWN1
cml0eSA8c2VjdXJpdHlAaGFzaGljb3JwLmNvbT6JATgEEwECACIFAlMORM0CGwMG
CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEFGFLYc0j/xMyWIIAIPhcVqiQ59n
Jc07gjUX0SWBJAxEG1lKxfzS4Xp+57h2xxTpdotGQ1fZwsihaIqow337YHQI3q0i
SqV534Ms+j/tU7X8sq11xFJIeEVG8PASRCwmryUwghFKPlHETQ8jJ+Y8+1asRydi
psP3B/5Mjhqv/uOK+Vy3zAyIpyDOMtIpOVfjSpCplVRdtSTFWBu9Em7j5I2HMn1w
sJZnJgXKpybpibGiiTtmnFLOwibmprSu04rsnP4ncdC2XRD4wIjoyA+4PKgX3sCO
klEzKryWYBmLkJOMDdo52LttP3279s7XrkLEE7ia0fXa2c12EQ0f0DQ1tGUvyVEW
WmJVccm5bq25AQ0EUw5EzQEIANaPUY04/g7AmYkOMjaCZ6iTp9hB5Rsj/4ee/ln9
wArzRO9+3eejLWh53FoN1rO+su7tiXJA5YAzVy6tuolrqjM8DBztPxdLBbEi4V+j
2tK0dATdBQBHEh3OJApO2UBtcjaZBT31zrG9K55D+CrcgIVEHAKY8Cb4kLBkb5wM
skn+DrASKU0BNIV1qRsxfiUdQHZfSqtp004nrql1lbFMLFEuiY8FZrkkQ9qduixo
mTT6f34/oiY+Jam3zCK7RDN/OjuWheIPGj/Qbx9JuNiwgX6yRj7OE1tjUx6d8g9y
0H1fmLJbb3WZZbuuGFnK6qrE3bGeY8+AWaJAZ37wpWh1p0cAEQEAAYkBHwQYAQIA
CQUCUw5EzQIbDAAKCRBRhS2HNI/8TJntCAClU7TOO/X053eKF1jqNW4A1qpxctVc
z8eTcY8Om5O4f6a/rfxfNFKn9Qyja/OG1xWNobETy7MiMXYjaa8uUx5iFy6kMVaP
0BXJ59NLZjMARGw6lVTYDTIvzqqqwLxgliSDfSnqUhubGwvykANPO+93BBx89MRG
unNoYGXtPlhNFrAsB1VR8+EyKLv2HQtGCPSFBhrjuzH3gxGibNDDdFQLxxuJWepJ
EK1UbTS4ms0NgZ2Uknqn1WRU1Ki7rE4sTy68iZtWpKQXZEJa0IGnuI2sSINGcXCJ
oEIgXTMyCILo34Fa/C6VCm2WBgz9zZO8/rHIiQm1J5zqz0DrDwKBUM9C
=LYpS
-----END PGP PUBLIC KEY BLOCK-----

25
terraform/root-162540680133/sops_key/.terraform.lock.hcl generated Normal file
View File

@@ -0,0 +1,25 @@
# This file is maintained automatically by "terraform init".
# Manual edits may be lost in future updates.
provider "registry.terraform.io/hashicorp/aws" {
version = "4.40.0"
constraints = ">= 2.63.0"
hashes = [
"h1:ZNYcP0N4WfRiuCmkXJkPrTS/4BG7PfkbXBUhbA77WTg=",
"zh:04ca7287b7f5a2a310b60308cc08df11e97714d32d1a10c34a94454d330af66e",
"zh:13c28ba9b324c526580783a3807007a296ce58c607c7bdc94ae2bb72b35b6495",
"zh:2c84dbc0701b9724802f7343f916f50b6914a044dfbfc6654f264c9347f02dac",
"zh:33255a22e1d1ecec2ad8ccfec1e4a54dc33a8d71f3edad098c25d822958a138b",
"zh:4583b5e92b8de3662c8d8ff8a6527572ec23ad8c64dd686ff9dd528bc6934a4f",
"zh:4a9f502c0b8abe45abda846e0601f8d8ef582e62e0b92cb747b4200a711ba739",
"zh:558959e19935ec5e7f0647e900fc8561f4961a377be0178496a6495805136721",
"zh:6b3dc4b034d34885db620d73c75d3bb9abeee539e61ca9d0670fb995353e165d",
"zh:72f0dac5dbba355bce88599ded2baabc7d109ee786b89c6648ae720cb00a4bbf",
"zh:77981b87e2bcbb278402e8ff863d5e50aafbdc03629d7a57273c06989884a22f",
"zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425",
"zh:c5b4dd61558a4887a23847d23cd3b41a97ad03a9f3624d0687cb5461fee514b0",
"zh:c8949bc6600ec10ea5c0abdd4c1ffee8f82519c0cda8cc7a651e6258960e6249",
"zh:d1c88ab98f126d65cd0c7b6c9e1d06d59e766217ae374d5a908052817e3692a3",
"zh:ff2e921440bcbfd440ef84f5127ba881c930b2b70773e725de35c0fa3baddc4b",
]
}

95
terraform/root-162540680133/sops_key/kms.tf Normal file
View File

@@ -0,0 +1,95 @@
data "aws_iam_policy_document" "kms" {
statement {
sid = "Enable IAM User Permissions"
actions = ["kms:*"]
resources = ["arn:aws:s3:::*"]
effect = "Allow"
principals {
type = "AWS"
identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"]
}
}
statement {
sid = "Allow access for Key Administrators"
actions = [
"kms:Create*",
"kms:Describe*",
"kms:Enable*",
"kms:List*",
"kms:Put*",
"kms:Update*",
"kms:Revoke*",
"kms:Disable*",
"kms:Get*",
"kms:Delete*",
"kms:TagResource",
"kms:UntagResource",
"kms:ScheduleKeyDeletion",
"kms:CancelKeyDeletion"
]
resources = ["*"]
effect = "Allow"
principals {
type = "AWS"
identifiers = [
"arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AdministratorAccess_91b52266e9732916",
"arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_SystemAdministrator_2bf11eb9a2b37c20",
]
}
}
statement {
sid = "Allow use of the key"
actions = [
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey*",
"kms:DescribeKey"
]
resources = ["*"]
effect = "Allow"
principals {
type = "AWS"
identifiers = [
"arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AdministratorAccess_91b52266e9732916",
"arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_SystemAdministrator_2bf11eb9a2b37c20",
]
}
}
statement {
sid = "Allow attachment of persistent resources"
actions = [
"kms:CreateGrant",
"kms:ListGrants",
"kms:RevokeGrant"
]
resources = ["*"]
effect = "Allow"
principals {
type = "AWS"
identifiers = [
"arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AdministratorAccess_91b52266e9732916",
"arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_SystemAdministrator_2bf11eb9a2b37c20",
]
}
condition {
test = "Bool"
variable = "kms:GrantIsForAWSResource"
values = ["true"]
}
}
}
resource "aws_kms_key" "kms" {
description = "Helm secrets key"
policy = data.aws_iam_policy_document.kms.json
}
resource "aws_kms_alias" "kms" {
name = "alias/helm-secrets"
target_key_id = aws_kms_key.kms.key_id
}

18
terraform/root-162540680133/sops_key/main.tf Normal file
View File

@@ -0,0 +1,18 @@
provider "aws" {
version = ">= 2.63.0"
region = var.aws_region
}
terraform {
required_version = ">= 1.0.0, < 2.0.0"
backend "s3" {
region = "us-east-1"
bucket = "tip-org-tfstate"
key = "tip-sops"
dynamodb_table = "terraform-state-lock"
encrypt = true
}
}
data "aws_caller_identity" "current" {}

1
terraform/root-162540680133/sops_key/terraform.tfvars Normal file
View File

@@ -0,0 +1 @@
aws_region = "us-east-1"

4
terraform/root-162540680133/sops_key/variables.tf Normal file
View File

@@ -0,0 +1,4 @@
variable "aws_region" {
description = "AWS region"
type = string
}

2
terraform/root-162540680133/tf_organization/.sops.yaml Normal file
View File

@@ -0,0 +1,2 @@
creation_rules:
- kms: 'arn:aws:kms:us-east-1:162540680133:alias/helm-secrets'

2
terraform/root-162540680133/tf_organization/billing_alarm.tf
View File

@@ -1,5 +1,5 @@
resource "aws_budgets_budget" "default" {
for_each = var.org_accounts
for_each = jsondecode(data.sops_file.secrets.raw).org_accounts
name = "${each.key}-budget"
budget_type = "COST"
limit_amount = each.value["monthly_budget"]

11
terraform/root-162540680133/tf_organization/main.tf
View File

@@ -8,9 +8,20 @@ terraform {
dynamodb_table = "terraform-state-lock"
encrypt = true
}
required_providers {
sops = {
source = "carlpett/sops"
version = "~> 0.5"
}
}
}
provider "aws" {
version = ">= 2.63.0"
region = var.aws_region
}
data "sops_file" "secrets" {
source_file = "secrets.enc.json"
}

2
terraform/root-162540680133/tf_organization/organization.tf
View File

@@ -13,7 +13,7 @@ resource "aws_organizations_organizational_unit" "default" {
}
resource "aws_organizations_account" "default" {
for_each = var.org_accounts
for_each = jsondecode(data.sops_file.secrets.raw).org_accounts
name = each.key
email = each.value["email"]
parent_id = aws_organizations_organizational_unit.default.id

48
terraform/root-162540680133/tf_organization/secrets.enc.json Normal file
View File

@@ -0,0 +1,48 @@
{
"org_accounts": {
"cicd": {
"email": "ENC[AES256_GCM,data:w+A2Y0Exkle7so5gWfIgnoCqRL8FH0+fXwG3yindZYNVZQ==,iv:9+pHL0zsbRJ+ysW0zoEA+/hfcWROEeLy7TCj0L+e7Eo=,tag:/Co2xGMjLqFEegmRm6LH5Q==,type:str]",
"monthly_budget": "ENC[AES256_GCM,data:7/+H+V0=,iv:/sGSwJEamMNWP0kD86k4rgWmlvaztCgqnve+amF1twA=,tag:slwv9fixGjI4+gVD2A65yA==,type:str]",
"billing_alarm_notify_emails": [
"ENC[AES256_GCM,data:hJzTn6zBNHy21Xr/ebZt5TUB,iv:6vGbAvjblpXoGOG5INrY74IZAL3/3CZaCtOzCC7yjgo=,tag:lznl3K88QVrOCBgeb054iQ==,type:str]",
"ENC[AES256_GCM,data:U6GZrBV/7p0PnISLAtbDxUohhjE=,iv:8xvvjI6ypRdFKpZpkWq6GCKOe35Hl9GPElIbNXDNyLM=,tag:d2X8B7bTatIwsMG1o2Z7LA==,type:str]"
]
},
"wifi": {
"email": "ENC[AES256_GCM,data:ZF/RJC3iUY7r35k1n7X2InBqhwsiSzH1u+IAslKYYna9Yw==,iv:Ze9a7uCE7vQTvvxToTBB2njMIJUE+cWWSryhYQGwdDs=,tag:ntuOOx9S6z51E+zmNwosyw==,type:str]",
"monthly_budget": "ENC[AES256_GCM,data:Cx1RjR6z,iv:jKibjwHFaMHUC9S5k24Reww3nSBWrjphCZM0naYSnTI=,tag:bLjHZC4F2Vlf8fxOCoQ/0g==,type:str]",
"billing_alarm_notify_emails": [
"ENC[AES256_GCM,data:gVZREZAFuDO70s6Psf9/AA+Z2g/IbuND,iv:pXj/RaRISryf5UPnJaHx/zAWT00GXxhY3zMUJAFnnJE=,tag:pSvqz6tODo9Qb1qt0FIG1w==,type:str]",
"ENC[AES256_GCM,data:3a3J1QJDH32TkLD5Qo8CTXUOVBYg2WI=,iv:btVPVNQUeoHvvCkeAp8u/PAJBbDcIEB1LLk0SPpq68U=,tag:72xpp+7I4OynvFpgoFV4tA==,type:str]",
"ENC[AES256_GCM,data:+Yye97K9a/14p0H6GyNfuNWuWQ==,iv:5qLSSl74dDNAGCG9fZrZH2pzIsLzw0Qi4GeZXtz4ybk=,tag:8/Wgm9URP8Q9YpGJJ/1mrg==,type:str]"
]
},
"openautomation": {
"email": "ENC[AES256_GCM,data:9IHAeBPnIo9W6JGtfd6twleqVBGu0TP4TrM1Rsj1+6s7S7An5g==,iv:uGocTojTHz/O8uxmFVv/4M3o7ma0C6FaCiqPmu6UaEE=,tag:NA0vY6wd32rDRs30VltQJw==,type:str]",
"monthly_budget": "ENC[AES256_GCM,data:WvG9Ijk=,iv:v+llc1tiuqwBBwDoFKcAagWjFhuoUuSSz5LH5Xt8Dbw=,tag:Mrfyllp+4+UgPzLXXR862g==,type:str]",
"billing_alarm_notify_emails": [
"ENC[AES256_GCM,data:v9PEhhGfPiF0/BQyuFkKLhVL,iv:2MifI4GsP3ANt51Noymdebxybf+JZrd09lQb9OacR5w=,tag:kc4Jt545KllcTH6gD376Uw==,type:str]",
"ENC[AES256_GCM,data:89B2fcgDa+2nYbg1EfdafbHIZIc=,iv:c1NwTcLHHv7dBg5SIQ2GVwt1vAIcQDvV7HhWUYAthaM=,tag:hTiEWaIK01BlNPc9oInZXg==,type:str]"
]
}
},
"sops": {
"kms": [
{
"arn": "arn:aws:kms:us-east-1:162540680133:alias/helm-secrets",
"created_at": "2022-11-21T14:26:23Z",
"enc": "AQICAHi1PeBBVgOTmYIxfm2OeQV6Js1L6sK2WYypQs3n0SEJtgH49MkfD5xT/GyTTOU4sOV7AAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMQLp3bASG3zvc2T8/AgEQgDtP58RwjvLOv830CZfdKMxxc58qwqaQrkpANmUYec/5j7uy807kz+mpvhY1ATZrtkVGUDjjUTFEZSnqbQ==",
"aws_profile": ""
}
],
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": null,
"lastmodified": "2022-11-21T14:29:01Z",
"mac": "ENC[AES256_GCM,data:F1a6uJP2AJNjVLWITz7f41lglPlUassiqfjcylmdVXbJpY9sS7gnpYbxBO5h3KhSGshq5iRf2tmOhLpDSeb2SnznW5EhWf6V2d7G2kETsRm2Yk3z5RwUjp9eoixDEG0MWinrDRo0CnvBf+npLNg3SgOFWi0thwzSTs5uP3x7kcA=,iv:vNnD5+Oi2jsV28Zy+MWJPN26BbcZlW7nHsb/qtsOc6I=,tag:W1caIEvzTsiCnrvr8Iu7Bg==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}

39
terraform/root-162540680133/tf_organization/terraform.tfvars
View File

@@ -1,40 +1 @@
aws_region = "us-east-1"
billing_alarm_notify_emails = [
"tip-alerts@opsfleet.com"
]
budget_monthly_limit = {
"cicd" = "100.0"
"wifi" = "100.0"
}
org_accounts = {
"cicd" = {
"email" = "cicd-admin@telecominfraproject.com"
"monthly_budget" = "500.0"
"billing_alarm_notify_emails" = [
"dorongivoni@fb.com",
"jcrosby@launchcg.com",
]
}
"wifi" = {
"email" = "wifi-admin@telecominfraproject.com"
"monthly_budget" = "5000.0"
"billing_alarm_notify_emails" = [
"jaspreetsachdev@meta.com",
"tip-alerts@opsfleet.com",
"chrisbusch@meta.com",
]
}
"openautomation" = {
"email" = "netauto-admin@telecominfraproject.com"
"monthly_budget" = "500.0"
"billing_alarm_notify_emails" = [
"dorongivoni@fb.com",
"jcrosby@launchcg.com",
]
}
}

14
terraform/root-162540680133/tf_organization/variables.tf
View File

@@ -2,17 +2,3 @@ variable "aws_region" {
description = "AWS region"
type = string
}
variable "billing_alarm_notify_emails" {
description = "Billing alarm notification emails"
type = set(string)
}
variable "budget_monthly_limit" {
description = "Monthly budget limit, USD"
type = map(string)
}
variable "org_accounts" {
description = "Organization accounts"
}

122
tf_modules/eks/eks.tf
View File

@@ -1,122 +0,0 @@
provider "kubernetes" {
host = data.aws_eks_cluster.cluster.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
token = data.aws_eks_cluster_auth.cluster.token
load_config_file = false
version = "~> 1.9"
}
data "aws_eks_cluster" "cluster" {
name = module.eks.cluster_id
}
data "aws_eks_cluster_auth" "cluster" {
name = module.eks.cluster_id
}
module "eks" {
source = "git::https://github.com/terraform-aws-modules/terraform-aws-eks?ref=v12.2.0"
cluster_name = var.cluster_name
subnets = length(var.vpc_id) > 0 ? module.vpc_main.private_subnets : var.private_subnets
vpc_id = length(var.vpc_id) > 0 ? module.vpc_main.vpc_id : var.vpc_id
tags = { "Name" = var.cluster_name }
node_groups_defaults = {
ami_type = "AL2_x86_64"
disk_size = var.node_group_settings["disk_size"]
}
node_groups = {
main = {
desired_capacity = var.node_group_settings["desired_capacity"]
max_capacity = var.node_group_settings["max_capacity"]
min_capacity = var.node_group_settings["min_capacity"]
instance_type = var.node_group_settings["instance_type"]
k8s_labels = {
role = "default"
}
}
}
enable_irsa = true
cluster_enabled_log_types = [
"api",
"audit",
"authenticator",
"controllerManager",
"scheduler",
]
cluster_version = var.cluster_version
write_kubeconfig = false
cluster_log_retention_in_days = var.cluster_log_retention_in_days
}
locals {
oidc_provider_url = split("https://", module.eks.cluster_oidc_issuer_url)[1]
cluster_main_node_group_asg = length(module.eks.node_groups) > 0 ? module.eks.node_groups["main"]["resources"][0]["autoscaling_groups"][0]["name"] : ""
}
module "cluster_autoscaler_cluster_role" {
source = "git::https://github.com/terraform-aws-modules/terraform-aws-iam.git//modules/iam-assumable-role-with-oidc?ref=v2.12.0"
role_name = "${module.eks.cluster_id}-cluster-autoscaler"
provider_url = local.oidc_provider_url
role_policy_arns = [aws_iam_policy.cluster_autoscaler.arn]
create_role = true
}
resource "aws_iam_policy" "cluster_autoscaler" {
name_prefix = "cluster-autoscaler"
description = "EKS cluster-autoscaler policy for cluster ${var.cluster_name}"
policy = data.aws_iam_policy_document.cluster_autoscaler.json
}
data "aws_iam_policy_document" "cluster_autoscaler" {
statement {
sid = "clusterAutoscalerAll"
effect = "Allow"
actions = [
"autoscaling:DescribeAutoScalingGroups",
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeLaunchConfigurations",
"autoscaling:DescribeTags",
"ec2:DescribeLaunchTemplateVersions",
]
resources = ["*"]
}
statement {
sid = "clusterAutoscalerOwn"
effect = "Allow"
actions = [
"autoscaling:SetDesiredCapacity",
"autoscaling:TerminateInstanceInAutoScalingGroup",
"autoscaling:UpdateAutoScalingGroup",
]
resources = ["*"]
condition {
test = "StringEquals"
variable = "autoscaling:ResourceTag/kubernetes.io/cluster/${var.cluster_name}"
values = ["owned"]
}
condition {
test = "StringEquals"
variable = "autoscaling:ResourceTag/k8s.io/cluster-autoscaler/enabled"
values = ["true"]
}
}
}
output "cluster_autoscaler_role_arn" {
value = module.cluster_autoscaler_cluster_role.this_iam_role_arn
}
output "kubeconfig" {
value = module.eks.kubeconfig
}

16
tf_modules/eks/main.tf
View File

@@ -1,16 +0,0 @@
provider "aws" {
version = ">= 2.59.0"
region = var.aws_region
}
terraform {
required_version = ">= 0.12.2"
backend "s3" {
region = "us-east-1"
bucket = "tip-wifi-tfstate"
key = "wlan-main"
dynamodb_table = "terraform-state-lock"
encrypt = true
}
}

60
tf_modules/eks/variables.tf
View File

@@ -1,60 +0,0 @@
variable "aws_region" {
description = "AWS zone"
type = string
}
variable "vpc_cidr" {
type = string
default = ""
}
variable "az" {
default = ["a", "b", "c"]
}
variable "node_group_settings" {
description = "Cluster node group settings"
type = map(string)
default = {
desired_capacity = 1
max_capacity = 1
min_capacity = 1
instance_type = "t3.small"
disk_size = 20
}
}
variable "cluster_log_retention_in_days" {
description = "Cloudwatch logs retention (days)"
type = number
default = 35
}
variable "cluster_version" {
description = "EKS cluster version"
type = string
}
variable "vpc_id" {
description = "VPC id, will be created if parameter is omitted"
type = string
default = ""
}
variable "cluster_name" {
description = "EKS cluster name"
type = string
default = ""
}
variable "public_subnets" {
description = "List of public subnet ids"
type = set(string)
default = [""]
}
variable "private_subnets" {
description = "List of private subnet ids"
type = set(string)
default = [""]
}

34
tf_modules/eks/vpc.tf
View File

@@ -1,34 +0,0 @@
module "vpc_main" {
source = "github.com/terraform-aws-modules/terraform-aws-vpc?ref=v2.33.0"
create_vpc = length(var.vpc_id) > 0 ? false : true
name = var.cluster_name
cidr = var.vpc_cidr
azs = [for az in var.az : format("%s%s", var.aws_region, az)]
public_subnets = [cidrsubnet(var.vpc_cidr, 9, 0), cidrsubnet(var.vpc_cidr, 9, 1), cidrsubnet(var.vpc_cidr, 9, 2)]
private_subnets = [cidrsubnet(var.vpc_cidr, 9, 10), cidrsubnet(var.vpc_cidr, 9, 11), cidrsubnet(var.vpc_cidr, 9, 12)]
enable_nat_gateway = true
single_nat_gateway = false
enable_dns_hostnames = true
public_subnet_tags = {
"kubernetes.io/cluster/${var.cluster_name}" = "shared"
"kubernetes.io/role/elb" = "1"
}
private_subnet_tags = {
"kubernetes.io/cluster/${var.cluster_name}" = "shared"
"kubernetes.io/role/internal-elb" = "1"
}
}
output "public_subnets" {
value = module.vpc_main.public_subnets
}
output "private_subnets" {
value = module.vpc_main.private_subnets
}
output "vpc_id" {
value = module.vpc_main.vpc_id
}