From e3fd6929102374563508fffdb6cf02d8906eb045 Mon Sep 17 00:00:00 2001 From: Dmitry Dunaev Date: Tue, 22 Nov 2022 14:24:43 +0300 Subject: [PATCH] [WIFI-11553] Chg: cleanup --- .../aws-cicd-testbed-deployment.yaml.sh | 196 ------------------ .../aws-cicd-testing-pr-deployment.yaml.sh | 161 -------------- helm-values/aws-cicd.yaml | 148 ------------- helm-values/aws-wlan-onboard.yaml | 27 --- helm-values/kafka/values.yaml | 19 -- helm-values/rttys/.sops.yaml | 2 - helm-values/rttys/secrets.ucentral-1.yaml | 20 -- helm-values/rttys/secrets.ucentral-2.yaml | 20 -- helm-values/rttys/values.ucentral-1.yaml | 21 -- helm-values/rttys/values.ucentral-2.yaml | 21 -- helm-values/ucentralgw/.sops.yaml | 2 - .../ucentralgw/secrets.ucentral-1.yaml | 28 --- .../ucentralgw/secrets.ucentral-2.yaml | 28 --- helm-values/ucentralgw/values.ucentral-1.yaml | 56 ----- helm-values/ucentralgw/values.ucentral-2.yaml | 56 ----- helmfile/cloud-sdk/helmfile.yaml | 19 -- .../404-screenshot.png | Bin 29853 -> 0 bytes .../custom-nginx-ingress-errors/Dockerfile | 3 - .../custom-nginx-ingress-errors/README.md | 31 --- .../k8s-deployment.yaml | 48 ----- .../custom-nginx-ingress-errors/www/404.html | 34 --- .../custom-nginx-ingress-errors/www/500.html | 156 -------------- .../custom-nginx-ingress-errors/www/503.html | 33 --- .../www/css/style.css | 1 - helmfile/windows-support/Dockerfile | 77 ------- helmfile/windows-support/README.md | 5 - helmfile/windows-support/dockerfile.v2 | 50 ----- helmfile/windows-support/hashicorp.asc | 30 --- .../sops_key/.terraform.lock.hcl | 25 +++ terraform/root-162540680133/sops_key/kms.tf | 95 +++++++++ terraform/root-162540680133/sops_key/main.tf | 18 ++ .../sops_key/terraform.tfvars | 1 + .../root-162540680133/sops_key/variables.tf | 4 + .../tf_organization/.sops.yaml | 2 + .../tf_organization/billing_alarm.tf | 2 +- .../root-162540680133/tf_organization/main.tf | 11 + .../tf_organization/organization.tf | 2 +- .../tf_organization/secrets.enc.json | 48 +++++ .../tf_organization/terraform.tfvars | 39 ---- .../tf_organization/variables.tf | 14 -- tf_modules/eks/eks.tf | 122 ----------- tf_modules/eks/main.tf | 16 -- tf_modules/eks/variables.tf | 60 ------ tf_modules/eks/vpc.tf | 34 --- 44 files changed, 206 insertions(+), 1579 deletions(-) delete mode 100755 helm-values/aws-cicd-testbed-deployment.yaml.sh delete mode 100755 helm-values/aws-cicd-testing-pr-deployment.yaml.sh delete mode 100644 helm-values/aws-cicd.yaml delete mode 100644 helm-values/aws-wlan-onboard.yaml delete mode 100644 helm-values/kafka/values.yaml delete mode 100644 helm-values/rttys/.sops.yaml delete mode 100644 helm-values/rttys/secrets.ucentral-1.yaml delete mode 100644 helm-values/rttys/secrets.ucentral-2.yaml delete mode 100644 helm-values/rttys/values.ucentral-1.yaml delete mode 100644 helm-values/rttys/values.ucentral-2.yaml delete mode 100644 helm-values/ucentralgw/.sops.yaml delete mode 100644 helm-values/ucentralgw/secrets.ucentral-1.yaml delete mode 100644 helm-values/ucentralgw/secrets.ucentral-2.yaml delete mode 100644 helm-values/ucentralgw/values.ucentral-1.yaml delete mode 100644 helm-values/ucentralgw/values.ucentral-2.yaml delete mode 100644 helmfile/custom-nginx-ingress-errors/404-screenshot.png delete mode 100644 helmfile/custom-nginx-ingress-errors/Dockerfile delete mode 100644 helmfile/custom-nginx-ingress-errors/README.md delete mode 100644 helmfile/custom-nginx-ingress-errors/k8s-deployment.yaml delete mode 100644 helmfile/custom-nginx-ingress-errors/www/404.html delete mode 100644 helmfile/custom-nginx-ingress-errors/www/500.html delete mode 100644 helmfile/custom-nginx-ingress-errors/www/503.html delete mode 100644 helmfile/custom-nginx-ingress-errors/www/css/style.css delete mode 100644 helmfile/windows-support/Dockerfile delete mode 100644 helmfile/windows-support/README.md delete mode 100644 helmfile/windows-support/dockerfile.v2 delete mode 100644 helmfile/windows-support/hashicorp.asc create mode 100644 terraform/root-162540680133/sops_key/.terraform.lock.hcl create mode 100644 terraform/root-162540680133/sops_key/kms.tf create mode 100644 terraform/root-162540680133/sops_key/main.tf create mode 100644 terraform/root-162540680133/sops_key/terraform.tfvars create mode 100644 terraform/root-162540680133/sops_key/variables.tf create mode 100644 terraform/root-162540680133/tf_organization/.sops.yaml create mode 100644 terraform/root-162540680133/tf_organization/secrets.enc.json delete mode 100644 tf_modules/eks/eks.tf delete mode 100644 tf_modules/eks/main.tf delete mode 100644 tf_modules/eks/variables.tf delete mode 100644 tf_modules/eks/vpc.tf diff --git a/helm-values/aws-cicd-testbed-deployment.yaml.sh b/helm-values/aws-cicd-testbed-deployment.yaml.sh deleted file mode 100755 index 05cad7f..0000000 --- a/helm-values/aws-cicd-testbed-deployment.yaml.sh +++ /dev/null @@ -1,196 +0,0 @@ -#!/bin/sh - -set -e - -if [ -z "$1" ]; -then - echo "testbed number has not been set" - exit 1 -fi -TESTBED_NUMBER=$1 - -if [ -z "$2" ]; -then - # using todays date - TODAY=1.0.0-SNAPSHOT-$(date -d "yesterday" +"%Y-%m-%d") -else - # using provided tag - TODAY=$2 -fi - - -cat < Public part - # File uploader - ucentral.fileuploader.host.0.name: sdk-ucentral-1.cicd.lab.wlan.tip.build - # rtty - rtty.enabled: "true" - rtty.server: rtty-ucentral-1.cicd.lab.wlan.tip.build - # Kafka - ucentral.kafka.enable: "true" - ucentral.kafka.group.id: 1 - ucentral.kafka.brokerlist: kafka:9092 - ucentral.kafka.auto.commit: false - ucentral.kafka.queue.buffering.max.ms: 50 - # Storage - storage.type: sqlite # (sqlite|postgresql|mysql|odbc) - ## SQLite - storage.type.sqlite.db: devices.db - storage.type.sqlite.idletime: 120 - storage.type.sqlite.maxsessions: 128 - -resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 100m - memory: 50Mi diff --git a/helm-values/ucentralgw/values.ucentral-2.yaml b/helm-values/ucentralgw/values.ucentral-2.yaml deleted file mode 100644 index 0a1bde7..0000000 --- a/helm-values/ucentralgw/values.ucentral-2.yaml +++ /dev/null @@ -1,56 +0,0 @@ -services: - ucentralgw: - type: LoadBalancer - annotations: - service.beta.kubernetes.io/aws-load-balancer-type: "nlb-ip" - service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing - external-dns.alpha.kubernetes.io/hostname: sdk-ucentral-2.cicd.lab.wlan.tip.build - service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "15015" - service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl - service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:289708231103:certificate/bfa89c7a-5b64-4a8a-bcfe-ffec655b5285" - service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16001,16003" - ports: - websocket: - servicePort: 15002 - targetPort: 15002 - protocol: TCP - restapi: - servicePort: 16001 - targetPort: 16001 - protocol: TCP - fileuploader: - servicePort: 16003 - targetPort: 16003 - protocol: TCP - -persistence: - enabled: true - storageClassName: "gp2" - -configProperties: - # -> Public part - # File uploader - ucentral.fileuploader.host.0.name: sdk-ucentral-2.cicd.lab.wlan.tip.build - # rtty - rtty.enabled: "true" - rtty.server: rtty-ucentral-2.cicd.lab.wlan.tip.build - # Kafka - ucentral.kafka.enable: "true" - ucentral.kafka.group.id: 1 - ucentral.kafka.brokerlist: kafka:9092 - ucentral.kafka.auto.commit: false - ucentral.kafka.queue.buffering.max.ms: 50 - # Storage - storage.type: sqlite # (sqlite|postgresql|mysql|odbc) - ## SQLite - storage.type.sqlite.db: devices.db - storage.type.sqlite.idletime: 120 - storage.type.sqlite.maxsessions: 128 - -resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 100m - memory: 50Mi diff --git a/helmfile/cloud-sdk/helmfile.yaml b/helmfile/cloud-sdk/helmfile.yaml index 7f6145c..da730a4 100644 --- a/helmfile/cloud-sdk/helmfile.yaml +++ b/helmfile/cloud-sdk/helmfile.yaml @@ -31,25 +31,6 @@ repositories: url: https://ibm.github.io/core-dump-handler environments: - azure: - values: - - monitoring: - namespace: monitoring - - domain: tip.4c74356b41.com - - storageClass: default - - autoscaler: - enabled: true - - ingress: - enabled: true - - elastic: - enabled: true - - kibana: - enabled: true - - prometheus: - enabled: true - - external-dns: - enabled: true - amazon-cicd: secrets: - secrets/influxdb.yaml diff --git a/helmfile/custom-nginx-ingress-errors/404-screenshot.png b/helmfile/custom-nginx-ingress-errors/404-screenshot.png deleted file mode 100644 index 75403e418b1874cc61a66929cab1c0a8af07ad57..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 29853 zcmeFY_gfR|_XQe6;n+Y#MVhD}h&1UPRJt?;0qIB!y@lQtr56DKX#oYL_ufG|B!u2W zC-hJPp~IcQ^Z7pax&OjF`Grw4^S*n(YpuQZ9t?V;By;l`)inqNa#K!LQUwAbdI5nD ze*T9D_?tt;)1SbP%dl5+@BRTkp8psJ0)M7-lzQ)|YHRA~^1;Cb0=2QVHerJqIhdH( zz|3qNHwhcWAdrU;ImwsrT$9$(=1FiTug&dEFO)H3JS#&q?d{vQhYQ<2Sv?k(%_|el zQ{NEO%E=>Q&1X~7&Mh@8%Kt}FI}Ts^a|k{#eDme4%To6=zxWc|zBIP)m5A_4CT?^a zgO#eqd*ma;H}|7OJ{})o_T~sWq1fr6<(2!oSAY#dAgK?L)x;N9kQ+P%moKiKhC?o0 zT-=d?5L{dY)B9fhgtU^qxVZ40`{&`s#S8n(w=OPH1up$_aq))czsLNSoBwe09~r<5 z{3jIuiRgco;lHZ+pQHHCCS6p-|19MHf9t%uZSqbbnKRupGo$PMv3MnuN1(qKd6byel3F=d)~jS z1ckW*>x<(yT|yP~&+%4cbv$b>tO)<)2vOWx_?NL_4>xp!69i%qXtC=Un!ox0u(Io- zLJ8=2k)28f+Py#P;zwWNxmG{#Iw~QC(cLB9OMk3Jx8DzM>U`f5zGvEv{WUgK!RU25 z0UzNGa0*pG6$VkFdD-gdNsyJZ0qHI+KPWk^Jj>VJg;>fblNYr&yH>6Dp~{v^kW(cB zh;P)@hY-jMX(vVGOCuC2*Pf$umowvux$#i>af#uYu4d6xn3idnmt5P8 z6!@=1TNJ(Jx!{CzL9PdtcWX_H#&nv8 zc2d3sF`#?w3xRB%Qx5U+o}VsnE_N#NFKS1ee?Y^CCYvZ@gta(&pj7fZ8DRlyaPFto z!qQ92as{YKX4{^vo+;KTSBZPMb$rS;wVZht%4i&sWJzBnr4g#LX7HfhEjojq&wZxftL)Q2Al|_}V9#IZB52xA?J)D5d&gGXTgrZ$UJj#1yqLa= zIl=6QgwyHLra7DpR+wVHxs9R66X@~}Bp>LUR(WBl$$+EpqU{#@hV9`Lw3xFT=v(hP zWjW`oIj$HMwNB|B;(WG*tOns7@1dcmyPrhBFO*zW?WAC1kxM2Hf#40nS;6^8B^mLO z)WCEcvAP$ZJRe#I{Gu>Dj$&vwe)@gVL`gkX(7Mmc(YU8&WMP4DD)|E~J#2p`0y7nZ zE6FIcg)fbjL19=;do`iNX4r1}hzWo_kz#zxKz3J{zK0(L-NDBjbi;`N1Z;n2YdN7P z?dWpD5u-P{rI5s{aDWv)f3C7ZAW;lRX{esyQnjN?XlEH|N__pm` zcL;x};gr*4uwWs{PYgaq7GTnpV2SfHp<_K89O3{DDxF4nWq)S@lUQQdjdnsY_k*nM zCOLd%qjNGWQj1Ah1rMUD#WU|bz4q6kf!O8*9R%W0W{M_+Kt_d=3eP9FihzOJIHrup-~R5bwL%u|_$=Swt>CT)(&sQr|)?#YTBs-q%@{lAxmfWUF)v|4#S9u-+gA7wpQB$kJs9ssR{GDcY&qmr~w%}t_1d<#P8uf zjCFnL!gg#25KxCc3}H)~7&8{L&-)NQliwAKd%tmo64OoDg^hL8j3j1q2I}B zoAWIAI-o)Bj#>B>a3bL@#I&#$0ceiZfhjsVxHtO#rNA}}kG>D=1k=~YpAGkTZqJsqM)0{B4zR7PO~-1c>A&Cq_Q(ie zeLUaM;AG+Q&-K-56@Z#9(u@l?hqyBe;9d9&O}h?i8vZR5QTZ56n}*wHwUtv-16gL9 zZHkeiOmRaVm#|5kmySHD<3M$j9y_SpHi+wMZsm+s!rlT=mf4R)v7+lAa@>bGqgC__w$lcekC?&fO7CGx$3u*PCa!-0R-az7^wRObdGkL-3|u_8W_xzIAgHN z04s72M0aP?@2s>%SLOK*XtXPN8?g%G5P? zelKpOaKQ{Lv&S#;{qtyr`c0ev;~9@&w?d(Sv%Km!176i~1WBLtzC zc2zZxon)qI&HZoX2YwdPO5FztOR?t*%KEgtD`jrmAL%+ybHtLhV|AjkErx*ARMph5 zlb%LO)J~>ALZ7M1(5B4q`&eRi@IP{=@Gn3dbU0!XhKs6r*LEl`a>{yl97hg47bm)^(5>Mjw(l3QjoKa{lALEu+{}>T z#@lVwpgvNWF8~|Uj6)yd9(f;GU`AmMQ@J@McIfjS7q}-hk|T>Q*k;PvvWLda0?lpV zGQQi*m2GKZ^WO1;mYNS3S_ta3jc%7XeE6D$PII#%ruIn0_s$&Ib!TFJwAya z{N;o)58+qmc5r80_=7ne6Z)*IzZWjRK!G?@fRB611J8>r(eQ}Owpgs0*zC|m%Z!Nr z;^S_IC#NyhiB*U?ne(lC{sgI9HK0*pqI*`pZH$INAg=HWs5BNR)Cs7{B!8v8r~4hS zV_*q3O=t2^Lv{j=!=d|@m=|v?%u3IBxom8>;_JBjr|lz95N{0Fim>3uN+5Wss=MVmcvvrzlH4 zVu#HI)N(dDViC%)a zoaI<%zg0xMPjqDo|Ce9$N-lZNaFrBdd(zjClmq100IvDudJClFP)6xNu5FI+$VuhIwiqY?Ci*DvMLiRctSCZ)r$?sX00e{ zpjC-lKg|0G2jI_4ZS;29L6Zue93U#;-TTGtDb7dNAgT9(V|&r06px38(uxU#OgS6I zg1SvO5Z#a+-T|eScYqBKiY~=DH!erR0FQzRH}Of%;6rQe(|9XgcNUAHa6-yKXMJ+1 z00#)|IeFtj0CB!7P>Q9r9x&r^z~<)kkBq|; z<4)v2%mdoTuR*-%6(&>MvBCoJ{dtkQ)z$kkI8)u^yV_Vp9ZNwLaHJ>Ry!22tR8svo z7XZU#L0t0+c9a8*802$+{u{NjogvIo(zmJVjM7%l=&7%S?MZN34tIIyjj?xtK8{3( z1I09M6RIn=2$bE6w=uq#lEvnCK;r{o@ZExbwlXSEM-SP#lpw#8{K)gj0$-_*{7}~r zvng_zZ#A{&h=v_J$y?J-#^y7RaWt>Oxl-H01Ozw|&gw-9S4-S12G~H(>}$vvzpmy+ zfdM@Rdz3Hnyx1r4+_NsQwWxj5f&3@nw{o=GO^uFr;NUv%+dGoP=KX+nBJps$`dn?F z2A;8r)%!ZaN1E@^=4;L;1Ut(;1Tf%M->`cM-mS_lhRgQbsc%cWIG@+R>!+u(sKTp) z9+-B(^jGX`C2$M^N2sTd>=+wr(Gh3?vgX=I2X$SloGe}d%>M^p&#Wp&3S$Q}H&M&g z;|5W3kMPdD5X`RvACLbb4Y{G2av0VM!a7wEWbLOUUR;_vPXg$y*5Lj32H>JzdxscR ziKE>ipu6F6*{PkZTDL7W8R@THdj4W~T{CezIhuf|*}=v)rB$D}+C5cJ3muN<&^gWe1SsNFL;J8{6Koj@$0Z_Vhp|BaI9#34%jmM988z~5U=_Z7 zJy8tPDrmDqw{R@a(S1aF9ZbSz4hf2Y63)+0C)*8zYYqgL#N;G1j>~#CtLj6ac5#l6 zJjkn6z>wE@1g6vrrSFe$yDdykp6%)niGJZb{!^$Z$U?pb--fOIzq}8z`l&8>-@-2D zCvdAMJnurvZh>@^7(IYD!@5fMG4((<;fUJ@vsI8sf)E67#RK4qmkOCAvVnH1*8p#BZ{XtRsAAA|X3GIffEF#>oD%K^vSVEpgzlr&7C`+E$Yd7$rEtX= zWhFq%Wbd^0-3kdmF`u8U&JeMMW$1j9qRt1>9RcL(<&N?Bc#^uJEO%IS#)$%b4dYU7 zJYDBJb$x=&h<6ouyNWw5)vv-?3^<3QFmj zjFUl69^>Lq4B;3LpkPlrzrE$?I7?Fk1uh?mXMMcK$<6%tpy)hQ2=Frl*+)Cct(&<( zqi{o622&A^)E)bpLlv?LCxkRU1VQZo9c=QZ)(oE+H<*ZhSmH0Ok zE@597jE3~~#WDlG8^q}Y6nj8zP}>8)mv2EEZ9Nt(e@(!P7cdqiSg&|npY`T?bP;ny zRFMCc8PWCS!~c4fO+#WpXbfzKk@-MPm;1F4443+h=TJof4`vr{VsqOP$iM(lqtAu zIl-(|Waw@>e{&SW+CbcsF}N_*8g4IKv8tr37W2z*er;&rP&OPPItEyF2D!98L>15; z0Hd<1jVyVPTFnC>f05|1ugXGT?5K;_1OJ)}4b#rwi90i^C@}cnrmp#!;Rtcwl%73J zHK4NCw|t)NOtU<%8ns3>GSlyOA+4nx>$ynsxSTX}p*iDTk zl{Pk!)Li`MIhGpvo7!)1JNVUtqmrW4?z1p5O*pL+suKjy;9I5z{Rf9->sSt4A{i>V z{wNvaa*?=z3);76a*HR0OS{z99n1kW52==CR6>6$l~n&4?sn+5xg~)MD=WwW@S`ZJ zAvWRuvL}lX!-8BqL}N&CX5}Y?KF*rX#+uFx_%`m%B!OC6$0?!p7SG>W->p6PZeZ45 z?nM9u%RVFA>1&%W!+sxyy;BmIi2{LUI4uWz)wURstywh)%8=KE*j=XKJF9@nZrUzX zGfjO3rY|7u^;8v6^4W5SdEqt1ML@eD=g{(5!(^!3qr|)Y54dY!#^ht2{GD?J(JhQc zgf+~_uhAi6MaEsAJ z)_FxqMr=rkecx17Y|IrfoDj$$LcW&(f_F%({*6Jz({)9RoXX$JKdt~_ICujUkWCM> zhMCu^b*$u=rqP2Q>t61u3R-pC^tJyIbzXG;>lp6D>Ekc+?aI|A`=1onXi_4Z8A)dT z)OGJut-(CohVUmq|HWh!fV!YXLs?BZ?Z)oX&Ud zKdn5bQV!Fs_ZOD!8)CyvMoZY1jXhZ z?0H#y#tyboB27e)#(F8h8jOa}3a^9-+96gB@jok!N8pN}htSX%aCpfp=mQMAs8xED zf1#*6yaAoy7RKj-1B%)jAs!hMN4>sU7J1^W)+v{Q(+nE^B81Ctt88au>7nRw9-_S} zaP|duAD-Q`RW6IXen;y~{mJ2;)lNFt?%z5qfYpLra0#yh44|V_Ga5KZbB}=j!4a%e zhCsS)v(p@a!^me@*d2nA09&|cTU!sfMf-Pc3$#N`hXzI;u*f!o)AciTeZF;XA#(Td z`@JZ%_GE0CpkSTf5n=$U0|$B9{4+#FE$^il-oVY)$&BQ+^3(#jy7)^l0oQq{lYt7u z3k-Tq$0nYPjl!tfbmj(-Y#W2kKqk4dmv+>&>1PiBm^gFWU3u)Fza>r8C^)Z6v zdgxeG{=`V)8jvoxUO2zy>?fVVuF>y#t3y4dq*3?!54?2*3<;Y6^+ZP z#jXPtYw*5%6dENv&24R-IY_2%_~=#`jo@~fwU@N+gU(o*q_@^SJ%H*YNK;jrZ%<5| z zK9C%zrb@KHWiOk4uOqKz_aC&B{Z4=iVNQ7sdVpmJ%+mvsKhiQH!H6 zwwlsI_AG{daccpT2jYDV?8!MCR(IurR~qg%?|C@DIW%Bo)P_n=w0NIT@Y5lV{wV1` zk=qQE;Q9%BrEXOR)ImZl?@*~#7u++CQ($@=7?e8+dY-TlFKYU&;M@F@67XM=Ine{K zqmOimPi6WDa_aiN@}ckdMxB>+XPv@n=x32Sj!^?6FIA%RPMPymnuQ7C+i_b~=UEsyW?x_;>H|WjZ zdqX`63NBRUHx8iufUV+RTfH!kakUBAKF81@O_nc;^+-!B{ z-8^}qYw*J(nu;GL!roI)5dwNr3%s~l_&d+yz_AWah9W0&{9tZIAMObNwXxCX)di!H z1m}YtokF`RD9+zzXCqQfy-l26=&37qYA1?6+X2W7`hDP~O(xL6c*yYzS{AdoK$}y= zTn=ODjDevA@m{>&EIt>-thVXvjrsq0Oyb>={d-{1d&{?EAJ)`p^zY_au;Rldbxf&qsw4bSZ^Boz<=D3c%AY4MpvR4VmBE zsrs=9^ppf?%9Mjp5`PcsM3@5+yRRcpz~YG}uEc(6ZnA!tkPu(xktm)=f_y|7&(FJw zg1;1M1(dY+i7!xD%#24CfF_6@bi26a@q!CEpAr)CP+8Qyk^(Rqc*pkpH4C+K?0)o0 z#=E*IUcYm_=$pbR9hI}hq(`ucjqSE!nix((yc^R4JGr(9fyex;VBelka6DPpX+OrX znM=~6&;Ovic}xdnvOfe2TY8CRH>fnb-V?el3^ZPR1(_rr-8orq9yl3Ijjfd&2Fht} zCTeF^g`9EK{ci-kKu=Y&+DS^aX6bg8e}<$S=Ddz4pm=%$Rrc86NCoS~$p} zSPD1MFy1RCCN@A%EyWLLz;JK)mgvLU*Fd9r3v}m$3(Im1aq-8=iPRJgyu$cF97XpA zesU$JfG2Kg`ns6cUeZ#K0i8H}lwI*&7^)2d+caIKu9qXnL3>E zmRfEWlD?QQEe?CYP{Az3W@A%JQLDWtba^Dmp-iR@AJEOp5VmDg-#?3MKQ2q<3Q6<-+Ny>!+1<7b9j z#Rc3;CueW8#%U31pig$j(Q zZ!BL6=<3Q&{u5>KY3f@G*zneIW^a z65^ZfxT^O>o>}0=zU~F0?O&PJI+5_d*FB6eB4ui>-5ZJ3cEr?a&10aIc4x zIWB1zmD>pEswB$=EE`Yc(>;rSXZMm`!?#j*gVG7B-@$qoSa-;Ang9KDuI5!4t|EoE z|3-KD-{{_E@Dbj3=(!=*dCDUAYhpc|oD21xu+aCoCu&#&(nm%cWLNs56jOAQ7-=7X?;*Pc`vWUXCkE>{HAx;eiJU@MNc)9q#R3c%3P z-@b!fq?A!f=8lp3dGepGcjXU!`mq9!V9`Ti)OqdY zmX_!kkCzf0#XYP0B3VT>&7S=vyR=r4x`#-dL-5S>$mxFjYUuIP0ztA*#`uuNCK%=+ z$(!t94G<>%X6!YD0Bi!2*y;yP`CTXL+`P{Bx8i3t?=MTYPrDlbp)wPko8dp56NJw)YJvnm91Dj8Z<)^Rfwc?Ik)R;l-*)+VhmH#dkGeFY z1=A?|$BZEMA_jZ&%55L;DkszD_4NCid?x2jZN?V~8qd5E3+^FMN@xPW_jCs{x~qpA z2LgbpVgPUhc$?q7n$b^0p=KH35Mn@8@t>9fnM@S z-51Ql=g~ktpOy^^)C6(c2hHEW*B--VG2aPY+dE8(B8^;Vv@3NVbXfvBBXiuAR52LU z@6FB>m2;G=MRR__-r;qum^2tXt;F}89@s?0ulH!bP~RRm?KBNI&Z|#SX4UZQ`%AEN z=F&?b8W}#jS2XxvpYv%sLQKC=Nj7mw`WkO^v$3f{TR&Oxr_O`yS}8Eou0OR}Oz~<{ zuMBl&H6VhDY_vhSI8Ku0*6&ler+I>HZR^v#s>PU*6lX+Xk5Re(chS#F*C;Mm9BGbbAl;L;kP-mYsHo)BW#+-B4*cTL4Oi>F4&{vd*4t;nJS&=mkdFnfO&=nZI z3~Cq4&saS4sqYP}Ge@!^(avn7{v7Xyt<1e^`30r*?pzAme>D-OdYu(a<*lk`_9R3^ zbhM{2=(n#J;j(Z};vG8rxC&JNu!g=vjmSGU@lp0d)4$0t~VIR{DZ z-zbr5&+x@;ODh=C5d|?@uc3%BX{wrkW$@F#GWgJvV#trhy=Sf@x**Eiy$XN@#=Y91 zWGt*RJQ?b=mct=PYhzJ6%kMUEk799DACkq{9cWitBrM%~S5-a$!dB?N|6R_?m{f1V z=gDuA^M;pCEA6&OVYdRFF3HV*McZFM0g-u8RBlW9&l)&xHoV zjr3))l3}2jEVcDLR`-1$OPY~}MgGxF(^8lesK-zL)Uns`!cKRvYof3xSNNV>ue)yE zUXbT4Vx3+j|5tDsF8>wWt5M;cot_!Twuied(}L>7ouJ~<>Q=Ri1f*o|4UGuUl6_Y{ zxcegM{<|_?VVq*EfZaF%6N~3T2hs!!U3$v5XRVsM=m&~eyMG)1*fUwnY5s=${BJ=H z{5N-(m1Hg(xuY^NSDz+EhyuC#y7Gd-hmW{$P@pN%!fTJ0gr1A_`a|{`o}=PdZMDR1 z(4W-T4;tJ)jJYJ+Kr#|NxNRyX!WGt^Ktmn_#drJuUUWczDHlQvVW^iBW@P z!G_;Pj$8#k&b(sWo*Gh!@+0z(el>$ftJ+CG&T`tooV7GgT)Or!cCqyXz{an#Hz4DZ zjCN{s1L?`$aehqGfYLAPykKo8>Y1mc4^w6?77oAAAkKfwVW#D}iBA8XQaMec)XPIX z5Z`5vv+6h+!1lh&D>x~9-t2HCu;fcFgn&5wxemcx^W#4Uo>w|DVdtUdL&ZnSUVItX zXqkx4pL0A8b1==?i@A9G`vWgOu)3Q|llAb0Vnrj!O@t2__6tDwLL#|C0ejdTN?!Yc zrbJjN#8|8BzChvD810ixg~pLfT6Y9*FvXhqgd1=_w~HqttWjd*#9B;=I#S0>y{a+# zf+)zXPtW|j4i9;IJRPX+k3Z^6;r2^|WDQy)^$oRVdACp1e2Upme(tFq0oR;O+INE(&<=qaUdk&Vvj2Roto}AAW~OO>izEGC50ldQRIhdFgaRbx zMuVAG*<{B&Z&`hIwE57Co#btskUO5fIbZI)Q0TSqMaVS6{zekYR5ihgPXhA zQ$+#_Da66pbMFl#$gaiU%LjrMhqglceU621HYLKZI~d5jZS!!h!?H`{|J!@|-G^ZM zZ+@fk;XV}#ov$lRd8-He1M=?X)sy9rVGX7~xp}Hj0jamYKfAwOeMvv$J;Ci+Gl@LS z4=$lI+&9F;&X{UcKO^Gu3c^*I<}JLQfDc5np49&UeemZuR>u6&c=xD5Ra^T?yC6Up z+axag@DlITYv~VZmlXv51EsDpx~xm7XQ9BbvpNL>5L?0s^9LTg%A6zKCs3uDSFoDb<&p3-qaEOvMtDTI zz()AX&uKS#O#$VoH7!Gvy<&`i|DZVPAjJMNZBqGPMkRe&Z-}{gaE$DVr?BX_Zj*4< zxlCEbD3A;8@#VI#Hn+)*QTZQaQg_}u%UF;pG{4Ntx%oC+prPFo=`fj(MSiK zUwbi++1H#oCSY*J0;>$5{3YlT3^`g5kmqocC1<`N0GRb>{JgeZ!I0i#Yy6CbldS-Fx>cmq zldI}??&D3K-yjB^YF1A<$7e7Pfu%xP1R$j6WKfl4=?s%Szt^YVzIOv~@wmK`@7aoZ z%V@$6Yh#TY&2r{QPHou5O|ol0FH|9rZhC_=dOd1yy+_}`FZ$Yr2s~EF@RFvaxNX^8mK^?6sC9SA_{+cl(*OMLYJsxJ&Xlc5 zP*s9-`NR-{rO%frt1$6D7C_Np(oeEY#) z!$20vJuXQgVK#M1_9v7Fu!-&R6+CNB7m+iF{4My8A43<)JipC82@f=_F?DF)reV|i zXzrG{k?{9XV*h)TyBj(lbw3AIqQkwg3*vj>yIGQkwkK7*m5j}|>75&I= zEh<@+lgZBVbJ_R-F)7w`B>de@*Ln{#m^mo@MMioaW4Eu%`kdYqx#?x7c2`P@Nx+^p z1>r|m;xsQbrCa*RuN*m0L&@bqowF&o>ruMucU(0yzSLnk^@hOhNFS9xVf$e+6ELIr z8L{U1obV0Pwd}jKRa+)g?-O6D1v>B^?b$I(ZSIs{$zAE+HTkjjqJCJcse1aX(;Za) zAg_Qkvx;*jMxKe87u2Opr6sJCttc5Rd}f|>Xf|sjQGWDegYtoXY!kL@?GW`d&UJgw zdSU48jl;N@t~>5ral8KhhLhJl+?-y$5`A#IOyNV-R1@w|qu(yB#D`r$HX}Qr6-A!z zhFi+CJ0tOl3q|Dd0<%JGp){`?;H?1z5(botU*G9T!ATuQYcce8(-)%^2$`P0sd(3sW+suCgZuo4k1FjEDXihvxt4W z7tb1N03-GCU0Rxc^%MP)sw=tUyFQ13)3{zN%EwpEXzlF@#4J&^tBgGU@Xs?b;mU7r z12SK4%{XUKl?0c)jZBhHOqGs{?NQu02yk<1eh@k2-ETD&8w8KGUCJWn~Hd9t1yDpx*R;tz!W z`O05lF>?9^T^p{Nym}*k>v@Qa)y(0FpI<|8DoJOBvWb;$G&G-qQL&+3liMpyIMTjE zqX@R4^E+J8>JEf2g{8ukqazcfKyM%FRjZD{Ox`8m`;b6IN1H)^Ltn&k<|< z!Wn1K`_;#af7?322;%|KO-9zgA1Fgo|39X}NH2j_9n4Lc2kJs;o%~m;H zLlx+D=31VfpT?=>LUWheQgxNJ823||Ypb`}O!X2+3xoEn9Vwg81qH^363E>edaKe{ zPUa5qWW?fzv?;juRPu-by^1_iy(l)H8YQ|;IdCVX>0kAkXUl~v^K3;Qj5=Rd&EVf+ zAN#!%YJe$@b9*kSb`7;f?CPB##-iP$o-b*We0+_R#JVclCJ5Lb{!=F-7h1yG^co zh=1P7YTPae$l(9q?*c@7bH-M>i;1k1*WBN4xjbbS8}^kvzSMw#RL>nF7vE*XDC4ZT z0DWbib>%G)HoW&oieLI2ztQ{Ws2tJ4Xc=g|JZzm#rwV16@q__8g|Hb=qc`E0hGea-aE z3V~$k+eL1>)>j!~M0M5u1k#lI6%u+Ow)ZlBB>6siJ_QnvE1y@6zoLwB&z>dDc;SZ|^@Wf+&| zd*4@qP#zaWYD7rG)V-)s>{}PE!`tGDqjmSn#QXwn@vW;|v02g4u13zOoue~yNqmW# z{DVVLEk7MAIuoui3X2_L7B=F(5RpHAv|`GnaX$L8qF_+vnfUhhYBOQrj$TLz@ZVt0 zh+eLUMaTH$9PizFv%yL7S)1VU!|i(*R)r_?;~58)2<&rxGvQA%m}$A!x-8%>VgP^ZE5{vA2y9(zp3VAZ(yVqpl}Z*)NDC`FqDx$ zH-f3{3S!*4z(GadYA|aMT z6W)2Hb2T(kG*OOP;{6L!8GXv=r$xeu`1cF!+uL37dIL(!Jfls&_=PHY-jLl%?KU%I zbM?(jgB!Z!useeXlKJ-yMGDTl>m&Jb=E*Pt|68(TbBg3wOA_|Ep1tyCn>v&3G3PUnM=*4EqLY10@#WBmt~xbWTKm$VWw`)8zm-0lhgk&&vbr{0J8zlN zh$Uu)qBWoi#wl8j#DYIKydm#-Ee{q(y)Al9dTqJ)-;8#&(z7K)51K{9`D1bz8|2~W z555a4q}*lUqT_aO;>tVUaVguQRiHS zDGtAVe&$SC7ad>G(5i^zK6y|8bdfBZDeGOwOdCJld&@Qq#-;Xv!y|3%46aMc4EhnB zlcZ(q);Jj%G+($pbDp~YkXXrTpIhB)=!g0_RW5TP3UA~@5qxP|edD)1>V$3|&^6;% zhBL%TT$(syI+h9o(+5{tsXN%^e-$#)6)d(bzD||cg;clclCYp_D?5#sZFO{DYQC4; zPs~ik+(qRX`BBd*?6w!bFMJ=}$$^x`Y({Ds9EoBaOX;5#U#Cq&r5S{D9&0OKY z-Y|Kclw~c$?n=}&w^P0(5iq-^Dsx!Fi#9xux+W$@*}TP)?0A65NURq(?mB3HU-R5i z)uOXvy0y}m&5*T!$<1wX@7e3%d&P$bBKSBckyw0RNdES|!=WJgdyka3$s(ddy7x5V zhXV59h(`@sB?)`R!?oSRNfdr|6mAD{Nzda(NKAK5nVct%apuQ|!8tD$BgP%+Y^R`6 z2@L_F?a<QnCkn3=xIXH(0FfR3B3b0x|CTCeU)TI zIVb1Sb20r{tc&K%r9fNmwGwPb49Av0+G=seXp)fz^TUtYn<=smskR|^87&{|6zvR% z6e}YP=Yzg15a%M=$d=-Jwy+JK<85jq*=?w>4UMtS&)9#9Y_t2QXr~c@`%NH>Am3YX zuSpxs%05sM6L9}M;z(m(#1H$hl)`O?bE_3V&kc*$R2G&rw7cII^b(?{_fVmk=tgs-P=(kz$L+!|k-=2Ayk7XeCD$(IL`mM~^I&D138ExHdx_vf&$(d%C zzlOSdRDY7p^>IO#4)f$ub7OSxuQg9rZ?=fiQ0jyIACyiM;*eYghwE4jvW~y_$HR!h z#Ta7@at2w7Ve#&WcfG%}+>M~t*XS-Wm9^iHwAs>5hh(#r_wbEH*ZH;{7Z@wPq-`aI z;BJi_s=7Iyzr)jHEuhE5t`RDlF`a*vqes;vGtk~_XzH{ra=Ge`!cKX>% z7F7lNl}mgXr1Oh}Fj-;aZG5y-sEn8GTx?O^mM9}&cahQ;h&4}D=;wkzN@M7?vf$ZR z8;?lkyv^h=a-if*@_wOKqjAURx}4}XNzPP7<{mCH^HFpq%RBP&&a^5<=Efq65Ly() zwt1U1Yv=S-;jmi$-nv4Ke`^2}4ikChPQ{M1*oXF*jy#SdLZK;D3ioldRjGHt@T<+-X=|3?HN-aAfcqXr|F&qVU~J=mHr zof6V)O35tWLs5DdSTTr*JE1zw>y4&9Obp#@u%V;ro9zMU-lRLS1Pt@)HtqqO%tJd-!fb|kW};N zHJ*=^d9PNO5eY>x9Pd)9hklk-n3I|ms`{u#v3b>*O}h#E++s#Q-g0)8$^dl7!YVk7Xwo61bhb}~5VNUF3%C3ZjW^~u9eT6DHT*#LMao^(D#k{}7E$&?lAwGi znj7s%tY626`@1`#kJDVs&~K?4k*Q4- z^E%OGSb65(cK#8~L}h@yU8xJuj4b)us4ZHdW1r^TR{K`max}U&>%{!vn)BvA zij2ZZdMiejE=>HocT;CZTpr`@nMQHqnVtEer0)9=mFg=3>K`J@-JR)~GR2qJQkuty z#2+nHSf47Z>{CfcT~`!B0rpFr+mf9rf!>6w$X!w09m#|02k>Wbb=<2 zT260}IN}b2uHmn2_n=!kT@I!VCM}CL^PH@hPo^bxociQFOFI}c#!>USgx`6*9KTK& zSFU`&<@&R5Yl}MFzw`3D)6ynd(-ii+Y#lN0$@T=oj~dOc{^E!nSV4xS%jF>D$6~!~ zM_=x)cjyim##&BC$+)*YP$F8j8_cIzBB~kE{T|fPw1Lf`I<)fpfh&HxAIr0@+@{mU zVZBnT6`aJzpYU4w6*_z(t z)10scq}uveLTh;P8I%9*w&~9FmKn)omE-S?*DY8=D)?;n0z59mNHDPM^+caySEpC< z@WmBL;s!5GEe`$G6wP?2Pcfv2qbYO;_Ce80J13{i$dLfC--*-e&mr%U9@bQ@Y`(M| zBMCmeOHL5@%c~J`X$zJ^k(~UX#)u~=hsB;?x_u}KF*dPlIcW2^;BoIurbuh;9RX;; zJz>T#-zz-%pL}eihYE{OMS$@^${NA91(2T{RNYBeL{Dh!=Yy0} z<+Vuf;5X?12iB~6@_cNXEQDUZ_`R3m5I@$T;PLrFh-c+GSw4;Ftz%?H8Ew;`x!+-X zLB$oOhc=-JjWRc(&h#kiFB2PW8%qHj!xarFXhPj_-ewL;;2H?*9Y;Du?BB7q^ zCYW?xB*zH9M6MPELB+nE#;g<3ELFYACA>@XN40j#bE^>|3exwd?>pogr*D_v3cCL~ z+BygUI^Eb`OtO?;<7{@~WusyCFr6Ku7YewcJJD*rzHbsB%?fw0NBW zfBN%gbG6U0UH@n1P!B_D`A@}fUG6SQeLO2B+Frt6DyH(*N)x~8%|x6Q7;zO#gi|5K zIG58_C6Yv*&%{7){6^Z{TH91DWr>u-QG7j0i~fOf?2?zdc_xl*ml+VgmT5J|D^lc0 zQtJBy(Z1sAvek`NryHL$%!-s3Io${!cwT=k_)=H|J5#bp%?DfZ_JU(H5O?5hrp5#S+_4KPZRwr&zdzEfN>1t;HRTb+yNdL#&2s z?zcB$C%Y3xZ!jwHoGAOZMHmdjGM;8HWvt6WS$XUG{g<+Yl$6A7DD1*mf3w8tVf}w8 zCZ^*P2L_x@$wZ9W7#`w zBt_(XJCSGfit~|x`MKQNB~Aps723#V!*gtHahuRnC5Uzw zQ$atqP!T5N!a#4^;P(jU)7|cbD5@)knu+$PNn!D~uhsTB;-YySdczb}&+j)(3}vSF z|8ec6gC6$b%y5%srJLBf-#M4QrQH@*nNFsQn(SO>vz6>CTzz;US|ed6jXw4ITR`)vM<^sj0;uPG2bEY(b@UK$=P|Lq$%stda~`)S(ZJa?ky!EbJ9( zqzDfbZ-WD!DgQyr8)ce(RcSF#Qp?0QX|nJwdZH@{h#poW4ZV5Psklkfv(hbXKIf{H zVbo0zs;#)?DL;~r`1q%JGmzfJdoJ zs>eN=7nQh<%KZ5d`iw3~e#G0^y? zX8%qiH~BJV)5cUo{K5A_9#XxA@(+ieOOcc_Z$9z*JLrFPC)MO6NHiCe*Pq$f9_E=# zA35DW_v&3UJu~zE6P_f_|4dJwJCr0>sOoc4CIP}nBoeQitmEb_F|y!jl(AWTZeyUQ zviL#rxQ9lluJ%I)=YElWSu2MOwKu;+1RcL$O+fyPi#9dC{KkVlh)cv(o(W5P<2_Rc zzrIy=#H6v)yhRQ-zkvAfRhH8@oARF7E4VpZ5h4F*^_danCZXtkaWezoXCV#m^kq^Q zPbVb5*8lvJOFYrvt{?expHx$9@uA2->LU61z#`XozUMQuC)ODU=AA<)8zFT1dGwzG zh|XiGCQ#-xUv>oVJvY2e7(m)`iZ6HPzq5OT?nMe@8qN}NS7p>Uu0BtO7{}w9)#QbmaE8X{R)Y{xJ|z}k|fPCDU&DPFxp9ChLKexbG=j{ zNsk-jf`neA7pb9z8hUR6p)0-o1NgrW_xV2E&wbf^`F76Poij6McIG#;<9{a0 z8@veD3Ggq~ZNk!XlJF;BfqHvM$Oonl+wgH$SCD1$mVB}(HFkQET14_N|V2K zH@k4Mi{&8D?@CQ|R&isT@j-2>xo`JiSvNHRjp~;iO+0V|Ky)>;xgM4 zs2#JL3;PSM|+9c?CR5o%-FK{>uvIlhXquML%MI9C6n*uXx!KVE9P z|5T3LE>|9S>_@eIgu`5VSc1-N3QMx%`#iMY^z^pFm(9VTXQTlZ?yEam%C9Hc%zrq^ zST;6{?&YJT7ggr4SC5Ht_4df^VHPr`#I*;Dy1GxNcJ-e@T{tDIXN?d3oO;g00K=8} zjJM<$_`X3U+e8dbr>!Cs@eTy-yYs{f(ZeNLehsPN04YF+q_YOd%%@8-5_`$%=^E(A zi$Qy-K#v-Nj370Ow$@tb_3uEdJd>t{L4d_69~Ft)?_C0Fc7Rc1b}nGMh^tiOBPX)> zc2cG#1ghF^TXuR)?vN|hHO%^GxR)%!$@=FiuGOeJ0Iq}d^A*XSWKmQJm`SNTrAsr_ z?Zh;n##671s$}6qkzRg;F$W~x0Se10`zZ7%HUI?=hNB3Jo0=$EPCmTPtH9j_FAfP? zXeWT+ORDVU7T;pJPHF_bNrYW`j0C2+j;!sagiF;edXIi2y2#1a1;^$J?whrQvZ`C@ zY356(qe5Mjwsuc&UcyBzeyLIGrXI~s;!a!8j+-=7*+mRg{>4!?r-~`cFIqC=+06Ti zkNoNz!mnxzG_W0a`bxKrcE2w;b1~zt7T12ko1xaldv&Oc3SiXF-qp-`J~O!y`>Ktl z%T-B&TxCtvtd=9%kHM-%TWMq9V|pTurh!2gt-jLDX;om{OO_cGvkqwcP`M2_CW!0F z?hHNkT~TAT^lR<}F{}cEMXRk8?v6rU^NcaQKoDZYXIZ_=_Vk!Us>P`A-JiTfJ9X-@ z!zP!d)O!;Jp=VhK{Xz0Pdp78rY288udC~*!4Px8fB$V$l4x-l}}S?$ECd{DXKavuZ1k&Eu99Pw31ueO%j4 z;jlF-L{g{zv-NI=kp$9!RK{w&Sqi7p&an==Q8w;5hjeTkwggb*W6G1n6`J)k;;SluGzq17V{1J} zTGoa>tZ*yp>##4*bS``H1o4L>2rto9(_&pKkL5i09J98RBsPVZPQa;|k078`7BgcP zE`hDI^6>XN0;Hn3(D6uZt*Cj;dAHdej&5G@Hy_#a%#>0GL$Q2E0IvJ!Y zJl1~VZtqyZ8mU|lf3emG_dFpxwI3gIpmuuZjZ7R1lh=^)C#A)}=i{EyiUJ_7OS8$&o!7$3_YTMWoEmgFdm+L$pCBfFD$pKi{gTVAs8$CW|3js^}{xjq3|je;`M?hXof)!VP~5P1g1(YsjdodPk)H%xux! zhyqTOJ@a2?!QS>t|8`hW2S_!ZkhvcNxuHHjUY1nGE-}RXaX6M?qA9u~O}`#nB{uU;YPW|Sw+8ey0h7~%{7!N z&VK35Yl~h;RY!cS+E+M$OOM3KI9GkQU@z;sopeDyI;D%$NC0n5zw9KU+a?c(%3P#u zBc&l9brEOwlkqwAIfRZza&Q8jNq5>}^CJZ{w#DDeU_gs`4pb+9 zF-?Nz5P{wr73T3mR3wPf8)=hl>n=P68u^>nPfpr1S9g74OR1?;SOu39 zKV=Q#F>_Am;Nh^t2tT`z-D_eWr;X6bzYQ{1MZGo|Ot5wZuk;qgEeoeL`T3|jT8g#Ael}0O!g$a97L1?W zk*kCem4;RAdGsQS^df(GS!oVyJxgRKWLw~ab|{_8vxC{j@@$cxpo7CY0-na+#V5Fp z1;8e|Iq>aiwB229t6e*O%t>2Iq((B>T;He7;u1)^Lr*k(t4=jp6pMgGdyP9&r8Ni17KKsjmU31!yz84=GqvhuOou0^QhXb+ z_9N3ooOodXb)n(Ja@6V7i9}eoR#<B&1FuKDv{~m! z_aVn$%xcVx9~?C*&w~w1L=g*2 z)oDea&{AsAoFHpT9%0J8-*@NSic+4NY5}9`_OGk7JEDCkxhw-hv|cK zefs2t{3O{m(Vb!DuLhpk^!Z0cY9NSj^tx|%7=w(!(*3de&w5N8&#bzKU4ooCZ8bf+ z+1x&%xz-Km=m-Z!htmY(I-5H4g9FP`Q>|k@?)vV*iLzAHK-K6+ZC3)*s=KN*J?8~u z*qQiBL11MWl7Y|U`f1=mT(^$>EA|kmR;w4E4e!VA6cD)49H5|e#3A|s%}`6+De1fo zFIe7_B|BdK1j4g_Mo;y4?+k@^=Sc~SoSIT1m|Mn0hm*@4Y|p;&W$56x%#uu!CiB>& zwAFlp4BY&>Xdei;y0=nwSTt&|;+U4}Ef}_Ib$^M>6w1uTcc@ZG?zkwicoa>(yJN8` z4X`Ej&=Xsf41|nRjtO34zB-}B%~$g6-s|^%^p{PCapQW`!Npaz1)K<)rbi~nnu9AJ zv&fk<~#);jMw1tYrlcZm5~|6z$kZ3P1g{W z%=`zROfZ|eM-kN0M$IQ(wdVSRw$sd_OY4c(uBLVg|H6*4Vu^bSrnVkgUe-=6&5BJ&J<1d-_emXM6fl}+{SC5RjmJLB` z-C?+x`s(ZD6~2VFRD5PGzdb|ovO_>XM}GE=01)neT8&fSQZkdGcdo(%LMsf4=Q}So z(x~EPc!t95d&6=iU@v=}s`;pVj!z6S%PxF^>i0m*d0lKh;|!)S(NJ6GH9D{D*@*E^kEZr<1{!xp@G zddaV4P4`3MOopPq$^Edhp>!AX7R}$A6hZ6`T2cC$B;Lt7YRYJm-q85M(>XS#^(hR8 z#5&kS+Ko|p^9TOg?4@`HMQ?v*sL+#V1*zdb6>!q!@5Xe+t^)8|I}F9+J7M#^+KWz) zB_rQibeJ={mAh~K;aT?T7JD;ecGPveTCjCC-Vl5T=^8B7oNdI)Y zGb7)Esc8Z$TEBqt@R5`)$xCDwN0dsaJfZkRj1a)UW1&xrOe;NL{18K(*naSqi9LHH zc&*+wa!sK!Rb@sK5aF^xzsW44|xGac=-=L ze9+`84gBHc^@1@#M?H=|YHL}JPJ8W3KCtXi{hmnhW;lDq0NtfORcBAQWq*PA>-$fdsScukf$bYu_tSU?uu7^J}q_lEC>jFo3d#E<{X`Q z88p^!{=yio74Y1>oplgyJDy;Elg~|Y7TaDoMVJk6OpzOEyj!zA^b=j=+~9IXgv4GX zi1F(2g$S^&vpS_a_|W40DjvHImXzO!_hJ;zfu(_|wh@u`v9`9J=QO%_B{x(n%1;Zvc+|7uej-=%AKN~yb_0^nn05OgAJpMWLS6P73tzWJH zvPujowEzsW<~8CW{>A3;P9a|-?pGzcx10snX^^Zv=kHxKNP(%QIj_j6Z+x(dSt5(n z0z6{7;K4O?I_d-^68tm*{i1~=?LJl3-kr0XqqVxIw36otzx^RrZh;Wk6JrRcHW8+t zEwNdR9AJ~5G7F7sJuT{LAUa9kWZaJUw3m;IJj++&w}}h4H$*9M(|l7h$NltUn0dxobO|JMxsTUDnD;BXXI1gI;X05%$lbAl7(uUD9U# zR7Pb<`uw1nD)?MMN9%kh7<^v$hUEV*T-S8A8Lc$K2z9e!b&8#thms9j(z(2IE(|C0 zjc4qofKYhT$kEy}!kPs8m+Q<%`sf+bHQVSvy`zqh#LuZ>=y3=-lRuiPl;@r?Tu<}N_M1cD(qOIa$EVZLGM7*?-j{Wa6L_YUxy-}tF>g;`6*tSrnqZ$)? z+xU`+v_QT)iTi;Ol4I(Nu;%aLj3q^*gB}tFk|gbDmAjSU7Nxho4mVq?JZI*sIA6%d zztwvoN`VT~nf&%*QKfh)8GhI`g;#&}Pn%~B3=7!FNC^fKO?e|@XO61^EVN@Vi-^K- z6{@Gr=51NnWvcU=x90eJ^XJ3LbKu1OYpu>!6ThBze?j2q3L2s`bOGqPxEhaWj{J*g z{(H6iUxRc$HVrcWqDA}Vp9E%#0q17|38IT{4-L_ - - - - - - -Error 404 - - - - - - - - - -
-
-
-

404

-

Page not found

-
-
-
- - - - diff --git a/helmfile/custom-nginx-ingress-errors/www/500.html b/helmfile/custom-nginx-ingress-errors/www/500.html deleted file mode 100644 index e9a98e8..0000000 --- a/helmfile/custom-nginx-ingress-errors/www/500.html +++ /dev/null @@ -1,156 +0,0 @@ - - - - - - - - - Error 500 - - - - - - - - -
-
-
-

500

-

Internal Server Error

-

Most likely your email isnt verified, please verify your email and try - again

-
-
-
- - - - \ No newline at end of file diff --git a/helmfile/custom-nginx-ingress-errors/www/503.html b/helmfile/custom-nginx-ingress-errors/www/503.html deleted file mode 100644 index fb3a045..0000000 --- a/helmfile/custom-nginx-ingress-errors/www/503.html +++ /dev/null @@ -1,33 +0,0 @@ - - - - - - - -Error 503 - - - - - - - - -
-
-
-

503

-

Service Unavailable

-
-
-
- - - - diff --git a/helmfile/custom-nginx-ingress-errors/www/css/style.css b/helmfile/custom-nginx-ingress-errors/www/css/style.css deleted file mode 100644 index 22e5e3b..0000000 --- a/helmfile/custom-nginx-ingress-errors/www/css/style.css +++ /dev/null @@ -1 +0,0 @@ -*{-webkit-box-sizing:border-box;box-sizing:border-box}body{padding:0;margin:0}#notfound{position:relative;height:100vh;background:#030005}#notfound .notfound{position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%)}.notfound{max-width:767px;width:100%;line-height:1.4;text-align:center}.notfound .notfound-404{position:relative;height:180px;margin-bottom:20px;z-index:-1}.notfound .notfound-404 h1{font-family:montserrat,sans-serif;position:absolute;left:50%;top:50%;-webkit-transform:translate(-50%,-50%);-ms-transform:translate(-50%,-50%);transform:translate(-50%,-50%);font-size:224px;font-weight:900;margin-top:0;margin-bottom:0;margin-left:-12px;color:#030005;text-transform:uppercase;text-shadow:-1px -1px 0 #8400ff,1px 1px 0 #ff005a;letter-spacing:-20px}.notfound .notfound-404 h2{font-family:montserrat,sans-serif;position:absolute;left:0;right:0;top:110px;font-size:42px;font-weight:700;color:#fff;text-transform:uppercase;text-shadow:0 2px 0 #8400ff;letter-spacing:13px;margin:0}.notfound a{font-family:montserrat,sans-serif;display:inline-block;text-transform:uppercase;color:#ff005a;text-decoration:none;border:2px solid;background:0 0;padding:10px 40px;font-size:14px;font-weight:700;-webkit-transition:.2s all;transition:.2s all}.notfound a:hover{color:#8400ff}@media only screen and (max-width:767px){.notfound .notfound-404 h2{font-size:24px}}@media only screen and (max-width:480px){.notfound .notfound-404 h1{font-size:182px}} diff --git a/helmfile/windows-support/Dockerfile b/helmfile/windows-support/Dockerfile deleted file mode 100644 index fa8f44d..0000000 --- a/helmfile/windows-support/Dockerfile +++ /dev/null @@ -1,77 +0,0 @@ -# Setup build arguments with default versions -ARG AWS_CLI_VERSION=1.18.105 -ARG TERRAFORM_VERSION=0.12.29 -ARG PYTHON_MAJOR_VERSION=3.7 -ARG KUBE_VERSION=v1.18.6 -ARG HELM_VERSION=v3.2.4 - -# Download Terraform binary -FROM debian:buster-20191224-slim as terraform -ARG TERRAFORM_VERSION -RUN apt-get update -RUN apt-get install --no-install-recommends -y curl=7.64.0-4+deb10u1 -RUN apt-get install --no-install-recommends -y ca-certificates=20190110 -RUN apt-get install --no-install-recommends -y unzip=6.0-23+deb10u1 -RUN apt-get install --no-install-recommends -y gnupg=2.2.12-1+deb10u1 -RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS -RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip -RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig -COPY hashicorp.asc hashicorp.asc -RUN gpg --import hashicorp.asc -RUN gpg --verify terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig terraform_${TERRAFORM_VERSION}_SHA256SUMS -SHELL ["/bin/bash", "-o", "pipefail", "-c"] -RUN grep terraform_${TERRAFORM_VERSION}_linux_amd64.zip terraform_${TERRAFORM_VERSION}_SHA256SUMS | sha256sum -c - -RUN unzip -j terraform_${TERRAFORM_VERSION}_linux_amd64.zip - -# Install AWS CLI using PIP -FROM debian:buster-20191224-slim as aws-cli -ARG AWS_CLI_VERSION -ARG PYTHON_MAJOR_VERSION -RUN apt-get update -RUN apt-get install -y --no-install-recommends python3=${PYTHON_MAJOR_VERSION}.3-1 -RUN apt-get install -y --no-install-recommends python3-pip=18.1-5 -RUN pip3 install setuptools==46.1.3 -RUN pip3 install wheel==0.34.2 -RUN pip3 install pyyaml==5.3.1 -RUN pip3 install awscli==${AWS_CLI_VERSION} - -# Download Helm\Kubectl binary -FROM debian:buster-20191224-slim as wget -ARG KUBE_VERSION -ARG HELM_VERSION -RUN apt-get update && \ - apt-get install --no-install-recommends -y wget ca-certificates=20190110 -RUN wget -q https://storage.googleapis.com/kubernetes-release/release/${KUBE_VERSION}/bin/linux/amd64/kubectl -O /usr/local/bin/kubectl -RUN wget -q https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz -O - | tar -xzO linux-amd64/helm > /usr/local/bin/helm - -# Build final image -FROM debian:buster-20191224-slim -ARG PYTHON_MAJOR_VERSION -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - ca-certificates=20190110 \ - git \ - curl \ - jq=1.5+dfsg-2+b1 \ - python3=${PYTHON_MAJOR_VERSION}.3-1 \ - sudo \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* \ - && update-alternatives --install /usr/bin/python python /usr/bin/python${PYTHON_MAJOR_VERSION} 1 - -COPY --from=terraform /terraform /usr/local/bin/terraform -COPY --from=aws-cli /usr/local/bin/aws* /usr/local/bin/ -COPY --from=aws-cli /usr/local/lib/python${PYTHON_MAJOR_VERSION}/dist-packages /usr/local/lib/python${PYTHON_MAJOR_VERSION}/dist-packages -COPY --from=aws-cli /usr/lib/python3/dist-packages /usr/lib/python3/dist-packages -COPY --from=wget /usr/local/bin/helm /usr/local/bin/helm -COPY --from=wget /usr/local/bin/kubectl /usr/local/bin/kubectl -# this requires helmfile binary in the same folder with the Dockerfile -COPY helmfile /usr/local/bin/ -RUN chmod +x /usr/local/bin/helmfile /usr/local/bin/helm /usr/local/bin/kubectl -RUN helm plugin install https://github.com/databus23/helm-diff --version v3.0.0-rc.7 && \ - helm plugin install https://github.com/futuresimple/helm-secrets && \ - helm plugin install https://github.com/hypnoglow/helm-s3.git && \ - helm plugin install https://github.com/aslafy-z/helm-git.git - -WORKDIR /workspace -CMD ["bash"] diff --git a/helmfile/windows-support/README.md b/helmfile/windows-support/README.md deleted file mode 100644 index 758d894..0000000 --- a/helmfile/windows-support/README.md +++ /dev/null @@ -1,5 +0,0 @@ -## purpose - -this is needed because helmfile didn't work properly for me on windows (the helm diff plugin), as well as helmfile docker files and helmfile make. hence this dockerfile that works on windows. I needed to include compiled helmfile for the same reason. - -Build this dockerfile like you normally would and after that you can just use the docker image to run helmfile. The provided dockerfile has got aws cli, kubectl, terraform, helm, helm plugins and helmfile. \ No newline at end of file diff --git a/helmfile/windows-support/dockerfile.v2 b/helmfile/windows-support/dockerfile.v2 deleted file mode 100644 index e156db1..0000000 --- a/helmfile/windows-support/dockerfile.v2 +++ /dev/null @@ -1,50 +0,0 @@ -# Setup build arguments with default versions -ARG TERRAFORM_VERSION=0.12.29 -ARG KUBE_VERSION=v1.18.8 -ARG HELM_VERSION=v3.3.0 -ARG HELMFILE_VERSION=v0.126.2 -ARG KUSTOMIZE_VERSION=v3.8.1 - -# Download Terraform\Kubectl\Helm binaries -FROM debian:buster-slim as binaries -ARG TERRAFORM_VERSION -ARG KUBE_VERSION -ARG HELM_VERSION -RUN apt-get update -RUN apt-get install --no-install-recommends -y curl=7.64.0-4+deb10u1 -RUN apt-get install --no-install-recommends -y ca-certificates=20190110 -RUN apt-get install --no-install-recommends -y unzip=6.0-23+deb10u1 -RUN apt-get install --no-install-recommends -y gnupg=2.2.12-1+deb10u1 -RUN apt-get install --no-install-recommends -y wget -RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS -RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_linux_amd64.zip -RUN curl -Os https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig -RUN wget -q https://storage.googleapis.com/kubernetes-release/release/${KUBE_VERSION}/bin/linux/amd64/kubectl -O /usr/local/bin/kubectl -RUN wget -q https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz -O - | tar -xzO linux-amd64/helm > /usr/local/bin/helm -COPY hashicorp.asc hashicorp.asc -RUN gpg --import hashicorp.asc -RUN gpg --verify terraform_${TERRAFORM_VERSION}_SHA256SUMS.sig terraform_${TERRAFORM_VERSION}_SHA256SUMS -SHELL ["/bin/bash", "-o", "pipefail", "-c"] -RUN grep terraform_${TERRAFORM_VERSION}_linux_amd64.zip terraform_${TERRAFORM_VERSION}_SHA256SUMS | sha256sum -c - -RUN unzip -j terraform_${TERRAFORM_VERSION}_linux_amd64.zip - -# Layer to get helmfile stuff -FROM quay.io/roboll/helmfile:${HELMFILE_VERSION} as helmfile -ARG KUSTOMIZE_VERSION -RUN curl -L https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2F${KUSTOMIZE_VERSION}/kustomize_${KUSTOMIZE_VERSION}_linux_amd64.tar.gz | \ - tar zxv && mv kustomize /usr/local/bin - -# Build final image -FROM amazon/aws-cli -WORKDIR /ci -ENV XDG_DATA_HOME=/home - -COPY --from=binaries /terraform /usr/local/bin/terraform -COPY --from=binaries /usr/local/bin/helm /usr/local/bin/helm -COPY --from=binaries /usr/local/bin/kubectl /usr/local/bin/kubectl -COPY --from=helmfile /usr/local/bin/helmfile /usr/local/bin -COPY --from=helmfile /usr/local/bin/kustomize /usr/local/bin -COPY --from=helmfile /root/.helm/cache/plugins/ /home/helm/plugins -RUN chmod +x /usr/local/bin/helmfile && chmod +x /usr/local/bin/helm && chmod +x /usr/local/bin/kubectl && chmod +x /usr/local/bin/kustomize -WORKDIR /ci -ENTRYPOINT ["/bin/bash"] diff --git a/helmfile/windows-support/hashicorp.asc b/helmfile/windows-support/hashicorp.asc deleted file mode 100644 index 5364dee..0000000 --- a/helmfile/windows-support/hashicorp.asc +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v1 - -mQENBFMORM0BCADBRyKO1MhCirazOSVwcfTr1xUxjPvfxD3hjUwHtjsOy/bT6p9f -W2mRPfwnq2JB5As+paL3UGDsSRDnK9KAxQb0NNF4+eVhr/EJ18s3wwXXDMjpIifq -fIm2WyH3G+aRLTLPIpscUNKDyxFOUbsmgXAmJ46Re1fn8uKxKRHbfa39aeuEYWFA -3drdL1WoUngvED7f+RnKBK2G6ZEpO+LDovQk19xGjiMTtPJrjMjZJ3QXqPvx5wca -KSZLr4lMTuoTI/ZXyZy5bD4tShiZz6KcyX27cD70q2iRcEZ0poLKHyEIDAi3TM5k -SwbbWBFd5RNPOR0qzrb/0p9ksKK48IIfH2FvABEBAAG0K0hhc2hpQ29ycCBTZWN1 -cml0eSA8c2VjdXJpdHlAaGFzaGljb3JwLmNvbT6JATgEEwECACIFAlMORM0CGwMG -CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEFGFLYc0j/xMyWIIAIPhcVqiQ59n -Jc07gjUX0SWBJAxEG1lKxfzS4Xp+57h2xxTpdotGQ1fZwsihaIqow337YHQI3q0i -SqV534Ms+j/tU7X8sq11xFJIeEVG8PASRCwmryUwghFKPlHETQ8jJ+Y8+1asRydi -psP3B/5Mjhqv/uOK+Vy3zAyIpyDOMtIpOVfjSpCplVRdtSTFWBu9Em7j5I2HMn1w -sJZnJgXKpybpibGiiTtmnFLOwibmprSu04rsnP4ncdC2XRD4wIjoyA+4PKgX3sCO -klEzKryWYBmLkJOMDdo52LttP3279s7XrkLEE7ia0fXa2c12EQ0f0DQ1tGUvyVEW -WmJVccm5bq25AQ0EUw5EzQEIANaPUY04/g7AmYkOMjaCZ6iTp9hB5Rsj/4ee/ln9 -wArzRO9+3eejLWh53FoN1rO+su7tiXJA5YAzVy6tuolrqjM8DBztPxdLBbEi4V+j -2tK0dATdBQBHEh3OJApO2UBtcjaZBT31zrG9K55D+CrcgIVEHAKY8Cb4kLBkb5wM -skn+DrASKU0BNIV1qRsxfiUdQHZfSqtp004nrql1lbFMLFEuiY8FZrkkQ9qduixo -mTT6f34/oiY+Jam3zCK7RDN/OjuWheIPGj/Qbx9JuNiwgX6yRj7OE1tjUx6d8g9y -0H1fmLJbb3WZZbuuGFnK6qrE3bGeY8+AWaJAZ37wpWh1p0cAEQEAAYkBHwQYAQIA -CQUCUw5EzQIbDAAKCRBRhS2HNI/8TJntCAClU7TOO/X053eKF1jqNW4A1qpxctVc -z8eTcY8Om5O4f6a/rfxfNFKn9Qyja/OG1xWNobETy7MiMXYjaa8uUx5iFy6kMVaP -0BXJ59NLZjMARGw6lVTYDTIvzqqqwLxgliSDfSnqUhubGwvykANPO+93BBx89MRG -unNoYGXtPlhNFrAsB1VR8+EyKLv2HQtGCPSFBhrjuzH3gxGibNDDdFQLxxuJWepJ -EK1UbTS4ms0NgZ2Uknqn1WRU1Ki7rE4sTy68iZtWpKQXZEJa0IGnuI2sSINGcXCJ -oEIgXTMyCILo34Fa/C6VCm2WBgz9zZO8/rHIiQm1J5zqz0DrDwKBUM9C -=LYpS ------END PGP PUBLIC KEY BLOCK----- \ No newline at end of file diff --git a/terraform/root-162540680133/sops_key/.terraform.lock.hcl b/terraform/root-162540680133/sops_key/.terraform.lock.hcl new file mode 100644 index 0000000..353a40e --- /dev/null +++ b/terraform/root-162540680133/sops_key/.terraform.lock.hcl @@ -0,0 +1,25 @@ +# This file is maintained automatically by "terraform init". +# Manual edits may be lost in future updates. + +provider "registry.terraform.io/hashicorp/aws" { + version = "4.40.0" + constraints = ">= 2.63.0" + hashes = [ + "h1:ZNYcP0N4WfRiuCmkXJkPrTS/4BG7PfkbXBUhbA77WTg=", + "zh:04ca7287b7f5a2a310b60308cc08df11e97714d32d1a10c34a94454d330af66e", + "zh:13c28ba9b324c526580783a3807007a296ce58c607c7bdc94ae2bb72b35b6495", + "zh:2c84dbc0701b9724802f7343f916f50b6914a044dfbfc6654f264c9347f02dac", + "zh:33255a22e1d1ecec2ad8ccfec1e4a54dc33a8d71f3edad098c25d822958a138b", + "zh:4583b5e92b8de3662c8d8ff8a6527572ec23ad8c64dd686ff9dd528bc6934a4f", + "zh:4a9f502c0b8abe45abda846e0601f8d8ef582e62e0b92cb747b4200a711ba739", + "zh:558959e19935ec5e7f0647e900fc8561f4961a377be0178496a6495805136721", + "zh:6b3dc4b034d34885db620d73c75d3bb9abeee539e61ca9d0670fb995353e165d", + "zh:72f0dac5dbba355bce88599ded2baabc7d109ee786b89c6648ae720cb00a4bbf", + "zh:77981b87e2bcbb278402e8ff863d5e50aafbdc03629d7a57273c06989884a22f", + "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", + "zh:c5b4dd61558a4887a23847d23cd3b41a97ad03a9f3624d0687cb5461fee514b0", + "zh:c8949bc6600ec10ea5c0abdd4c1ffee8f82519c0cda8cc7a651e6258960e6249", + "zh:d1c88ab98f126d65cd0c7b6c9e1d06d59e766217ae374d5a908052817e3692a3", + "zh:ff2e921440bcbfd440ef84f5127ba881c930b2b70773e725de35c0fa3baddc4b", + ] +} diff --git a/terraform/root-162540680133/sops_key/kms.tf b/terraform/root-162540680133/sops_key/kms.tf new file mode 100644 index 0000000..cc98abe --- /dev/null +++ b/terraform/root-162540680133/sops_key/kms.tf @@ -0,0 +1,95 @@ +data "aws_iam_policy_document" "kms" { + statement { + sid = "Enable IAM User Permissions" + actions = ["kms:*"] + resources = ["arn:aws:s3:::*"] + effect = "Allow" + principals { + type = "AWS" + identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"] + } + } + + statement { + sid = "Allow access for Key Administrators" + actions = [ + "kms:Create*", + "kms:Describe*", + "kms:Enable*", + "kms:List*", + "kms:Put*", + "kms:Update*", + "kms:Revoke*", + "kms:Disable*", + "kms:Get*", + "kms:Delete*", + "kms:TagResource", + "kms:UntagResource", + "kms:ScheduleKeyDeletion", + "kms:CancelKeyDeletion" + ] + resources = ["*"] + effect = "Allow" + principals { + type = "AWS" + identifiers = [ + "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AdministratorAccess_91b52266e9732916", + "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_SystemAdministrator_2bf11eb9a2b37c20", + ] + } + } + + statement { + sid = "Allow use of the key" + actions = [ + "kms:Encrypt", + "kms:Decrypt", + "kms:ReEncrypt*", + "kms:GenerateDataKey*", + "kms:DescribeKey" + ] + resources = ["*"] + effect = "Allow" + principals { + type = "AWS" + identifiers = [ + "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AdministratorAccess_91b52266e9732916", + "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_SystemAdministrator_2bf11eb9a2b37c20", + ] + } + } + + statement { + sid = "Allow attachment of persistent resources" + actions = [ + "kms:CreateGrant", + "kms:ListGrants", + "kms:RevokeGrant" + ] + resources = ["*"] + effect = "Allow" + principals { + type = "AWS" + identifiers = [ + "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_AdministratorAccess_91b52266e9732916", + "arn:aws:iam::${data.aws_caller_identity.current.account_id}:role/aws-reserved/sso.amazonaws.com/AWSReservedSSO_SystemAdministrator_2bf11eb9a2b37c20", + ] + } + condition { + test = "Bool" + variable = "kms:GrantIsForAWSResource" + values = ["true"] + } + } +} + +resource "aws_kms_key" "kms" { + description = "Helm secrets key" + policy = data.aws_iam_policy_document.kms.json +} + +resource "aws_kms_alias" "kms" { + name = "alias/helm-secrets" + target_key_id = aws_kms_key.kms.key_id +} + diff --git a/terraform/root-162540680133/sops_key/main.tf b/terraform/root-162540680133/sops_key/main.tf new file mode 100644 index 0000000..478b801 --- /dev/null +++ b/terraform/root-162540680133/sops_key/main.tf @@ -0,0 +1,18 @@ +provider "aws" { + version = ">= 2.63.0" + region = var.aws_region +} + +terraform { + required_version = ">= 1.0.0, < 2.0.0" + + backend "s3" { + region = "us-east-1" + bucket = "tip-org-tfstate" + key = "tip-sops" + dynamodb_table = "terraform-state-lock" + encrypt = true + } +} + +data "aws_caller_identity" "current" {} diff --git a/terraform/root-162540680133/sops_key/terraform.tfvars b/terraform/root-162540680133/sops_key/terraform.tfvars new file mode 100644 index 0000000..bb891da --- /dev/null +++ b/terraform/root-162540680133/sops_key/terraform.tfvars @@ -0,0 +1 @@ +aws_region = "us-east-1" diff --git a/terraform/root-162540680133/sops_key/variables.tf b/terraform/root-162540680133/sops_key/variables.tf new file mode 100644 index 0000000..8d5410d --- /dev/null +++ b/terraform/root-162540680133/sops_key/variables.tf @@ -0,0 +1,4 @@ +variable "aws_region" { + description = "AWS region" + type = string +} diff --git a/terraform/root-162540680133/tf_organization/.sops.yaml b/terraform/root-162540680133/tf_organization/.sops.yaml new file mode 100644 index 0000000..7219e41 --- /dev/null +++ b/terraform/root-162540680133/tf_organization/.sops.yaml @@ -0,0 +1,2 @@ +creation_rules: +- kms: 'arn:aws:kms:us-east-1:162540680133:alias/helm-secrets' diff --git a/terraform/root-162540680133/tf_organization/billing_alarm.tf b/terraform/root-162540680133/tf_organization/billing_alarm.tf index af0da39..6580c89 100644 --- a/terraform/root-162540680133/tf_organization/billing_alarm.tf +++ b/terraform/root-162540680133/tf_organization/billing_alarm.tf @@ -1,5 +1,5 @@ resource "aws_budgets_budget" "default" { - for_each = var.org_accounts + for_each = jsondecode(data.sops_file.secrets.raw).org_accounts name = "${each.key}-budget" budget_type = "COST" limit_amount = each.value["monthly_budget"] diff --git a/terraform/root-162540680133/tf_organization/main.tf b/terraform/root-162540680133/tf_organization/main.tf index a361bbb..55f7c57 100644 --- a/terraform/root-162540680133/tf_organization/main.tf +++ b/terraform/root-162540680133/tf_organization/main.tf @@ -8,9 +8,20 @@ terraform { dynamodb_table = "terraform-state-lock" encrypt = true } + + required_providers { + sops = { + source = "carlpett/sops" + version = "~> 0.5" + } + } } provider "aws" { version = ">= 2.63.0" region = var.aws_region } + +data "sops_file" "secrets" { + source_file = "secrets.enc.json" +} diff --git a/terraform/root-162540680133/tf_organization/organization.tf b/terraform/root-162540680133/tf_organization/organization.tf index d9be499..cd55bbc 100644 --- a/terraform/root-162540680133/tf_organization/organization.tf +++ b/terraform/root-162540680133/tf_organization/organization.tf @@ -13,7 +13,7 @@ resource "aws_organizations_organizational_unit" "default" { } resource "aws_organizations_account" "default" { - for_each = var.org_accounts + for_each = jsondecode(data.sops_file.secrets.raw).org_accounts name = each.key email = each.value["email"] parent_id = aws_organizations_organizational_unit.default.id diff --git a/terraform/root-162540680133/tf_organization/secrets.enc.json b/terraform/root-162540680133/tf_organization/secrets.enc.json new file mode 100644 index 0000000..2196bdf --- /dev/null +++ b/terraform/root-162540680133/tf_organization/secrets.enc.json @@ -0,0 +1,48 @@ +{ + "org_accounts": { + "cicd": { + "email": "ENC[AES256_GCM,data:w+A2Y0Exkle7so5gWfIgnoCqRL8FH0+fXwG3yindZYNVZQ==,iv:9+pHL0zsbRJ+ysW0zoEA+/hfcWROEeLy7TCj0L+e7Eo=,tag:/Co2xGMjLqFEegmRm6LH5Q==,type:str]", + "monthly_budget": "ENC[AES256_GCM,data:7/+H+V0=,iv:/sGSwJEamMNWP0kD86k4rgWmlvaztCgqnve+amF1twA=,tag:slwv9fixGjI4+gVD2A65yA==,type:str]", + "billing_alarm_notify_emails": [ + "ENC[AES256_GCM,data:hJzTn6zBNHy21Xr/ebZt5TUB,iv:6vGbAvjblpXoGOG5INrY74IZAL3/3CZaCtOzCC7yjgo=,tag:lznl3K88QVrOCBgeb054iQ==,type:str]", + "ENC[AES256_GCM,data:U6GZrBV/7p0PnISLAtbDxUohhjE=,iv:8xvvjI6ypRdFKpZpkWq6GCKOe35Hl9GPElIbNXDNyLM=,tag:d2X8B7bTatIwsMG1o2Z7LA==,type:str]" + ] + }, + "wifi": { + "email": "ENC[AES256_GCM,data:ZF/RJC3iUY7r35k1n7X2InBqhwsiSzH1u+IAslKYYna9Yw==,iv:Ze9a7uCE7vQTvvxToTBB2njMIJUE+cWWSryhYQGwdDs=,tag:ntuOOx9S6z51E+zmNwosyw==,type:str]", + "monthly_budget": "ENC[AES256_GCM,data:Cx1RjR6z,iv:jKibjwHFaMHUC9S5k24Reww3nSBWrjphCZM0naYSnTI=,tag:bLjHZC4F2Vlf8fxOCoQ/0g==,type:str]", + "billing_alarm_notify_emails": [ + "ENC[AES256_GCM,data:gVZREZAFuDO70s6Psf9/AA+Z2g/IbuND,iv:pXj/RaRISryf5UPnJaHx/zAWT00GXxhY3zMUJAFnnJE=,tag:pSvqz6tODo9Qb1qt0FIG1w==,type:str]", + "ENC[AES256_GCM,data:3a3J1QJDH32TkLD5Qo8CTXUOVBYg2WI=,iv:btVPVNQUeoHvvCkeAp8u/PAJBbDcIEB1LLk0SPpq68U=,tag:72xpp+7I4OynvFpgoFV4tA==,type:str]", + "ENC[AES256_GCM,data:+Yye97K9a/14p0H6GyNfuNWuWQ==,iv:5qLSSl74dDNAGCG9fZrZH2pzIsLzw0Qi4GeZXtz4ybk=,tag:8/Wgm9URP8Q9YpGJJ/1mrg==,type:str]" + ] + }, + "openautomation": { + "email": "ENC[AES256_GCM,data:9IHAeBPnIo9W6JGtfd6twleqVBGu0TP4TrM1Rsj1+6s7S7An5g==,iv:uGocTojTHz/O8uxmFVv/4M3o7ma0C6FaCiqPmu6UaEE=,tag:NA0vY6wd32rDRs30VltQJw==,type:str]", + "monthly_budget": "ENC[AES256_GCM,data:WvG9Ijk=,iv:v+llc1tiuqwBBwDoFKcAagWjFhuoUuSSz5LH5Xt8Dbw=,tag:Mrfyllp+4+UgPzLXXR862g==,type:str]", + "billing_alarm_notify_emails": [ + "ENC[AES256_GCM,data:v9PEhhGfPiF0/BQyuFkKLhVL,iv:2MifI4GsP3ANt51Noymdebxybf+JZrd09lQb9OacR5w=,tag:kc4Jt545KllcTH6gD376Uw==,type:str]", + "ENC[AES256_GCM,data:89B2fcgDa+2nYbg1EfdafbHIZIc=,iv:c1NwTcLHHv7dBg5SIQ2GVwt1vAIcQDvV7HhWUYAthaM=,tag:hTiEWaIK01BlNPc9oInZXg==,type:str]" + ] + } + }, + "sops": { + "kms": [ + { + "arn": "arn:aws:kms:us-east-1:162540680133:alias/helm-secrets", + "created_at": "2022-11-21T14:26:23Z", + "enc": "AQICAHi1PeBBVgOTmYIxfm2OeQV6Js1L6sK2WYypQs3n0SEJtgH49MkfD5xT/GyTTOU4sOV7AAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMQLp3bASG3zvc2T8/AgEQgDtP58RwjvLOv830CZfdKMxxc58qwqaQrkpANmUYec/5j7uy807kz+mpvhY1ATZrtkVGUDjjUTFEZSnqbQ==", + "aws_profile": "" + } + ], + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": null, + "lastmodified": "2022-11-21T14:29:01Z", + "mac": "ENC[AES256_GCM,data:F1a6uJP2AJNjVLWITz7f41lglPlUassiqfjcylmdVXbJpY9sS7gnpYbxBO5h3KhSGshq5iRf2tmOhLpDSeb2SnznW5EhWf6V2d7G2kETsRm2Yk3z5RwUjp9eoixDEG0MWinrDRo0CnvBf+npLNg3SgOFWi0thwzSTs5uP3x7kcA=,iv:vNnD5+Oi2jsV28Zy+MWJPN26BbcZlW7nHsb/qtsOc6I=,tag:W1caIEvzTsiCnrvr8Iu7Bg==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.7.3" + } +} \ No newline at end of file diff --git a/terraform/root-162540680133/tf_organization/terraform.tfvars b/terraform/root-162540680133/tf_organization/terraform.tfvars index 774bb9c..bb891da 100644 --- a/terraform/root-162540680133/tf_organization/terraform.tfvars +++ b/terraform/root-162540680133/tf_organization/terraform.tfvars @@ -1,40 +1 @@ aws_region = "us-east-1" - -billing_alarm_notify_emails = [ - "tip-alerts@opsfleet.com" -] - -budget_monthly_limit = { - "cicd" = "100.0" - "wifi" = "100.0" -} - -org_accounts = { - "cicd" = { - "email" = "cicd-admin@telecominfraproject.com" - "monthly_budget" = "500.0" - "billing_alarm_notify_emails" = [ - "dorongivoni@fb.com", - "jcrosby@launchcg.com", - ] - } - - "wifi" = { - "email" = "wifi-admin@telecominfraproject.com" - "monthly_budget" = "5000.0" - "billing_alarm_notify_emails" = [ - "jaspreetsachdev@meta.com", - "tip-alerts@opsfleet.com", - "chrisbusch@meta.com", - ] - } - - "openautomation" = { - "email" = "netauto-admin@telecominfraproject.com" - "monthly_budget" = "500.0" - "billing_alarm_notify_emails" = [ - "dorongivoni@fb.com", - "jcrosby@launchcg.com", - ] - } -} diff --git a/terraform/root-162540680133/tf_organization/variables.tf b/terraform/root-162540680133/tf_organization/variables.tf index 5628621..8d5410d 100644 --- a/terraform/root-162540680133/tf_organization/variables.tf +++ b/terraform/root-162540680133/tf_organization/variables.tf @@ -2,17 +2,3 @@ variable "aws_region" { description = "AWS region" type = string } - -variable "billing_alarm_notify_emails" { - description = "Billing alarm notification emails" - type = set(string) -} - -variable "budget_monthly_limit" { - description = "Monthly budget limit, USD" - type = map(string) -} - -variable "org_accounts" { - description = "Organization accounts" -} diff --git a/tf_modules/eks/eks.tf b/tf_modules/eks/eks.tf deleted file mode 100644 index 989fb7d..0000000 --- a/tf_modules/eks/eks.tf +++ /dev/null @@ -1,122 +0,0 @@ -provider "kubernetes" { - host = data.aws_eks_cluster.cluster.endpoint - cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data) - token = data.aws_eks_cluster_auth.cluster.token - load_config_file = false - version = "~> 1.9" -} - -data "aws_eks_cluster" "cluster" { - name = module.eks.cluster_id -} - -data "aws_eks_cluster_auth" "cluster" { - name = module.eks.cluster_id -} - -module "eks" { - source = "git::https://github.com/terraform-aws-modules/terraform-aws-eks?ref=v12.2.0" - cluster_name = var.cluster_name - subnets = length(var.vpc_id) > 0 ? module.vpc_main.private_subnets : var.private_subnets - vpc_id = length(var.vpc_id) > 0 ? module.vpc_main.vpc_id : var.vpc_id - tags = { "Name" = var.cluster_name } - - node_groups_defaults = { - ami_type = "AL2_x86_64" - disk_size = var.node_group_settings["disk_size"] - } - - node_groups = { - main = { - desired_capacity = var.node_group_settings["desired_capacity"] - max_capacity = var.node_group_settings["max_capacity"] - min_capacity = var.node_group_settings["min_capacity"] - instance_type = var.node_group_settings["instance_type"] - k8s_labels = { - role = "default" - } - } - } - - enable_irsa = true - cluster_enabled_log_types = [ - "api", - "audit", - "authenticator", - "controllerManager", - "scheduler", - ] - - cluster_version = var.cluster_version - write_kubeconfig = false - cluster_log_retention_in_days = var.cluster_log_retention_in_days -} - -locals { - oidc_provider_url = split("https://", module.eks.cluster_oidc_issuer_url)[1] - cluster_main_node_group_asg = length(module.eks.node_groups) > 0 ? module.eks.node_groups["main"]["resources"][0]["autoscaling_groups"][0]["name"] : "" -} - -module "cluster_autoscaler_cluster_role" { - source = "git::https://github.com/terraform-aws-modules/terraform-aws-iam.git//modules/iam-assumable-role-with-oidc?ref=v2.12.0" - role_name = "${module.eks.cluster_id}-cluster-autoscaler" - provider_url = local.oidc_provider_url - role_policy_arns = [aws_iam_policy.cluster_autoscaler.arn] - create_role = true -} - -resource "aws_iam_policy" "cluster_autoscaler" { - name_prefix = "cluster-autoscaler" - description = "EKS cluster-autoscaler policy for cluster ${var.cluster_name}" - policy = data.aws_iam_policy_document.cluster_autoscaler.json -} - -data "aws_iam_policy_document" "cluster_autoscaler" { - statement { - sid = "clusterAutoscalerAll" - effect = "Allow" - - actions = [ - "autoscaling:DescribeAutoScalingGroups", - "autoscaling:DescribeAutoScalingInstances", - "autoscaling:DescribeLaunchConfigurations", - "autoscaling:DescribeTags", - "ec2:DescribeLaunchTemplateVersions", - ] - - resources = ["*"] - } - - statement { - sid = "clusterAutoscalerOwn" - effect = "Allow" - - actions = [ - "autoscaling:SetDesiredCapacity", - "autoscaling:TerminateInstanceInAutoScalingGroup", - "autoscaling:UpdateAutoScalingGroup", - ] - - resources = ["*"] - - condition { - test = "StringEquals" - variable = "autoscaling:ResourceTag/kubernetes.io/cluster/${var.cluster_name}" - values = ["owned"] - } - - condition { - test = "StringEquals" - variable = "autoscaling:ResourceTag/k8s.io/cluster-autoscaler/enabled" - values = ["true"] - } - } -} - -output "cluster_autoscaler_role_arn" { - value = module.cluster_autoscaler_cluster_role.this_iam_role_arn -} - -output "kubeconfig" { - value = module.eks.kubeconfig -} diff --git a/tf_modules/eks/main.tf b/tf_modules/eks/main.tf deleted file mode 100644 index adf914c..0000000 --- a/tf_modules/eks/main.tf +++ /dev/null @@ -1,16 +0,0 @@ -provider "aws" { - version = ">= 2.59.0" - region = var.aws_region -} - -terraform { - required_version = ">= 0.12.2" - - backend "s3" { - region = "us-east-1" - bucket = "tip-wifi-tfstate" - key = "wlan-main" - dynamodb_table = "terraform-state-lock" - encrypt = true - } -} \ No newline at end of file diff --git a/tf_modules/eks/variables.tf b/tf_modules/eks/variables.tf deleted file mode 100644 index 6cf4c65..0000000 --- a/tf_modules/eks/variables.tf +++ /dev/null @@ -1,60 +0,0 @@ -variable "aws_region" { - description = "AWS zone" - type = string -} - -variable "vpc_cidr" { - type = string - default = "" -} - -variable "az" { - default = ["a", "b", "c"] -} - -variable "node_group_settings" { - description = "Cluster node group settings" - type = map(string) - default = { - desired_capacity = 1 - max_capacity = 1 - min_capacity = 1 - instance_type = "t3.small" - disk_size = 20 - } -} - -variable "cluster_log_retention_in_days" { - description = "Cloudwatch logs retention (days)" - type = number - default = 35 -} - -variable "cluster_version" { - description = "EKS cluster version" - type = string -} - -variable "vpc_id" { - description = "VPC id, will be created if parameter is omitted" - type = string - default = "" -} - -variable "cluster_name" { - description = "EKS cluster name" - type = string - default = "" -} - -variable "public_subnets" { - description = "List of public subnet ids" - type = set(string) - default = [""] -} - -variable "private_subnets" { - description = "List of private subnet ids" - type = set(string) - default = [""] -} \ No newline at end of file diff --git a/tf_modules/eks/vpc.tf b/tf_modules/eks/vpc.tf deleted file mode 100644 index 0169c38..0000000 --- a/tf_modules/eks/vpc.tf +++ /dev/null @@ -1,34 +0,0 @@ -module "vpc_main" { - source = "github.com/terraform-aws-modules/terraform-aws-vpc?ref=v2.33.0" - create_vpc = length(var.vpc_id) > 0 ? false : true - name = var.cluster_name - cidr = var.vpc_cidr - azs = [for az in var.az : format("%s%s", var.aws_region, az)] - public_subnets = [cidrsubnet(var.vpc_cidr, 9, 0), cidrsubnet(var.vpc_cidr, 9, 1), cidrsubnet(var.vpc_cidr, 9, 2)] - private_subnets = [cidrsubnet(var.vpc_cidr, 9, 10), cidrsubnet(var.vpc_cidr, 9, 11), cidrsubnet(var.vpc_cidr, 9, 12)] - enable_nat_gateway = true - single_nat_gateway = false - enable_dns_hostnames = true - - public_subnet_tags = { - "kubernetes.io/cluster/${var.cluster_name}" = "shared" - "kubernetes.io/role/elb" = "1" - } - - private_subnet_tags = { - "kubernetes.io/cluster/${var.cluster_name}" = "shared" - "kubernetes.io/role/internal-elb" = "1" - } -} - -output "public_subnets" { - value = module.vpc_main.public_subnets -} - -output "private_subnets" { - value = module.vpc_main.private_subnets -} - -output "vpc_id" { - value = module.vpc_main.vpc_id -} \ No newline at end of file