From 30974b2f38bd2e10a5a712fc5f84c18be16a987a Mon Sep 17 00:00:00 2001 From: Peter Kurfer Date: Tue, 21 Nov 2023 22:32:09 +0100 Subject: [PATCH] feat: deploy vaultwarden and s3-csi --- .../resources/db/default-cluster.yaml | 3 ++ s3-csi/.gitignore | 1 + s3-csi/config/s3-csi-config.enc.yaml | 38 +++++++++++++++ s3-csi/config/values.csi-s3.yaml | 13 ++++++ s3-csi/kustomization.yaml | 15 ++++++ s3-csi/secret-generator.yaml | 10 ++++ vaultwarden/config/api-env.enc.yaml | 46 +++++++++++++++++++ vaultwarden/kustomization.yaml | 24 ++++++++++ vaultwarden/resources/deployment.yaml | 41 +++++++++++++++++ vaultwarden/resources/ingress.yaml | 17 +++++++ vaultwarden/resources/namespace.yaml | 7 +++ vaultwarden/resources/pvc.yaml | 13 ++++++ vaultwarden/resources/service.yaml | 12 +++++ vaultwarden/secret-generator.yaml | 10 ++++ vikunja/resources/api/config.enc.yaml | 6 +-- 15 files changed, 253 insertions(+), 3 deletions(-) create mode 100644 s3-csi/.gitignore create mode 100644 s3-csi/config/s3-csi-config.enc.yaml create mode 100644 s3-csi/config/values.csi-s3.yaml create mode 100644 s3-csi/kustomization.yaml create mode 100644 s3-csi/secret-generator.yaml create mode 100644 vaultwarden/config/api-env.enc.yaml create mode 100644 vaultwarden/kustomization.yaml create mode 100644 vaultwarden/resources/deployment.yaml create mode 100644 vaultwarden/resources/ingress.yaml create mode 100644 vaultwarden/resources/namespace.yaml create mode 100644 vaultwarden/resources/pvc.yaml create mode 100644 vaultwarden/resources/service.yaml create mode 100644 vaultwarden/secret-generator.yaml diff --git a/postgres-operator/resources/db/default-cluster.yaml b/postgres-operator/resources/db/default-cluster.yaml index c63f61a..70b6997 100644 --- a/postgres-operator/resources/db/default-cluster.yaml +++ b/postgres-operator/resources/db/default-cluster.yaml @@ -33,6 +33,9 @@ spec: - name: noco databases: - noco + - name: vaultwarden + databases: + - vaultwarden - name: vikunja databases: - vikunja diff --git a/s3-csi/.gitignore b/s3-csi/.gitignore new file mode 100644 index 0000000..711a39c --- /dev/null +++ b/s3-csi/.gitignore @@ -0,0 +1 @@ +charts/ \ No newline at end of file diff --git a/s3-csi/config/s3-csi-config.enc.yaml b/s3-csi/config/s3-csi-config.enc.yaml new file mode 100644 index 0000000..6ce746d --- /dev/null +++ b/s3-csi/config/s3-csi-config.enc.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: Secret +metadata: + name: csi-s3-secret +type: Opaque +stringData: + accessKeyID: ENC[AES256_GCM,data:xXtMVs8lcYBuaii8oYdVt91NzkwOkWavznEEZF8l07c=,iv:s8CWIw0Oz5yoF/SycISaoypeD9j+IWn67KK49unUjSo=,tag:7z/2XEtcoMEU+aBR8c0nDA==,type:str] + secretAccessKey: ENC[AES256_GCM,data:NeruTGq0aF5gsKas2ORCHB9R4ierD+f+8ccfmLzotL01Hpu8vWBtJF3uZoIPshPbbNOxYqGcEvr3EGj3f8+3Pg==,iv:Ml0i1Ocp2QOjhjw5/hfv4NMzulYXBZHv8KDdvEH22X4=,tag:yEdx4u4ErGIafG6JVOAADQ==,type:str] + endpoint: ENC[AES256_GCM,data:H8qcNELbxrl1y7jTDUusGxhHnXbanExwNEwT16XUB/BnCb3upAjzAhXmxcrVKUVk5IfsAlCmX+I/Tg+mOFAgUcg=,iv:AafzfoVDdtuw2iIMl5/obp0QWIoFN6Kmk5D1X/20Sig=,tag:NtX31/hzS/+ACTsNbC8rIg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEK0dvNXlwVElnekNuK2VV + R2U3cDRUQWVudmNQT1BqbGpTNysrR3RtVWg4CnljSldwM1o4OGJGQ2JiVUJEN0Jv + K3NJVHU3c2NCbEordkdVeG13NDQ2MGMKLS0tIEVPQXhOUUttZVZka3FFOUoxM05n + ODdkb2ErNFlsWXliZVZSYlZldmtUTzQKJLVrS1v4EhnoObtEpezdAz7Osm65ej1D + ygohQ1nMl5gQJsHpC7jTQUgAD6VHFter1PDCInL6TBK/ZIu9SQZYWw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMVDFndXN5cnRHZ1NQY09k + UnkyK2hMbjZ5amtMSjVNOTJWYmgvWmJKUGhBCjZhbElNRVFFdWl6SlcyNnk3TDU0 + ZURHZ1hQcGlvZjFCalJaNmRLaWV3RDgKLS0tIGFpUTB6RHdCdnlVOVRPdEh1bzRk + N1BoeU5MY1hFMy9VVkhEeUFrK3JVOUUKunVPI8E7F8BOoaPd4LidbITubBsbPzn5 + L3vShqSiwVJW7Nq8i4k0MA3geCHTk0zEj+Tj8Ncbkj37UjAhdawi4A== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-11-19T13:40:05Z" + mac: ENC[AES256_GCM,data:JZa+bnqgii3JxeiImFyZhojQqpPOb3R6dzcc+XaNMA1tEa5E5Q8apqFpipUbfWYNawKw/iR8a4GvsfriLnIXLcTaKmz8FrdoXeLUZyzWWVjHFApWqKndmB63bp3mNupwsfauhNjvNOMVEAXGMQ8iCMIhdYx43PTnktSRkDPmKd4=,iv:NZxfwRwzy7S9vkc6rfZVTBzy8YAgyCUzMzmRP2B5xSk=,tag:Yg1rteLHY735pnPxPSpe6g==,type:str] + pgp: [] + unencrypted_regex: ^(apiVersion|metadata|kind|type)$ + version: 3.8.1 diff --git a/s3-csi/config/values.csi-s3.yaml b/s3-csi/config/values.csi-s3.yaml new file mode 100644 index 0000000..ec5add5 --- /dev/null +++ b/s3-csi/config/values.csi-s3.yaml @@ -0,0 +1,13 @@ +images: + registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.9.1 + provisioner: registry.k8s.io/sig-storage/csi-provisioner:v3.6.2 + csi: code.icb4dc0.de/infrastructure/csi-s3:0.38.3 + +storageClass: + create: true + name: r2 + singleBucket: csi + mountOptions: "--memory-limit 1000 --dir-mode 0777 --file-mode 0666" +secret: + create: false + name: csi-s3-secret diff --git a/s3-csi/kustomization.yaml b/s3-csi/kustomization.yaml new file mode 100644 index 0000000..6450c4e --- /dev/null +++ b/s3-csi/kustomization.yaml @@ -0,0 +1,15 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: kube-system + +helmCharts: + - name: csi-s3 + repo: https://yandex-cloud.github.io/k8s-csi-s3/charts/ + releaseName: csi-s3 + namespace: kube-system + version: "0.38.3" + valuesFile: config/values.csi-s3.yaml + +generators: + - ./secret-generator.yaml \ No newline at end of file diff --git a/s3-csi/secret-generator.yaml b/s3-csi/secret-generator.yaml new file mode 100644 index 0000000..5bbd3d3 --- /dev/null +++ b/s3-csi/secret-generator.yaml @@ -0,0 +1,10 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: s3-csi-secret-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: + - ./config/s3-csi-config.enc.yaml \ No newline at end of file diff --git a/vaultwarden/config/api-env.enc.yaml b/vaultwarden/config/api-env.enc.yaml new file mode 100644 index 0000000..e2fdcf6 --- /dev/null +++ b/vaultwarden/config/api-env.enc.yaml @@ -0,0 +1,46 @@ +apiVersion: v1 +kind: Secret +metadata: + name: vaultwarden-api-config +type: Opaque +stringData: + DOMAIN: ENC[AES256_GCM,data:FNfA7lakNlpg1URgLofv+k4TItLu,iv:8Ulj/WqUGLrCGE6m553NPtgdFsfaGE37Pla06ziPwns=,tag:6YThAqZ0xb9dvmHmrLKHqg==,type:str] + #ENC[AES256_GCM,data:JOoWSgo0vKQy7Wod6Z+3OrCLfnxtAvJzwrtwZz7rNOqtFopfd2vGvMqDjpz5n4+sinZpoxVq8e4kJz5jgMXSxkrj5FuHWNv4nY1v/eM=,iv:VKp+jCV/CcS+lcRXTGGlhwVgSXiH5316RANZSHbrtJo=,tag:KTJ2CF7j+SVkSVDrg3orKg==,type:comment] + PUSH_ENABLED: ENC[AES256_GCM,data:U6uztw==,iv:BZF8Helqt6jkeoxqNn72DG6BTGDZoN+0yeouHBAOy5k=,tag:V+hWdhf7+0tSu3p3Bk19gg==,type:str] + PUSH_INSTALLATION_ID: ENC[AES256_GCM,data:5EqZWWv6q7Kzeqmm1ujEkOAVEfybl2FkHJ1uyBTIJ/3ONi0s,iv:benEN9qkAhob2Nx58fralAXPt0ZOb7Iir/w44NWDC7E=,tag:CQrihd0cO0fvAZV3yBuBxQ==,type:str] + PUSH_INSTALLATION_KEY: ENC[AES256_GCM,data:8vsxMGX9lenepxu/DgnXJGbEXPQ=,iv:btBOZ9fyKkmEoiD9lFQO6kWgftGvjIqTaVaKC0XeRvU=,tag:wnO37fjx6HHP6S0mtEKDeQ==,type:str] + #ENC[AES256_GCM,data:9AIq3r4rJttpyUlriHXOKEuML2uiE+SwgWsfPnV7DYbiP/l2,iv:ailvo4Lj8MpH6mlNsTdLI3iKqUpiZyBE1YyLO2UkOQk=,tag:9YmUcHqdsMRCl/vzNUILUA==,type:comment] + SIGNUPS_ALLOWED: ENC[AES256_GCM,data:yyzz624=,iv:V4E2bbHA0LnO0gocQnwuOP8QYUBCVpdObxbiI6PA9Bg=,tag:s2Quq64QTPZpUUT6AM/T8A==,type:str] + ADMIN_TOKEN: ENC[AES256_GCM,data:McoZbrCruksHQ5N0ZNXTT8QQNt7lsjMZMTDdSk2Pw1qWmnlxvZWcHwIAMbpr+1/EHyMSf54Q4bSPRaMLtDNPREVqSEgCnI5pF4tg/BQWbtsJvH5rGqvZkpj09K0/LnvZDrvLZpYU9jBUBkKSWizjpWLfg6Xopg==,iv:smhUVbqnODyws8ndci5p05quJ/X6/mZOTQYld+aibOE=,tag:pn7tNT+3pGPmvvPFD/a1RA==,type:str] + #ENC[AES256_GCM,data:QlmRWc2mcIcGDeJE3dw1txwmiI6cFfD06ALgdDD1qcNG+c/JhgPO2lGQjTXoctNsTuv2pwPgtTFUKrY1cxjt4GtwuQ==,iv:MeYwD/IONmuUhvNIoBWPyuWUhGCBascIITC4nVbpkyY=,tag:DLL5SgPOyrYeHUnqz9SvEw==,type:comment] + ROCKET_ADDRESS: ENC[AES256_GCM,data:47ty+hqPew==,iv:13zgUCu73oNu3Vv2MGPVfT0szJkJ/8jQdU0lwqOnGEE=,tag:cZO7grm7BVm35PVTpR3yzA==,type:str] + ROCKET_PORT: ENC[AES256_GCM,data:ZrfepA==,iv:fMwLrMvwp61ujQsg4owMCKaH8sxJEod85+RJchh6vLc=,tag:DbmR5uueyzGP4UVeEhWFVg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age18e0w4jn03n66qwg8h3rjstz7g5zx2vhvz28aterkfkfetrxtpuysftp6we + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwd1AyWHA1SEpRbGhmaFY3 + QlJCYzNUVEVaR3BudDNMT3YxZTRjUXdWelZRCmY0UWFpMEhRcFgwSVM1UmlHN1k1 + cEkzaTBvMzR4V0pZQmVQU1RpTG9vUFEKLS0tIDlLcFN1VytENHZ4ako3cXd6M2R3 + UHNDRDBiYUpiR0dHbmdHdmRhcTZPd0UKJgrAhYaH/rcAIhgjVivrcf0HjPtEIS97 + z5HpimsDOZ4gntVEAdRShPtH5PrO7NFiPa3IUdex/ivYTIr4zAQSiw== + -----END AGE ENCRYPTED FILE----- + - recipient: age1yssdnqk90tn6zzggmwt70krndw04yfk9hwzdac3wsgfxmttngd7q89qzjr + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVN3M5R2JwenRxR2xEWWNJ + WUZiTlRwaWpUaEJ0TndET0lDamJENmE2elFVCnlMWlFSZXBDOGpJSURLYlJqNzJv + RXljK3dSUzdEaDBUSVUyTzFpeHVvL0kKLS0tIFRHT2lJWWZ3d0RyOE1ONFNha3Bm + U3U0YTU2QldWbzByVmY5WlZmRW04WUUK133O8rZOp3NT5feI8HEhYR5MYMRR/Mda + OIEPr8qHL/DKcuVY1RNfMieGZM1Vlk+KzKSVJFq9s5DprDn3gbdE1w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-11-21T21:13:40Z" + mac: ENC[AES256_GCM,data:MkefajFpbFq1FWYScRrabX3eBq10qdcFEWw07cGbPUC8ztOaEYYAfTllHz3Olfl1tFsLJ8sOqSbPgUHWdvEjhuJQcK3zHrjTC2n3JSaXNLaIVaSa4V4qcYInsaDZ7c6P7vFCEZUtcdDJHIyjQH4RVIewm0XXQDkcaHIzczLqle0=,iv:9f7g/PwP1tpo1Z/kmgEowfzxHdHbNagVL3ESYXkcbgc=,tag:M5SswGg0h5qBPvuVaDXz2w==,type:str] + pgp: [] + unencrypted_regex: ^(apiVersion|metadata|kind|type)$ + version: 3.8.1 diff --git a/vaultwarden/kustomization.yaml b/vaultwarden/kustomization.yaml new file mode 100644 index 0000000..e7a641a --- /dev/null +++ b/vaultwarden/kustomization.yaml @@ -0,0 +1,24 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: vaultwarden + +commonLabels: + app.kubernetes.io/instance: icb4dc0de + app.kubernetes.io/managed-by: kustomize + +images: + - name: vaultwarden + newName: ghcr.io/dani-garcia/vaultwarden + newTag: "1.30.0" + +resources: + - "resources/namespace.yaml" + - "resources/pvc.yaml" + - "resources/deployment.yaml" + - "resources/service.yaml" + - "resources/ingress.yaml" + + +generators: + - ./secret-generator.yaml \ No newline at end of file diff --git a/vaultwarden/resources/deployment.yaml b/vaultwarden/resources/deployment.yaml new file mode 100644 index 0000000..1e5687c --- /dev/null +++ b/vaultwarden/resources/deployment.yaml @@ -0,0 +1,41 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: vaultwarden +spec: + selector: + matchLabels: + app.kubernetes.io/name: vaultwarden + app.kubernetes.io/part-of: vaultwarden + template: + metadata: + labels: + app.kubernetes.io/name: vaultwarden + app.kubernetes.io/part-of: vaultwarden + spec: + containers: + - name: vaultwarden + image: vaultwarden + envFrom: + - secretRef: + name: vaultwarden-api-config + env: + - name: DATABASE_URL + valueFrom: + secretKeyRef: + name: default-cluster-pguser-vaultwarden + key: uri + resources: + limits: + memory: "128Mi" + cpu: "500m" + ports: + - containerPort: 8080 + volumeMounts: + - name: data + mountPath: /data + volumes: + - name: data + persistentVolumeClaim: + claimName: vaultwarden-data diff --git a/vaultwarden/resources/ingress.yaml b/vaultwarden/resources/ingress.yaml new file mode 100644 index 0000000..38c49ea --- /dev/null +++ b/vaultwarden/resources/ingress.yaml @@ -0,0 +1,17 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: vaultwarden +spec: + rules: + - host: pw.icb4dc0.de + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: vaultwarden + port: + number: 8080 diff --git a/vaultwarden/resources/namespace.yaml b/vaultwarden/resources/namespace.yaml new file mode 100644 index 0000000..cec5fba --- /dev/null +++ b/vaultwarden/resources/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: vaultwarden + labels: + prometheus: default \ No newline at end of file diff --git a/vaultwarden/resources/pvc.yaml b/vaultwarden/resources/pvc.yaml new file mode 100644 index 0000000..a44493d --- /dev/null +++ b/vaultwarden/resources/pvc.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: vaultwarden-data +spec: + storageClassName: r2 + resources: + requests: + storage: 5Gi + volumeMode: Filesystem + accessModes: + - ReadWriteMany diff --git a/vaultwarden/resources/service.yaml b/vaultwarden/resources/service.yaml new file mode 100644 index 0000000..180af89 --- /dev/null +++ b/vaultwarden/resources/service.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: vaultwarden +spec: + selector: + app.kubernetes.io/name: vaultwarden + app.kubernetes.io/part-of: vaultwarden + ports: + - port: 8080 + targetPort: 8080 diff --git a/vaultwarden/secret-generator.yaml b/vaultwarden/secret-generator.yaml new file mode 100644 index 0000000..e4d3b27 --- /dev/null +++ b/vaultwarden/secret-generator.yaml @@ -0,0 +1,10 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: vaultwarden-secret-generator + annotations: + config.kubernetes.io/function: | + exec: + path: ksops +files: + - ./config/api-env.enc.yaml \ No newline at end of file diff --git a/vikunja/resources/api/config.enc.yaml b/vikunja/resources/api/config.enc.yaml index 9c20734..15ae9d2 100644 --- a/vikunja/resources/api/config.enc.yaml +++ b/vikunja/resources/api/config.enc.yaml @@ -4,7 +4,7 @@ metadata: name: vikunja-config type: Opaque stringData: - config.yml: ENC[AES256_GCM,data:tmSeQoniqMDqsVqhpBvEZaSgQtXXwJFShVtwaUW/z43tsOybO38w1NkkyjPnOxVLb0SWkznSG5bDdvDPEXgk7EXBA2N29+hnDpp6kxE2MPQbIzLlNgZrfLC6tjEZtezOmXrZE6Xb5kleljuHFN+ph9WGes2m/ha7++fVKf/GD48MytqmC7SPBAJpitROXfx8NkqI2fhJIHkBhRsfTVy4Ur69dTryFt7xGLsC1ckxOWZebf7TYj10bpVPLAtxyLN7Os+l4Hl9GGbfjWMQ9lkSzIat3l4BNnkIWoZ2CoRqla2z/POn1crMJm7xeMkx1f6yB45NQM9r+/9HSbk3LDNGw5rgqrwkShj+/aXk2ePzGJK5O6zUSUidZpPpTLmxPNSaCu7QVmz6XR9zfzoXa4Ppdee4vbnqTa6FxUeM/oGcFI68X8kqRR+UImbjTrFKzFOPRw3hU7zHVwg2Wzh/k/4R+GNpLTLU+RlrT3dw9IvRFIERb15XTJzfId5+nWIxoMaH6tjaib84HVe1wtaRahYZNoYi7WZ748fiSx1b+AWRnxhCfK2EsQjul5Zdh2SSkYZysHi9Bmog,iv:K41jhC1s98trTYvcceAQOxx+ckAHrx22HLa5U6CYxWk=,tag:r7m/tjgYfaW3Wpfl8cJKTA==,type:str] + config.yml: ENC[AES256_GCM,data:P7sj7n7HRrPbEPkiGdxU4AJa8eR65AJYgEuJCeEsbsVwFtJ6epf4vm1bbpJ625P9ZzgllqunJvaiGGYCcmkHfUro77eIHdUOc5uvgaIp+Cb+Cv9+RuWm76lJeh1JpteeQ6zXX/OjeuL9TOEY89fynsuV7OQv/LxzPayPJedcAMiNsUtCzfB+qV84AlcRzNlx6HtsG0q2Aj75lBn0SvAZF0YRXX+vnJW/85y6tHu1x3kbxW0GtFHo0XMETKugbV7dEM6UUCUhRab7Za4JwjNJMvgMb2u2MU3BvQHG/3maKtqKnOQfAS1Cnbaq1W4b0FDUBRbMPKyOXHrMMXfLXPKVC7ozYqYh65eQIylBHCPP2wm9zZZeSG7QJoAN3GIj0fJIKM7tnGuppJEM3ZNwx80DWjgnVBa+AuaZ07xShMdcFsZuGbqjYKp+4OHCp2OhbgpfiM8D2Kr/6efdkC8pWu3/3e2SskX4KC6aIoWnndmW4QUY6buewjYgGvqa7HQ9vOgG/z1dOKT1/Lxh/kAje8A2E6UbA1m92LgUjowcZae6cBRWaczMdrY2LOQ7DOV+WAPyBfhQzIE=,iv:4AU8HUgOW+KBNYZEPr6LnTbIF2J2CEei3hlfa8JRQv8=,tag:9uDCrBLp4Tv770VTjlZw2g==,type:str] sops: kms: [] gcp_kms: [] @@ -29,8 +29,8 @@ sops: UnE2NTVSSUp1OEVFVDd5bHJYOEZpaVkKqmw9GLZavqaPQOJjGhLqXo4ggfmFDgXz C9HNxeDVr2kY452gleVS/YFTPWo0QPevl0SjpZg2gvnz28qLDSNXYQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-11-03T13:04:43Z" - mac: ENC[AES256_GCM,data:V29XEZk91KgM0cgTFO6qtwWcY73o+mSFTEVw5MN/NJoEPEHtzcnGXVcHePSvtVEWdWajOX8mz51WM/5sV/B3+Iah3tHNXXzlyCte/kBBa+8NTWvWXSrVUAY0b+W7kRAaAHtXIwYrHwMGkyN+lvNRTAXEcs21OSmM7n375nDsmlY=,iv:wTEKdY34e6B1lxM9qiOGcm5MWIa7RP5wYewwafz+X7A=,tag:XoGiBJwplBWyhVcqaJhkng==,type:str] + lastmodified: "2023-11-21T19:37:33Z" + mac: ENC[AES256_GCM,data:2ObbulomnNRBy2/OjuYJhXge1SQJt7abb7PG1On8y5Tdgu+UR6oHK5Sdthr338+ZEkta2qjH58CCOh/wGFrHiihJNIbpFUMY9+yKWZ/1GJpt3MZ5U1PU1PYZjy+6RDTo4NYKqbhZvdGVh/KNGSGuCvALff/ZHXy3GhuZC6pFeF4=,iv:Pz9lTnU9zoocTFU2GVrMaJF+ANTUcJ5IYGt8ACUHLBw=,tag:KgB4fEzxrB3g62N4fAwCXA==,type:str] pgp: [] unencrypted_regex: ^(apiVersion|metadata|kind|type)$ version: 3.8.1