diff --git a/.envrc.sample b/.envrc.sample new file mode 100644 index 0000000..ce79c5b --- /dev/null +++ b/.envrc.sample @@ -0,0 +1,3 @@ +set -a + +KUBECONFIG=konfig diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..69da04d --- /dev/null +++ b/.gitignore @@ -0,0 +1,11 @@ +image.tar +ca.crt +ca.key +ca.srl +server.crt +server.csr +server.key +konfig + +# Secret files +.envrc diff --git a/.mise.toml b/.mise.toml new file mode 100644 index 0000000..84f2c0c --- /dev/null +++ b/.mise.toml @@ -0,0 +1,4 @@ +[tools] +go = "latest" +kind = "latest" +kubectl = "latest" diff --git a/Dockerfile b/Dockerfile index c151eaf..8a80067 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,4 @@ -# syntax=docker/dockerfile:experimental -# --- -FROM golang:1.16 AS build +FROM docker.io/golang:1.16 AS build ENV GOOS=linux ENV GOARCH=amd64 @@ -9,11 +7,8 @@ ENV CGO_ENABLED=0 WORKDIR /work COPY . /work -# Build admission-webhook -RUN --mount=type=cache,target=/root/.cache/go-build,sharing=private \ - go build -o bin/admission-webhook . +RUN go build -o bin/admission-webhook . -# --- FROM scratch AS run COPY --from=build /work/bin/admission-webhook /usr/local/bin/ diff --git a/Makefile b/Makefile index aecc64a..f8e293f 100644 --- a/Makefile +++ b/Makefile @@ -1,83 +1,83 @@ .PHONY: test test: - @echo "\nšŸ› ļø Running unit tests..." + @echo "šŸ› ļø Running unit tests..." go test ./... .PHONY: build build: - @echo "\nšŸ”§ Building Go binaries..." - GOOS=darwin GOARCH=amd64 go build -o bin/admission-webhook-darwin-amd64 . - GOOS=linux GOARCH=amd64 go build -o bin/admission-webhook-linux-amd64 . + @echo "šŸ”§ Building Go binaries..." + go build -o bin/admission-webhook-linux-amd64 . -.PHONY: docker-build -docker-build: - @echo "\nšŸ“¦ Building simple-kubernetes-webhook Docker image..." - docker build -t simple-kubernetes-webhook:latest . +.PHONY: podman-build +podman-build: + @echo "šŸ“¦ Building simple-kubernetes-webhook podman image..." + podman build -t simple-kubernetes-webhook:1.0 . -# From this point `kind` is required .PHONY: cluster cluster: - @echo "\nšŸ”§ Creating Kubernetes cluster..." + @echo "šŸ”§ Creating Kubernetes cluster..." kind create cluster --config dev/manifests/kind/kind.cluster.yaml .PHONY: delete-cluster delete-cluster: - @echo "\nā™»ļø Deleting Kubernetes cluster..." + @echo "ā™»ļø Deleting Kubernetes cluster..." kind delete cluster .PHONY: push -push: docker-build - @echo "\nšŸ“¦ Pushing admission-webhook image into Kind's Docker daemon..." - kind load docker-image simple-kubernetes-webhook:latest +push: podman-build + @echo "šŸ“¦ Pushing admission-webhook image into Kind's podman daemon..." + rm -f image.tar + podman save simple-kubernetes-webhook:1.0 -o image.tar + kind load image-archive image.tar .PHONY: deploy-config deploy-config: - @echo "\nāš™ļø Applying cluster config..." + @echo "āš™ļø Applying cluster config..." kubectl apply -f dev/manifests/cluster-config/ .PHONY: delete-config delete-config: - @echo "\nā™»ļø Deleting Kubernetes cluster config..." + @echo "ā™»ļø Deleting Kubernetes cluster config..." kubectl delete -f dev/manifests/cluster-config/ .PHONY: deploy deploy: push delete deploy-config - @echo "\nšŸš€ Deploying simple-kubernetes-webhook..." + @echo "šŸš€ Deploying simple-kubernetes-webhook..." kubectl apply -f dev/manifests/webhook/ .PHONY: delete delete: - @echo "\nā™»ļø Deleting simple-kubernetes-webhook deployment if existing..." + @echo "ā™»ļø Deleting simple-kubernetes-webhook deployment if existing..." kubectl delete -f dev/manifests/webhook/ || true .PHONY: pod pod: - @echo "\nšŸš€ Deploying test pod..." + @echo "šŸš€ Deploying test pod..." kubectl apply -f dev/manifests/pods/lifespan-seven.pod.yaml .PHONY: delete-pod delete-pod: - @echo "\nā™»ļø Deleting test pod..." + @echo "ā™»ļø Deleting test pod..." kubectl delete -f dev/manifests/pods/lifespan-seven.pod.yaml .PHONY: bad-pod bad-pod: - @echo "\nšŸš€ Deploying \"bad\" pod..." + @echo "šŸš€ Deploying \"bad\" pod..." kubectl apply -f dev/manifests/pods/bad-name.pod.yaml .PHONY: delete-bad-pod delete-bad-pod: - @echo "\nšŸš€ Deleting \"bad\" pod..." + @echo "šŸš€ Deleting \"bad\" pod..." kubectl delete -f dev/manifests/pods/bad-name.pod.yaml .PHONY: taint taint: - @echo "\nšŸŽØ Taining Kubernetes node.." + @echo "šŸŽØ Taining Kubernetes node.." kubectl taint nodes kind-control-plane "acme.com/lifespan-remaining"=4:NoSchedule .PHONY: logs logs: - @echo "\nšŸ” Streaming simple-kubernetes-webhook logs..." + @echo "šŸ” Streaming simple-kubernetes-webhook logs..." kubectl logs -l app=simple-kubernetes-webhook -f .PHONY: delete-all diff --git a/dev/gen-certs.sh b/dev/gen-certs.sh index e5268d8..93253e0 100755 --- a/dev/gen-certs.sh +++ b/dev/gen-certs.sh @@ -2,7 +2,7 @@ openssl genrsa -out ca.key 2048 -openssl req -new -x509 -days 365 -key ca.key \ +openssl req -new -x509 -sha256 -days 365 -key ca.key \ -subj "/C=AU/CN=simple-kubernetes-webhook"\ -out ca.crt @@ -10,7 +10,7 @@ openssl req -newkey rsa:2048 -nodes -keyout server.key \ -subj "/C=AU/CN=simple-kubernetes-webhook" \ -out server.csr -openssl x509 -req \ +openssl x509 -req -sha256 \ -extfile <(printf "subjectAltName=DNS:simple-kubernetes-webhook.default.svc") \ -days 365 \ -in server.csr \ diff --git a/dev/manifests/cluster-config/mutating.config.yaml b/dev/manifests/cluster-config/mutating.config.yaml index 3e324ac..8ea45fb 100644 --- a/dev/manifests/cluster-config/mutating.config.yaml +++ b/dev/manifests/cluster-config/mutating.config.yaml @@ -20,24 +20,27 @@ webhooks: path: /mutate-pods port: 443 caBundle: | - LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNZQ0NRRFlHcU05a0ZZUjJqQU5CZ2tx - aGtpRzl3MEJBUXNGQURBeE1Rc3dDUVlEVlFRR0V3SkIKVlRFaU1DQUdBMVVFQXd3WmMybHRjR3hsTFd0 - MVltVnlibVYwWlhNdGQyVmlhRzl2YXpBZUZ3MHlNVEV3TVRRdwpPREEyTkRCYUZ3MHlNakV3TVRRd09E - QTJOREJhTURFeEN6QUpCZ05WQkFZVEFrRlZNU0l3SUFZRFZRUUREQmx6CmFXMXdiR1V0YTNWaVpYSnVa - WFJsY3kxM1pXSm9iMjlyTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEEKTUlJQkNnS0NBUUVB - M1piR3NzSk9GZ2JkTlBDMUJjZVdaeGN4RDVoRkc0M0YxTXRwTXdzeDUrTFlJejQ3M0pPTgo0RGh6Snlr - V3huTVZEOEd4UElYYzNWUGNsVHp0V3dvdjdyOVo4dUxDRWdFakwyRWJFbjBKVzVTK2s2NkYwK0ZaCjI1 - Y1lQNWVqMjVOd1Iwb3ZpbU9VZUpFelcyQktCT3ZGTTlPcmlhN0tkYkdRTWxRSkVFK3JMNXQxYWZmamhu - SVEKdk80MFZwblBFMkQvdmZzaTlEdmVyaTZFOFc2OWJxMEJ4NXRkZUZBalN1Q0FOWldLNjhjOEhIQ3Er - U3FjQ2ZaeAp5YVRmd09xQmsvYWkrMGE3a0RpUXRELzBiY0xyNkRnS3ZkckxRSmZveUlidHE1SklMamtu - U2VhNFJPazRMYS9xCmN3KytpNFZpVWtOS3pUSTVUWWV0c0NKWDFhZFdBMXYvQ3dJREFRQUJNQTBHQ1Nx - R1NJYjNEUUVCQ3dVQUE0SUIKQVFEWXMrNDRuWFc0STZLeSs2VGlGVjZveTErc3lMN2pFNlVONE1oM1JD - eWY4Y1Q0MEVBM3VEcTlZYjVmK3BySQpMbXZpd2RLbm1CbzhHR24zN1N1YWNtYmdMOUlxVlJUZ0hlSGZw - dElsblMwRklDNFVlM1hKOVRxSkNqbDBGbjgyCm9jK05FSytITjNkcldyMjMrdnZObnVlRzI4djhNenpD - V2JjZk9pd0I1TGQxZ0RDbEhIc2RhSHpJZFVjdkk1dGUKbFdzM3U0aXFyYkJDdWFUOWV6OUk5RTdqdHdr - R0hwVVpFV2tiNVhLcEt4SlNXQVRyWm5sTGRtTWxDb2FqM2grawpvbkNSd3R6L2d1aFc3dVJaWlQ4NGtE - MS9SWGo5d3VySE4zZ1NsVDAyVkhFeHpFUUoxM21aVS82V2p3dE05NWVmCmt6NzZiY2VoR05MU0hPU2lE - U1V5b0tBUQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURRekNDQWl1Z0F3SUJBZ0lVZnFPVnFlL2M2 + QkNtTlh4UGlzUEVIclBnRGl3d0RRWUpLb1pJaHZjTkFRRUwKQlFBd01URUxNQWtHQTFVRUJoTUNR + VlV4SWpBZ0JnTlZCQU1NR1hOcGJYQnNaUzFyZFdKbGNtNWxkR1Z6TFhkbApZbWh2YjJzd0hoY05N + alF4TURJME1qQTFNalF3V2hjTk1qVXhNREkwTWpBMU1qUXdXakF4TVFzd0NRWURWUVFHCkV3SkJW + VEVpTUNBR0ExVUVBd3daYzJsdGNHeGxMV3QxWW1WeWJtVjBaWE10ZDJWaWFHOXZhekNDQVNJd0RR + WUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTDNiVUtmVFZxTkFLanQ0U0JkbGl4 + QllqQnh5QjNGbgo0R3NTYjB6WmxlVjhMaG0xanJFMWgzZEdWeTBhaFJBNUVEWXJOc0FSejZoY3hR + QnZiSFdVdHBraTRuSk5mMlY4ClVXWEJuSTlWZm9QNDlJMTFBWTBaU3ZjRHlEbThBV0VwMStQbU9n + bVV1bXNhOENUU0h0UTVTWWlwNWJRajJRYVMKQlZJRFk4dXRIWDNzRGZRdHJ3RUhadzNsZkVjM3Zz + cjNDRjd1ZlA2V2NFT1d1NC95bUJjbWdUMFQySUFtTVMxQQpJVnZVT1hPNitTNzBOajBQZEkyZTRQ + cVlUcFI2cWk2MkR4bEdWbDdMcTh3ZklvMjNHRllIODVrallqQkRaK3FVCmh2NXpvaHJFbzlxSlJV + OU82VmVxdEZTMU96Zm5Yd0xiZjBnYjVMWi9DaDRXYmRXU2hEejJZa2tDQXdFQUFhTlQKTUZFd0hR + WURWUjBPQkJZRUZNenhleHJzRUZGVGtEZnlUWSszQUNBRVZPMDRNQjhHQTFVZEl3UVlNQmFBRk16 + eApleHJzRUZGVGtEZnlUWSszQUNBRVZPMDRNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29a + SWh2Y05BUUVMCkJRQURnZ0VCQUFMcGJQRFdyRXdkK0VmKzlKek55MWdYSU9mNVF4b0xVYXJEZUlO + VkdZWU9NL1ZOTlEzVWZpZE0KLzlIQWFTdUk3NkdyN210RWpsRzJBTHY2UGtER1Via296VFQ5ZHFx + MllzR05TVlAvZDdXY2FUMDRMWU4rd2VMaApGVU4yQURqZU90VHhNSVBZREI2cnJTR2oxMmtHa2Ez + YmtnSUlHQ0xvTU0wRC83V2hlUXlVMSs4UWZmMy9qRVZNCjgzcDlOZEd0RFduRWVQYzZqM3hFeVN0 + bWd1Uzg1a0NGRy91L1FMNmllNlRYUmh4WTcyNUFvWDgrdzg2NW1POC8KUkc3T2tuVWNaRmpQWWFE + a1JyWmlqa1hkcHRNcERwRS9RLzBCaU9YVS9JdktBeDdtRFQyN3B4Q2VpTG8xL3JkMgp0bUVidm5O + akdmQmNmaXZCT0tOSEdVTDhMeXNJS01VPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== admissionReviewVersions: ["v1"] sideEffects: None timeoutSeconds: 2 diff --git a/dev/manifests/cluster-config/validating.config.yaml b/dev/manifests/cluster-config/validating.config.yaml index 62e0292..2c4f5a9 100644 --- a/dev/manifests/cluster-config/validating.config.yaml +++ b/dev/manifests/cluster-config/validating.config.yaml @@ -20,24 +20,27 @@ webhooks: path: /validate-pods port: 443 caBundle: | - LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUMzakNDQWNZQ0NRRFlHcU05a0ZZUjJqQU5CZ2tx - aGtpRzl3MEJBUXNGQURBeE1Rc3dDUVlEVlFRR0V3SkIKVlRFaU1DQUdBMVVFQXd3WmMybHRjR3hsTFd0 - MVltVnlibVYwWlhNdGQyVmlhRzl2YXpBZUZ3MHlNVEV3TVRRdwpPREEyTkRCYUZ3MHlNakV3TVRRd09E - QTJOREJhTURFeEN6QUpCZ05WQkFZVEFrRlZNU0l3SUFZRFZRUUREQmx6CmFXMXdiR1V0YTNWaVpYSnVa - WFJsY3kxM1pXSm9iMjlyTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEEKTUlJQkNnS0NBUUVB - M1piR3NzSk9GZ2JkTlBDMUJjZVdaeGN4RDVoRkc0M0YxTXRwTXdzeDUrTFlJejQ3M0pPTgo0RGh6Snlr - V3huTVZEOEd4UElYYzNWUGNsVHp0V3dvdjdyOVo4dUxDRWdFakwyRWJFbjBKVzVTK2s2NkYwK0ZaCjI1 - Y1lQNWVqMjVOd1Iwb3ZpbU9VZUpFelcyQktCT3ZGTTlPcmlhN0tkYkdRTWxRSkVFK3JMNXQxYWZmamhu - SVEKdk80MFZwblBFMkQvdmZzaTlEdmVyaTZFOFc2OWJxMEJ4NXRkZUZBalN1Q0FOWldLNjhjOEhIQ3Er - U3FjQ2ZaeAp5YVRmd09xQmsvYWkrMGE3a0RpUXRELzBiY0xyNkRnS3ZkckxRSmZveUlidHE1SklMamtu - U2VhNFJPazRMYS9xCmN3KytpNFZpVWtOS3pUSTVUWWV0c0NKWDFhZFdBMXYvQ3dJREFRQUJNQTBHQ1Nx - R1NJYjNEUUVCQ3dVQUE0SUIKQVFEWXMrNDRuWFc0STZLeSs2VGlGVjZveTErc3lMN2pFNlVONE1oM1JD - eWY4Y1Q0MEVBM3VEcTlZYjVmK3BySQpMbXZpd2RLbm1CbzhHR24zN1N1YWNtYmdMOUlxVlJUZ0hlSGZw - dElsblMwRklDNFVlM1hKOVRxSkNqbDBGbjgyCm9jK05FSytITjNkcldyMjMrdnZObnVlRzI4djhNenpD - V2JjZk9pd0I1TGQxZ0RDbEhIc2RhSHpJZFVjdkk1dGUKbFdzM3U0aXFyYkJDdWFUOWV6OUk5RTdqdHdr - R0hwVVpFV2tiNVhLcEt4SlNXQVRyWm5sTGRtTWxDb2FqM2grawpvbkNSd3R6L2d1aFc3dVJaWlQ4NGtE - MS9SWGo5d3VySE4zZ1NsVDAyVkhFeHpFUUoxM21aVS82V2p3dE05NWVmCmt6NzZiY2VoR05MU0hPU2lE - U1V5b0tBUQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURRekNDQWl1Z0F3SUJBZ0lVZnFPVnFlL2M2 + QkNtTlh4UGlzUEVIclBnRGl3d0RRWUpLb1pJaHZjTkFRRUwKQlFBd01URUxNQWtHQTFVRUJoTUNR + VlV4SWpBZ0JnTlZCQU1NR1hOcGJYQnNaUzFyZFdKbGNtNWxkR1Z6TFhkbApZbWh2YjJzd0hoY05N + alF4TURJME1qQTFNalF3V2hjTk1qVXhNREkwTWpBMU1qUXdXakF4TVFzd0NRWURWUVFHCkV3SkJW + VEVpTUNBR0ExVUVBd3daYzJsdGNHeGxMV3QxWW1WeWJtVjBaWE10ZDJWaWFHOXZhekNDQVNJd0RR + WUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTDNiVUtmVFZxTkFLanQ0U0JkbGl4 + QllqQnh5QjNGbgo0R3NTYjB6WmxlVjhMaG0xanJFMWgzZEdWeTBhaFJBNUVEWXJOc0FSejZoY3hR + QnZiSFdVdHBraTRuSk5mMlY4ClVXWEJuSTlWZm9QNDlJMTFBWTBaU3ZjRHlEbThBV0VwMStQbU9n + bVV1bXNhOENUU0h0UTVTWWlwNWJRajJRYVMKQlZJRFk4dXRIWDNzRGZRdHJ3RUhadzNsZkVjM3Zz + cjNDRjd1ZlA2V2NFT1d1NC95bUJjbWdUMFQySUFtTVMxQQpJVnZVT1hPNitTNzBOajBQZEkyZTRQ + cVlUcFI2cWk2MkR4bEdWbDdMcTh3ZklvMjNHRllIODVrallqQkRaK3FVCmh2NXpvaHJFbzlxSlJV + OU82VmVxdEZTMU96Zm5Yd0xiZjBnYjVMWi9DaDRXYmRXU2hEejJZa2tDQXdFQUFhTlQKTUZFd0hR + WURWUjBPQkJZRUZNenhleHJzRUZGVGtEZnlUWSszQUNBRVZPMDRNQjhHQTFVZEl3UVlNQmFBRk16 + eApleHJzRUZGVGtEZnlUWSszQUNBRVZPMDRNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29a + SWh2Y05BUUVMCkJRQURnZ0VCQUFMcGJQRFdyRXdkK0VmKzlKek55MWdYSU9mNVF4b0xVYXJEZUlO + VkdZWU9NL1ZOTlEzVWZpZE0KLzlIQWFTdUk3NkdyN210RWpsRzJBTHY2UGtER1Via296VFQ5ZHFx + MllzR05TVlAvZDdXY2FUMDRMWU4rd2VMaApGVU4yQURqZU90VHhNSVBZREI2cnJTR2oxMmtHa2Ez + YmtnSUlHQ0xvTU0wRC83V2hlUXlVMSs4UWZmMy9qRVZNCjgzcDlOZEd0RFduRWVQYzZqM3hFeVN0 + bWd1Uzg1a0NGRy91L1FMNmllNlRYUmh4WTcyNUFvWDgrdzg2NW1POC8KUkc3T2tuVWNaRmpQWWFE + a1JyWmlqa1hkcHRNcERwRS9RLzBCaU9YVS9JdktBeDdtRFQyN3B4Q2VpTG8xL3JkMgp0bUVidm5O + akdmQmNmaXZCT0tOSEdVTDhMeXNJS01VPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== admissionReviewVersions: ["v1"] sideEffects: None timeoutSeconds: 2 diff --git a/dev/manifests/kind/kind.cluster.yaml b/dev/manifests/kind/kind.cluster.yaml index 90bb324..43667e4 100644 --- a/dev/manifests/kind/kind.cluster.yaml +++ b/dev/manifests/kind/kind.cluster.yaml @@ -2,7 +2,7 @@ kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 nodes: - role: control-plane - image: kindest/node:v1.21.1 + image: kindest/node:v1.31.1 extraPortMappings: - containerPort: 30100 hostPort: 8443 diff --git a/dev/manifests/webhook/webhook.deploy.yaml b/dev/manifests/webhook/webhook.deploy.yaml index 5f8d330..8ad1768 100644 --- a/dev/manifests/webhook/webhook.deploy.yaml +++ b/dev/manifests/webhook/webhook.deploy.yaml @@ -20,8 +20,8 @@ spec: operator: Exists effect: NoSchedule containers: - - image: simple-kubernetes-webhook:latest - imagePullPolicy: Never + - image: localhost/simple-kubernetes-webhook:1.0 + imagePullPolicy: IfNotPresent name: simple-kubernetes-webhook env: - name: TLS diff --git a/dev/manifests/webhook/webhook.tls.secret.yaml b/dev/manifests/webhook/webhook.tls.secret.yaml index b0caced..050857d 100644 --- a/dev/manifests/webhook/webhook.tls.secret.yaml +++ b/dev/manifests/webhook/webhook.tls.secret.yaml @@ -1,7 +1,7 @@ apiVersion: v1 data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURHVENDQWdHZ0F3SUJBZ0lKQUxLcHI1S3RFeG5sTUEwR0NTcUdTSWIzRFFFQkJRVUFNREV4Q3pBSkJnTlYKQkFZVEFrRlZNU0l3SUFZRFZRUUREQmx6YVcxd2JHVXRhM1ZpWlhKdVpYUmxjeTEzWldKb2IyOXJNQjRYRFRJeApNVEF4TkRBNE1EWTBNRm9YRFRJeU1UQXhOREE0TURZME1Gb3dNVEVMTUFrR0ExVUVCaE1DUVZVeElqQWdCZ05WCkJBTU1HWE5wYlhCc1pTMXJkV0psY201bGRHVnpMWGRsWW1odmIyc3dnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUEKQTRJQkR3QXdnZ0VLQW9JQkFRREhvb0pCVGxuZTRYcE1sQWJWODBDeVJPMVJ3blM1ekFKY3BZdHMxNkc2NkpSSgpTTmJQQWt3YzY0dUNhYlJHNkVhM3Bva3dZVURETUxzQng0QVFUMHFrdUlJdFJYMFBCTjAzSmMxeFo0ZmtmekhICkMycG1tUFpnd3JGWGhOYUlNWlBBbTBqMnc0dmFPcFZObldKR3NRMkNiUUd2NGpWZS9DZHBkaXQxY3BRVWRTamsKZlFwMUJ1Mm95bFR3V1g1NXRjNXhRK0J2NDZVME5pK2c2elZHUUpmQm9JVGVTa3FqU1Q3SEtpM1F6NDBQUjJHRQpXZzZCaS9UWU5GclpxUFR4QmZkMnRMOWY2b1daQ1Q4MVFiS3FDeXB6RExJWkVoQktRSGNRTFpvMlJGNmlSWE9YCmZBY2tDOWNqcldsZ2Z3WHNyQVBHVkxTcVlyaGptK050b0svNFRTYUJBZ01CQUFHak5EQXlNREFHQTFVZEVRUXAKTUNlQ0pYTnBiWEJzWlMxcmRXSmxjbTVsZEdWekxYZGxZbWh2YjJzdVpHVm1ZWFZzZEM1emRtTXdEUVlKS29aSQpodmNOQVFFRkJRQURnZ0VCQURvSExWcGttR2d4NEZUekt1WXI4MGxjbUV2bVFBaG5GcWpWVjBEcmFoMGxId2NqClk1WVZPaWFYOGNBQ2lTYjFabFh4dVR2QzdQaE96SFg4MlphdjhES3Y5SzhkNjVuK3NZb1B4aFNpREdCOTZ3TUgKalB1OTcvck5VSWpjdGduZDlBZk8rZm8rQTJKRmltSWV6WFl2cGhuc2R0cXpxMzRwTkhLYnB6ZXJDZ3FmRkZpdwpaRngwd2svNkdVMlNkT2xxbXJxOEN0VkcwRVVDZG9Pd2xSL1RDUjgyUnQxbUUvSklhcWJ6eDc3dkg3bnk2L05ZCnNNVWgwbER0TVBTQVo2MkNLRnFTZnB4UTZlMXNlNmdVcFZZU2xMWDRZY3pxUy91YWR2VEQvR1lzQWhQbGd2YTYKRUxYaWwwck4wRDc3eTJ3bVMzb3JRK2hxUG9BM0Vja0N5Tm1ySFo0PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRREhvb0pCVGxuZTRYcE0KbEFiVjgwQ3lSTzFSd25TNXpBSmNwWXRzMTZHNjZKUkpTTmJQQWt3YzY0dUNhYlJHNkVhM3Bva3dZVURETUxzQgp4NEFRVDBxa3VJSXRSWDBQQk4wM0pjMXhaNGZrZnpISEMycG1tUFpnd3JGWGhOYUlNWlBBbTBqMnc0dmFPcFZOCm5XSkdzUTJDYlFHdjRqVmUvQ2RwZGl0MWNwUVVkU2prZlFwMUJ1Mm95bFR3V1g1NXRjNXhRK0J2NDZVME5pK2cKNnpWR1FKZkJvSVRlU2txalNUN0hLaTNRejQwUFIyR0VXZzZCaS9UWU5GclpxUFR4QmZkMnRMOWY2b1daQ1Q4MQpRYktxQ3lwekRMSVpFaEJLUUhjUUxabzJSRjZpUlhPWGZBY2tDOWNqcldsZ2Z3WHNyQVBHVkxTcVlyaGptK050Cm9LLzRUU2FCQWdNQkFBRUNnZ0VBVWV4QVk2aFJmUU11ZXVwcis3UjlJaXJpOEtCSjRrenoweTBrRUNCVkFDeWQKWFkyRWlTSzZOVXY3emlLdWxrS1BjcUhtdm5IS2I4ODVqcnRkdEZPMW4rOFBqS0J0ZDVKWmJWNFg5cWV6dm5Mcgo3SENrMDBHR0thTDd2NXlGcFJJalBmRDdlamc0MWU4Z2dkOUtDeFJ4Sk1xeTNJaUp1bGJqbllXZXcrMm5FdFZlCnZZN2NjUlFZTWZMdjdROC90N0tQblBpR1FvbE93RFpuYUkvbWkvV2xZQk5TQ1o1Y0E0NXIveldQOGpxaVVLY0cKN1Jrb1F1WEZUQmJHcUVuU1hYOWZOaEcwOWpFQ09MK1gwd0J2VkF1SE9lamdNOS9HUHRyTnl1aW1QUTdSM2d6VwpwQ2tiRk9zR3o2aHcyM2Y5S0ZaOHJaRTBqRTIzWm43YTFjcVJGdklZZ1FLQmdRRDdtS0UrNnlKWjJzR3FQMmdFCk5mcThZUFg0TWQ1Z0xJQzlzRk05b1llU0h0OGZUV1lYa1ZDVURiM1dTVDRmekhDOFR1a2NMN3dZcU93bWlsRDIKOXUrUk40ZVp6RDEzU2ZHR3AxMmNUWVJkZ1QrbTI3M1B3aFNBNXFNNVZYR2xlVmY0aGdjY2UwbGErOUJWOXFiSAo3dmlSL1J2Z29iaVJjVG1YY1NBYldSYzJTUUtCZ1FETElRdnNJYnVGRzNmc25taU5FSmZESG1qeXMvRzVoc0ZpCnBMSm1jYmdKMDZNOWJQSEc0VFl1bFR5YWQ5WmdUWjY4VWIvZEt3MEd3Und6ZXk3WWJBZlpES2tjU1pUZnc1cnMKWG9YUE8yU1BCUzRzVnNoaGhLMkdxVUtpS1VvalV5cGxFZlEvZmJJRkd6K3F6VmpDZllZQ3h0TUlWY2lzSWZBTwoxTUhhT25pT2VRS0JnQW1JUDl1MVp1akdtLzNLUnpPWm8vVk5LeVNMSnlTM3F1MEU2REoya3o5YkFoTWFpSnF0Cis4S1FQcmdHc0Y3ZURRdGxaZm1XYVdiNXgzQ3lYdHpzZ0NrZFZIcmtQUlB1N2tLdXhxSXNZYTUxUGljaFBqREgKNXFUM21BbU5EakE1eDdaM3hYOHp3SlM4NDZqT0hvV0dyVTVDcTdLNERka2MxQlREeVhhZnlueFpBb0dBTmVDNwpEOVBXc0RTYjk0Z0F4VUhjYnlXV3dxRldBVmFyM3FVK3FJdUxQQmdGbVZwWE91QXJoZW1SbklzaXNvS0VFd0UvCitjTGNmcWtqK01lNG9qRHRWL1hTdVMwUEx0YnNOYnZRbENuMXZ6V3BqSnNzSlNtUytUL1Y2N3MxN2U2Mk5QNngKSVZJT3NPb01WaHFIYTNidDM3aXE2dkFOL1JJM1lVZXZiMW5JOWtrQ2dZQkplQ2ZMU1hUd2tqQkYrQTNqY2dhQQowV0ZYeHlobzVzYVg3NGhqeDVzRnRBY2U4YVpBTXpmYTlEN1B3OVBobUE3NWE2b09EV2hJQzZNaklXV1ZlL0VrCnpnckRxZGhpV1BmNFUzNEVpZkUxRy9SdDJyV2dJb2tSWWcxVnIxMW04RjM0a2tZZEVBUGhISDBmak82SFRlZzMKUUFvTGhESjZzZm9FMU94aDZsU2Z6Zz09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K + tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURaRENDQWt5Z0F3SUJBZ0lVQTJDekZzd0cyREZ3VUdmN2tLY25XYm5wd1h3d0RRWUpLb1pJaHZjTkFRRUwKQlFBd01URUxNQWtHQTFVRUJoTUNRVlV4SWpBZ0JnTlZCQU1NR1hOcGJYQnNaUzFyZFdKbGNtNWxkR1Z6TFhkbApZbWh2YjJzd0hoY05NalF4TURJME1qQTFNalF3V2hjTk1qVXhNREkwTWpBMU1qUXdXakF4TVFzd0NRWURWUVFHCkV3SkJWVEVpTUNBR0ExVUVBd3daYzJsdGNHeGxMV3QxWW1WeWJtVjBaWE10ZDJWaWFHOXZhekNDQVNJd0RRWUoKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBSjU4SnNEcmg5ZGJxaUx4RXdGeVBpTHpQR2lML2s4bQp5NitPb0VoeTZGTmkzeW4wbXpwZ08yYmdNckVqL3ltZmNwZFp6OVlQc0JTNkJmV2VtYm9TMUd6UXdoR21GS1FzCnE1ZGs2M1djZnh3czU4RmpRcDZIOFdxMzd4cXZCY0VYdFpKbmE1cVlQN2JNNSs4R0FRSGlhWVBrVFZ3dExRMHAKQXg5c0FWMytZeE5KN1N3RFZXbzZwRzFTbWw0djBpZDlDdmt6V0FZRXBkaDVGWEJqNWVDYVBnZ0UwaGlRMnlIagpOWTBROHJjS1ZTbE1kZnpvdDVDQmE5cmdCeWZLRXAvSFFEd1VaR3hDZ0Y1MW9PcHRwdW4yNlU5S2VpeGdkK0lKCmE0QUZ1eTdydW13MmFtLzBYRGNudFZOR1FhM08yWnc2VEliS3NiZEJYTGQvZlo0NXQ3WisxWjhDQXdFQUFhTjAKTUhJd01BWURWUjBSQkNrd0o0SWxjMmx0Y0d4bExXdDFZbVZ5Ym1WMFpYTXRkMlZpYUc5dmF5NWtaV1poZFd4MApMbk4yWXpBZEJnTlZIUTRFRmdRVU8xRmhFd2h0RmY4ZjBTZzAvNjdJSGIwQmRQd3dId1lEVlIwakJCZ3dGb0FVCnpQRjdHdXdRVVZPUU4vSk5qN2NBSUFSVTdUZ3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQTBqTzdiMmcyNmIKbkppemtNOHBjaXpxZEFYZ0E1QUJYZkdtbGROT01uK3I4RFJNMk9hRDJWRlR2ckVMcGRxRDR5OWJqTGZxUWx1Zwo5V1ljMXRhWUtLeHZEUWRXTjYzVEs2bDcza0JYYUpFSHJGMFFYd2JtbXd1Z3l3RWR5MnUwK0Y3ek8xdlhiejZXCnlSamZtdTcyRmhFekt6dGdxOVN4bERiQmdlRWxhYldLMDVWbnYvbHNrVkJjYlNWS05SK3RMUmhxakxjelJwQWIKR3B4TEd2WEtNa0k3Y2svVTVqQXRiVnpaS3E2NzdNTUpXbmtraUtSc1dMRTV6R3dDaGQ0Ull3b09uSUJiMmZaaQpmandWaFV4YklaTVcrdkczdHIxVU9NdGMxN0RGTHVMWXNvQ05SWlNtTkhiU25Pa1llOXlBdUpzNUVuWFJlU1BCCm8vWWRoZCsrWExBPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2VmQ2JBNjRmWFc2b2kKOFJNQmNqNGk4enhvaS81UEpzdXZqcUJJY3VoVFl0OHA5SnM2WUR0bTRES3hJLzhwbjNLWFdjL1dEN0FVdWdYMQpucG02RXRSczBNSVJwaFNrTEt1WFpPdDFuSDhjTE9mQlkwS2VoL0ZxdCs4YXJ3WEJGN1dTWjJ1YW1EKzJ6T2Z2CkJnRUI0bW1ENUUxY0xTME5LUU1mYkFGZC9tTVRTZTBzQTFWcU9xUnRVcHBlTDlJbmZRcjVNMWdHQktYWWVSVncKWStYZ21qNElCTklZa05zaDR6V05FUEszQ2xVcFRIWDg2TGVRZ1d2YTRBY255aEtmeDBBOEZHUnNRb0JlZGFEcQpiYWJwOXVsUFNub3NZSGZpQ1d1QUJic3U2N3BzTm1wdjlGdzNKN1ZUUmtHdHp0bWNPa3lHeXJHM1FWeTNmMzJlCk9iZTJmdFdmQWdNQkFBRUNnZ0VBQVVNNHN1Z1BaR1RlL2tFMWdHTEw3WG1RZ2lNVGYxcXdGaldjQlk2R0lMa20KQjRqVFlVWCttSHpPMlp0OEdGS1JDS3Q5dWdIVXpsUEV3b2wrWFVWcWpsVzc5OE1Hd2tDODZXYUkrOHpXSk1QaApUWkZOdytuRVptNGt5aStHWCt4RVBBOXR2ZXUvV0VHclh5d1F5TzJtTm54bURpbk0waERwemZ4YStHN1ZaZ3ZoCjRXK3VLUEZPb3J6TERhZ20vUTVDZDVWQ2RLSmsyMGo0bkxDVWVaL2tvOVhCQWNGVjVuL2pxRU83c0c4eUhHVDcKd0laemtab1p2dEpjb1Z2MHkyVEZkL1RCL2t0eFlNRTB6WW5hWnYycEx0WkIvZkNVbG12SVhYYW4wUVFvM1FvaApSY2M2emZPZW9vK1c2cklrNzM3U1NTcDdDVWNZcTg1TmN6M2YydjZQVlFLQmdRRGM0Z2FKYWprL3BEVE9GczJQCk5HeXZTNGc1STRNMDFGSFBjLzd2MVdOcTZ0dm03U2c0MkhjT2NmWGZzZGlGeUtnQ3FxZ1FkeW5BNnNCeWRuYnAKOUdncWF4d2ZFSWRmRzQzWmwySkZ3L3NDLzNmVU1NUkR3dTFEZFZuWG5DY2gyK0R4dTF4Vm1mbG1oTG4rSnRxZwp5LzhpY3Y2NkRpbWVmc3ZOaW9FTmVuTmM3UUtCZ1FDM3JvU21qSXNaUFVMTzhyZWoxYW9BM2lEOHFLbDNjWnYvCmhnZFZNeDBiNnpxUEFjR3pHdjg5UUR6N0xnbHUwbFFaZmRuUlAzZW1rQ3o3OC9zbElBTnd1QW5DOTJiOEc2YzQKbG15aUpkOE1nMjZwZTArYWVNYTFJamdVanZRa1ViMUdMRXBxOTMxQ1dVdWtNakhvaUdDQm9yeHdJWGYxMnFXMgo0ZmtLN0FlM093S0JnSE95a09uNWtmTWI5K3piVk9EbC9PZjFFRzJkaEdSdnNrcVAzOEdRYkhyY2VrTURoa1lBClhKeGNaUVcvQ2tOSlQzZldIQ0pEeU1NY002SEJHNWlBUk8rekd3L0tnSjM0dU54NHh5ano5czhqTVlrYjRqSDgKTUh0ZFJLb0RTUndiS0VCMmUyNzdMLy9iRmZGaU9MSnhLRHJMTVZJVGlRbFVNVHlBaUFpZlV6NGhBb0dBQTlDQwovclp5ZVE2MW9YaVc2YmNaTmJWbk4vZ0V0TzlPRHd0b2daTnpLazVEUkE4RVI4VHF3Z25nZWxMbGJVQys4RnlWCnRtdTcvMkNGSHFKZGQ5TG5YMkxqQ1FKOFNBWUcvZnpadXJCUXBvRGdQbkxLSDJvY3JreE1uOWlzSjBqdlJsTEwKSk5lSTZXVFRWbENZaXJ5eVRGN2x6T3BWQkcwSy9mWkpacm1xRzFzQ2dZRUFvVHpIWll4aDVlblkveVBHbmU0UQppckRzeExQckNEc29CRFpwZitJbUZJSSt4Vzk5NklCV3FhQjcwK0Z4OXZ5VTJNQUJCZVQrVXVnTWJMNXNMaXhzCjlTbDN4bmhRcEVxU2I1ek9ZaUtjUGpKU2hEQjRHSFo3bW1xSmVXZjBVVTdvSGNTY2J3SzY2R2Q0UUdrSGdMRlMKRENuK0NybFEwMmp1V3BkMEpRVGlFVEE9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K kind: Secret metadata: creationTimestamp: null