From 79c4ecc35dba069ffbafb028dbcf30fc74f7454a Mon Sep 17 00:00:00 2001 From: Liana Date: Sun, 29 Dec 2024 15:36:47 -0600 Subject: [PATCH] --wip-- [skipci] --- .../bitwarden/bitwarden/app/helmrelease.yaml | 205 ++++++++++++++++++ .../bitwarden/app/kustomization.yaml | 6 + .../bitwarden/bitwarden/app/secret.sops.yaml | 34 +++ .../main/apps/bitwarden/bitwarden/ks.yaml | 20 ++ .../main/apps/bitwarden/kustomization.yaml | 6 + kubernetes/main/apps/bitwarden/namespace.yaml | 7 + .../home-office/plane/app/helmrelease.yaml | 3 +- .../home-office/plane/app/secret.sops.yaml | 34 +-- scripts/kubeconform.sh | 0 9 files changed, 297 insertions(+), 18 deletions(-) create mode 100644 kubernetes/main/apps/bitwarden/bitwarden/app/helmrelease.yaml create mode 100644 kubernetes/main/apps/bitwarden/bitwarden/app/kustomization.yaml create mode 100644 kubernetes/main/apps/bitwarden/bitwarden/app/secret.sops.yaml create mode 100644 kubernetes/main/apps/bitwarden/bitwarden/ks.yaml create mode 100644 kubernetes/main/apps/bitwarden/kustomization.yaml create mode 100644 kubernetes/main/apps/bitwarden/namespace.yaml mode change 100644 => 100755 scripts/kubeconform.sh diff --git a/kubernetes/main/apps/bitwarden/bitwarden/app/helmrelease.yaml b/kubernetes/main/apps/bitwarden/bitwarden/app/helmrelease.yaml new file mode 100644 index 0000000..03e4be7 --- /dev/null +++ b/kubernetes/main/apps/bitwarden/bitwarden/app/helmrelease.yaml @@ -0,0 +1,205 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: bitwarden +spec: + interval: 30m + chart: + spec: + chart: self-host + version: 2024.11.0 + sourceRef: + kind: HelmRepository + name: bitwarden + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 + values: + sharedStorageClassName: "cluster-nvme" + general: + admins: "${SECRET_ADMIN_EMAIL}" + disableUserRegistration: "false" + cloudRegion: US + enableCloudCommunication: true + sharedStorageClassName: "cluster-nvme" + volumeAccessMode: "ReadWriteOnce" + domain: "bitwarden.${SECRET_EXTERNAL_DOMAIN}" + ingress: + enabled: true + className: traefik + annotations: + gethomepage.dev/enabled: "true" + gethomepage.dev/group: Home + gethomepage.dev/name: Bitwarden + gethomepage.dev/description: Password management + gethomepage.dev/icon: bitwarden + tls: + name: bitwarden-tls + clusterIssuer: letsencrypt-production + paths: + web: + path: / + pathType: ImplementationSpecific + attachments: + path: /attachments/ + pathType: ImplementationSpecific + api: + path: /api/ + pathType: ImplementationSpecific + icons: + path: /icons/ + pathType: ImplementationSpecific + notifications: + path: /notifications/ + pathType: ImplementationSpecific + events: + path: /events/ + pathType: ImplementationSpecific + scim: + path: /scim/ + pathType: ImplementationSpecific + sso: + path: /sso/ + pathType: ImplementationSpecific + identity: + path: /identity/ + pathType: ImplementationSpecific + admin: + path: /admin/ + pathType: ImplementationSpecific + email: + smtpSsl: "false" + smtpPort: "465" + smtpHost: "${SECRET_SMTP_HOST}" + replyToEmail: "${SECRET_SMTP_FROM}" + secrets: + secretName: bitwarden-secret + database: + enabled: false + #volume: + # backups: + # storageClass: "cluster-nvme" + # data: + # storageClass: "cluster-nvme" + # log: + # storageClass: "cluster-nvme" + volume: + dataprotection: + storageClass: "cluster-nvme" + attachments: + storageClass: "cluster-nvme" + licenses: + storageClass: "cluster-nvme" + logs: + enabled: true + storageClass: "cluster-nvme" + # rawManifests: + # preInstall: [] + # postInstall: + # - apiVersion: traefik.io/v1alpha1 + # kind: Middleware + # metadata: + # name: "bitwarden-self-host-middleware-stripprefix" + # spec: + # stripPrefix: + # prefixes: + # - /api + # - /attachements + # - /icons + # - /notifications + # - /events + # - /scim + # ##### NOTE: Admin, Identity, and SSO will not function correctly with path strip middleware + # - apiVersion: traefik.io/v1alpha1 + # kind: IngressRoute + # metadata: + # name: "bitwarden-self-host-ingress" + # spec: + # entryPoints: + # - websecure + # routes: + # - kind: Rule + # match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/`) + # services: + # - kind: Service + # name: bitwarden-self-host-web + # passHostHeader: true + # port: 5000 + # - kind: Rule + # match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/api/`) + # services: + # - kind: Service + # name: bitwarden-self-host-api + # port: 5000 + # middlewares: + # - name: "bitwarden-self-host-middleware-stripprefix" + # - kind: Rule + # match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/attachments/`) + # services: + # - kind: Service + # name: bitwarden-self-host-api + # port: 5000 + # middlewares: + # - name: "bitwarden-self-host-middleware-stripprefix" + # - kind: Rule + # match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/icons/`) + # services: + # - kind: Service + # name: bitwarden-self-host-icons + # port: 5000 + # middlewares: + # - name: "bitwarden-self-host-middleware-stripprefix" + # - kind: Rule + # match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/notifications/`) + # services: + # - kind: Service + # name: bitwarden-self-host-notifications + # port: 5000 + # middlewares: + # - name: "bitwarden-self-host-middleware-stripprefix" + # - kind: Rule + # match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/events/`) + # services: + # - kind: Service + # name: bitwarden-self-host-events + # port: 5000 + # middlewares: + # - name: "bitwarden-self-host-middleware-stripprefix" + # - kind: Rule + # match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/scim/`) + # services: + # - kind: Service + # name: bitwarden-self-host-scim + # port: 5000 + # middlewares: + # - name: "bitwarden-self-host-middleware-stripprefix" + # ##### NOTE: SSO will not function correctly with path strip middleware + # - kind: Rule + # match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/sso/`) + # services: + # - kind: Service + # name: bitwarden-self-host-sso + # port: 5000 + # ##### NOTE: Identity will not function correctly with path strip middleware + # - kind: Rule + # match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/identity/`) + # services: + # - kind: Service + # name: bitwarden-self-host-identity + # port: 5000 + # ##### NOTE: Admin will not function correctly with path strip middleware + # - kind: Rule + # match: Host(`bitwarden.${SECRET_EXTERNAL_DOMAIN}`) && PathPrefix(`/admin`) + # services: + # - kind: Service + # name: bitwarden-self-host-admin + # port: 5000 + # tls: + # certResolver: letsencrypt-production diff --git a/kubernetes/main/apps/bitwarden/bitwarden/app/kustomization.yaml b/kubernetes/main/apps/bitwarden/bitwarden/app/kustomization.yaml new file mode 100644 index 0000000..95bf474 --- /dev/null +++ b/kubernetes/main/apps/bitwarden/bitwarden/app/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./secret.sops.yaml + - ./helmrelease.yaml diff --git a/kubernetes/main/apps/bitwarden/bitwarden/app/secret.sops.yaml b/kubernetes/main/apps/bitwarden/bitwarden/app/secret.sops.yaml new file mode 100644 index 0000000..ce98397 --- /dev/null +++ b/kubernetes/main/apps/bitwarden/bitwarden/app/secret.sops.yaml @@ -0,0 +1,34 @@ +# yamllint disable +kind: Secret +apiVersion: v1 +type: Opaque +metadata: + name: bitwarden-secret +stringData: + replyToEmail: ENC[AES256_GCM,data:7NR/XlAqsO4PtCNKQ890Njv6Qh2Jp6W/t0Lc8px7,iv:VznXZaMbwLda8LkrJDTc2UKurHRWqGTJ1T0/1C3VMus=,tag:Z+Wkfb7DqcaPam7AFrvWUw==,type:str] + globalSettings__installation__id: ENC[AES256_GCM,data:U091rHP2N4UjYgSdGrkDvSBZHQu9w8s75xWPCp6gfZ0773gW,iv:PZ2hBlqta/sclVQUtO6LYD/ZhL6e+Q+yDESxrt6CYjQ=,tag:1A/9gKzuflMqOktyoZ5adQ==,type:str] + globalSettings__installation__key: ENC[AES256_GCM,data:/pWJt9ElR+mgiv5m8I0Gdb5Z6H8=,iv:31bd6uhc45WMi41iACel8/YOjDjVTDxoR3Ok19+U43A=,tag:xtI3eCRActaFajUqVdxemw==,type:str] + globalSettings__mail__smtp__username: ENC[AES256_GCM,data:wGph7iTpKhvYXjsFKnPIFevGsJvgovvfNnIJPjFf,iv:o7l19Onw6PHMmk19e++zTArLmZrwSIAXgDpuwaDhjuo=,tag:ojY3lQFiP3G3oYeVQXri7A==,type:str] + globalSettings__mail__smtp__password: ENC[AES256_GCM,data:OQ3mROVpRAZ2MNFZtvRV0N74EPOaSdSvmaOJas1JCgEbHHNq0laLg5r2ufTYz9vA0aM=,iv:vB9ElILgqKyvY6wgQ8Nesg2pygGK9mcjIhEYGsHVWEQ=,tag:l84bsTR3twb3Al19FKezqA==,type:str] + globalSettings__sqlServer__connectionString: ENC[AES256_GCM,data:mJxp4MXvqV4T+/J7O0XX6+Z4kmo4IVFYvUPEBU0uaJ3w0YNcqPps+LH9pgFNOjwBWCAQ8QxvCH9ul2uSiYGhy41YjLsQD4X/UF1Hhimezc3IrexCDFkXXl4WIACAZjpQf6morvx9+/v0EvdxofP7auWQ2BGcid4lHYxO78gEAvPaueS+L0TerqEpEnxS26r2uMLOe2w5L0hxBKGQyWmWPx8mTAJXTgTaXAvKLT2G97JNa9a5EQSAPuBoi95F+CkQBEwbo6uwrcJS6DTWQmNefEdZ1D7Abp50zlpJfC7Tuf54tjnHyGya9EWEwc32mTadqCto047ySvDNNB2jgrG97HXvnqOo4LGpZn9jYGJsJZjVFibiy2+WHzgxDmU=,iv:Nq4LIbSDzk9WurGEPojUfRe8WqEOGO4t7WnfyYoupVo=,tag:yV7w9j9gRKuAsgsnxncUtA==,type:str] + #ENC[AES256_GCM,data:r7/63ugBvNNcFQGkau56LkG5lNH0NwvuA0OiRj0FOjAWlbf6sR7v5JOgIy97uMC+mBWy8A+OGZFO8p4bosrdrmzuomArHNnM4oWN498=,iv:2TaG5UkIEjLwPQpEZjOJdEviNNnSVi/e1lUUckJ+KqM=,tag:BPd/IOSUJvS1/mgPqqSlyQ==,type:comment] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFRGFTc01qRmdlMzZ0WE53 + OWtoUzBaMUp4T3FoYnJuVGhGODVna1RHYkRZCk0xWEVjOWp2YW9NZmE0MnNFYnJX + OEdHbkdsOWM4Tk44aTRVZ0VoNWorWDAKLS0tIHp2SE9Wd1lmTmV2eUFYRmRYNDZn + NFR5QkpIaFQ5Tk1FdGV3aUtzNTZsRXcKyNl9cFicgjcTiGkoQK/StLd7FEHGUVWD + hs8+h4ak+r++3+KpUay4aNqY09RtAzvUd4Vl3VQ2tYt/TOlDrgErHQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-11-29T17:22:46Z" + mac: ENC[AES256_GCM,data:+KthNzUdXl/XgnupjWiEdk8EHvHldUvUwfWT7FNpR+Pysl/fdI1fAK02rXOlY0ABCKpejSIobHipy3RkxTXiF6PPGTC4R0aoqxRvZjyXDCUaHc3F4KdYBH4vkGoBchosHJnOX0qymSEGbzJERRSjxEZ3JDg0JRIEB8jQtObGivs=,iv:w7XSWHs1RaDAuxsImvxDHo96T6qwaaYlXGZUP2nfqLg=,tag:QNSjFrABn8tf8nQlu5MXkw==,type:str] + pgp: [] + encrypted_regex: ^(data|stringData)$ + version: 3.9.1 diff --git a/kubernetes/main/apps/bitwarden/bitwarden/ks.yaml b/kubernetes/main/apps/bitwarden/bitwarden/ks.yaml new file mode 100644 index 0000000..2792893 --- /dev/null +++ b/kubernetes/main/apps/bitwarden/bitwarden/ks.yaml @@ -0,0 +1,20 @@ +--- +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app bitwarden + namespace: flux-system +spec: + targetNamespace: bitwarden + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/main/apps/bitwarden/bitwarden/app + prune: true + sourceRef: + kind: GitRepository + name: k8s-gitops + wait: true + interval: 30m + retryInterval: 1m + timeout: 5m diff --git a/kubernetes/main/apps/bitwarden/kustomization.yaml b/kubernetes/main/apps/bitwarden/kustomization.yaml new file mode 100644 index 0000000..85537a8 --- /dev/null +++ b/kubernetes/main/apps/bitwarden/kustomization.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./namespace.yaml + #- ./bitwarden/ks.yaml diff --git a/kubernetes/main/apps/bitwarden/namespace.yaml b/kubernetes/main/apps/bitwarden/namespace.yaml new file mode 100644 index 0000000..8fdd863 --- /dev/null +++ b/kubernetes/main/apps/bitwarden/namespace.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: bitwarden + labels: + kustomize.toolkit.fluxcd.io/prune: disabled diff --git a/kubernetes/main/apps/home-office/plane/app/helmrelease.yaml b/kubernetes/main/apps/home-office/plane/app/helmrelease.yaml index 632ced6..2bef8d6 100644 --- a/kubernetes/main/apps/home-office/plane/app/helmrelease.yaml +++ b/kubernetes/main/apps/home-office/plane/app/helmrelease.yaml @@ -4,6 +4,8 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: &app plane + annotations: + secret.reloader.stakater.com/reload: "plane-secret" spec: interval: 30m chart: @@ -105,7 +107,6 @@ spec: doc_upload_size_limit: "5242880" # 5MB sentry_dsn: "" sentry_environment: "" - cors_allowed_origins: "" default_cluster_domain: cluster.local diff --git a/kubernetes/main/apps/home-office/plane/app/secret.sops.yaml b/kubernetes/main/apps/home-office/plane/app/secret.sops.yaml index f596dcf..bd0c0d0 100644 --- a/kubernetes/main/apps/home-office/plane/app/secret.sops.yaml +++ b/kubernetes/main/apps/home-office/plane/app/secret.sops.yaml @@ -5,16 +5,16 @@ type: Opaque metadata: name: plane-secret stringData: - SECRET_KEY: ENC[AES256_GCM,data:Hlge8nCQC8cAwBAhKhOSIQDFqPCl0q8lp14Lrb1Ha1xfimzv0FYtWTHVGjP50cu5Kr1qv6SPSsU0rvHOdPvfuw==,iv:qY++THG8PWRGJb5qURyzV5C+022eBKOWdf19vdu3Stg=,tag:XhCcjURlz6xtFNzXehe1gw==,type:str] - POSTGRES_USER: ENC[AES256_GCM,data:XQVJU+0=,iv:8dc07OmRZA/PTyIsK8zHnLKa+HFeaQ4h09nNiWTNPlY=,tag:pmRJXHtSngQmTpUtY4xzmA==,type:str] - POSTGRES_DB: ENC[AES256_GCM,data:RtBCCWw=,iv:BpRYcn2BpIRcLmQcAIrunvtB4MDuDYkmJOnAsmPtat0=,tag:xvUhN8ixC5jY8ykAQwzjNQ==,type:str] - POSTGRES_PASSWORD: ENC[AES256_GCM,data:iiGNnq0jK1/1zYZG9xKh6FpHYwHynQ+0/bFW6ecrIcA=,iv:xQfhOf8DjSKU+5YE4OeaKBFojL8dx6EUAg9mIkPiKTk=,tag:+0OmSsaTRbIMDxiRtNo28w==,type:str] - POSTGRES_URL: ENC[AES256_GCM,data:tiUR01NTwPZvOaH3AewUl2DwMe6C1p+t/RwcnbHHGPtMv6LDUlszTJq5b3OODmNrCZql+FPmNretO+UWNKHRFB0+PbrtDLVR6Aia91PBVlWvYUwmHXIwLGkJWyTmQ6yQK3n0hHUhhA==,iv:x5bhArp40eaO7UrFVTT8dw89OaQRyJTAOH2VyQSmgbs=,tag:zsjobWSyB7a4CUvREBTNzw==,type:str] - REDIS_URL: ENC[AES256_GCM,data:ZVjRw2T2QvxentteSyAC5tzoc4VJM4U01JpLxvx9d+3kiRwhImYXhhDbzFvetfD52V3Z/Z+upOQhCaiFPxwBW2gSrNiQ/rxOiJoB65fKNg90NoIn,iv:VxmX6waqWRyre6nbM63K5sUrxbDmbyXaakIqZFkKVjg=,tag:dgxCagZKumzE8w4QK4mrYQ==,type:str] - RABBITMQ_URL: ENC[AES256_GCM,data:fsKrT7di5yPxRkSF1AmWsjvqBeSZHuBUx7MzfXdM+uXa9t+BSOjRN1P+oUYGj09jRY/PEsYjouTJKTCCCkD3noC88j4IkwcxhEJrbIgvgZKhH3yzsjQBzJDevCE=,iv:I1wUED3rLlu4Mds9jk3Io2vt2iCdEoUu9U7d6g0Xgnk=,tag:jFfA1WN3HoA+4PexBy9ByA==,type:str] - MINIO_URL: ENC[AES256_GCM,data:AHOPIiRJrX/6UAaTGpVhMMhLzugupdi7o2GZjTVl1n7td5Z8naNiNUp/UVKP2ge9K6XLyZZIYwV+VoPEaD54IYRdlL7aE/XH6bMrY3btxdYakplkesktT/kIWBLWsYC8vI3yoWuust/5LO3lZMw/x6w=,iv:W4FyvWVqCKdrofH4fgPiqADgz+PAHYiM9HX5s3dt5RA=,tag:FgdSBWTiCkw/hmsPNWKdQw==,type:str] - MINIO_ACCESS_KEY: ENC[AES256_GCM,data:i8hXPpjmov8WfOL8OkafOaRgPgU=,iv:A2pk8x5LxHLldMD61O/bvb5G7Jdt/m3I4/aShUs88Ao=,tag:27gEOSWw2x/1oEYh/k85JQ==,type:str] - MINIO_SECRET_KEY: ENC[AES256_GCM,data:YG7/kjI65vmvzBj7XuuGbSlNg3ZfmJn5UtwZCK8he6BbIXvw1Tu5JA==,iv:vj/UOmOpRB99143VwdOOvf79kMNA7SRx0CdgMEv9938=,tag:K+1AauPt+SHTq1rfecDAhg==,type:str] + SECRET_KEY: ENC[AES256_GCM,data:pOYeJop0KpnTQGE+1J5sJrgaSXPZzvkF06DtsPL/MAAtp1sQuxOOVFTmWwH8unpXfmPnck+Gj2odz0vjrHC7HA==,iv:fke6j+rMnoaoGhoqVks4Fct6D4WInye7fH3JdXHQAzE=,tag:pm7NIYs9J+st2KuMbjbI4w==,type:str] + POSTGRES_USER: ENC[AES256_GCM,data:HiYMxE4=,iv:WgofxIIZcztmAoCZ4n40GwhVyZ0Zk0YyFwJ4Nvp/goM=,tag:kHnvNep+NNZiJ5z4Q47NAg==,type:str] + POSTGRES_DB: ENC[AES256_GCM,data:NT7XTA8=,iv:ToTN/S5bmCCfdiCcazvpkNBGuMlQkHNyBNYK/ITylv8=,tag:C2iWcR/CzxM6VoKtxstuBg==,type:str] + POSTGRES_PASSWORD: ENC[AES256_GCM,data:rs1xVmqKnfqqKp1BudR0ZqH+f5Hn1Yy9izo4uHfNKlQ=,iv:r4cbf0/rNirsGTz6VFC3oW/eSfzBmG7KQJC+HA5r+LA=,tag:BEuUdTTCuYmwRMySiJ5Hbw==,type:str] + POSTGRES_URL: ENC[AES256_GCM,data:1xDVT5jTwQ+hQnS1kA4JJq+eXoEe35TktbkTWDwcD3Df9gYFnb/BjczEb2WNpyTJB/nVbg3CoP6Llr492LrM5UhABcinxJH9WuWEcQF/Mrx9IZig2FnewMNv9tpfc6JoRO/x9K0lQw==,iv:cw3kvELDA22f3p3xFKmqr0qnZbWqWEFPiaEhIpjNYY0=,tag:mcCGU2yL4t7oaVzcyOkiSA==,type:str] + REDIS_URL: ENC[AES256_GCM,data:wYsW7anDlVaZ3xxR3bce5EiZWcDfQnZkPUHSsvOkc+JmYSmv3FVATIPb2AmZQbG8FvWZ72Mn2DGA/ZVNLSpQoerf5bil+sLgCupaAOWdaJb3WnQJ,iv:RJvqBMgu1NILX2xbZbXA64f97giuIozwvuofuptQe+g=,tag:rZS7y9umhZ30bWOVbJZ8tA==,type:str] + RABBITMQ_URL: ENC[AES256_GCM,data:4URjXxi6oN3jWHukQx3cccpg9WrmRgQHKluqZpY3ULtNp38R5JL3hkbdl8Xj4E95Wdz+2O3t1OMB5Du4VL3baCa5Qm9JdUNSu+em9rnXuQ8jLMkhqQJotu1MSdw=,iv:7AvaS7ekUCMnbUolf5frjRibq0H/qcM8RJhXAJvPdcs=,tag:5wStSI6plVYLr9Keq1w/2A==,type:str] + MINIO_URL: ENC[AES256_GCM,data:+Ktvw/WfdXNDR407FTHH3FQZvVzOAVQ31to5FefnRxdjsfFlZ2MOvfYfVCtCuIJypVNP,iv:TWHEWuvHsZMgci1ivyb+2cS2SKC5byBSts04E1K3IaE=,tag:1WtPh8s98QmAdr+1L/qLxQ==,type:str] + MINIO_ACCESS_KEY: ENC[AES256_GCM,data:gNnvQIqvbOGwecZ/ReuzI+Qv/HI=,iv:kxsi0dGIMuieQHllriqelhVAXQsFbsHveLLoQo1uGgc=,tag:VkdAHsb9KMYaS2HDsy1+zg==,type:str] + MINIO_SECRET_KEY: ENC[AES256_GCM,data:ryu87iMwx53zDytvdMDQr741bWwU+2iUusYQ6+yuvX3v9aN7wUbWDQ==,iv:IJd1yyyDPDs9MkHY5eWHEqKniBqmwfYPkCBA1JeghPc=,tag:lZdsA/27Ov27x2zW0NIUUw==,type:str] sops: kms: [] gcp_kms: [] @@ -24,14 +24,14 @@ sops: - recipient: age19nu7uf8dageqlmzk23x7vl24fpn0l7cq20l3l4xxf2sk2xd5h98qss437p enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5cUNsRW9PaWtFTEJORDZx - eDBRdXg3QkhzMzFGVHJpTkZaK0wyYlNMdzJvCk1XZTUrNzJpZlZpWHRuUEVvekFF - QU12aVRoR3N6eUR6aHEwTWlIOU9SazQKLS0tIGU2ZmloNWxHRGFEQ1YwUjBONENS - bGxqQmhESjY2L01mSUVtYUdxVlpzR28KlXVdYP1I98OeiUi+h1+JHpm4/SS1OwiI - 4FfbygAqlk5xDMc7+rGvkeN82MMJTJf2FnIqtnYUlIBa+sh3A8L20Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvRnVGWExYc0ZjQWJuSVFt + SXN6SDRWaU1PMUFEWmNBcVRrSDlXRG0zY1U4CkM5SVNpRGdvNWlrK3hZNDdRNmI3 + Y3R3TXNTSHU1RTFVdFZDU0JpaVBVSHcKLS0tIFlYSi90UXhtRVBtZmZxQkw0N3lR + RzYxV1cxVkpRMVE1Rk03VVFzcm9LRFUKRhog/VFCxhC4GKFKjY0TciqbyGW12REM + 7fAThUJnL0n/6f4ZkAtQb8vOW2tSLMzwOaTqekbC7D/VuoPLuyas3A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-29T20:57:38Z" - mac: ENC[AES256_GCM,data:bTm/uac73fcZLlWKqRCtjdKTeHlwMcAnPiWBSOxs+BqXn0EeV65BL9oEJ/qpXPLyupvO2neUUnsrQawEo2G71m0voRrCxV3tAVfYgStQ+Ek/lJFdIlQxRrt9rIoSIc/eEeC6VYx90HHWO7gXT06B46fN66emxotY0IoG1BbWVRY=,iv:+d79pdiiRFxulpSn+4X5WTQo4xArwTHZjfYdW3s8YLE=,tag:V+WVxVWbY+hnpObNr63aCg==,type:str] + lastmodified: "2024-12-29T21:20:25Z" + mac: ENC[AES256_GCM,data:v2ug10/7CXESqF4AvOgXmuuHn/aCWdEnmAL/y/Gf+iia3Z1sxLBc1FGvzGMJEYpr7GSEphO2qSEk4abWXjQZhzpDfIcNrHlUWt/bRGIWDwHtMqMYzXiAfR/mouKpsMua069PsWNaCd2Xh/zK1PuLaGwz5spaAfQMcvFYfH7q9Ak=,iv:gwSDwQB6tMlBZgWmobAX40k7cFNGPMQWEKzBM2bl3z4=,tag:G02SjsodsZsRKgbTTuXg0g==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.9.2 diff --git a/scripts/kubeconform.sh b/scripts/kubeconform.sh old mode 100644 new mode 100755