From 2b698c723b9a845f8b914ce819141e73fa462fdf Mon Sep 17 00:00:00 2001 From: navin Date: Wed, 13 Aug 2025 20:01:50 +0530 Subject: [PATCH 1/2] Add helpers and charts Signed-off-by: navin --- .../argocd-agent-principal/Chart.yaml | 11 + .../argocd-agent-principal/NOTES.txt | 62 ++++ .../argocd-agent-principal/README.md | 159 ++++++++++ .../templates/_helpers.tpl | 134 ++++++++ .../templates/argocd-agent-ca-secret.yaml | 13 + .../templates/principal-clusterrole.yaml | 36 +++ .../principal-clusterrolebinding.yaml | 20 ++ .../templates/principal-deployment.yaml | 300 ++++++++++++++++++ .../templates/principal-grpc-service.yaml | 23 ++ .../templates/principal-healthz-service.yaml | 25 ++ .../templates/principal-jwt-secret.yaml | 16 + .../templates/principal-metrics-service.yaml | 25 ++ .../templates/principal-params-cm.yaml | 153 +++++++++ .../principal-redis-proxy-service.yaml | 17 + .../principal-resource-proxy-service.yaml | 19 ++ .../principal-resource-proxy-tls-secret.yaml | 17 + .../templates/principal-role.yaml | 34 ++ .../templates/principal-rolebinding.yaml | 21 ++ .../templates/principal-sa.yaml | 16 + .../templates/principal-tls-secret.yaml | 17 + .../templates/principal-userpass-secret.yaml | 16 + .../argocd-agent-principal/values.yaml | 181 +++++++++++ 22 files changed, 1315 insertions(+) create mode 100644 install/helm-repo/argocd-agent-principal/Chart.yaml create mode 100644 install/helm-repo/argocd-agent-principal/NOTES.txt create mode 100644 install/helm-repo/argocd-agent-principal/README.md create mode 100644 install/helm-repo/argocd-agent-principal/templates/_helpers.tpl create mode 100644 install/helm-repo/argocd-agent-principal/templates/argocd-agent-ca-secret.yaml create mode 100644 install/helm-repo/argocd-agent-principal/templates/principal-clusterrole.yaml create mode 100644 install/helm-repo/argocd-agent-principal/templates/principal-clusterrolebinding.yaml create mode 100644 install/helm-repo/argocd-agent-principal/templates/principal-deployment.yaml create mode 100644 install/helm-repo/argocd-agent-principal/templates/principal-grpc-service.yaml create mode 100644 install/helm-repo/argocd-agent-principal/templates/principal-healthz-service.yaml create mode 100644 install/helm-repo/argocd-agent-principal/templates/principal-jwt-secret.yaml create mode 100644 install/helm-repo/argocd-agent-principal/templates/principal-metrics-service.yaml create mode 100644 install/helm-repo/argocd-agent-principal/templates/principal-params-cm.yaml create mode 100644 install/helm-repo/argocd-agent-principal/templates/principal-redis-proxy-service.yaml create mode 100644 install/helm-repo/argocd-agent-principal/templates/principal-resource-proxy-service.yaml create mode 100644 install/helm-repo/argocd-agent-principal/templates/principal-resource-proxy-tls-secret.yaml create mode 100644 install/helm-repo/argocd-agent-principal/templates/principal-role.yaml create mode 100644 install/helm-repo/argocd-agent-principal/templates/principal-rolebinding.yaml create mode 100644 install/helm-repo/argocd-agent-principal/templates/principal-sa.yaml create mode 100644 install/helm-repo/argocd-agent-principal/templates/principal-tls-secret.yaml create mode 100644 install/helm-repo/argocd-agent-principal/templates/principal-userpass-secret.yaml create mode 100644 install/helm-repo/argocd-agent-principal/values.yaml diff --git a/install/helm-repo/argocd-agent-principal/Chart.yaml b/install/helm-repo/argocd-agent-principal/Chart.yaml new file mode 100644 index 00000000..47352a49 --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: argocd-agent-principal +description: A Helm chart for ArgoCD Agent Principal +type: application +version: 0.3.1 +appVersion: "0.3.1" +home: https://github.com/argoproj-labs/argocd-agent +sources: + - https://github.com/argoproj-labs/argocd-agent +maintainers: + - name: ArgoCD Agent Team diff --git a/install/helm-repo/argocd-agent-principal/NOTES.txt b/install/helm-repo/argocd-agent-principal/NOTES.txt new file mode 100644 index 00000000..cf9646ee --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/NOTES.txt @@ -0,0 +1,62 @@ +1. Get the application URL by running these commands: +{{- if eq .Values.service.type "NodePort" }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "argocd-agent-principal.serviceName" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo https://$NODE_IP:$NODE_PORT +{{- else if eq .Values.service.type "LoadBalancer" }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "argocd-agent-principal.serviceName" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "argocd-agent-principal.serviceName" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo https://$SERVICE_IP:{{ .Values.service.port }} +{{- else if eq .Values.service.type "ClusterIP" }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "argocd-agent-principal.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit https://127.0.0.1:8443 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8443:{{ .Values.principal.listen.port }} +{{- end }} + +2. The ArgoCD Agent Principal is now running with the following configuration: + - Listen Port: {{ .Values.principal.listen.port }} + - Metrics Port: {{ .Values.principal.metrics.port }} + - Health Check Port: {{ .Values.principal.healthz.port }} + - Operating Namespace: {{ .Values.principal.namespace }} + {{- if .Values.principal.allowedNamespaces }} + - Allowed Namespaces: {{ .Values.principal.allowedNamespaces }} + {{- end }} + +3. To view the logs: + kubectl logs -f deployment/{{ include "argocd-agent-principal.fullname" . }} -n {{ .Release.Namespace }} + +{{- if .Values.metricsService.enabled }} +4. Metrics are available at: + kubectl port-forward svc/{{ include "argocd-agent-principal.metricsServiceName" . }} {{ .Values.metricsService.port }}:{{ .Values.metricsService.port }} -n {{ .Release.Namespace }} + Then visit http://localhost:{{ .Values.metricsService.port }}/metrics +{{- end }} + +{{- if .Values.healthzService.enabled }} +5. Health check is available at: + kubectl port-forward svc/{{ include "argocd-agent-principal.healthzServiceName" . }} {{ .Values.healthzService.port }}:{{ .Values.healthzService.port }} -n {{ .Release.Namespace }} + Then visit http://localhost:{{ .Values.healthzService.port }}/healthz +{{- end }} + +{{- if not .Values.secrets.userpass.passwd }} + +WARNING: You have not set a password for user authentication. +Please update the userpass secret or set principal.auth to use mTLS authentication. + +To set a password: + kubectl create secret generic {{ include "argocd-agent-principal.userpassSecretName" . }} \ + --from-literal=passwd="your-encrypted-password" \ + -n {{ .Release.Namespace }} +{{- end }} + +{{- if and .Values.principal.tls.server.allowGenerate (eq .Values.principal.tls.server.allowGenerate "true") }} + +WARNING: TLS certificate generation is enabled. This is insecure and should only be used for development. +For production, please provide proper TLS certificates. +{{- end }} + +{{- if and .Values.principal.jwt.allowGenerate (eq .Values.principal.jwt.allowGenerate "true") }} + +WARNING: JWT key generation is enabled. This is insecure and should only be used for development. +For production, please provide a proper JWT signing key. +{{- end }} \ No newline at end of file diff --git a/install/helm-repo/argocd-agent-principal/README.md b/install/helm-repo/argocd-agent-principal/README.md new file mode 100644 index 00000000..522061c2 --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/README.md @@ -0,0 +1,159 @@ +# ArgoCD Agent Principal + +This Helm chart installs the ArgoCD Agent Principal component, which is part of the ArgoCD Agent system that enables multi-cluster application deployment and management. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2+ +- ArgoCD installed in the cluster +- Redis instance for agent communication + +## Installing the Chart + +To install the chart with the release name `argocd-agent-principal`: + +```bash +helm install argocd-agent-principal . -n argocd +``` + +To install with custom values: + +```bash +helm install argocd-agent-principal . -n argocd -f values.yaml +``` + +## Uninstalling the Chart + +To uninstall/delete the `argocd-agent-principal` deployment: + +```bash +helm uninstall argocd-agent-principal -n argocd +``` + +## Configuration + +The following table lists the configurable parameters of the ArgoCD Agent Principal chart and their default values. + +### Basic Configuration + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `namespace` | Target namespace for deployment | `argocd` | +| `replicaCount` | Number of replicas | `1` | + +### Image Configuration + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `image.repository` | Image repository | `ghcr.io/argoproj-labs/argocd-agent/argocd-agent` | +| `image.tag` | Image tag | `"d7ee8580"` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | + +### Resource Configuration + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `resources.limits.cpu` | CPU limit | `2` | +| `resources.limits.memory` | Memory limit | `4Gi` | +| `resources.requests.cpu` | CPU request | `2` | +| `resources.requests.memory` | Memory request | `4Gi` | + +### Service Configuration + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `service.type` | Service type | `LoadBalancer` | +| `service.port` | Service port | `443` | +| `service.targetPort` | Target port | `8443` | +| `service.annotations` | Service annotations | `networking.gke.io/load-balancer-type: "Internal"` | + +### Metrics Service + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `metricsService.enabled` | Enable metrics service | `true` | +| `metricsService.type` | Metrics service type | `ClusterIP` | +| `metricsService.port` | Metrics service port | `8000` | + +### Health Check Service + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `healthzService.enabled` | Enable health check service | `true` | +| `healthzService.type` | Health check service type | `ClusterIP` | +| `healthzService.port` | Health check service port | `8003` | + +### Principal Configuration + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `principal.listen.port` | gRPC server listen port | `8443` | +| `principal.listen.host` | gRPC server listen host | `""` (all interfaces) | +| `principal.log.level` | Log level (trace, debug, info, warn, error) | `info` | +| `principal.log.format` | Log format (text, json) | `text` | +| `principal.metrics.port` | Metrics server port | `8000` | +| `principal.healthz.port` | Health check server port | `8003` | +| `principal.namespace` | Principal operation namespace | `"argocd"` | +| `principal.allowedNamespaces` | Allowed namespaces for agents | `"argocd,argocd-apps,default"` | + +### Namespace Management + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `principal.namespaceCreate.enable` | Allow namespace creation | `true` | +| `principal.namespaceCreate.pattern` | Namespace creation pattern | `"-agent"` | +| `principal.namespaceCreate.labels` | Labels for created namespaces | `"managed-by=argocd-agent,environment=production"` | + +### TLS Configuration + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `principal.tls.secretName` | TLS secret name | `"argocd-agent-principal-tls"` | +| `principal.tls.server.allowGenerate` | Allow TLS cert generation | `false` | +| `principal.tls.server.rootCaSecretName` | Root CA secret name | `"argocd-agent-ca"` | +| `principal.tls.clientCert.require` | Require client certificates | `true` | +| `principal.tls.clientCert.matchSubject` | Match subject to agent name | `true` | + +### Redis Configuration + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `principal.redis.compressionType` | Redis compression type | `"gzip"` | +| `principal.redis.server.address` | Redis server address | `"argocd-redis:6379"` | + +### Resource Proxy + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `principal.redisProxy.enabled` | Enable Redis proxy | `true` | +| `principal.resourceProxy.enabled` | Enable resource proxy | `true` | +| `principal.resourceProxy.secretName` | Resource proxy TLS secret | `"argocd-agent-resource-proxy-tls"` | +| `principal.resourceProxy.ca.secretName` | Resource proxy CA secret | `"argocd-agent-ca"` | + +### JWT Configuration + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `principal.jwt.allowGenerate` | Allow JWT key generation | `false` | +| `principal.jwt.secretName` | JWT secret name | `"argocd-agent-jwt"` | + +### Advanced Configuration + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `principal.websocket.enable` | Enable WebSocket streaming | `false` | +| `principal.keepAlive.minInterval` | Keep-alive minimum interval | `"0"` | +| `principal.pprof.port` | pprof server port | `"0"` (disabled) | + +### Secrets Configuration + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `secrets.ca.tls.create` | Create CA TLS secret | `true` | +| `secrets.ca.tls.key` | CA private key (base64) | `` | +| `secrets.ca.tls.crt` | CA certificate (base64) | `` | + +## Usage + +The principal component should be installed in the management cluster where ArgoCD is running. It will coordinate with the agent components installed in remote clusters. \ No newline at end of file diff --git a/install/helm-repo/argocd-agent-principal/templates/_helpers.tpl b/install/helm-repo/argocd-agent-principal/templates/_helpers.tpl new file mode 100644 index 00000000..278b2b3c --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/templates/_helpers.tpl @@ -0,0 +1,134 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "argocd-agent-principal.name" -}} +{{- default .Chart.Name .Values.global.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "argocd-agent-principal.fullname" -}} +{{- if .Values.global.fullnameOverride }} +{{- .Values.global.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.global.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + + +{{/* +Common labels +*/}} +{{- define "argocd-agent-principal.labels" -}} +{{ include "argocd-agent-principal.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/part-of: argocd-agent +app.kubernetes.io/component: principal +{{- with .Values.labels }} +{{ toYaml . }} +{{- end }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "argocd-agent-principal.selectorLabels" -}} +app.kubernetes.io/name: {{ include "argocd-agent-principal.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "argocd-agent-principal.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "argocd-agent-principal.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} + +{{/* +Create the name of the config map +*/}} +{{- define "argocd-agent-principal.configMapName" -}} +{{- printf "%s-params" (include "argocd-agent-principal.fullname" .) }} +{{- end }} + +{{/* +Create the name of the main service +*/}} +{{- define "argocd-agent-principal.serviceName" -}} +{{- include "argocd-agent-principal.fullname" . }} +{{- end }} + +{{/* +Create the name of the metrics service +*/}} +{{- define "argocd-agent-principal.metricsServiceName" -}} +{{- printf "%s-metrics" (include "argocd-agent-principal.fullname" .) }} +{{- end }} + +{{/* +Create the name of the healthz service +*/}} +{{- define "argocd-agent-principal.healthzServiceName" -}} +{{- printf "%s-healthz" (include "argocd-agent-principal.fullname" .) }} +{{- end }} + +{{/* +Create the name of the cluster role +*/}} +{{- define "argocd-agent-principal.clusterRoleName" -}} +{{- include "argocd-agent-principal.fullname" . }} +{{- end }} + +{{/* +Create the name of the role +*/}} +{{- define "argocd-agent-principal.roleName" -}} +{{- include "argocd-agent-principal.fullname" . }} +{{- end }} + +{{/* +Create the name of the cluster role binding +*/}} +{{- define "argocd-agent-principal.clusterRoleBindingName" -}} +{{- include "argocd-agent-principal.fullname" . }} +{{- end }} + +{{/* +Create the name of the role binding +*/}} +{{- define "argocd-agent-principal.roleBindingName" -}} +{{- include "argocd-agent-principal.fullname" . }} +{{- end }} + + +{{/* +Create the name of the userpass secret +*/}} +{{- define "argocd-agent-principal.userpassSecretName" -}} +{{- printf "%s-userpass" (include "argocd-agent-principal.fullname" .) }} +{{- end }} + + +{{/* +Common annotations +*/}} +{{- define "argocd-agent-principal.annotations" -}} +{{- with .Values.annotations }} +{{ toYaml . }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/install/helm-repo/argocd-agent-principal/templates/argocd-agent-ca-secret.yaml b/install/helm-repo/argocd-agent-principal/templates/argocd-agent-ca-secret.yaml new file mode 100644 index 00000000..3b87e527 --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/templates/argocd-agent-ca-secret.yaml @@ -0,0 +1,13 @@ +{{- if .Values.secrets.ca.tls.create }} +apiVersion: v1 +kind: Secret +metadata: + name: argocd-agent-ca + namespace: {{ .Values.namespace }} + labels: + {{- include "argocd-agent-principal.labels" . | nindent 4 }} +type: kubernetes.io/tls +data: + tls.crt: {{ .Values.secrets.ca.tls.crt | quote }} + tls.key: {{ .Values.secrets.ca.tls.key | quote }} +{{ end }} \ No newline at end of file diff --git a/install/helm-repo/argocd-agent-principal/templates/principal-clusterrole.yaml b/install/helm-repo/argocd-agent-principal/templates/principal-clusterrole.yaml new file mode 100644 index 00000000..ed5c4c76 --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/templates/principal-clusterrole.yaml @@ -0,0 +1,36 @@ +{{- if and .Values.rbac.create .Values.rbac.createClusterRole }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "argocd-agent-principal.clusterRoleName" . }} + labels: + {{- include "argocd-agent-principal.labels" . | nindent 4 }} + {{- with include "argocd-agent-principal.annotations" . }} + annotations: + {{- . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + - applicationsets + verbs: + - create + - get + - list + - watch + - update + - delete + - patch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - create + - get + - list + - watch +{{- end }} \ No newline at end of file diff --git a/install/helm-repo/argocd-agent-principal/templates/principal-clusterrolebinding.yaml b/install/helm-repo/argocd-agent-principal/templates/principal-clusterrolebinding.yaml new file mode 100644 index 00000000..77dbb86f --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/templates/principal-clusterrolebinding.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.rbac.create .Values.rbac.createClusterRole }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "argocd-agent-principal.clusterRoleBindingName" . }} + labels: + {{- include "argocd-agent-principal.labels" . | nindent 4 }} + {{- with include "argocd-agent-principal.annotations" . }} + annotations: + {{- . | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "argocd-agent-principal.clusterRoleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argocd-agent-principal.serviceAccountName" . }} + namespace: {{ .Values.namespace }} +{{- end }} \ No newline at end of file diff --git a/install/helm-repo/argocd-agent-principal/templates/principal-deployment.yaml b/install/helm-repo/argocd-agent-principal/templates/principal-deployment.yaml new file mode 100644 index 00000000..996254ee --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/templates/principal-deployment.yaml @@ -0,0 +1,300 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: {{ .Values.namespace }} + name: {{ include "argocd-agent-principal.fullname" . }} + labels: + {{- include "argocd-agent-principal.labels" . | nindent 4 }} + {{- with include "argocd-agent-principal.annotations" . }} + annotations: + {{- . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + {{- include "argocd-agent-principal.selectorLabels" . | nindent 6 }} + app.kubernetes.io/part-of: argocd-agent + app.kubernetes.io/component: principal + template: + metadata: + labels: + {{- include "argocd-agent-principal.selectorLabels" . | nindent 8 }} + app.kubernetes.io/part-of: argocd-agent + app.kubernetes.io/component: principal + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "argocd-agent-principal.serviceAccountName" . }} + containers: + - name: {{ .Chart.Name }} + args: + - principal + {{- range .Values.principal.additionalArgs }} + - {{ . | quote }} + {{- end }} + env: + - name: ARGOCD_PRINCIPAL_LISTEN_HOST + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.listen.host + optional: true + - name: ARGOCD_PRINCIPAL_LISTEN_PORT + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.listen.port + optional: true + - name: ARGOCD_PRINCIPAL_LOG_LEVEL + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.log.level + optional: true + - name: ARGOCD_PRINCIPAL_METRICS_PORT + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.metrics.port + optional: true + - name: ARGOCD_PRINCIPAL_HEALTH_CHECK_PORT + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.healthz.port + optional: true + - name: ARGOCD_PRINCIPAL_NAMESPACE + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.namespace + optional: true + - name: ARGOCD_PRINCIPAL_ALLOWED_NAMESPACES + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.allowed-namespaces + optional: true + - name: ARGOCD_PRINCIPAL_NAMESPACE_CREATE_ENABLE + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.namespace-create.enable + optional: true + - name: ARGOCD_PRINCIPAL_NAMESPACE_CREATE_PATTERN + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.namespace-create.pattern + optional: true + - name: ARGOCD_PRINCIPAL_NAMESPACE_CREATE_LABELS + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.namespace-create.labels + optional: true + - name: ARGOCD_PRINCIPAL_TLS_SECRET_NAME + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.tls.secret-name + optional: true + - name: ARGOCD_PRINCIPAL_TLS_SERVER_CERT_PATH + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.tls.server.cert-path + optional: true + - name: ARGOCD_PRINCIPAL_TLS_SERVER_KEY_PATH + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.tls.server.key-path + optional: true + - name: ARGOCD_PRINCIPAL_TLS_SERVER_ALLOW_GENERATE + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.tls.server.allow-generate + optional: true + - name: ARGOCD_PRINCIPAL_TLS_CLIENT_CERT_REQUIRE + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.tls.client-cert.require + optional: true + - name: ARGOCD_PRINCIPAL_TLS_SERVER_ROOT_CA_SECRET_NAME + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.tls.server.root-ca-secret-name + optional: true + - name: ARGOCD_PRINCIPAL_TLS_SERVER_ROOT_CA_PATH + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.tls.server.root-ca-path + optional: true + - name: ARGOCD_PRINCIPAL_TLS_CLIENT_CERT_MATCH_SUBJECT + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.tls.client-cert.match-subject + optional: true + - name: ARGOCD_PRINCIPAL_RESOURCE_PROXY_SECRET_NAME + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.resource-proxy.secret-name + optional: true + - name: ARGOCD_PRINCIPAL_RESOURCE_PROXY_TLS_CERT_PATH + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.resource-proxy.tls.cert-path + optional: true + - name: ARGOCD_PRINCIPAL_RESOURCE_PROXY_TLS_KEY_PATH + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.resource-proxy.tls.key-path + optional: true + - name: ARGOCD_PRINCIPAL_RESOURCE_PROXY_CA_SECRET_NAME + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.resource-proxy.ca.secret-name + optional: true + - name: ARGOCD_PRINCIPAL_RESOURCE_PROXY_CA_PATH + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.resource-proxy.ca.path + optional: true + - name: ARGOCD_PRINCIPAL_JWT_ALLOW_GENERATE + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.jwt.allow-generate + optional: true + - name: ARGOCD_PRINCIPAL_JWT_SECRET_NAME + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.jwt.secret-name + optional: true + - name: ARGOCD_PRINCIPAL_JWT_KEY_PATH + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.jwt.key-path + optional: true + - name: ARGOCD_PRINCIPAL_AUTH + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.auth + optional: true + - name: ARGOCD_PRINCIPAL_LOG_FORMAT + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.log.format + optional: true + - name: ARGOCD_PRINCIPAL_ENABLE_WEBSOCKET + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.websocket.enable + optional: true + - name: ARGOCD_PRINCIPAL_REDIS_COMPRESSION_TYPE + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.redis.compression.type + optional: true + - name: ARGOCD_PRINCIPAL_REDIS_SERVER_ADDRESS + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.redis.server.address + optional: true + - name: ARGOCD_PRINCIPAL_ENABLE_RESOURCE_PROXY + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.resource-proxy.enable + optional: true + - name: ARGOCD_PRINCIPAL_KEEP_ALIVE_MIN_INTERVAL + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.keep-alive.min-interval + optional: true + - name: ARGOCD_PRINCIPAL_PPROF_PORT + valueFrom: + configMapKeyRef: + name: {{ include "argocd-agent-principal.configMapName" . }} + key: principal.pprof.port + optional: true + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: argocd-redis + key: auth + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: {{ .Values.principal.listen.port }} + name: principal + - containerPort: {{ .Values.principal.metrics.port }} + name: metrics + - containerPort: {{ .Values.principal.healthz.port }} + name: healthz + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - name: jwt-secret + mountPath: /app/config/jwt + - name: userpass-passwd + mountPath: /app/config/userpass + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + volumes: + - name: userpass-passwd + secret: + secretName: {{ include "argocd-agent-principal.userpassSecretName" . }} + items: + - key: passwd + path: passwd + optional: true + - name: jwt-secret + secret: + secretName: {{ .Values.principal.jwt.secretName | quote }} + items: + - key: jwt.key + path: jwt.key + optional: true + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/install/helm-repo/argocd-agent-principal/templates/principal-grpc-service.yaml b/install/helm-repo/argocd-agent-principal/templates/principal-grpc-service.yaml new file mode 100644 index 00000000..11931772 --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/templates/principal-grpc-service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + namespace: {{ .Values.namespace }} + name: {{ include "argocd-agent-principal.serviceName" . }} + labels: + {{- include "argocd-agent-principal.labels" . | nindent 4 }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with include "argocd-agent-principal.annotations" . }} + {{- . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - name: https + protocol: TCP + port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} + selector: + {{- include "argocd-agent-principal.selectorLabels" . | nindent 4 }} \ No newline at end of file diff --git a/install/helm-repo/argocd-agent-principal/templates/principal-healthz-service.yaml b/install/helm-repo/argocd-agent-principal/templates/principal-healthz-service.yaml new file mode 100644 index 00000000..e9281276 --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/templates/principal-healthz-service.yaml @@ -0,0 +1,25 @@ +{{- if .Values.healthzService.enabled }} +apiVersion: v1 +kind: Service +metadata: + namespace: {{ .Values.namespace }} + name: {{ include "argocd-agent-principal.healthzServiceName" . }} + labels: + {{- include "argocd-agent-principal.labels" . | nindent 4 }} + {{- with .Values.healthzService.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with include "argocd-agent-principal.annotations" . }} + {{- . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.healthzService.type }} + ports: + - name: healthz + protocol: TCP + port: {{ .Values.healthzService.port }} + targetPort: {{ .Values.principal.healthz.port }} + selector: + {{- include "argocd-agent-principal.selectorLabels" . | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/install/helm-repo/argocd-agent-principal/templates/principal-jwt-secret.yaml b/install/helm-repo/argocd-agent-principal/templates/principal-jwt-secret.yaml new file mode 100644 index 00000000..cdd0c537 --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/templates/principal-jwt-secret.yaml @@ -0,0 +1,16 @@ +{{- if .Values.secrets.jwt.create }} +apiVersion: v1 +kind: Secret +metadata: + namespace: {{ .Values.namespace }} + name: argocd-agent-jwt + labels: + {{- include "argocd-agent-principal.labels" . | nindent 4 }} + {{- with include "argocd-agent-principal.annotations" . }} + annotations: + {{- . | nindent 4 }} + {{- end }} +type: Opaque +data: + jwt.key: {{ .Values.secrets.jwt.key | quote }} +{{- end }} \ No newline at end of file diff --git a/install/helm-repo/argocd-agent-principal/templates/principal-metrics-service.yaml b/install/helm-repo/argocd-agent-principal/templates/principal-metrics-service.yaml new file mode 100644 index 00000000..49ab84cc --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/templates/principal-metrics-service.yaml @@ -0,0 +1,25 @@ +{{- if .Values.metricsService.enabled }} +apiVersion: v1 +kind: Service +metadata: + namespace: {{ .Values.namespace }} + name: {{ include "argocd-agent-principal.metricsServiceName" . }} + labels: + {{- include "argocd-agent-principal.labels" . | nindent 4 }} + {{- with .Values.metricsService.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with include "argocd-agent-principal.annotations" . }} + {{- . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.metricsService.type }} + ports: + - name: metrics + protocol: TCP + port: {{ .Values.metricsService.port }} + targetPort: {{ .Values.principal.metrics.port }} + selector: + {{- include "argocd-agent-principal.selectorLabels" . | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/install/helm-repo/argocd-agent-principal/templates/principal-params-cm.yaml b/install/helm-repo/argocd-agent-principal/templates/principal-params-cm.yaml new file mode 100644 index 00000000..c8b4a5e0 --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/templates/principal-params-cm.yaml @@ -0,0 +1,153 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: {{ .Values.namespace }} + name: {{ include "argocd-agent-principal.configMapName" . }} + labels: + {{- include "argocd-agent-principal.labels" . | nindent 4 }} + {{- with include "argocd-agent-principal.annotations" . }} + annotations: + {{- . | nindent 4 }} + {{- end }} +data: + # principal.listen.host: The interface address to listen on. Leave empty + # for all interfaces. + # Default: "" + principal.listen.host: {{ .Values.principal.listen.host | quote }} + # principal.listen.port: The port the gRPC server should listen on. + # Default: 8443 + principal.listen.port: {{ .Values.principal.listen.port | quote }} + # principal.log.level: The logging level to use. One of trace, debug, info, + # warn or error. + # Default: info + principal.log.level: {{ .Values.principal.log.level | default "info" | quote }} + # principal.log.format: The log format principal should use. Valid values are + # "json" or "text". + # Default: "text" + principal.log.format: {{ .Values.principal.log.format | default "text" | quote }} + # principal.metrics.port: The port the metrics server should listen on. + # Default: 8000 + principal.metrics.port: {{ .Values.principal.metrics.port | quote }} + # principal.healthz.port: The port the health check server should listen on. + # Default: 8003 + principal.healthz.port: {{ .Values.principal.healthz.port | quote }} + # principal.namespace: The namespace the principal will operate in. If left + # blank, the namespace where the pod is running in will be used. + # Default: "argocd" + principal.namespace: {{ .Values.principal.namespace | quote }} + # principal.allowed-namespaces: A list of namespaces the principal shall + # watch and process Argo CD resources in. Seperate entries using commas. + # Entries may contain shell-style wildcards. + # Default: "" + principal.allowed-namespaces: {{ .Values.principal.allowedNamespaces | quote }} + # principal.namespace-create.enable: Whether the principal is allowed to + # create namespaces for agents if they don't exist yet. Either "true" or + # "false". + # Default: "false" + principal.namespace-create.enable: {{ .Values.principal.namespaceCreate.enable | quote }} + # principal.namespace-create.pattern: A regexp pattern to restrict the names + # of namespaces to be created. If empty, all patterns are allowed. + # Default: "" + principal.namespace-create.pattern: {{ .Values.principal.namespaceCreate.pattern | quote }} + # principal.namespace-create.labels: A set of labels to apply to namespaces + # created for agents. Each label definition needs to be in the format of + # "key=value". Empty values are not allowed. Multiple labels can be given + # as a comma separated list, e.g. "foo=bar,bar=baz" + principal.namespace-create.labels: {{ .Values.principal.namespaceCreate.labels | quote }} + # principal.tls.secret-name: The name of the secret containing the TLS certificate and key. + # Default: "argocd-agent-principal-tls" + principal.tls.secret-name: {{ .Values.principal.tls.secretName | quote }} + # principal.tls.server.cert-path: Path to the TLS certificate to be used by + # the gRPC server. + # Default: "" + principal.tls.server.cert-path: {{ .Values.principal.tls.server.certPath | quote }} + # principal.tls.server.key-path: Path to the TLS private key to be used by + # the gRPC server. + # Default: "" + principal.tls.server.key-path: {{ .Values.principal.tls.server.keyPath | quote }} + # principal.tls.server.allow-generate: Whether to allow the principal to + # generate its own set of TLS cert and key on startup when none are + # configured. This is insecure. Do only use for development. + # Default: false + principal.tls.server.allow-generate: {{ .Values.principal.tls.server.allowGenerate | quote }} + # principal.tls.client-cert.require: Whether to require client certs from + # agents upon connection. + # Default: false + principal.tls.client-cert.require: {{ .Values.principal.tls.clientCert.require | quote }} + # principal.tls.server.secret-name: The name of the secret containing the root CA TLS certificate. + # Default: "argocd-agent-ca" + principal.tls.server.root-ca-secret-name: {{ .Values.principal.tls.server.rootCaSecretName | quote }} + # principal.tls.server.root-ca-path: Path to a TLS root certificate authority + # to be used to validate agent's client certificates against. + # Default: "" + principal.tls.server.root-ca-path: {{ .Values.principal.tls.server.rootCaPath | quote }} + # principal.tls.client-cert.match-subject: Whether to match the subject field + # in a client certificate presented by an agent to the agent's name. + # Default: false + principal.tls.client-cert.match-subject: {{ .Values.principal.tls.clientCert.matchSubject | quote }} + # principal.resource-proxy.secret-name: The name of the secret containing + # the TLS certificate and key for the resource proxy. + # Default: "argocd-agent-resource-proxy-tls" + principal.resource-proxy.secret-name: {{ .Values.principal.resourceProxy.secretName | quote }} + # principal.resource-proxy.tls.cert-path: Path to the TLS certificate to be used by + # the resource proxy. + # Default: "" + principal.resource-proxy.tls.cert-path: {{ .Values.principal.resourceProxy.tls.certPath | quote }} + # principal.resource-proxy.tls.key-path: Path to the TLS private key to be used by + # the resource proxy. + # Default: "" + principal.resource-proxy.tls.key-path: {{ .Values.principal.resourceProxy.tls.keyPath | quote }} + # principal.resource-proxy.ca.secret-name: The name of the secret containing + # the CA certificate for the resource proxy. + # Default: "argocd-agent-ca" + principal.resource-proxy.ca.secret-name: {{ .Values.principal.resourceProxy.ca.secretName | quote }} + # principal.resource-proxy.ca.path: Path to the CA certificate to be used by + # the resource proxy. + # Default: "" + principal.resource-proxy.ca.path: {{ .Values.principal.resourceProxy.ca.path | quote }} + # principal.jwt.allow-generate: Whether to allow the principal to generate + # its own private key for signing JWT tokens. This is insecure. Do only use + # for development. + # Default: false + principal.jwt.allow-generate: {{ .Values.principal.jwt.allowGenerate | quote }} + # principal.jwt.secret-name: The name of the secret containing the JWT signing key. + # Default: "argocd-agent-jwt" + principal.jwt.secret-name: {{ .Values.principal.jwt.secretName | quote }} + # principal.jwt.key-path: Path to the private key to be used for signing JWT + # tokens. + # Default: "" + principal.jwt.key-path: {{ .Values.principal.jwt.keyPath | quote }} + # principal.auth: The authentication method. Must be in the + # format :. Valid values are: + # - "userpass:_path_to_encrypted_creds_" where _path_to_encrypted_creds_ is + # the path to the file containing encrypted credentials for authenticating + # agent connections. + # - "mtls:_agent_id_regex_" where _agent_id_regex_ is the regex pattern for + # extracting the agent ID from client cert subject. Use "mtls:any" to + # accept any client cert. + # Default: userpass:_path_to_encrypted_creds_ + principal.auth: {{ .Values.principal.auth | quote }} + # principal.websocket.enable: Whether to use the websocket to stream events to the + # agent. + # Default: false + principal.websocket.enable: {{ dig "principal" "websocket" "enable" "false" .Values | quote }} + # principal.redis.compression.type: The compression type to use for the Redis + # connection. + # Default: "gzip" + principal.redis.compression.type: {{ dig "principal" "redis" "compressionType" "gzip" .Values | quote }} + # principal.resource-proxy.enable: Whether to enable the resource proxy. + # Default: true + principal.resource-proxy.enable: {{ dig "principal" "resourceProxy" "enable" "true" .Values | quote }} + # principal.keep-alive.min-interval: Drop agent connections that send keepalive pings + # more often than the specified interval. + # Default: 0 + principal.keep-alive.min-interval: {{ dig "principal" "keepAlive" "minInterval" "0" .Values | quote }} + # principal.pprof.port: The port the pprof server will listen on. + # Default: 0 + principal.pprof.port: {{ dig "principal" "pprof" "port" "0" .Values | quote }} + # principal.redis.server.address: The address of the Redis server. + # Default: "argocd-redis:6379" + principal.redis.server.address: {{ dig "principal" "redis" "server" "address" "argocd-redis:6379" .Values | quote }} + {{- range $key, $value := .Values.configMapData }} + {{ $key }}: {{ $value | quote }} + {{- end }} \ No newline at end of file diff --git a/install/helm-repo/argocd-agent-principal/templates/principal-redis-proxy-service.yaml b/install/helm-repo/argocd-agent-principal/templates/principal-redis-proxy-service.yaml new file mode 100644 index 00000000..bc27af0d --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/templates/principal-redis-proxy-service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + namespace: {{ .Values.namespace }} + labels: + app.kubernetes.io/name: argocd-agent-redis-proxy + app.kubernetes.io/part-of: argocd-agent + app.kubernetes.io/component: redis-proxy + name: argocd-agent-redis-proxy +spec: + ports: + - name: redis-proxy + protocol: TCP + port: 6379 + targetPort: 6379 + selector: + {{- include "argocd-agent-principal.selectorLabels" . | nindent 4 }} diff --git a/install/helm-repo/argocd-agent-principal/templates/principal-resource-proxy-service.yaml b/install/helm-repo/argocd-agent-principal/templates/principal-resource-proxy-service.yaml new file mode 100644 index 00000000..fbd38cd2 --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/templates/principal-resource-proxy-service.yaml @@ -0,0 +1,19 @@ +{{- if .Values.principal.resourceProxy.enabled }} +apiVersion: v1 +kind: Service +metadata: + namespace: {{ .Values.namespace }} + labels: + app.kubernetes.io/name: argocd-agent-resource-proxy + app.kubernetes.io/part-of: argocd-agent + app.kubernetes.io/component: resource-proxy + name: argocd-agent-resource-proxy +spec: + ports: + - name: resource-proxy + protocol: TCP + port: 9090 + targetPort: 9090 + selector: + app.kubernetes.io/name: argocd-agent-principal +{{- end }} diff --git a/install/helm-repo/argocd-agent-principal/templates/principal-resource-proxy-tls-secret.yaml b/install/helm-repo/argocd-agent-principal/templates/principal-resource-proxy-tls-secret.yaml new file mode 100644 index 00000000..604a6ea8 --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/templates/principal-resource-proxy-tls-secret.yaml @@ -0,0 +1,17 @@ +{{- if .Values.secrets.proxy.tls.create }} +apiVersion: v1 +kind: Secret +metadata: + namespace: {{ .Values.namespace }} + name: argocd-agent-resource-proxy-tls + labels: + {{- include "argocd-agent-principal.labels" . | nindent 4 }} + {{- with include "argocd-agent-principal.annotations" . }} + annotations: + {{- . | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .Values.secrets.proxy.tls.crt | quote }} + tls.key: {{ .Values.secrets.proxy.tls.key | quote }} +{{- end }} \ No newline at end of file diff --git a/install/helm-repo/argocd-agent-principal/templates/principal-role.yaml b/install/helm-repo/argocd-agent-principal/templates/principal-role.yaml new file mode 100644 index 00000000..030ee524 --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/templates/principal-role.yaml @@ -0,0 +1,34 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: {{ .Values.namespace }} + name: {{ include "argocd-agent-principal.roleName" . }} + labels: + {{- include "argocd-agent-principal.labels" . | nindent 4 }} + {{- with include "argocd-agent-principal.annotations" . }} + annotations: + {{- . | nindent 4 }} + {{- end }} +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list +{{- end }} \ No newline at end of file diff --git a/install/helm-repo/argocd-agent-principal/templates/principal-rolebinding.yaml b/install/helm-repo/argocd-agent-principal/templates/principal-rolebinding.yaml new file mode 100644 index 00000000..ab595df8 --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/templates/principal-rolebinding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + namespace: {{ .Values.namespace }} + name: {{ include "argocd-agent-principal.roleBindingName" . }} + labels: + {{- include "argocd-agent-principal.labels" . | nindent 4 }} + {{- with include "argocd-agent-principal.annotations" . }} + annotations: + {{- . | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "argocd-agent-principal.roleName" . }} +subjects: +- kind: ServiceAccount + name: {{ include "argocd-agent-principal.serviceAccountName" . }} + namespace: {{ .Values.namespace }} +{{- end }} \ No newline at end of file diff --git a/install/helm-repo/argocd-agent-principal/templates/principal-sa.yaml b/install/helm-repo/argocd-agent-principal/templates/principal-sa.yaml new file mode 100644 index 00000000..e1f07142 --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/templates/principal-sa.yaml @@ -0,0 +1,16 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: {{ .Values.namespace }} + name: {{ include "argocd-agent-principal.serviceAccountName" . }} + labels: + {{- include "argocd-agent-principal.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with include "argocd-agent-principal.annotations" . }} + {{- . | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/install/helm-repo/argocd-agent-principal/templates/principal-tls-secret.yaml b/install/helm-repo/argocd-agent-principal/templates/principal-tls-secret.yaml new file mode 100644 index 00000000..b1b9a3e3 --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/templates/principal-tls-secret.yaml @@ -0,0 +1,17 @@ +{{- if .Values.secrets.server.tls.create }} +apiVersion: v1 +kind: Secret +metadata: + namespace: {{ .Values.namespace }} + name: argocd-agent-principal-tls + labels: + {{- include "argocd-agent-principal.labels" . | nindent 4 }} + {{- with include "argocd-agent-principal.annotations" . }} + annotations: + {{- . | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .Values.secrets.server.tls.crt | quote }} + tls.key: {{ .Values.secrets.server.tls.key | quote }} +{{- end }} \ No newline at end of file diff --git a/install/helm-repo/argocd-agent-principal/templates/principal-userpass-secret.yaml b/install/helm-repo/argocd-agent-principal/templates/principal-userpass-secret.yaml new file mode 100644 index 00000000..412c944e --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/templates/principal-userpass-secret.yaml @@ -0,0 +1,16 @@ +{{- if .Values.secrets.userpass.create }} +apiVersion: v1 +kind: Secret +metadata: + namespace: {{ .Values.namespace }} + name: {{ include "argocd-agent-principal.userpassSecretName" . }} + labels: + {{- include "argocd-agent-principal.labels" . | nindent 4 }} + {{- with include "argocd-agent-principal.annotations" . }} + annotations: + {{- . | nindent 4 }} + {{- end }} +type: Opaque +data: + passwd: {{ .Values.secrets.userpass.passwd | quote }} +{{- end }} \ No newline at end of file diff --git a/install/helm-repo/argocd-agent-principal/values.yaml b/install/helm-repo/argocd-agent-principal/values.yaml new file mode 100644 index 00000000..6deb59f3 --- /dev/null +++ b/install/helm-repo/argocd-agent-principal/values.yaml @@ -0,0 +1,181 @@ +namespace: argocd + +# Image configuration +image: + repository: ghcr.io/argoproj-labs/argocd-agent/argocd-agent + tag: "d7ee8580" # Use specific version instead of latest + pullPolicy: IfNotPresent + +replicaCount: 1 + +resources: + limits: + cpu: 2 + memory: 4Gi + requests: + cpu: 2 + memory: 4Gi + +# Service configuration with LoadBalancer +service: + type: LoadBalancer + port: 443 + targetPort: 8443 + annotations: + networking.gke.io/load-balancer-type: "Internal" + +# Metrics service for monitoring +metricsService: + enabled: true + type: ClusterIP + port: 8000 + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8000" + prometheus.io/path: "/metrics" + +# Health check service +healthzService: + enabled: true + type: ClusterIP + port: 8003 + +# Principal configuration for production +principal: + # Additional arguments apart from default 'principal' command + additionalArgs: [] + # Example: + # additionalArgs: + # - --redis-server-address + # - argocd-argo-cd-redis:6379 + metrics: + port: 8000 + healthz: + port: 8003 + listen: + port: 8443 + # Logging + log: + level: info + + # Namespace configuration + namespace: "argocd" + allowedNamespaces: "argocd,argocd-apps,default" + + # Namespace creation (usually disabled in production) + namespaceCreate: + enable: true + pattern: "-agent" + labels: "managed-by=argocd-agent,environment=production" + + # TLS configuration - secure setup + tls: + secretName: "argocd-agent-principal-tls" + server: + certPath: "" + keyPath: "" + allowGenerate: false # Never allow in production + rootCaSecretName: "argocd-agent-ca" + rootCaPath: "" + clientCert: + require: true # Require client certificates + matchSubject: true # Match subject to agent name + + # Resource proxy configuration + redis: + compressionType: "gzip" + server: + address: "argocd-self-hosted-redis:6379" # Defaults to argocd-redis:6379 if not provided + resourceProxy: + enabled: true + secretName: "argocd-agent-resource-proxy-tls" + tls: + certPath: "" + keyPath: "" + ca: + secretName: "argocd-agent-ca" + path: "" + + # JWT configuration + jwt: + allowGenerate: false # Never allow in production + secretName: "argocd-agent-jwt" + keyPath: "" + + # Authentication - use mTLS in production + auth: "mtls:CN=([^,]+)" + + # Security context for production + securityContext: + capabilities: + drop: + - ALL + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 10001 + seccompProfile: + type: RuntimeDefault + + podSecurityContext: + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 10001 + fsGroup: 10001 + + # Node affinity for production workloads + affinity: {} + + # Tolerations for dedicated nodes + tolerations: {} + + # Node selector for dedicated nodes + nodeSelector: {} + + # Secrets configuration -Use create and base64 encoded values to create k8s secrets + secrets: + ca: + tls: + create: true + key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRREJWMGxqVE9hM3NCUVQKY1NSWXpnenB5cVU3aWdNWWtBUmJmc0ZzZVRZTVpHS1paeHJZaHQ3dmVVL2xjRngxam11U0JkWlJOZVBpRUcyMQpsUytXTkpXOFFmbW55SmhIUWE3M2ZaTHRubzA2UFdYL0kwL0FTTHZ1WGtzOUliZ3d0OXZTelVGRytteEROSFd6Ck1Sd0lBa2ZpUE1qVGREejlOVktpajJrcmRHR1VzbHF0aHZldldqU2RrRk90Uy9qajFLUCs0Z1FrSG9ZNEdVcHgKU0ZtbEl5OEdodG9KWXYwbUtrck9pVnRUYWtoUVJqck9nYVhvTVAyZjd2Smk4UCtEdWo3UjRMU3dLQ1pJNEZWVwpRSy83ZnpOUzc4ejlFWFQwaEZSb0ZUMUR6MnB6OHFSZUljL3M2eW9XcTlXRHRVOUdhZllLemZPWVE3SStmTXlqCkxEa1RDbWVKdkNoaUxaR1RaaUZlQmpJZEhhQ1NUTzFzNHNkT0xGb1FtYVRmWXVnNnVLc2llSFpGMzF0VlFMeXYKeHRndjdnN01RS0dkRHd3TzZyYmtPdTlDeGhYd3A1akNQamxKR0RLREtoL2duMGFHREtZaW9NWktzWFJvU3ZRcwo1MzJqdWxUOUNWL2VBS203UnhodWM4SUlFUzVZSW5xbEgyRStOSEpoTXcxamdtYzNHNVdPdkM2RERwRGo4UCs3CmdJalZGeEpvTlVYVlI2Qm1IVmovTWRHY25kODNSeDFHallHenVJaDhMSjZRK0xBRCs0NUw0VWR0MERFSGlTRHUKY2FZRkFUL0dwYkF4bGhtTzFRRmwwdjR0UkVjcTE3YmkzT0RUcjYrZi9jQ3BHTjdSa0FsbmVaTG15UlppV0dXMgo5V0hBdSthZTJXaUNIbXNEMkQrbHNXbUcxc2szU1FJREFRQUJBb0lDQUFITkJTUEhTK0h5ZGFqT1ZqM3NtMWt2CmFEbkd5dUM5ekY1Si9INWIvM1crNkZwVGlBZTlwZHpUcjFiWVd2b3RSMUozOHY3dUJFRTE0S2t1bGdhWkdSQ2QKK2pmRndzZHBiL3dubG1xWnJicHlNUlRiQTdHK3pDMFdVM3lSWEFqRmx4bGJtL3paWmZWRm9KZXl4WE04bmZXYwpLV3habFR1TFZuZ1dLUS8vcVkrZ3lJTGRhOFdsUVRIUWhWSm5PamwwY0M4SjBiRU9NWHo2TUttamJzYlFPY1BWCkRrMGhzQVFxZFo3YjN5LzVHT1pscXdITTlZQWU2TEwxR3lxb3l0Tm1EaFp3Q2VFOTNrRHdHUVdTaTFBZkNrU0sKVktLVG1lblhvUWo1WlczYnZHbWFwT2c4R1ZTd3J5ZzFIWUZsSGdUWE5BbnVUUFJVdHlkRWJQVHVua0xmQ1NLbgozSjN6RCs3L0ExUlBpQWYrOHo1SmtQaGlWeFlNMjV1UlJwVHdrS2I2Q0QzSmxNSDdpSVRDL1VPLzM1L1QrZDRTCno1dlFkcEN1MlExN2ozNEdKMG5zSk0vZkdrblZzdWQ2V0pvYU1zZEs1Z29wSFRZV2phc00yOGxHbzVSUnZkVUYKak9iaFdlMU96ajBXaGNURi9qK2ZPV3pzK25RU0h2cVBiZWVaQUFrVHdhWWorMG5oYVJyc1JHWWlCbnFhcEJGOApTS0hKcmdyNkFXaGU2azlGcWMwUlk0a0FzZGJycDFxb0NhVzVtRERkODVFUzJWNjhZdVdScWdxZE5NYUU2c25aCjFaV1F5ZHkrODcwMG9ycSs1YkxkekNLdFU1ZllFNktBZ2dKVW9MWU9vR0VlMklkVmpQdkttYktUVjM0MlZJMGQKNGVxK1E4c0hpeGZGRDlmUVZUeUxBb0lCQVFEbjBGSjcvNVBNNWdjUGpmaVZxaEZrWG43b0h4NU4yTUVybjkyUQprS0VIUWY2YnNIbVFxTlJFOTFiL29NK1FDcmlPTGtaRnY0d0dWVUJwd1VXWXdpemEwK0RDMUx2Nlk3M0p3NEV1CmwwQ3k5RldpQjhzUy9yMXVvRjBXbUx2M2lmVE5IcTlBR3kwczdOME9MRDV5ODZxbXNHRUVHUEV3UHJORnV1S0cKeW1GcGNGVVpDN0V4TDFqK1hmazIxRmcvam1Yc2VvZEw1N3lkWXVIZ1A0VlloUFo5WTJvMWVleHVxV05FSFNjNwpDQ0ZuSzJpZk1zM2lJREdFaUtIc2RsNnp5bUo3Q3E5VVVPWUNZTUtmY2lWZ2xaZGtMTFlUT3NhVElUSnBkT3lxClM1TElpNXZhekZxYXY5aUpqWUpRZzNrVUxJTyt3bHlaUjE2ZmtZSHo4ZEFucENTUEFvSUJBUURWZzE0S2FWT3EKb2ZGNkpGR1c0OWY0TFRsMmJ6ZTZMUlI1ZlZpTFZCTk5pTnZ1cW5mRmNTc0k0eXlsOUdpaTVSZTZHMnB0c1ErSgp6T0VNYXFrVzVLYVpibTFOSzJxQzA1VktyQzdKdklSQ0EyYU5zRTBnVzF6TldYZThNODhSV1VrRGhvd3NBTFdpCm1UVThUall4N1Y2M2g4cElJc1drbnpXOVpUWXd6ZGw4MG9UZG90WVlmaWU1bUpNZkdUSlQrSXB4MTlsd2J6VHQKTEZkbVBibXNmS1ZvYzlWU1R0YTdXVEF0aEZwVkdLeHo5cmZHTmt3cnVqa2FmdUZVdG0xVHgyZk9pN1Z0MHBCUwpybkxlRXRUd3BDV3hQL25wNk0vZ05zM0w4bG5WMUtwb3oyNU1iWE9HanZWK1l5Y3RDSHJ1T1NDWXJsWEpLRU1iClNTWlpySDN6YjhLbkFvSUJBUUM0ZTdYcE1OQ3pOQzFTVjY0Smpic2hvWUpsd0w0aFBlc2RpTENQcUVvK3VHcWsKQktINldpSDBjTk12eFE3cWwxMmc2WHJMYjFGRWlQd21MY1h4ZURheVFBU1RpVEhBWnpoWEpkdmM5RXB0SUw0MQpvUFlnTzlNT0ExbVI3aU5KTU9VOWlMbjN6cWo1STlnWXUyVkhubHVsSktGUTNYaTA2SEZMZ1J0ZUlobThDOFh0CmxMeURaQ2J5NkY2NUgrekxSOHdka3JXeDFzN29naFU0bmRURlNhdlF4aGwwVFgrMzRkNDZDdWw1dFZMQUJHL1MKb2wvdklhZkd6ZVh2aFpTQWlRUXUzNllBK0JEVXU2U250L08vRmMzUnp6Tm53bExlTElFdUkvdGsyNWdKT2ZIagpBdGJvYU4wdk93c0dnRnNQancyWjlwd3k3L1dDRUE3WDBRM1RQbkpKQW9JQkFGT0tCTDk2R254R3hKNlBtMFM0CmZRWGpXL3BVNWE3NGVHeFllTTU2NU5xUFU4Mzc4TVRWMUlxenFBSitzSG9idkw3YWZ6ZlA4VTV2VlJad25Sd1IKOW9WTnlZSktISEIzckkvODhvbUlNdzlKR1ZVU3gvcURCTHByNlFkQUZpS3Bsb0hFb1ErT2I0TGhBdzFIWkxrQQpNUEVLTmtFbktjR1JjWXRiRUdyai85WnczLzkvK05pNGMzNlFqZSs3QWhBTXpNNWlML2RuNjROb3VBR080UmoxCjVCb01TRWplQS9KbG9RNE9IUEh5cDNidjcxT2tad1VzNWE3U09nUFZKTTJFMWI3Z3R1bnpXdmlldk43YTYyb0UKTDZNOGJ1SHdiM1ZBdkNDeUFDaEQvekRuQ0RickZDcHZ3T25ramExM0JmSXpjK2VKUHBOb0oybURvM2V1bjlFaAp4ejBDZ2dFQkFOKy93cGk3Mnh4NndtT2xqTDFpRjcxL2luOThLNERrVlN6b0k0Rll2R2thaUpPQnRKNGRla1ZOCnJ5ckdJcTlkaG1NSElwUW14NWEvSDBNbnR2dmRwSUFaZFcxaUJONnBtQTlYOVZwa1ZtcmZCdWdYcWxxQ0MxankKdlRBYkFuaEZNWVdJVklIeTMzdC9FK2t4T0ZUeU94T2ZjdW4vbVJCczB6SnloUFVjVUtRTjJ6aUtWbEt4Z2JxdQp6Tzh2SHlUYTY2WTFwaHJFSm5kT3IrU2hwSTViMnQ2MGZRZlJYUTdjU0Z3RGxya1ZBTTZLdllkcHFpUWdjZGxkCnkxYmUvRUp3UjJTSktXTkdMbzFGS2NRbWc3SEVnWWRXS2VQNmM2UTV1VVVVT1lRK3RFT2ZoUWpteHhQMjZ3L3MKVzcxRzdNUlBYZXdLdGRRb0ZDY0t6NUFZa1hvYXBaQT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=" + crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZGVENDQXYyZ0F3SUJBZ0lVR1ZoaTFMRlBmWXpqTHV0SUZuYTREN0pjdktRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dqRVlNQllHQTFVRUF3d1BZWEpuYjJOa0xXRm5aVzUwTFdOaE1CNFhEVEkxTURjeU9URXdNRFUxTkZvWApEVEkyTURjeU9URXdNRFUxTkZvd0dqRVlNQllHQTFVRUF3d1BZWEpuYjJOa0xXRm5aVzUwTFdOaE1JSUNJakFOCkJna3Foa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQXdWZEpZMHptdDdBVUUzRWtXTTRNNmNxbE80b0QKR0pBRVczN0JiSGsyREdSaW1XY2EySWJlNzNsUDVYQmNkWTVya2dYV1VUWGo0aEJ0dFpVdmxqU1Z2RUg1cDhpWQpSMEd1OTMyUzdaNk5PajFsL3lOUHdFaTc3bDVMUFNHNE1MZmIwczFCUnZwc1F6UjFzekVjQ0FKSDRqekkwM1E4Ci9UVlNvbzlwSzNSaGxMSmFyWWIzcjFvMG5aQlRyVXY0NDlTai91SUVKQjZHT0JsS2NVaFpwU012Qm9iYUNXTDkKSmlwS3pvbGJVMnBJVUVZNnpvR2w2REQ5bis3eVl2RC9nN28rMGVDMHNDZ21TT0JWVmtDdiszOHpVdS9NL1JGMAo5SVJVYUJVOVE4OXFjL0trWGlIUDdPc3FGcXZWZzdWUFJtbjJDczN6bUVPeVBuek1veXc1RXdwbmlid29ZaTJSCmsyWWhYZ1l5SFIyZ2trenRiT0xIVGl4YUVKbWszMkxvT3JpckluaDJSZDliVlVDOHI4YllMKzRPekVDaG5ROE0KRHVxMjVEcnZRc1lWOEtlWXdqNDVTUmd5Z3lvZjRKOUdoZ3ltSXFER1NyRjBhRXIwTE9kOW83cFUvUWxmM2dDcAp1MGNZYm5QQ0NCRXVXQ0o2cFI5aFBqUnlZVE1OWTRKbk54dVZqcnd1Z3c2UTQvRC91NENJMVJjU2FEVkYxVWVnClpoMVkvekhSbkozZk4wY2RSbzJCczdpSWZDeWVrUGl3QS91T1MrRkhiZEF4QjRrZzduR21CUUUveHFXd01aWVoKanRVQlpkTCtMVVJIS3RlMjR0emcwNit2bi8zQXFSamUwWkFKWjNtUzVza1dZbGhsdHZWaHdMdm1udGxvZ2g1cgpBOWcvcGJGcGh0YkpOMGtDQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFRk5BVHhtYXdnb0sxWTNYL2ptWW90UHpvCitIV2FNQjhHQTFVZEl3UVlNQmFBRk5BVHhtYXdnb0sxWTNYL2ptWW90UHpvK0hXYU1BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnSUJBQ2U0RThIRVJxZjN3clo5TFBDN3ZGNnk3MEFsZTJIZwpYOVI2OFI1dUNRVlhvdDU0RDk1VHhjVkR6MXdtU0ZvMm5lSUFzT0pVS29DelovaXd4VWZSWFoxQnhrdXBkR1h3CnJOR00vZHFtTCtzdk9ibUVNQnVyRW9ZbGJWalJMSlhiTTZVOGVFS1UwYnRiaFhJd3MzRXZmdG96cXBHSmwvaTEKYitramVQNXNwd1RiVk83d2RZV3hYdFNWcVJJdkdsU3pxcHI2c0k4VXYvN3R4cXdMb1FJNW1qMkhMa1hlYUVVbwpWZmhpZXhtdVhELzhxeHJnVzZsUVpDZ0xRZjVMVkg0cDNwUnNDSkRHdjd2RWsyeFBuV2U3RzAwMzY5emM2YWZVClFjYlNlN0JqQW50UEduSXdmcEQ4L05VT0VvdzVvVUdKUFlBd0VtQ2hiaXNoMnpYWFJTLzJ3TEp4WkJyL3lDMWgKTXNBVWpNT2Y4WTMyWFV3Vll1TmlORDBFeDdadExiR2JEWTFvdjhvckN6MXpMdTB6dDRtZUxwZm5oSkRwcFlVWQpqYURCNW51R3lOYmZqN2FmRGl4V3RrYTBYMExIMld5YnIrNCtNbzJMcTVSWG1nSW44ZmlKRXBvd1ltWWdUb0NyCkVkSmp5NkxEOU9yWlpMY1A4NzFZaDlkV0wvSlgwY1MwMzhhMmU3YndFZEl3c1JVdUhzSEF5T1g4K0l4b0puTVQKdWo2eTdkSnpkeHg5RDRvb3Mvbk11SEcxejRJUnJ2QUhNRVh5NDNBWTRHWXFBYUwwMWxFcWNIaTQycjZ4cmNONwpUem5remZTOG40SHNUaExNdTZCeG9RcHhRSHh5N01KYU40NGtvejU1N0hoMEtsUDUrczdLQkJsZEFaOEtkdjMxCjk3RnNFWUpuNDhxdwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + server: + tls: + create: true + crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZwekNDQTQrZ0F3SUJBZ0lVT2VheG5FTzB0V0pNZ0lqYWFhR3VKWUI1NjNFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dqRVlNQllHQTFVRUF3d1BZWEpuYjJOa0xXRm5aVzUwTFdOaE1CNFhEVEkxTURjeU9URTVNREl5T1ZvWApEVEkyTURjeU9URTVNREl5T1Zvd0lURWZNQjBHQTFVRUF3d1dZWEpuYjJOa0xXRm5aVzUwTFhCeWFXNWphWEJoCmJEQ0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQU1WM0pzK25CdzZmVjBsczFoK0gKRnNIUkYwWld1MXZ5WkJQN3ZqSzhiTW1nSVZyNGpsNjU1MS9MUWtONXY4WHMya201SStVVml5aDc5Tko2RTVCYQowVEgySW1HUDYxVXRjbW12aDdrUC9mQVAxTmFSNFNMdFNNNlUwc1RSSmlIODRVbW5rUys2TVZrWXdJM0dnRitPCkhoa0NmT04xb3lIWjVZeWx1N2NPNnZ6alAxcFQ1Qk5SV2N4Mml0clpzMHp4MFJIWXMrTkFaZzQyUVdSTkZJZWMKR09wYnZhNmZYMzE2ZWQ0bHlwMDdaR1FENmE0NUxFdGlBMjJyeGlSRGlnYWh3ejRDTnR3Y3JlRVNlWkV4V2xEMApWMlVXNDJwQ1NyaHN1Y3l4UWNkdnhKc3Q4M0JiV0V6MnllbFFRT2xzYmNqUHdqTmxjYlFQaDhSTnhtekRXalUvCmtqZWZ3V25FVnp5MkNwcGNSdzJjS3lQajhSOENIVUc5Qm9ON0krY1pjeVByMUs3UGpNcVUwVmdJcmIrc1NJTHYKS2l1Ritla2U2VXUxbHY0YzNpVFcyTzJhSWtiQmRyZmcrUVJzWDFaVjRqWDNqbTBaZFh2NDlqSFp2dm9ZOFFyeApSbHFyWHVORmJIeXN2bE1sUVBGckQ5ZmpkOUZ4M0xkb1EvM3pZT000dEFCb3Jvdmp6ejNoYWVyS1RQN0o1cjgwClJNYkdwdmdEczUranNRV0t1YzBCQTJuU2JoSW1wV09YSForZnJwVEJjdzJGSm52dlRBRlRVdllCelREa2s2blQKOW9rQ2ViTG9pUm00SEI2WnhJSkdLWmVYcTFlTkF5OHNUb3AwTjZBbTd2QzM3bkNpbDgzZjNIQTFJVllpVUFKRQpYREpHemlwYzhYWUp2Z2xSbGdGcThUdlRBZ01CQUFHamdkMHdnZG93SHdZRFZSMGpCQmd3Rm9BVTBCUEdackNDCmdyVmpkZitPWmlpMC9PajRkWm93Q1FZRFZSMFRCQUl3QURBTEJnTlZIUThFQkFNQ0JMQXdFd1lEVlIwbEJBd3cKQ2dZSUt3WUJCUVVIQXdFd2F3WURWUjBSQkdRd1lvSXZZWEpuYjJOa0xXRm5aVzUwTFhCeWFXNWphWEJoYkM1aApjbWR2WTJRdWMzWmpMbU5zZFhOMFpYSXViRzlqWVd5Q0kyRnlaMjlqWkMxaVpYUmhMWEJ5YVc1amFYQmhiQzVuCmNtOTNkMmx1Wm5KaExtbHVod1IvQUFBQmh3UWlYUTBYTUIwR0ExVWREZ1FXQkJTV1J5NURhNkdNM3AyQzdpbC8KM1lXNHl4ZEZWekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBZ0VBVStHRTZsd3RkNzE0L20xUmFsY2ZYZDZHajlBVApnU1RwWFQ4VWZLakJTaThTazBZN2M2OEZLN0hCRzFhc2N2MnQ3cHhMM1dCRlF3Unl4eXdVUVRCek4vaHhSRDF6CllJTXI3bzNtU1JxNTd2cU55MTVCczNpQXZSUGhQUjVpR1FjNHlmMHFZR28zSFIwZHR3TkZXY3NIWVNXQk9hY0EKeWU4Qkd6N1NUQjZaaTJUMlJpeTZrb0VMallLcGZIRktKN1ZuQXdoeGlucmc1bkJQSHo2eS9zejZoQzMyMGcvWQpzRlZ1aDJxSDNZYTNleDd2T3NKTERJVldjQU9ZVFJLOEpoTGJOU3ZNMUdzb1Bad3Vad0tNaFdkVThBcjdBd1lGCmN3bWJnMnFhdXcxQUZIMUlHVm81VUNXbHorWllOcnJTNkVONG91bnJidXE0Q29KRzk2S0w0Z2hiVlpXZWo1cWoKSHdsOThGZHJlQ0hxamNWUWxRSXU1Tk9GeXlHNUJlMlQyM0l1WDRCYy9TVnE4VXlvQVVWTmh0cmV6QzM2cHNENwpVVlZkNHVYdnkyK1RUN0ltZGp3SjYvMHI4SzZtekx4UzY5NndrOE9FQ0RhSVRpcTBCRTN2K2JYemtPN1dRMlh5CnVoZTVjQUFXblVvbzhmQTdmbEVPeDBqN1VwZCtjNU5iWC92TVFNck1xeEM0YURTaTd1eFExTTJDdkNURDBDWVkKSmtGQlhsaXRLRHh1a3dpMGQxSnFqVWtRN04rdnRRd1hXRUlGR0VuUXcwMmRyTGhobjJGdU5zTjZKcVFSRHNMLwpPQVFaU1lIUDRtaHJEL3RzQy9DbEdsaGhONmlya2MxOGJFS0VpUjYyZ00vbElSMmdwRzRIa0NqaDF5MFlMWGsxCld2cUFPaG82cjBOVUNBaz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" + key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRREZkeWJQcHdjT24xZEoKYk5ZZmh4YkIwUmRHVnJ0YjhtUVQrNzR5dkd6Sm9DRmErSTVldWVkZnkwSkRlYi9GN05wSnVTUGxGWXNvZS9UUwplaE9RV3RFeDlpSmhqK3RWTFhKcHI0ZTVELzN3RDlUV2tlRWk3VWpPbE5MRTBTWWgvT0ZKcDVFdnVqRlpHTUNOCnhvQmZqaDRaQW56amRhTWgyZVdNcGJ1M0R1cjg0ejlhVStRVFVWbk1kb3JhMmJOTThkRVIyTFBqUUdZT05rRmsKVFJTSG5CanFXNzJ1bjE5OWVubmVKY3FkTzJSa0ErbXVPU3hMWWdOdHE4WWtRNG9Hb2NNK0FqYmNISzNoRW5tUgpNVnBROUZkbEZ1TnFRa3E0YkxuTXNVSEhiOFNiTGZOd1cxaE05c25wVUVEcGJHM0l6OEl6WlhHMEQ0ZkVUY1pzCncxbzFQNUkzbjhGcHhGYzh0Z3FhWEVjTm5Dc2o0L0VmQWgxQnZRYURleVBuR1hNajY5U3V6NHpLbE5GWUNLMi8KckVpQzd5b3JoZm5wSHVsTHRaYitITjRrMXRqdG1pSkd3WGEzNFBrRWJGOVdWZUkxOTQ1dEdYVjcrUFl4MmI3NgpHUEVLOFVaYXExN2pSV3g4ckw1VEpVRHhhdy9YNDNmUmNkeTNhRVA5ODJEak9MUUFhSzZMNDg4OTRXbnF5a3orCnllYS9ORVRHeHFiNEE3T2ZvN0VGaXJuTkFRTnAwbTRTSnFWamx4MmZuNjZVd1hNTmhTWjc3MHdCVTFMMkFjMHcKNUpPcDAvYUpBbm15NklrWnVCd2VtY1NDUmltWGw2dFhqUU12TEU2S2REZWdKdTd3dCs1d29wZk4zOXh3TlNGVwpJbEFDUkZ3eVJzNHFYUEYyQ2I0SlVaWUJhdkU3MHdJREFRQUJBb0lDQUQzcndrRGxpS0grTjNudjVpbFd6RDBVCjJ5NlViZ1pFT1R2RytucWdlYUMwVlNGWXhoUlFTWXpSaVVMdGY4U0tKRjF2OENDYkk5c2JHOGVRdm1mTEFzU2YKQVdNRXBYQTlZeDVmQzdsdG1WelpLZzNyQ3VWUDhUL09qVlZvbklPVjcvT1AxMGhYSTdoanVhWDd0Qy9DdWc5dgpwMGdRa0lwQjhPaXM0L05nZXpHMzlSclhLYk1oRkg2NFFZeWxMY09ZSk01cTNPWUxRTFYrTC8xSzZvQW40K3hCCnZuWnV4WnZzZHlEQlN3c0pIODc1SnlNYURKaks4SFpJb2thbTR6WjNMV2xaZW1pRm1jVDFiU2VwaVQvUGowUkUKN0NWYkNtRlF2dWJBUXZkT1JpRy9SQkpjb3BEbjVxTUNKb2pNRnBVZENUSGl3c2dMQXJEOURwYjJuMmdKT2trbgpya3o4eFNOSTl6Uy9uRlJTNVRmRXFNbXloVFNwZWtSTm9TZllxZnJwc3U2dlg0blNNT2swZWd4N3paNGdaNmtECkM2aGRDNmkyQ09jQmVGUkhydStaQjlDWi9wdHdYaTh2S05vMEhyR1lTbEpSdzJKWHkxWHl3R3hvV21FdDBJUzEKSWk3TjZNQ1YzYis1VEltR0hGaGhJN0dyR2laYWU0TE9pYllXN01YTmhMMlptcGNLblNBVHkxVFBZTGhWSVZxKwpnRmtCcmM1M3VyczFXUm9pYjJyempPcDUyRGllUE5OUytmQXoxOE4wck5oYnQ2VVJUa1RUZ09OeE82MkJNU3hLCkprZ0lYVmtJYW9Ld0VIMnhKTm1XTlpaME5HbnlEV0FTT2FtOEZhbFIvNy9LWU9PbmRUb01TVEVSbGxXVERlM3AKNkZUbVI4c2tDUWtQejJlMEswSUJBb0lCQVFEeDArdjFXV1ovbStyYUxwblVDR3lpaDRNR0JwWjVvYVF3ME9xcwpJK1hFdFN2cWU0aHdSc1lZaEV3MHZMcTNkZC9vZVRkWGU3OWpaOGhvSVU1STVkNUpTRUZ2aXJYSVlJRGtkZVVICko3c2tNZHc4MnNTbnpiY2hWcUx4WSthcWZ6OXBoa1dVMXJmTW1EQklMSHUvQU9EcVRUTnlSWmNML1h4c0R5ZnYKUXF0cUcxbE1kRXhML2FDeHBockdLK0RKUVRPTElQRitkQkFydGJXUWxXNjJ2elZOOFI4WHlhekF2VWFHSVZ2ZApob0s5dEFqYmNRak9DZ3F2TTdGNDZBOHVEbldXM3lRdVU0L0dEYVk5WW5ZQ1UyUytldm0xK0psb3puSVJDUFJrClh4a1NSR3lkc1BhTHV3cE5SY2o2eDdQRGducnlCb1pONXMyY1l3REhKcDVnWTc4QkFvSUJBUURSQ2F4Q1Z4QnkKYXhPZ09rTEpUTC9UekZBTFRLM3lCdW5IdndGdjF5YmpNckNsRmlCbWphUllMNFNjQVgvM3dPOFFsVGZhL0I2UgpYc1QzbWdaQVlOQTF3L0IrblVhVmZoTFVid016dkYxRURBWmtCcTJQcFVBQ29oTm5tQzhzZkRXb1ZHbWVnTlhmCkZnSjgzRGdtKytNaTBqYXI4ZkdBbzNlekZnZmRDNU5mNFgvck9ZQm1CZExTdzV2TEtDNVVraGhaQzRnQ1BnYkMKeTNxZzFkV2xCUmdYYXZsVHFUaVJ4V3Bub0xDajhqc3NzVHRBWnFCMnl4cVB6YkZGY0Ztc3lXYXoyODNXaC94TgpVaUpnZEVOSFlWSFhHQkZJY3loNVp6cmNSQTlPT1FhWjRRMXlocE1QbTJUUXlOeWJVM05Md05QcjdZTVF3N1lMCmF2MUU3c2E5Q003VEFvSUJBUURTSW9pREpqQSs2c2xrMWVHdHNiUlVkdFNQdytHMXg1UFpKM0VFTEIxWWxPV1kKVjhmemFFeHl1V05PNEVDUGNzb2lSRkttbmsxc241NHhmZDk4ME9JYlk4SVlucnZmWnB3WjZhZ2VVNVAybTZ6NAo1RkRHVDZlMlBJWlNvN0NvcnZIM1RFbmlUOEplOGsvaUoyVlFULzhoR2Z4K2E2SVpOU2VNN282UkJhbldCZlhPCnpiQU95RkYralF2dTcrbmdkOXZHSmRZelA3OWRmQVJOb3N3VjJJa0ZOV1VEVXFmZXc1b29xNHdjTHVvazFmQnMKWHdoN29aWXZNQWdqTytNVTdsT1h5a2F5U3NKQUkxUTFPdjI0ZjZhbkxrMFdwdk1IYzMwQytIa0ZUdTJHUmhicgozLzRjNVdiS1JyMmh6UzZUMFNuc2JXYi9BblBnVk5jME5vYWcwNHdCQW9JQkFIeXFoU1pIWUZLc2sxYlNpRFFmClpxUDh6SndBamhpeWtNZ0VuT25EYWJqRDZWOTdVN1Yxc2RhNStCOUdNYmhqUXZBajNkem0wYUFtNGRjODc0K0QKYllrekl3R1A4S0dGUDl1Ym5WQkVmV2J3dVByOGxKUC9uSzQxVk5kS2hvL0VRQWYwMTh5a3oyZ3RheXhsOWNNaQpJL01IWlgya1hFQTR2VkY3eVJMR0xZMVlJZjc2R3g0OVNOOVRzMTAweUhTOWNISGlrNm1xcmtPTU1NVXM0aTU1ClhFWFRFWUVZZ2RsRjRGQ1BIK21XdEQzU01TRVdVNHFsVkdFQTdrRVlZUkxRUmtUcnlOV3g0Z0dIQTJOODB3Y0YKL2xZR1Q0QmkxWGVaM2h1eEoyT2lWTkoreXBOTHVQYnMyUEkvYUhubUNmUGF1MGlRTE1OWnhQOElQcVhXdFlYVgpjK3NDZ2dFQUhSdXlLK2daZGN0Y25lTXRSRlJ3SHg1VXYxcjR3TTAweHhtR25GUnd5Y3g1MlpjT2psY05SbnFhCkIrREk1ejhwSGVZOVFVaCtjOGl6ZUUvMkxLS2xFOFZjV2hxdVdCblRDVmoxdngvWUd1OHBpSEhjTGNaSjUrOXIKUGc4dy9HVjZxT2REQlJ0Qk1IakZNa1FGYTFVUnNlbFZQSFlmTzkvTktIMStKQUZHcW1kYWEyZGo1NVFGNkp5ZQoxbUpjQkQycVM1R0xZcHRPQ2MvTFpYUmJjTkVoRlJRTWYvc1dXTW5abkd4cTk2Sk9rRFVIeFBGdTg3ckVEcU9jCktiU2pRZDBSbTNvWVExMmVFL2N4Z3ZDTmZnZmVJQldTdmdXSjBISHZ1TU9jL1dGcmF0VFpoY2hVMTlRTUJGWjAKc0xrUTFUeUN2c3hPTjB6OWZnakpzeFhCSTYxUkx3PT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=" + proxy: + tls: + create: true + crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUYxekNDQTcrZ0F3SUJBZ0lVT2VheG5FTzB0V0pNZ0lqYWFhR3VKWUI1NjNVd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dqRVlNQllHQTFVRUF3d1BZWEpuYjJOa0xXRm5aVzUwTFdOaE1CNFhEVEkxTURneE1qRXlOVEEwTUZvWApEVEkyTURneE1qRXlOVEEwTUZvd0pqRWtNQ0lHQTFVRUF3d2JZWEpuYjJOa0xXRm5aVzUwTFhKbGMyOTFjbU5sCkxYQnliM2g1TUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUF6REVpbFZWQy9NVkUKZHoxTnhpaXQxcDNlTms2bDJQblJLMVRUanNpODNzT0xuQzFwODVGOWVsbVU1SmJEVGNVa2NxM2JHRElpZEgxYgp2Wk81dW5PRERvbGhtTjk2eEl2NzZIUmxQcms2dGRXczlaY21sUm1hcktLSW9zdkpQNDYwTHNsRnhYSTBsNVNiCmQ2Vm1ybFd4eGFwL01RWE5USjNETDhyMVUvcUFEcThRVlZyM1orZG1LZHNJOGdMaHg0T0d3WFdTQVM0ODJ6TE4KN1h6Y1RLWUM1aEhra2tXTDhVRFNiNFpvUVZQRVprRnd2b3pvK1o4SW43aWx0TUFyc1FsR0FLa0dJdVFnZjBFSgpUSEZKR0RYbGRUM2pDRmxreTZiUVJhMjIzL3RDT3J5V0pRUlhaRTBsYTR1a3FMeWZvamZkMmtzZHB0QWVLdU91Cmoxa2hMN0RKQ1pKZWl0SFVoWXUybVN0WVlWN09xSktBSUlCVDZWc2prQmxqU0dUSStsN05ZMWw2OUNGMWpYV2YKcDFvRG1TNklJeVBHL2NUK3dzRmMxcXZtQXE2TmNQaElyQ0drNmpXSXJEck1Bbzd6SW10MG51SzBVUmF1VjJ5cgpQTi9iZkZPa0ZhOCsxLzVGYjVWVVMxYktYeVlmTHVTZWdYaTRpZ1dCOUw3RkwxTmFwRFBiY3d0eEsvbTkyMlpiCkhja2FuK09zMFhPZnQ0TFlhYUp3b0JFZXgzelpJekRmR3pRVUYweVBSUm5RQjgyYVd3VVhkdXlpbmdHTDhobVUKY2FReXRkVm50ZTdCeUF1bVRieFNPY2x1aWR1MUlCcmtUWFI4SVRaRVRDWVRvUysxZVNCYm9JWHF5a2Q2VytNbApwYUY4OURPQWplakp1WWNHQVZZMFUvMjdqeURzbHlFQ0F3RUFBYU9DQVFjd2dnRURNQjhHQTFVZEl3UVlNQmFBCkZOQVR4bWF3Z29LMVkzWC9qbVlvdFB6bytIV2FNQWtHQTFVZEV3UUNNQUF3Q3dZRFZSMFBCQVFEQWdTd01CMEcKQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpDQmlRWURWUjBSQklHQk1IK0NMMkZ5WjI5agpaQzFoWjJWdWRDMXdjbWx1WTJsd1lXd3VZWEpuYjJOa0xuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2dpTmhjbWR2ClkyUXRZbVYwWVMxd2NtbHVZMmx3WVd3dVozSnZkM2RwYm1aeVlTNXBib0liWVhKbmIyTmtMV0ZuWlc1MExYSmwKYzI5MWNtTmxMWEJ5YjNoNWh3Ui9BQUFCaHdRaVhRMFhNQjBHQTFVZERnUVdCQlNpemJoaDdNNGoyekVBN3pSaAp5QmNPMHN6RVJqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FnRUFoSWRXK2w3UDFOakNTNEFxNFZ5K0NhRjRaQzVCCm81TG00RUMyb0RvZXBiSnAwdk9WWTkwcWFieThFVjJaeTVNUWN1azlVM09Sb2FSTXE1a3V3Y2lIQi9zb3NvMU4KSTQzVHRVLy9Zbi8raVp3TmhZa1hvOE9hSHh5SFZpQTluSXlXYXlpdVVqeWs1NjZHYzVJR3VkZXNJS0NFb2FoVQppRGFXYkNXdlYrM3lFcmdJZHFBbWpWZkZXOHAzNStOZVNBY2Q0T2lMY1Z1T1VJektBaTl3eFdJd21jZEhNUXFsCm5XMjFDVlpRZkVhWWRZQUpPd1p0ZENBZ3puVE5tQUR0TEY4eStVWTZLdTNQR281U1pIcDcvZ3VpbjFNcW1WVG4KbzR3NitvZzZzMUkrTFNsUm8rdzVBU2VnQVlLZjNwZmJMeGpQd1d0YzdMcmVqUzh6cGRtbkEzU09xdnFGRnJtTgoxdHV2RUgvVWVWYk91cGEwR2FQcEMzMGxvR05EMlhJeTZYY1FHaGFpelpVcElQQ3NjN1k5Vlk1NTBCa1RvQXdkCkw4YmJwZng0cTVMbTQxMEQyM1U2TFlGdldTcU9BcEZkRVhxMTBROFZRdDhLeHVlVzVQczNkaGEvbWQzVGlPYk0KOFNZeDZNMlZIdzlCSzFGV0s4cndEMVVjLzIwQUhjb0dlQ1RqMUh2S0Z3S0wxZHR6eGlvVnFkeld3SktiSXB6dwphUFN3bXlNWHRsTGtuZnQzaUdPZjlKbHkxRWhuK0t2RGpMb1JaQkNna0kzQ2NrM3paL1g0VTBlbENVODA0eXhmCmhHVmxvOWVDRDRuY3kvdUJySEdxY0ZLRnA1NDRjREdVRWdDWmMxeGNnNU80SVNYbElDWFZEcDdFeHRTSmN6OXMKVnVPMlR0dlNzWDUzQW4wPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRE1NU0tWVlVMOHhVUjMKUFUzR0tLM1duZDQyVHFYWStkRXJWTk9PeUx6ZXc0dWNMV256a1gxNldaVGtsc05OeFNSeXJkc1lNaUowZlZ1OQprN202YzRNT2lXR1kzM3JFaS92b2RHVSt1VHExMWF6MWx5YVZHWnFzb29paXk4ay9qclF1eVVYRmNqU1hsSnQzCnBXYXVWYkhGcW44eEJjMU1uY012eXZWVCtvQU9yeEJWV3ZkbjUyWXAyd2p5QXVISGc0YkJkWklCTGp6Yk1zM3QKZk54TXBnTG1FZVNTUll2eFFOSnZobWhCVThSbVFYQytqT2o1bndpZnVLVzB3Q3V4Q1VZQXFRWWk1Q0IvUVFsTQpjVWtZTmVWMVBlTUlXV1RMcHRCRnJiYmYrMEk2dkpZbEJGZGtUU1ZyaTZTb3ZKK2lOOTNhU3gybTBCNHE0NjZQCldTRXZzTWtKa2w2SzBkU0ZpN2FaSzFoaFhzNm9rb0FnZ0ZQcFd5T1FHV05JWk1qNlhzMWpXWHIwSVhXTmRaK24KV2dPWkxvZ2pJOGI5eFA3Q3dWeldxK1lDcm8xdytFaXNJYVRxTllpc09zd0Nqdk1pYTNTZTRyUlJGcTVYYktzOAozOXQ4VTZRVnJ6N1gva1Z2bFZSTFZzcGZKaDh1NUo2QmVMaUtCWUgwdnNVdlUxcWtNOXR6QzNFcitiM2JabHNkCnlScWY0NnpSYzUrM2d0aHBvbkNnRVI3SGZOa2pNTjhiTkJRWFRJOUZHZEFIelpwYkJSZDI3S0tlQVl2eUdaUngKcERLMTFXZTE3c0hJQzZaTnZGSTV5VzZKMjdVZ0d1Uk5kSHdoTmtSTUpoT2hMN1Y1SUZ1Z2hlcktSM3BiNHlXbApvWHowTTRDTjZNbTVod1lCVmpSVC9idVBJT3lYSVFJREFRQUJBb0lDQUJwWG5XbE1CRllWUWZHckdqazkvcjFCCkJRMlhCRnpUVDdtS0dqZmhyRUlGMHFFOWw1MVpUK21FbkltSDdKN0FGK1ZtaWUwYmJLZ0FFeUdJS1E0RmdHc1QKN0tBYTlwemNIVTIrRkdDczUwYlZqOWhvSFUxZmJmMm5BejhUVUwxdkZNNHpYNW1yRTk5WlI5dzkzWnNRaVp4aApWRUxZQjRZQ2xVOTVYTUJ1Z081RUJmU3BCV0ZsY0IvbXRzYjMrYll5UU9SODNTN2pUdTBOWnhVa0JreXFIeFljCnlWTFlmNGNLY0l0OE9MOXl4ZFBXVGV2N1JFUU4wUUJBQXpxb0R3cnFFaHFjTTZNMU1IOFNQaGViUnMyRmlIcGgKVjBSNHVlRHUvby82cXV6RzNxS3l1U0VCNkI5VHQ0ZmlEa1pKZlVPaGR2REdQNGRKY3BiZ1pDRHdvL0FoMjdGeQpCSitYajh1bGZCeTVyTXNab1dSd25vNTk2Yi8waUJMaGhDUDJubVlxVjNjNk1ENTF0TFRZdENReDFtQm5TNE5uCkJQbWdOMlBEMk1KS3hXMittMjIySzF1NllSUTRUMnFsMDBRbU5ISDVxRDZULzRpSW1vZllhYTJjT1NXUGVtY2EKYXd6UFNiK1lISlgzNmNUajRvSE0yUk15ek1zSHYwSGMvMFAvcmh3NHhoWTdYOVh3RGNzeTh5TW0vcmNYd05QVQpIQ2xoT05GNVJQTVl0cGNJRzZyOElaTlh2RG94OXF2TnBSYmYvTDg3WG9oWUNtRXlsQTdJL0Zvd0ZVN3AweVRQCkVCQ2pVcTRLcjU0bjVNVVJJSnpBMTRBamYwOUxubGFySHdhUGxtWjlWTTVvSFhZQlFrZjhzT04wVnBhZlcrNFYKSzZoWU1VSlRrWm9oNmZ5RUNXb0ZBb0lCQVFEMmhpQW1FaWVNSkdVeHVOOXE0NFJ2K1B4VWlqUGhhSEkzM1U3eQpOc2hhU3FJUWZlVWlPR3VhZjdnRzRpRE5IZDNXV0VzTlRVWGwrbm5CSVRZMWJmUlVMWmM2YVAvZjZ3eVU0bDNkClR5Sjk3SE5QajhjVG1VZWltMW0rcUpDNzY1M2s1RkFPYmgvUWRIZGE3T3YySUtaMUIxZHdtNDU2R0wwSzltK0oKNDlscnN3SjdtV2xxTEExbVR0Q05YRnkwSXE2VTMvczNpMGEyU2FpSzZFeWdmWmtuYjdmOTY0cHBLTE0reW5OagpERC9kWGhSV2xHd2FvU08zUEQyeHlzWkJleHRjZ1dPL1laUEN0a1YrTmpzb3VSMHJ0c01EeVpKWnp6WmpOeTA3CkI0WnBDWEZlZEZ6SlVpU0IySzEva2hucFd2Z0tOcFVacWp6U1kyazVmQXI3M0xGZEFvSUJBUURVQ25MNkZEQisKOGtPTGU3V3Z2dlpTbUh6WjRraStSaFdIWWZGMkVvdmMzeTNZWC9QTThyeE5yMkpKV3lqRnMzNTltaWl6YUl2cgp6VjA1L0pSVnlFZ2dnd2d4c0I5ZkJVNmxGeFhIVnhJbEllR1V3bC9JdDhZczg3ZzZRU0tiQTdkSWMrbTBYeVZpCkJndUxxTnlQak1FdXpoeCtSdEZsTE41WGdabEw4SmQ2VnU3RDU3emZLbVVScnRBTWtMS2Mzdzd0QXJadVg1UHYKZ2dib2x6YWhCU2lQYXNrME4rdEJDc0dZZ0oveFRNQUkrYjV2VHBGdTJwaVR6UVZmVjRDS2t1dmcvT2JaT05MSwo2Q1h2aGRLTFBPN1NyWVcvUC90TXBzdE9oaU02bmdFRURjVC91Y09qRXM4dkVtUDB4VFd3R2dWSzRlbUlKUUFPClRsc3ZFWGpHUFF5VkFvSUJBRU1PMndIZ0lGZlRzcDhpM2NzeWxsenJDcUJvYzVKV0dmT3VSSUpJZXBsdEFjYWcKcUVwMXRIZHpWSGl5M0I5UGgzOTl4dlNZVjNJbWZ5WVV4YTBrK3JoSEtvTGQrdlJLK01JckRVTmMrbEhzbHJWRwpzKzFWM1pHUzFvZXhUS1dCZ3hLM05EdW9vd2pPRllWck93aFplMDRNTURIV2Jwd3h6SUtGNUhOS3dtSzBiL0YxCkdxS2gxd2RFV3lDSXhrTE55RldBMDlJWkZhUVNSMEY1elJZKzlBRXhONGhmb09mWUJXSUlLZmtBWlFMdlMzTDkKcnFaVHZPWmtBWmd5UTFtZWhpUFVvbkIxdDM3WW0vQ29DZEdiQVI5WitKUTRLWkk2ZGwzb3JXb0lNdnl4YitBMApvT1MyYm0zUHBlbzBzTTIwVEJKakpJMjFyQlBDck9YUkl4Kzl1WlVDZ2dFQkFNM3NMK2tKL21icXBBb3I1REIvClJmekV0a3RyWkxYVW5rZlNLSXRBUzYvKzFpa1NWbFN0VDQ0cVMwdHVTbFJsa3V3cjhHYjdteGN2WStCU21VUU4KczI1UGtuK2V5WGlnVU5ZbmF6RWlNQzc3am5YSHB2bm83MzdzV2ZmSkZmQnhWV2Y1bWZkZmg1Q0F5bW1oWGtIUwpzakhnWE8rTm13R2s1M0VZSFdZUWl5dDJqWDZYNldiWlp6b2JDVldLbU11Y0hJUzBZN01oQXl4UW5LRDVhVVpMCkdpN2R4L1Q4Y1czREltd1dUajRyQ1R3dVBuRWVYa0xINi9GdDVFL0pUTDVISE9oczgwdjEwVkRZenk2a1NlcUwKREd4eHREZ2R6TkdPRWxkNkVYQjF6Z3EvekplRk1xZUdOc3RDRXV5OU1QeUs2S1RtYk1PWkcwckpjZWh1RVZxRQpJMWtDZ2dFQkFLOFYxOTh6dEVRVUdHdEpabEVVbW93SVZJOERsQ2lJR0pTS2JmT3RJdkFWRDJRdnhzQU5DVzd5ClZCUGJlYXJkMktYUnRhYmxMYUw4RDVvK0FHNUhNVGlodnkySng2ZFRjWUFBRm5tMGY5eTkzbE9HTlJqWStuU0wKQnZwT3ljVlF4THVyTzlyaFFsZWxnMnZjaUVpOS9UT1VqUkZKZ1hYNXJielYvdmFyTTB1OVlQMGRZYS95WkQzRwpPZ2hJQ3diZmk3WHBtcEJldDJDQUZqczVFRUpxOTFRTjlsckNqUTBjd28yRmNBL1JjRVFVY1Ezd0M4QVc4aHpBCmRxaEtYYS9NOHVxS21VUGViVC9YaFRNcnJaUHdKRUdEWndlT085QVFJVTdlQk1scWVHamlYYTRRVXcybktjblIKakRQbmMyUG9ZVk5VTExZbVkxdE54TWxrTjZyZWVOaz0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=" + userpass: + create: false # Not used with mTLS + jwt: + create: true # Managed externally + key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRE8zQndqWXZWbjJxUkoKNWlMa3lIUHRPemJkZ2JQd3dOak9YbFdrY3JQNmVqME1UQ2piSzhmTXQwMmFDRWRySzdJdk00TnNzcmJtTG16aQowWE5nbzdxWTcvcUxGZ1BzMnZyV2dIQ05WZTVjbjNlOEF5TDhseFo5U2FtVUV0TlhneWoySnEzVlFTUVpXbzRLCjJFTXpvTkhLNGhHWW1WOThBU1BLYWVyVFFmTTAzR1B0dmcvTE9BMTFBOWJEOExhbVc5Q3JsVUtCblU5cTY1WHAKaDVuRmcwNm5ZWFF1YWpwdzhTLzlpd1hVSHU4REZZcy85NW9SS3FiYlppOFBQZjN1NUgzOHhNTWVJSVNzazJ1eApnaER4NUlITWRxcjd3S3B0WUM5cGlybDh5a3RtWVJDUWl2VHZjNmZFVUQzcDdHNkZ1K3R1Wk53RHBvdjBIOGxhCk5FbThVem13YThJNHAwU3MydE5xbGJtNDM5M2Jzc3JzQ3pkOUE5SnlmdDNYZ0NZZWhaZHI3Y0NMSEdTaTl6amgKdFc0V1ZadzIxTi9yM0hrdFBsZ01uTVR1TXdVWjI3LzAvSm9LQndPd0pCajJZNUhkSWpucGxKNHhqejM2M2FveApiaW0rYk9YZHBFSTZ3akNTY2w5MVVESThPTWFCVWMvTGkySGVDR1dOemRrOUhkTGt3VEhIa2tzSTFkdGladlYwCkx6ZTBqdUFBaGJJMW12ZnFabkdNVmdaZHIxUUc4MkZlVllmK2t3S1pseWxFVytiaVlEL1hWM1AwMnRlRERZWnAKM0crNGQ0WnRFUVJyT0ZXcy9PWUU4UEw2dnBpdGxLSi9Xd3RwU09Yd2pGWThibVJ0akVQVmhLRzZNOWIxTU1BNQpaR0NjdUdOSFhwOVg0NDU2M0dwbXdMRlRxRE9Cc1FJREFRQUJBb0lDQUFHTE9zSUlXbXJIb3RlQzJsS1JETzF4CnRsRjlwdk5HYXkvU0hDdEZxR0oza0ZaVHlLL0hFajhNeEsxZ1A3RTA4cWZmeDJ5em9rSVNTV0dCZk80VkZyN08KdHJUY1NaUDJWKzRySi92a0R1cjl6VEhYNTZaUk5kdWlSYnZiVHB5OTk3dXJrdnRQR01jQUtpUjZVL2tTQzVMTApNR1N1UzF4RWNXa1F0STRXVlV0NUZCMVpnR3BzdlF2NUp2eVFJcnJYMzFVeWdGd3hpWDdUcW9zalJoSm5iaG81CmM5bW5WUStUK3o3V0QybHpnQ2Jxblo4UStPTkZLVmprbUxnUlIwQ0Z6OHRueUFtRTVseVgzcE5FOUYycnpneXgKdTRtMHVNam5jWDhsQ0FpZWhXVEtsMm91d1ZCNnNWODVscGEwK3lld0hQd1dVRjZPR3dnTHh5L1BTVmdZbW1yNwpWY0QwNStabWhaYjk0ZkNXK3k5cjdFM1FKV2dZQ1ZaMHZPQ3NjcTVFTXl2RkdCUTFWamU5SzVhNnFrSHpMUlErCml6WlhhR0o5R0ZMOEpFODdQSTNqSDJlQTV5WU1JaEMyQStsUWlHMTdGb2lTdjlqdFRvNk5SejVUZTQxMVBFT2kKdkZrNm5iOEkxdXdDVkxLZkc5cjBoYzkxQTdTb3A1K1B3YjBka0xlbk5FeVpSeWdzS095ZXRvSTdpem51WmtlagpoVEJyc3VRSXlwT2xqRGZCcG52bzVxZmtMd0ZwT3FmcGZlekpGS21Ed1c0b0ZXMzQ3ckp4TjJjaGZEYkliMUc3CkRSNXNOSWxCOUMveDlhMTZjN3J2c0czaHFocjlWSG9VWXlWREFTdkp2MU1qdzlSV3FDMXNSYm9VZnBOMzFDdnEKQTdCSU9pc1AxK2RVN1dacDZwREpBb0lCQVFEOGdQTmFrWndubWpKdHk1OWcyaFhqNlQrTWN5M0kyc0N5ZXV0OQplSXhlekMvTWpUQ1NEbElwSXluckhWdTY3amFHVmFWNDRBT2N1MFZoU0JEL3M4THVIV1hlcWF4WGxCRnE3YUVYCjEvbmkxQzVFRHFaU0VzdmR6QnJNL0RpSFhqU2FkMTFPT3J5SW9xU3JJamlFTkI3NlZpdVUwM0E3MStiU0xHTmcKSTJ2YlZQS3BIeC85L1hxNlBuQlhMY2d4d09pNnNQQzVlWnEvYkFjUHlYRkVXZXh1Vm5rM3NQYkwrWlhzLzJFRgo2ckJJQTV0R0pKMllzWkZZZ3lsb3h1cTh3ZEJpaHNxTjFYMFJLdTlOZTgwUkVpbDBZbEVrWDZEclp0cFVITHpyCmZJT1FuT2tBNlhreUxaZVBVbGJVcS92VVU4WUk0Z3hlZUVvdHpVZmg4T3psYTNoNUFvSUJBUURSdVYyTnJJOFMKbllGeHNwUkZYVEQ2eXd0ek0rMGdMaENmUkNkd3V1K1NsQWlpU3pTam9RM3ZteXIvZ3RrZ1FoaFJjUVF2QXI1NgpweU4vSEtDNXZrVDVwcTRZODl3QUcrVVRoUTA2bHVFVW1uR1EyUHlxd3JZdkpRU0ZIQVZTRk1lWFByOWdlaXc1CitBbGRjbTkrSnUwYUttaUN2T3RhY0Z4RWR2R0cwVS83NzJKUW1peFRJMjhZQWJEczdpR3UydWIyRS9JTWNiRisKeXpJZlFGelJieTNoTUd6MEJmUmEyeVR6K3dmbmcxLy95OEROcnRRNUdMcVp6L21HeDFpOXFKYjkvaktGT3k5MwoxSVdBRXFmaXE2dGJSR1ZocVNhSzZ1Szh5TlBEVVRqOXdIOTVFbXNENEt2MzF3Z1FUNUhUOVhoNGpsekZLV2R2ClhpaFFacGZzbVBUNUFvSUJBUUNBbkpuWFp0Vlg0cFdQRVNrejVzRkJuaHV0U1RsbjFleFN2SU5ZSEYrN0pWdXYKWDdiK25lYkJaMVRCbWVtUU5DZDNrd1krcERPUzBGeE5hYXltNFlRSFR0Z0ZhdjBLZXJQSWVCTVdsdjZEeDdsdApGdDBtYnNhQ1NhVFpCaHN3OEEzeEk1MVY3RnI5YVlKZ1hJVFc2Y2xoanlTUm9JVEpKblkrVlRla3owWHZxTHdVCjRuS2tKMGtzdGdMNGxLd2trM0szTE1yZ1hnMHhOUy8vbllaZzMwQ3JEc2FkVkRqUXVtYmdHVS9zK0pZamlCcTkKeG9hek1MYXNrOW95c1NiOVQrYjVXRml4bDYwbFltNFRWRnltTms4QkpkYllwUkRNOWsxOGpFcTUwMmtiN3FCTAp3NS9rckE1SGhSUVBMUzZPL3NDZTQ2eVRMY2Z5dmwyL3VyeWZPbmRaQW9JQkFDQU9KaGQrZFl2UjJUUW9xSE1GCnNIUFV6eFkzckpuTGtLelhQUFFGRHBNbjN6MzNJcitUNFU1ck9DSS92TElxaUE4Q3FESUxTRlAwOGY3K3dDNUQKdjhVc3pkVndpSUxYd0tiQUltcC9IejRIOFMzRGpMTUkrZEd3NWNUMnFIV0lTWTE3Z01MZFNaOCtveWZPVXU1RQpRdDlKOWhsdGlNZVUvdlZUL015dmQzczVkcHg5UkNNYyttRC8rU3Z0cGVaVS9SSkZzQ3hvd0VseUEySTFjenByCnRPYURnVk8zQ1VkTjBaTWRIbk1yYUdQdm43T1FjazJiMHdHcGdTa3hsUVhBRy93TWUycFR4b2laU2lKdU40ejAKMGtjcjZCY0tSS0xkRGZUdStUY1VWaEtxOXBEcDJNT0o5cDcyRmZ4d1BRalpyeVUyRlVYcGN5N1poRzN0a0hFUQpXL2tDZ2dFQUZKYjhjZ2V0N0RpNC9ncmJlcFE4YWpnckN0TFh4aUo2Q01DUEJQSU91QVpXYTAyd3NCdVpQTk1QCmg0eWplVlZZbTB1SDc4YzdJWm5xNUp4eGxXNEZzZE5sMmhJdWZnRHBaR1pRTWgwK0NHSkM2WjNSczZMa2dFTmwKaFJZYmNwbk1zOXJoekNPRkwzdXVrZEp2YWljYklVQ2t4WlJHb3ZSRFg3MmROZHJpcUJlWUY5enc3dE1VU3BUVAoyeEMvWlA3REJQQzVRbXRvNjlTQ2ZndFdaRGIyUldUMnQ0TmFHMWY2M2c2MXJDMzhYT3VXV2wzYjhhL0RXZnhOCm5ici9EeXp4K3pMTzJjS3N5NzNBSjN5aElHS1F4WTJveS9HYlpzRzAzZ1d0eFNpbVJpdFZ4a1Bsd0lGZ1NzWmIKRXBWc1QvUndGOHhwajhsbFhFWVIwZkFaZ0JFUHFRPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=" + + # RBAC configuration + rbac: + create: true + createClusterRole: true + + # Service account + serviceAccount: + create: true + annotations: {} + # Add any required annotations for IRSA, Workload Identity, etc. + + # Additional labels for compliance/governance + labels: + environment: production + team: platform + app: argocd-agent + version: latest + + # Monitoring annotations + podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8000" + prometheus.io/path: "/metrics" From 7752549e019a39faaa86936341a711953ca1749f Mon Sep 17 00:00:00 2001 From: navin Date: Wed, 13 Aug 2025 20:20:26 +0530 Subject: [PATCH 2/2] Replace dummy keys with placeholder Signed-off-by: navin --- .../helm-repo/argocd-agent-principal/values.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/install/helm-repo/argocd-agent-principal/values.yaml b/install/helm-repo/argocd-agent-principal/values.yaml index 6deb59f3..2b6dd96c 100644 --- a/install/helm-repo/argocd-agent-principal/values.yaml +++ b/install/helm-repo/argocd-agent-principal/values.yaml @@ -138,23 +138,23 @@ principal: ca: tls: create: true - key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRREJWMGxqVE9hM3NCUVQKY1NSWXpnenB5cVU3aWdNWWtBUmJmc0ZzZVRZTVpHS1paeHJZaHQ3dmVVL2xjRngxam11U0JkWlJOZVBpRUcyMQpsUytXTkpXOFFmbW55SmhIUWE3M2ZaTHRubzA2UFdYL0kwL0FTTHZ1WGtzOUliZ3d0OXZTelVGRytteEROSFd6Ck1Sd0lBa2ZpUE1qVGREejlOVktpajJrcmRHR1VzbHF0aHZldldqU2RrRk90Uy9qajFLUCs0Z1FrSG9ZNEdVcHgKU0ZtbEl5OEdodG9KWXYwbUtrck9pVnRUYWtoUVJqck9nYVhvTVAyZjd2Smk4UCtEdWo3UjRMU3dLQ1pJNEZWVwpRSy83ZnpOUzc4ejlFWFQwaEZSb0ZUMUR6MnB6OHFSZUljL3M2eW9XcTlXRHRVOUdhZllLemZPWVE3SStmTXlqCkxEa1RDbWVKdkNoaUxaR1RaaUZlQmpJZEhhQ1NUTzFzNHNkT0xGb1FtYVRmWXVnNnVLc2llSFpGMzF0VlFMeXYKeHRndjdnN01RS0dkRHd3TzZyYmtPdTlDeGhYd3A1akNQamxKR0RLREtoL2duMGFHREtZaW9NWktzWFJvU3ZRcwo1MzJqdWxUOUNWL2VBS203UnhodWM4SUlFUzVZSW5xbEgyRStOSEpoTXcxamdtYzNHNVdPdkM2RERwRGo4UCs3CmdJalZGeEpvTlVYVlI2Qm1IVmovTWRHY25kODNSeDFHallHenVJaDhMSjZRK0xBRCs0NUw0VWR0MERFSGlTRHUKY2FZRkFUL0dwYkF4bGhtTzFRRmwwdjR0UkVjcTE3YmkzT0RUcjYrZi9jQ3BHTjdSa0FsbmVaTG15UlppV0dXMgo5V0hBdSthZTJXaUNIbXNEMkQrbHNXbUcxc2szU1FJREFRQUJBb0lDQUFITkJTUEhTK0h5ZGFqT1ZqM3NtMWt2CmFEbkd5dUM5ekY1Si9INWIvM1crNkZwVGlBZTlwZHpUcjFiWVd2b3RSMUozOHY3dUJFRTE0S2t1bGdhWkdSQ2QKK2pmRndzZHBiL3dubG1xWnJicHlNUlRiQTdHK3pDMFdVM3lSWEFqRmx4bGJtL3paWmZWRm9KZXl4WE04bmZXYwpLV3habFR1TFZuZ1dLUS8vcVkrZ3lJTGRhOFdsUVRIUWhWSm5PamwwY0M4SjBiRU9NWHo2TUttamJzYlFPY1BWCkRrMGhzQVFxZFo3YjN5LzVHT1pscXdITTlZQWU2TEwxR3lxb3l0Tm1EaFp3Q2VFOTNrRHdHUVdTaTFBZkNrU0sKVktLVG1lblhvUWo1WlczYnZHbWFwT2c4R1ZTd3J5ZzFIWUZsSGdUWE5BbnVUUFJVdHlkRWJQVHVua0xmQ1NLbgozSjN6RCs3L0ExUlBpQWYrOHo1SmtQaGlWeFlNMjV1UlJwVHdrS2I2Q0QzSmxNSDdpSVRDL1VPLzM1L1QrZDRTCno1dlFkcEN1MlExN2ozNEdKMG5zSk0vZkdrblZzdWQ2V0pvYU1zZEs1Z29wSFRZV2phc00yOGxHbzVSUnZkVUYKak9iaFdlMU96ajBXaGNURi9qK2ZPV3pzK25RU0h2cVBiZWVaQUFrVHdhWWorMG5oYVJyc1JHWWlCbnFhcEJGOApTS0hKcmdyNkFXaGU2azlGcWMwUlk0a0FzZGJycDFxb0NhVzVtRERkODVFUzJWNjhZdVdScWdxZE5NYUU2c25aCjFaV1F5ZHkrODcwMG9ycSs1YkxkekNLdFU1ZllFNktBZ2dKVW9MWU9vR0VlMklkVmpQdkttYktUVjM0MlZJMGQKNGVxK1E4c0hpeGZGRDlmUVZUeUxBb0lCQVFEbjBGSjcvNVBNNWdjUGpmaVZxaEZrWG43b0h4NU4yTUVybjkyUQprS0VIUWY2YnNIbVFxTlJFOTFiL29NK1FDcmlPTGtaRnY0d0dWVUJwd1VXWXdpemEwK0RDMUx2Nlk3M0p3NEV1CmwwQ3k5RldpQjhzUy9yMXVvRjBXbUx2M2lmVE5IcTlBR3kwczdOME9MRDV5ODZxbXNHRUVHUEV3UHJORnV1S0cKeW1GcGNGVVpDN0V4TDFqK1hmazIxRmcvam1Yc2VvZEw1N3lkWXVIZ1A0VlloUFo5WTJvMWVleHVxV05FSFNjNwpDQ0ZuSzJpZk1zM2lJREdFaUtIc2RsNnp5bUo3Q3E5VVVPWUNZTUtmY2lWZ2xaZGtMTFlUT3NhVElUSnBkT3lxClM1TElpNXZhekZxYXY5aUpqWUpRZzNrVUxJTyt3bHlaUjE2ZmtZSHo4ZEFucENTUEFvSUJBUURWZzE0S2FWT3EKb2ZGNkpGR1c0OWY0TFRsMmJ6ZTZMUlI1ZlZpTFZCTk5pTnZ1cW5mRmNTc0k0eXlsOUdpaTVSZTZHMnB0c1ErSgp6T0VNYXFrVzVLYVpibTFOSzJxQzA1VktyQzdKdklSQ0EyYU5zRTBnVzF6TldYZThNODhSV1VrRGhvd3NBTFdpCm1UVThUall4N1Y2M2g4cElJc1drbnpXOVpUWXd6ZGw4MG9UZG90WVlmaWU1bUpNZkdUSlQrSXB4MTlsd2J6VHQKTEZkbVBibXNmS1ZvYzlWU1R0YTdXVEF0aEZwVkdLeHo5cmZHTmt3cnVqa2FmdUZVdG0xVHgyZk9pN1Z0MHBCUwpybkxlRXRUd3BDV3hQL25wNk0vZ05zM0w4bG5WMUtwb3oyNU1iWE9HanZWK1l5Y3RDSHJ1T1NDWXJsWEpLRU1iClNTWlpySDN6YjhLbkFvSUJBUUM0ZTdYcE1OQ3pOQzFTVjY0Smpic2hvWUpsd0w0aFBlc2RpTENQcUVvK3VHcWsKQktINldpSDBjTk12eFE3cWwxMmc2WHJMYjFGRWlQd21MY1h4ZURheVFBU1RpVEhBWnpoWEpkdmM5RXB0SUw0MQpvUFlnTzlNT0ExbVI3aU5KTU9VOWlMbjN6cWo1STlnWXUyVkhubHVsSktGUTNYaTA2SEZMZ1J0ZUlobThDOFh0CmxMeURaQ2J5NkY2NUgrekxSOHdka3JXeDFzN29naFU0bmRURlNhdlF4aGwwVFgrMzRkNDZDdWw1dFZMQUJHL1MKb2wvdklhZkd6ZVh2aFpTQWlRUXUzNllBK0JEVXU2U250L08vRmMzUnp6Tm53bExlTElFdUkvdGsyNWdKT2ZIagpBdGJvYU4wdk93c0dnRnNQancyWjlwd3k3L1dDRUE3WDBRM1RQbkpKQW9JQkFGT0tCTDk2R254R3hKNlBtMFM0CmZRWGpXL3BVNWE3NGVHeFllTTU2NU5xUFU4Mzc4TVRWMUlxenFBSitzSG9idkw3YWZ6ZlA4VTV2VlJad25Sd1IKOW9WTnlZSktISEIzckkvODhvbUlNdzlKR1ZVU3gvcURCTHByNlFkQUZpS3Bsb0hFb1ErT2I0TGhBdzFIWkxrQQpNUEVLTmtFbktjR1JjWXRiRUdyai85WnczLzkvK05pNGMzNlFqZSs3QWhBTXpNNWlML2RuNjROb3VBR080UmoxCjVCb01TRWplQS9KbG9RNE9IUEh5cDNidjcxT2tad1VzNWE3U09nUFZKTTJFMWI3Z3R1bnpXdmlldk43YTYyb0UKTDZNOGJ1SHdiM1ZBdkNDeUFDaEQvekRuQ0RickZDcHZ3T25ramExM0JmSXpjK2VKUHBOb0oybURvM2V1bjlFaAp4ejBDZ2dFQkFOKy93cGk3Mnh4NndtT2xqTDFpRjcxL2luOThLNERrVlN6b0k0Rll2R2thaUpPQnRKNGRla1ZOCnJ5ckdJcTlkaG1NSElwUW14NWEvSDBNbnR2dmRwSUFaZFcxaUJONnBtQTlYOVZwa1ZtcmZCdWdYcWxxQ0MxankKdlRBYkFuaEZNWVdJVklIeTMzdC9FK2t4T0ZUeU94T2ZjdW4vbVJCczB6SnloUFVjVUtRTjJ6aUtWbEt4Z2JxdQp6Tzh2SHlUYTY2WTFwaHJFSm5kT3IrU2hwSTViMnQ2MGZRZlJYUTdjU0Z3RGxya1ZBTTZLdllkcHFpUWdjZGxkCnkxYmUvRUp3UjJTSktXTkdMbzFGS2NRbWc3SEVnWWRXS2VQNmM2UTV1VVVVT1lRK3RFT2ZoUWpteHhQMjZ3L3MKVzcxRzdNUlBYZXdLdGRRb0ZDY0t6NUFZa1hvYXBaQT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=" - crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZGVENDQXYyZ0F3SUJBZ0lVR1ZoaTFMRlBmWXpqTHV0SUZuYTREN0pjdktRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dqRVlNQllHQTFVRUF3d1BZWEpuYjJOa0xXRm5aVzUwTFdOaE1CNFhEVEkxTURjeU9URXdNRFUxTkZvWApEVEkyTURjeU9URXdNRFUxTkZvd0dqRVlNQllHQTFVRUF3d1BZWEpuYjJOa0xXRm5aVzUwTFdOaE1JSUNJakFOCkJna3Foa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQXdWZEpZMHptdDdBVUUzRWtXTTRNNmNxbE80b0QKR0pBRVczN0JiSGsyREdSaW1XY2EySWJlNzNsUDVYQmNkWTVya2dYV1VUWGo0aEJ0dFpVdmxqU1Z2RUg1cDhpWQpSMEd1OTMyUzdaNk5PajFsL3lOUHdFaTc3bDVMUFNHNE1MZmIwczFCUnZwc1F6UjFzekVjQ0FKSDRqekkwM1E4Ci9UVlNvbzlwSzNSaGxMSmFyWWIzcjFvMG5aQlRyVXY0NDlTai91SUVKQjZHT0JsS2NVaFpwU012Qm9iYUNXTDkKSmlwS3pvbGJVMnBJVUVZNnpvR2w2REQ5bis3eVl2RC9nN28rMGVDMHNDZ21TT0JWVmtDdiszOHpVdS9NL1JGMAo5SVJVYUJVOVE4OXFjL0trWGlIUDdPc3FGcXZWZzdWUFJtbjJDczN6bUVPeVBuek1veXc1RXdwbmlid29ZaTJSCmsyWWhYZ1l5SFIyZ2trenRiT0xIVGl4YUVKbWszMkxvT3JpckluaDJSZDliVlVDOHI4YllMKzRPekVDaG5ROE0KRHVxMjVEcnZRc1lWOEtlWXdqNDVTUmd5Z3lvZjRKOUdoZ3ltSXFER1NyRjBhRXIwTE9kOW83cFUvUWxmM2dDcAp1MGNZYm5QQ0NCRXVXQ0o2cFI5aFBqUnlZVE1OWTRKbk54dVZqcnd1Z3c2UTQvRC91NENJMVJjU2FEVkYxVWVnClpoMVkvekhSbkozZk4wY2RSbzJCczdpSWZDeWVrUGl3QS91T1MrRkhiZEF4QjRrZzduR21CUUUveHFXd01aWVoKanRVQlpkTCtMVVJIS3RlMjR0emcwNit2bi8zQXFSamUwWkFKWjNtUzVza1dZbGhsdHZWaHdMdm1udGxvZ2g1cgpBOWcvcGJGcGh0YkpOMGtDQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFRk5BVHhtYXdnb0sxWTNYL2ptWW90UHpvCitIV2FNQjhHQTFVZEl3UVlNQmFBRk5BVHhtYXdnb0sxWTNYL2ptWW90UHpvK0hXYU1BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnSUJBQ2U0RThIRVJxZjN3clo5TFBDN3ZGNnk3MEFsZTJIZwpYOVI2OFI1dUNRVlhvdDU0RDk1VHhjVkR6MXdtU0ZvMm5lSUFzT0pVS29DelovaXd4VWZSWFoxQnhrdXBkR1h3CnJOR00vZHFtTCtzdk9ibUVNQnVyRW9ZbGJWalJMSlhiTTZVOGVFS1UwYnRiaFhJd3MzRXZmdG96cXBHSmwvaTEKYitramVQNXNwd1RiVk83d2RZV3hYdFNWcVJJdkdsU3pxcHI2c0k4VXYvN3R4cXdMb1FJNW1qMkhMa1hlYUVVbwpWZmhpZXhtdVhELzhxeHJnVzZsUVpDZ0xRZjVMVkg0cDNwUnNDSkRHdjd2RWsyeFBuV2U3RzAwMzY5emM2YWZVClFjYlNlN0JqQW50UEduSXdmcEQ4L05VT0VvdzVvVUdKUFlBd0VtQ2hiaXNoMnpYWFJTLzJ3TEp4WkJyL3lDMWgKTXNBVWpNT2Y4WTMyWFV3Vll1TmlORDBFeDdadExiR2JEWTFvdjhvckN6MXpMdTB6dDRtZUxwZm5oSkRwcFlVWQpqYURCNW51R3lOYmZqN2FmRGl4V3RrYTBYMExIMld5YnIrNCtNbzJMcTVSWG1nSW44ZmlKRXBvd1ltWWdUb0NyCkVkSmp5NkxEOU9yWlpMY1A4NzFZaDlkV0wvSlgwY1MwMzhhMmU3YndFZEl3c1JVdUhzSEF5T1g4K0l4b0puTVQKdWo2eTdkSnpkeHg5RDRvb3Mvbk11SEcxejRJUnJ2QUhNRVh5NDNBWTRHWXFBYUwwMWxFcWNIaTQycjZ4cmNONwpUem5remZTOG40SHNUaExNdTZCeG9RcHhRSHh5N01KYU40NGtvejU1N0hoMEtsUDUrczdLQkJsZEFaOEtkdjMxCjk3RnNFWUpuNDhxdwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + key: "BASE_64_ENCODED_KEY" + crt: "BASE_64_ENCODED_CRT" server: tls: create: true - crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZwekNDQTQrZ0F3SUJBZ0lVT2VheG5FTzB0V0pNZ0lqYWFhR3VKWUI1NjNFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dqRVlNQllHQTFVRUF3d1BZWEpuYjJOa0xXRm5aVzUwTFdOaE1CNFhEVEkxTURjeU9URTVNREl5T1ZvWApEVEkyTURjeU9URTVNREl5T1Zvd0lURWZNQjBHQTFVRUF3d1dZWEpuYjJOa0xXRm5aVzUwTFhCeWFXNWphWEJoCmJEQ0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQU1WM0pzK25CdzZmVjBsczFoK0gKRnNIUkYwWld1MXZ5WkJQN3ZqSzhiTW1nSVZyNGpsNjU1MS9MUWtONXY4WHMya201SStVVml5aDc5Tko2RTVCYQowVEgySW1HUDYxVXRjbW12aDdrUC9mQVAxTmFSNFNMdFNNNlUwc1RSSmlIODRVbW5rUys2TVZrWXdJM0dnRitPCkhoa0NmT04xb3lIWjVZeWx1N2NPNnZ6alAxcFQ1Qk5SV2N4Mml0clpzMHp4MFJIWXMrTkFaZzQyUVdSTkZJZWMKR09wYnZhNmZYMzE2ZWQ0bHlwMDdaR1FENmE0NUxFdGlBMjJyeGlSRGlnYWh3ejRDTnR3Y3JlRVNlWkV4V2xEMApWMlVXNDJwQ1NyaHN1Y3l4UWNkdnhKc3Q4M0JiV0V6MnllbFFRT2xzYmNqUHdqTmxjYlFQaDhSTnhtekRXalUvCmtqZWZ3V25FVnp5MkNwcGNSdzJjS3lQajhSOENIVUc5Qm9ON0krY1pjeVByMUs3UGpNcVUwVmdJcmIrc1NJTHYKS2l1Ritla2U2VXUxbHY0YzNpVFcyTzJhSWtiQmRyZmcrUVJzWDFaVjRqWDNqbTBaZFh2NDlqSFp2dm9ZOFFyeApSbHFyWHVORmJIeXN2bE1sUVBGckQ5ZmpkOUZ4M0xkb1EvM3pZT000dEFCb3Jvdmp6ejNoYWVyS1RQN0o1cjgwClJNYkdwdmdEczUranNRV0t1YzBCQTJuU2JoSW1wV09YSForZnJwVEJjdzJGSm52dlRBRlRVdllCelREa2s2blQKOW9rQ2ViTG9pUm00SEI2WnhJSkdLWmVYcTFlTkF5OHNUb3AwTjZBbTd2QzM3bkNpbDgzZjNIQTFJVllpVUFKRQpYREpHemlwYzhYWUp2Z2xSbGdGcThUdlRBZ01CQUFHamdkMHdnZG93SHdZRFZSMGpCQmd3Rm9BVTBCUEdackNDCmdyVmpkZitPWmlpMC9PajRkWm93Q1FZRFZSMFRCQUl3QURBTEJnTlZIUThFQkFNQ0JMQXdFd1lEVlIwbEJBd3cKQ2dZSUt3WUJCUVVIQXdFd2F3WURWUjBSQkdRd1lvSXZZWEpuYjJOa0xXRm5aVzUwTFhCeWFXNWphWEJoYkM1aApjbWR2WTJRdWMzWmpMbU5zZFhOMFpYSXViRzlqWVd5Q0kyRnlaMjlqWkMxaVpYUmhMWEJ5YVc1amFYQmhiQzVuCmNtOTNkMmx1Wm5KaExtbHVod1IvQUFBQmh3UWlYUTBYTUIwR0ExVWREZ1FXQkJTV1J5NURhNkdNM3AyQzdpbC8KM1lXNHl4ZEZWekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBZ0VBVStHRTZsd3RkNzE0L20xUmFsY2ZYZDZHajlBVApnU1RwWFQ4VWZLakJTaThTazBZN2M2OEZLN0hCRzFhc2N2MnQ3cHhMM1dCRlF3Unl4eXdVUVRCek4vaHhSRDF6CllJTXI3bzNtU1JxNTd2cU55MTVCczNpQXZSUGhQUjVpR1FjNHlmMHFZR28zSFIwZHR3TkZXY3NIWVNXQk9hY0EKeWU4Qkd6N1NUQjZaaTJUMlJpeTZrb0VMallLcGZIRktKN1ZuQXdoeGlucmc1bkJQSHo2eS9zejZoQzMyMGcvWQpzRlZ1aDJxSDNZYTNleDd2T3NKTERJVldjQU9ZVFJLOEpoTGJOU3ZNMUdzb1Bad3Vad0tNaFdkVThBcjdBd1lGCmN3bWJnMnFhdXcxQUZIMUlHVm81VUNXbHorWllOcnJTNkVONG91bnJidXE0Q29KRzk2S0w0Z2hiVlpXZWo1cWoKSHdsOThGZHJlQ0hxamNWUWxRSXU1Tk9GeXlHNUJlMlQyM0l1WDRCYy9TVnE4VXlvQVVWTmh0cmV6QzM2cHNENwpVVlZkNHVYdnkyK1RUN0ltZGp3SjYvMHI4SzZtekx4UzY5NndrOE9FQ0RhSVRpcTBCRTN2K2JYemtPN1dRMlh5CnVoZTVjQUFXblVvbzhmQTdmbEVPeDBqN1VwZCtjNU5iWC92TVFNck1xeEM0YURTaTd1eFExTTJDdkNURDBDWVkKSmtGQlhsaXRLRHh1a3dpMGQxSnFqVWtRN04rdnRRd1hXRUlGR0VuUXcwMmRyTGhobjJGdU5zTjZKcVFSRHNMLwpPQVFaU1lIUDRtaHJEL3RzQy9DbEdsaGhONmlya2MxOGJFS0VpUjYyZ00vbElSMmdwRzRIa0NqaDF5MFlMWGsxCld2cUFPaG82cjBOVUNBaz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" - key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRREZkeWJQcHdjT24xZEoKYk5ZZmh4YkIwUmRHVnJ0YjhtUVQrNzR5dkd6Sm9DRmErSTVldWVkZnkwSkRlYi9GN05wSnVTUGxGWXNvZS9UUwplaE9RV3RFeDlpSmhqK3RWTFhKcHI0ZTVELzN3RDlUV2tlRWk3VWpPbE5MRTBTWWgvT0ZKcDVFdnVqRlpHTUNOCnhvQmZqaDRaQW56amRhTWgyZVdNcGJ1M0R1cjg0ejlhVStRVFVWbk1kb3JhMmJOTThkRVIyTFBqUUdZT05rRmsKVFJTSG5CanFXNzJ1bjE5OWVubmVKY3FkTzJSa0ErbXVPU3hMWWdOdHE4WWtRNG9Hb2NNK0FqYmNISzNoRW5tUgpNVnBROUZkbEZ1TnFRa3E0YkxuTXNVSEhiOFNiTGZOd1cxaE05c25wVUVEcGJHM0l6OEl6WlhHMEQ0ZkVUY1pzCncxbzFQNUkzbjhGcHhGYzh0Z3FhWEVjTm5Dc2o0L0VmQWgxQnZRYURleVBuR1hNajY5U3V6NHpLbE5GWUNLMi8KckVpQzd5b3JoZm5wSHVsTHRaYitITjRrMXRqdG1pSkd3WGEzNFBrRWJGOVdWZUkxOTQ1dEdYVjcrUFl4MmI3NgpHUEVLOFVaYXExN2pSV3g4ckw1VEpVRHhhdy9YNDNmUmNkeTNhRVA5ODJEak9MUUFhSzZMNDg4OTRXbnF5a3orCnllYS9ORVRHeHFiNEE3T2ZvN0VGaXJuTkFRTnAwbTRTSnFWamx4MmZuNjZVd1hNTmhTWjc3MHdCVTFMMkFjMHcKNUpPcDAvYUpBbm15NklrWnVCd2VtY1NDUmltWGw2dFhqUU12TEU2S2REZWdKdTd3dCs1d29wZk4zOXh3TlNGVwpJbEFDUkZ3eVJzNHFYUEYyQ2I0SlVaWUJhdkU3MHdJREFRQUJBb0lDQUQzcndrRGxpS0grTjNudjVpbFd6RDBVCjJ5NlViZ1pFT1R2RytucWdlYUMwVlNGWXhoUlFTWXpSaVVMdGY4U0tKRjF2OENDYkk5c2JHOGVRdm1mTEFzU2YKQVdNRXBYQTlZeDVmQzdsdG1WelpLZzNyQ3VWUDhUL09qVlZvbklPVjcvT1AxMGhYSTdoanVhWDd0Qy9DdWc5dgpwMGdRa0lwQjhPaXM0L05nZXpHMzlSclhLYk1oRkg2NFFZeWxMY09ZSk01cTNPWUxRTFYrTC8xSzZvQW40K3hCCnZuWnV4WnZzZHlEQlN3c0pIODc1SnlNYURKaks4SFpJb2thbTR6WjNMV2xaZW1pRm1jVDFiU2VwaVQvUGowUkUKN0NWYkNtRlF2dWJBUXZkT1JpRy9SQkpjb3BEbjVxTUNKb2pNRnBVZENUSGl3c2dMQXJEOURwYjJuMmdKT2trbgpya3o4eFNOSTl6Uy9uRlJTNVRmRXFNbXloVFNwZWtSTm9TZllxZnJwc3U2dlg0blNNT2swZWd4N3paNGdaNmtECkM2aGRDNmkyQ09jQmVGUkhydStaQjlDWi9wdHdYaTh2S05vMEhyR1lTbEpSdzJKWHkxWHl3R3hvV21FdDBJUzEKSWk3TjZNQ1YzYis1VEltR0hGaGhJN0dyR2laYWU0TE9pYllXN01YTmhMMlptcGNLblNBVHkxVFBZTGhWSVZxKwpnRmtCcmM1M3VyczFXUm9pYjJyempPcDUyRGllUE5OUytmQXoxOE4wck5oYnQ2VVJUa1RUZ09OeE82MkJNU3hLCkprZ0lYVmtJYW9Ld0VIMnhKTm1XTlpaME5HbnlEV0FTT2FtOEZhbFIvNy9LWU9PbmRUb01TVEVSbGxXVERlM3AKNkZUbVI4c2tDUWtQejJlMEswSUJBb0lCQVFEeDArdjFXV1ovbStyYUxwblVDR3lpaDRNR0JwWjVvYVF3ME9xcwpJK1hFdFN2cWU0aHdSc1lZaEV3MHZMcTNkZC9vZVRkWGU3OWpaOGhvSVU1STVkNUpTRUZ2aXJYSVlJRGtkZVVICko3c2tNZHc4MnNTbnpiY2hWcUx4WSthcWZ6OXBoa1dVMXJmTW1EQklMSHUvQU9EcVRUTnlSWmNML1h4c0R5ZnYKUXF0cUcxbE1kRXhML2FDeHBockdLK0RKUVRPTElQRitkQkFydGJXUWxXNjJ2elZOOFI4WHlhekF2VWFHSVZ2ZApob0s5dEFqYmNRak9DZ3F2TTdGNDZBOHVEbldXM3lRdVU0L0dEYVk5WW5ZQ1UyUytldm0xK0psb3puSVJDUFJrClh4a1NSR3lkc1BhTHV3cE5SY2o2eDdQRGducnlCb1pONXMyY1l3REhKcDVnWTc4QkFvSUJBUURSQ2F4Q1Z4QnkKYXhPZ09rTEpUTC9UekZBTFRLM3lCdW5IdndGdjF5YmpNckNsRmlCbWphUllMNFNjQVgvM3dPOFFsVGZhL0I2UgpYc1QzbWdaQVlOQTF3L0IrblVhVmZoTFVid016dkYxRURBWmtCcTJQcFVBQ29oTm5tQzhzZkRXb1ZHbWVnTlhmCkZnSjgzRGdtKytNaTBqYXI4ZkdBbzNlekZnZmRDNU5mNFgvck9ZQm1CZExTdzV2TEtDNVVraGhaQzRnQ1BnYkMKeTNxZzFkV2xCUmdYYXZsVHFUaVJ4V3Bub0xDajhqc3NzVHRBWnFCMnl4cVB6YkZGY0Ztc3lXYXoyODNXaC94TgpVaUpnZEVOSFlWSFhHQkZJY3loNVp6cmNSQTlPT1FhWjRRMXlocE1QbTJUUXlOeWJVM05Md05QcjdZTVF3N1lMCmF2MUU3c2E5Q003VEFvSUJBUURTSW9pREpqQSs2c2xrMWVHdHNiUlVkdFNQdytHMXg1UFpKM0VFTEIxWWxPV1kKVjhmemFFeHl1V05PNEVDUGNzb2lSRkttbmsxc241NHhmZDk4ME9JYlk4SVlucnZmWnB3WjZhZ2VVNVAybTZ6NAo1RkRHVDZlMlBJWlNvN0NvcnZIM1RFbmlUOEplOGsvaUoyVlFULzhoR2Z4K2E2SVpOU2VNN282UkJhbldCZlhPCnpiQU95RkYralF2dTcrbmdkOXZHSmRZelA3OWRmQVJOb3N3VjJJa0ZOV1VEVXFmZXc1b29xNHdjTHVvazFmQnMKWHdoN29aWXZNQWdqTytNVTdsT1h5a2F5U3NKQUkxUTFPdjI0ZjZhbkxrMFdwdk1IYzMwQytIa0ZUdTJHUmhicgozLzRjNVdiS1JyMmh6UzZUMFNuc2JXYi9BblBnVk5jME5vYWcwNHdCQW9JQkFIeXFoU1pIWUZLc2sxYlNpRFFmClpxUDh6SndBamhpeWtNZ0VuT25EYWJqRDZWOTdVN1Yxc2RhNStCOUdNYmhqUXZBajNkem0wYUFtNGRjODc0K0QKYllrekl3R1A4S0dGUDl1Ym5WQkVmV2J3dVByOGxKUC9uSzQxVk5kS2hvL0VRQWYwMTh5a3oyZ3RheXhsOWNNaQpJL01IWlgya1hFQTR2VkY3eVJMR0xZMVlJZjc2R3g0OVNOOVRzMTAweUhTOWNISGlrNm1xcmtPTU1NVXM0aTU1ClhFWFRFWUVZZ2RsRjRGQ1BIK21XdEQzU01TRVdVNHFsVkdFQTdrRVlZUkxRUmtUcnlOV3g0Z0dIQTJOODB3Y0YKL2xZR1Q0QmkxWGVaM2h1eEoyT2lWTkoreXBOTHVQYnMyUEkvYUhubUNmUGF1MGlRTE1OWnhQOElQcVhXdFlYVgpjK3NDZ2dFQUhSdXlLK2daZGN0Y25lTXRSRlJ3SHg1VXYxcjR3TTAweHhtR25GUnd5Y3g1MlpjT2psY05SbnFhCkIrREk1ejhwSGVZOVFVaCtjOGl6ZUUvMkxLS2xFOFZjV2hxdVdCblRDVmoxdngvWUd1OHBpSEhjTGNaSjUrOXIKUGc4dy9HVjZxT2REQlJ0Qk1IakZNa1FGYTFVUnNlbFZQSFlmTzkvTktIMStKQUZHcW1kYWEyZGo1NVFGNkp5ZQoxbUpjQkQycVM1R0xZcHRPQ2MvTFpYUmJjTkVoRlJRTWYvc1dXTW5abkd4cTk2Sk9rRFVIeFBGdTg3ckVEcU9jCktiU2pRZDBSbTNvWVExMmVFL2N4Z3ZDTmZnZmVJQldTdmdXSjBISHZ1TU9jL1dGcmF0VFpoY2hVMTlRTUJGWjAKc0xrUTFUeUN2c3hPTjB6OWZnakpzeFhCSTYxUkx3PT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=" + crt: "BASE_64_ENCODED_CRT" + key: "BASE_64_ENCODED_KEY" proxy: tls: - create: true - crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUYxekNDQTcrZ0F3SUJBZ0lVT2VheG5FTzB0V0pNZ0lqYWFhR3VKWUI1NjNVd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dqRVlNQllHQTFVRUF3d1BZWEpuYjJOa0xXRm5aVzUwTFdOaE1CNFhEVEkxTURneE1qRXlOVEEwTUZvWApEVEkyTURneE1qRXlOVEEwTUZvd0pqRWtNQ0lHQTFVRUF3d2JZWEpuYjJOa0xXRm5aVzUwTFhKbGMyOTFjbU5sCkxYQnliM2g1TUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUF6REVpbFZWQy9NVkUKZHoxTnhpaXQxcDNlTms2bDJQblJLMVRUanNpODNzT0xuQzFwODVGOWVsbVU1SmJEVGNVa2NxM2JHRElpZEgxYgp2Wk81dW5PRERvbGhtTjk2eEl2NzZIUmxQcms2dGRXczlaY21sUm1hcktLSW9zdkpQNDYwTHNsRnhYSTBsNVNiCmQ2Vm1ybFd4eGFwL01RWE5USjNETDhyMVUvcUFEcThRVlZyM1orZG1LZHNJOGdMaHg0T0d3WFdTQVM0ODJ6TE4KN1h6Y1RLWUM1aEhra2tXTDhVRFNiNFpvUVZQRVprRnd2b3pvK1o4SW43aWx0TUFyc1FsR0FLa0dJdVFnZjBFSgpUSEZKR0RYbGRUM2pDRmxreTZiUVJhMjIzL3RDT3J5V0pRUlhaRTBsYTR1a3FMeWZvamZkMmtzZHB0QWVLdU91Cmoxa2hMN0RKQ1pKZWl0SFVoWXUybVN0WVlWN09xSktBSUlCVDZWc2prQmxqU0dUSStsN05ZMWw2OUNGMWpYV2YKcDFvRG1TNklJeVBHL2NUK3dzRmMxcXZtQXE2TmNQaElyQ0drNmpXSXJEck1Bbzd6SW10MG51SzBVUmF1VjJ5cgpQTi9iZkZPa0ZhOCsxLzVGYjVWVVMxYktYeVlmTHVTZWdYaTRpZ1dCOUw3RkwxTmFwRFBiY3d0eEsvbTkyMlpiCkhja2FuK09zMFhPZnQ0TFlhYUp3b0JFZXgzelpJekRmR3pRVUYweVBSUm5RQjgyYVd3VVhkdXlpbmdHTDhobVUKY2FReXRkVm50ZTdCeUF1bVRieFNPY2x1aWR1MUlCcmtUWFI4SVRaRVRDWVRvUysxZVNCYm9JWHF5a2Q2VytNbApwYUY4OURPQWplakp1WWNHQVZZMFUvMjdqeURzbHlFQ0F3RUFBYU9DQVFjd2dnRURNQjhHQTFVZEl3UVlNQmFBCkZOQVR4bWF3Z29LMVkzWC9qbVlvdFB6bytIV2FNQWtHQTFVZEV3UUNNQUF3Q3dZRFZSMFBCQVFEQWdTd01CMEcKQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpDQmlRWURWUjBSQklHQk1IK0NMMkZ5WjI5agpaQzFoWjJWdWRDMXdjbWx1WTJsd1lXd3VZWEpuYjJOa0xuTjJZeTVqYkhWemRHVnlMbXh2WTJGc2dpTmhjbWR2ClkyUXRZbVYwWVMxd2NtbHVZMmx3WVd3dVozSnZkM2RwYm1aeVlTNXBib0liWVhKbmIyTmtMV0ZuWlc1MExYSmwKYzI5MWNtTmxMWEJ5YjNoNWh3Ui9BQUFCaHdRaVhRMFhNQjBHQTFVZERnUVdCQlNpemJoaDdNNGoyekVBN3pSaAp5QmNPMHN6RVJqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FnRUFoSWRXK2w3UDFOakNTNEFxNFZ5K0NhRjRaQzVCCm81TG00RUMyb0RvZXBiSnAwdk9WWTkwcWFieThFVjJaeTVNUWN1azlVM09Sb2FSTXE1a3V3Y2lIQi9zb3NvMU4KSTQzVHRVLy9Zbi8raVp3TmhZa1hvOE9hSHh5SFZpQTluSXlXYXlpdVVqeWs1NjZHYzVJR3VkZXNJS0NFb2FoVQppRGFXYkNXdlYrM3lFcmdJZHFBbWpWZkZXOHAzNStOZVNBY2Q0T2lMY1Z1T1VJektBaTl3eFdJd21jZEhNUXFsCm5XMjFDVlpRZkVhWWRZQUpPd1p0ZENBZ3puVE5tQUR0TEY4eStVWTZLdTNQR281U1pIcDcvZ3VpbjFNcW1WVG4KbzR3NitvZzZzMUkrTFNsUm8rdzVBU2VnQVlLZjNwZmJMeGpQd1d0YzdMcmVqUzh6cGRtbkEzU09xdnFGRnJtTgoxdHV2RUgvVWVWYk91cGEwR2FQcEMzMGxvR05EMlhJeTZYY1FHaGFpelpVcElQQ3NjN1k5Vlk1NTBCa1RvQXdkCkw4YmJwZng0cTVMbTQxMEQyM1U2TFlGdldTcU9BcEZkRVhxMTBROFZRdDhLeHVlVzVQczNkaGEvbWQzVGlPYk0KOFNZeDZNMlZIdzlCSzFGV0s4cndEMVVjLzIwQUhjb0dlQ1RqMUh2S0Z3S0wxZHR6eGlvVnFkeld3SktiSXB6dwphUFN3bXlNWHRsTGtuZnQzaUdPZjlKbHkxRWhuK0t2RGpMb1JaQkNna0kzQ2NrM3paL1g0VTBlbENVODA0eXhmCmhHVmxvOWVDRDRuY3kvdUJySEdxY0ZLRnA1NDRjREdVRWdDWmMxeGNnNU80SVNYbElDWFZEcDdFeHRTSmN6OXMKVnVPMlR0dlNzWDUzQW4wPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" - key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRd0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1Mwd2dna3BBZ0VBQW9JQ0FRRE1NU0tWVlVMOHhVUjMKUFUzR0tLM1duZDQyVHFYWStkRXJWTk9PeUx6ZXc0dWNMV256a1gxNldaVGtsc05OeFNSeXJkc1lNaUowZlZ1OQprN202YzRNT2lXR1kzM3JFaS92b2RHVSt1VHExMWF6MWx5YVZHWnFzb29paXk4ay9qclF1eVVYRmNqU1hsSnQzCnBXYXVWYkhGcW44eEJjMU1uY012eXZWVCtvQU9yeEJWV3ZkbjUyWXAyd2p5QXVISGc0YkJkWklCTGp6Yk1zM3QKZk54TXBnTG1FZVNTUll2eFFOSnZobWhCVThSbVFYQytqT2o1bndpZnVLVzB3Q3V4Q1VZQXFRWWk1Q0IvUVFsTQpjVWtZTmVWMVBlTUlXV1RMcHRCRnJiYmYrMEk2dkpZbEJGZGtUU1ZyaTZTb3ZKK2lOOTNhU3gybTBCNHE0NjZQCldTRXZzTWtKa2w2SzBkU0ZpN2FaSzFoaFhzNm9rb0FnZ0ZQcFd5T1FHV05JWk1qNlhzMWpXWHIwSVhXTmRaK24KV2dPWkxvZ2pJOGI5eFA3Q3dWeldxK1lDcm8xdytFaXNJYVRxTllpc09zd0Nqdk1pYTNTZTRyUlJGcTVYYktzOAozOXQ4VTZRVnJ6N1gva1Z2bFZSTFZzcGZKaDh1NUo2QmVMaUtCWUgwdnNVdlUxcWtNOXR6QzNFcitiM2JabHNkCnlScWY0NnpSYzUrM2d0aHBvbkNnRVI3SGZOa2pNTjhiTkJRWFRJOUZHZEFIelpwYkJSZDI3S0tlQVl2eUdaUngKcERLMTFXZTE3c0hJQzZaTnZGSTV5VzZKMjdVZ0d1Uk5kSHdoTmtSTUpoT2hMN1Y1SUZ1Z2hlcktSM3BiNHlXbApvWHowTTRDTjZNbTVod1lCVmpSVC9idVBJT3lYSVFJREFRQUJBb0lDQUJwWG5XbE1CRllWUWZHckdqazkvcjFCCkJRMlhCRnpUVDdtS0dqZmhyRUlGMHFFOWw1MVpUK21FbkltSDdKN0FGK1ZtaWUwYmJLZ0FFeUdJS1E0RmdHc1QKN0tBYTlwemNIVTIrRkdDczUwYlZqOWhvSFUxZmJmMm5BejhUVUwxdkZNNHpYNW1yRTk5WlI5dzkzWnNRaVp4aApWRUxZQjRZQ2xVOTVYTUJ1Z081RUJmU3BCV0ZsY0IvbXRzYjMrYll5UU9SODNTN2pUdTBOWnhVa0JreXFIeFljCnlWTFlmNGNLY0l0OE9MOXl4ZFBXVGV2N1JFUU4wUUJBQXpxb0R3cnFFaHFjTTZNMU1IOFNQaGViUnMyRmlIcGgKVjBSNHVlRHUvby82cXV6RzNxS3l1U0VCNkI5VHQ0ZmlEa1pKZlVPaGR2REdQNGRKY3BiZ1pDRHdvL0FoMjdGeQpCSitYajh1bGZCeTVyTXNab1dSd25vNTk2Yi8waUJMaGhDUDJubVlxVjNjNk1ENTF0TFRZdENReDFtQm5TNE5uCkJQbWdOMlBEMk1KS3hXMittMjIySzF1NllSUTRUMnFsMDBRbU5ISDVxRDZULzRpSW1vZllhYTJjT1NXUGVtY2EKYXd6UFNiK1lISlgzNmNUajRvSE0yUk15ek1zSHYwSGMvMFAvcmh3NHhoWTdYOVh3RGNzeTh5TW0vcmNYd05QVQpIQ2xoT05GNVJQTVl0cGNJRzZyOElaTlh2RG94OXF2TnBSYmYvTDg3WG9oWUNtRXlsQTdJL0Zvd0ZVN3AweVRQCkVCQ2pVcTRLcjU0bjVNVVJJSnpBMTRBamYwOUxubGFySHdhUGxtWjlWTTVvSFhZQlFrZjhzT04wVnBhZlcrNFYKSzZoWU1VSlRrWm9oNmZ5RUNXb0ZBb0lCQVFEMmhpQW1FaWVNSkdVeHVOOXE0NFJ2K1B4VWlqUGhhSEkzM1U3eQpOc2hhU3FJUWZlVWlPR3VhZjdnRzRpRE5IZDNXV0VzTlRVWGwrbm5CSVRZMWJmUlVMWmM2YVAvZjZ3eVU0bDNkClR5Sjk3SE5QajhjVG1VZWltMW0rcUpDNzY1M2s1RkFPYmgvUWRIZGE3T3YySUtaMUIxZHdtNDU2R0wwSzltK0oKNDlscnN3SjdtV2xxTEExbVR0Q05YRnkwSXE2VTMvczNpMGEyU2FpSzZFeWdmWmtuYjdmOTY0cHBLTE0reW5OagpERC9kWGhSV2xHd2FvU08zUEQyeHlzWkJleHRjZ1dPL1laUEN0a1YrTmpzb3VSMHJ0c01EeVpKWnp6WmpOeTA3CkI0WnBDWEZlZEZ6SlVpU0IySzEva2hucFd2Z0tOcFVacWp6U1kyazVmQXI3M0xGZEFvSUJBUURVQ25MNkZEQisKOGtPTGU3V3Z2dlpTbUh6WjRraStSaFdIWWZGMkVvdmMzeTNZWC9QTThyeE5yMkpKV3lqRnMzNTltaWl6YUl2cgp6VjA1L0pSVnlFZ2dnd2d4c0I5ZkJVNmxGeFhIVnhJbEllR1V3bC9JdDhZczg3ZzZRU0tiQTdkSWMrbTBYeVZpCkJndUxxTnlQak1FdXpoeCtSdEZsTE41WGdabEw4SmQ2VnU3RDU3emZLbVVScnRBTWtMS2Mzdzd0QXJadVg1UHYKZ2dib2x6YWhCU2lQYXNrME4rdEJDc0dZZ0oveFRNQUkrYjV2VHBGdTJwaVR6UVZmVjRDS2t1dmcvT2JaT05MSwo2Q1h2aGRLTFBPN1NyWVcvUC90TXBzdE9oaU02bmdFRURjVC91Y09qRXM4dkVtUDB4VFd3R2dWSzRlbUlKUUFPClRsc3ZFWGpHUFF5VkFvSUJBRU1PMndIZ0lGZlRzcDhpM2NzeWxsenJDcUJvYzVKV0dmT3VSSUpJZXBsdEFjYWcKcUVwMXRIZHpWSGl5M0I5UGgzOTl4dlNZVjNJbWZ5WVV4YTBrK3JoSEtvTGQrdlJLK01JckRVTmMrbEhzbHJWRwpzKzFWM1pHUzFvZXhUS1dCZ3hLM05EdW9vd2pPRllWck93aFplMDRNTURIV2Jwd3h6SUtGNUhOS3dtSzBiL0YxCkdxS2gxd2RFV3lDSXhrTE55RldBMDlJWkZhUVNSMEY1elJZKzlBRXhONGhmb09mWUJXSUlLZmtBWlFMdlMzTDkKcnFaVHZPWmtBWmd5UTFtZWhpUFVvbkIxdDM3WW0vQ29DZEdiQVI5WitKUTRLWkk2ZGwzb3JXb0lNdnl4YitBMApvT1MyYm0zUHBlbzBzTTIwVEJKakpJMjFyQlBDck9YUkl4Kzl1WlVDZ2dFQkFNM3NMK2tKL21icXBBb3I1REIvClJmekV0a3RyWkxYVW5rZlNLSXRBUzYvKzFpa1NWbFN0VDQ0cVMwdHVTbFJsa3V3cjhHYjdteGN2WStCU21VUU4KczI1UGtuK2V5WGlnVU5ZbmF6RWlNQzc3am5YSHB2bm83MzdzV2ZmSkZmQnhWV2Y1bWZkZmg1Q0F5bW1oWGtIUwpzakhnWE8rTm13R2s1M0VZSFdZUWl5dDJqWDZYNldiWlp6b2JDVldLbU11Y0hJUzBZN01oQXl4UW5LRDVhVVpMCkdpN2R4L1Q4Y1czREltd1dUajRyQ1R3dVBuRWVYa0xINi9GdDVFL0pUTDVISE9oczgwdjEwVkRZenk2a1NlcUwKREd4eHREZ2R6TkdPRWxkNkVYQjF6Z3EvekplRk1xZUdOc3RDRXV5OU1QeUs2S1RtYk1PWkcwckpjZWh1RVZxRQpJMWtDZ2dFQkFLOFYxOTh6dEVRVUdHdEpabEVVbW93SVZJOERsQ2lJR0pTS2JmT3RJdkFWRDJRdnhzQU5DVzd5ClZCUGJlYXJkMktYUnRhYmxMYUw4RDVvK0FHNUhNVGlodnkySng2ZFRjWUFBRm5tMGY5eTkzbE9HTlJqWStuU0wKQnZwT3ljVlF4THVyTzlyaFFsZWxnMnZjaUVpOS9UT1VqUkZKZ1hYNXJielYvdmFyTTB1OVlQMGRZYS95WkQzRwpPZ2hJQ3diZmk3WHBtcEJldDJDQUZqczVFRUpxOTFRTjlsckNqUTBjd28yRmNBL1JjRVFVY1Ezd0M4QVc4aHpBCmRxaEtYYS9NOHVxS21VUGViVC9YaFRNcnJaUHdKRUdEWndlT085QVFJVTdlQk1scWVHamlYYTRRVXcybktjblIKakRQbmMyUG9ZVk5VTExZbVkxdE54TWxrTjZyZWVOaz0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=" + create: true # Make false if secrets are created directly in k8s + crt: "BASE_64_ENCODED_CRT" + key: "BASE_64_ENCODED_KEY" userpass: create: false # Not used with mTLS jwt: create: true # Managed externally - key: "LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRE8zQndqWXZWbjJxUkoKNWlMa3lIUHRPemJkZ2JQd3dOak9YbFdrY3JQNmVqME1UQ2piSzhmTXQwMmFDRWRySzdJdk00TnNzcmJtTG16aQowWE5nbzdxWTcvcUxGZ1BzMnZyV2dIQ05WZTVjbjNlOEF5TDhseFo5U2FtVUV0TlhneWoySnEzVlFTUVpXbzRLCjJFTXpvTkhLNGhHWW1WOThBU1BLYWVyVFFmTTAzR1B0dmcvTE9BMTFBOWJEOExhbVc5Q3JsVUtCblU5cTY1WHAKaDVuRmcwNm5ZWFF1YWpwdzhTLzlpd1hVSHU4REZZcy85NW9SS3FiYlppOFBQZjN1NUgzOHhNTWVJSVNzazJ1eApnaER4NUlITWRxcjd3S3B0WUM5cGlybDh5a3RtWVJDUWl2VHZjNmZFVUQzcDdHNkZ1K3R1Wk53RHBvdjBIOGxhCk5FbThVem13YThJNHAwU3MydE5xbGJtNDM5M2Jzc3JzQ3pkOUE5SnlmdDNYZ0NZZWhaZHI3Y0NMSEdTaTl6amgKdFc0V1ZadzIxTi9yM0hrdFBsZ01uTVR1TXdVWjI3LzAvSm9LQndPd0pCajJZNUhkSWpucGxKNHhqejM2M2FveApiaW0rYk9YZHBFSTZ3akNTY2w5MVVESThPTWFCVWMvTGkySGVDR1dOemRrOUhkTGt3VEhIa2tzSTFkdGladlYwCkx6ZTBqdUFBaGJJMW12ZnFabkdNVmdaZHIxUUc4MkZlVllmK2t3S1pseWxFVytiaVlEL1hWM1AwMnRlRERZWnAKM0crNGQ0WnRFUVJyT0ZXcy9PWUU4UEw2dnBpdGxLSi9Xd3RwU09Yd2pGWThibVJ0akVQVmhLRzZNOWIxTU1BNQpaR0NjdUdOSFhwOVg0NDU2M0dwbXdMRlRxRE9Cc1FJREFRQUJBb0lDQUFHTE9zSUlXbXJIb3RlQzJsS1JETzF4CnRsRjlwdk5HYXkvU0hDdEZxR0oza0ZaVHlLL0hFajhNeEsxZ1A3RTA4cWZmeDJ5em9rSVNTV0dCZk80VkZyN08KdHJUY1NaUDJWKzRySi92a0R1cjl6VEhYNTZaUk5kdWlSYnZiVHB5OTk3dXJrdnRQR01jQUtpUjZVL2tTQzVMTApNR1N1UzF4RWNXa1F0STRXVlV0NUZCMVpnR3BzdlF2NUp2eVFJcnJYMzFVeWdGd3hpWDdUcW9zalJoSm5iaG81CmM5bW5WUStUK3o3V0QybHpnQ2Jxblo4UStPTkZLVmprbUxnUlIwQ0Z6OHRueUFtRTVseVgzcE5FOUYycnpneXgKdTRtMHVNam5jWDhsQ0FpZWhXVEtsMm91d1ZCNnNWODVscGEwK3lld0hQd1dVRjZPR3dnTHh5L1BTVmdZbW1yNwpWY0QwNStabWhaYjk0ZkNXK3k5cjdFM1FKV2dZQ1ZaMHZPQ3NjcTVFTXl2RkdCUTFWamU5SzVhNnFrSHpMUlErCml6WlhhR0o5R0ZMOEpFODdQSTNqSDJlQTV5WU1JaEMyQStsUWlHMTdGb2lTdjlqdFRvNk5SejVUZTQxMVBFT2kKdkZrNm5iOEkxdXdDVkxLZkc5cjBoYzkxQTdTb3A1K1B3YjBka0xlbk5FeVpSeWdzS095ZXRvSTdpem51WmtlagpoVEJyc3VRSXlwT2xqRGZCcG52bzVxZmtMd0ZwT3FmcGZlekpGS21Ed1c0b0ZXMzQ3ckp4TjJjaGZEYkliMUc3CkRSNXNOSWxCOUMveDlhMTZjN3J2c0czaHFocjlWSG9VWXlWREFTdkp2MU1qdzlSV3FDMXNSYm9VZnBOMzFDdnEKQTdCSU9pc1AxK2RVN1dacDZwREpBb0lCQVFEOGdQTmFrWndubWpKdHk1OWcyaFhqNlQrTWN5M0kyc0N5ZXV0OQplSXhlekMvTWpUQ1NEbElwSXluckhWdTY3amFHVmFWNDRBT2N1MFZoU0JEL3M4THVIV1hlcWF4WGxCRnE3YUVYCjEvbmkxQzVFRHFaU0VzdmR6QnJNL0RpSFhqU2FkMTFPT3J5SW9xU3JJamlFTkI3NlZpdVUwM0E3MStiU0xHTmcKSTJ2YlZQS3BIeC85L1hxNlBuQlhMY2d4d09pNnNQQzVlWnEvYkFjUHlYRkVXZXh1Vm5rM3NQYkwrWlhzLzJFRgo2ckJJQTV0R0pKMllzWkZZZ3lsb3h1cTh3ZEJpaHNxTjFYMFJLdTlOZTgwUkVpbDBZbEVrWDZEclp0cFVITHpyCmZJT1FuT2tBNlhreUxaZVBVbGJVcS92VVU4WUk0Z3hlZUVvdHpVZmg4T3psYTNoNUFvSUJBUURSdVYyTnJJOFMKbllGeHNwUkZYVEQ2eXd0ek0rMGdMaENmUkNkd3V1K1NsQWlpU3pTam9RM3ZteXIvZ3RrZ1FoaFJjUVF2QXI1NgpweU4vSEtDNXZrVDVwcTRZODl3QUcrVVRoUTA2bHVFVW1uR1EyUHlxd3JZdkpRU0ZIQVZTRk1lWFByOWdlaXc1CitBbGRjbTkrSnUwYUttaUN2T3RhY0Z4RWR2R0cwVS83NzJKUW1peFRJMjhZQWJEczdpR3UydWIyRS9JTWNiRisKeXpJZlFGelJieTNoTUd6MEJmUmEyeVR6K3dmbmcxLy95OEROcnRRNUdMcVp6L21HeDFpOXFKYjkvaktGT3k5MwoxSVdBRXFmaXE2dGJSR1ZocVNhSzZ1Szh5TlBEVVRqOXdIOTVFbXNENEt2MzF3Z1FUNUhUOVhoNGpsekZLV2R2ClhpaFFacGZzbVBUNUFvSUJBUUNBbkpuWFp0Vlg0cFdQRVNrejVzRkJuaHV0U1RsbjFleFN2SU5ZSEYrN0pWdXYKWDdiK25lYkJaMVRCbWVtUU5DZDNrd1krcERPUzBGeE5hYXltNFlRSFR0Z0ZhdjBLZXJQSWVCTVdsdjZEeDdsdApGdDBtYnNhQ1NhVFpCaHN3OEEzeEk1MVY3RnI5YVlKZ1hJVFc2Y2xoanlTUm9JVEpKblkrVlRla3owWHZxTHdVCjRuS2tKMGtzdGdMNGxLd2trM0szTE1yZ1hnMHhOUy8vbllaZzMwQ3JEc2FkVkRqUXVtYmdHVS9zK0pZamlCcTkKeG9hek1MYXNrOW95c1NiOVQrYjVXRml4bDYwbFltNFRWRnltTms4QkpkYllwUkRNOWsxOGpFcTUwMmtiN3FCTAp3NS9rckE1SGhSUVBMUzZPL3NDZTQ2eVRMY2Z5dmwyL3VyeWZPbmRaQW9JQkFDQU9KaGQrZFl2UjJUUW9xSE1GCnNIUFV6eFkzckpuTGtLelhQUFFGRHBNbjN6MzNJcitUNFU1ck9DSS92TElxaUE4Q3FESUxTRlAwOGY3K3dDNUQKdjhVc3pkVndpSUxYd0tiQUltcC9IejRIOFMzRGpMTUkrZEd3NWNUMnFIV0lTWTE3Z01MZFNaOCtveWZPVXU1RQpRdDlKOWhsdGlNZVUvdlZUL015dmQzczVkcHg5UkNNYyttRC8rU3Z0cGVaVS9SSkZzQ3hvd0VseUEySTFjenByCnRPYURnVk8zQ1VkTjBaTWRIbk1yYUdQdm43T1FjazJiMHdHcGdTa3hsUVhBRy93TWUycFR4b2laU2lKdU40ejAKMGtjcjZCY0tSS0xkRGZUdStUY1VWaEtxOXBEcDJNT0o5cDcyRmZ4d1BRalpyeVUyRlVYcGN5N1poRzN0a0hFUQpXL2tDZ2dFQUZKYjhjZ2V0N0RpNC9ncmJlcFE4YWpnckN0TFh4aUo2Q01DUEJQSU91QVpXYTAyd3NCdVpQTk1QCmg0eWplVlZZbTB1SDc4YzdJWm5xNUp4eGxXNEZzZE5sMmhJdWZnRHBaR1pRTWgwK0NHSkM2WjNSczZMa2dFTmwKaFJZYmNwbk1zOXJoekNPRkwzdXVrZEp2YWljYklVQ2t4WlJHb3ZSRFg3MmROZHJpcUJlWUY5enc3dE1VU3BUVAoyeEMvWlA3REJQQzVRbXRvNjlTQ2ZndFdaRGIyUldUMnQ0TmFHMWY2M2c2MXJDMzhYT3VXV2wzYjhhL0RXZnhOCm5ici9EeXp4K3pMTzJjS3N5NzNBSjN5aElHS1F4WTJveS9HYlpzRzAzZ1d0eFNpbVJpdFZ4a1Bsd0lGZ1NzWmIKRXBWc1QvUndGOHhwajhsbFhFWVIwZkFaZ0JFUHFRPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=" + key: "BASE_64_ENCODED_JWT_KEY" # RBAC configuration rbac: