From 0ae3c68b9cef157a045e680b458d52c736b95dd9 Mon Sep 17 00:00:00 2001 From: Sheogorath <sheogorath@shivering-isles.com> Date: Tue, 26 Apr 2022 02:55:30 +0200 Subject: [PATCH] feat(mastodon): Add intial work for mastodon This patch provides a full mastodon setup allowing to run mastodon instances on Kubernetes as well as migrating the existing mastodon instance of mine to the cluster. As part of that it switches to OIDC as authentication method and allows to run on a Database cluster instead of a single instance. --- apps/base/mastodon/database.yaml | 25 +++++++ apps/base/mastodon/kustomization.yaml | 14 ++++ apps/base/mastodon/namespace.yaml | 31 ++++++++ apps/base/mastodon/networkpolicy.yaml | 18 +++++ apps/base/mastodon/release.yaml | 83 ++++++++++++++++++++++ apps/base/mastodon/repository.yaml | 16 +++++ apps/k8s01/mastodon/certificate.yaml | 64 +++++++++++++++++ apps/k8s01/mastodon/database-override.yaml | 7 ++ apps/k8s01/mastodon/kustomization.yaml | 9 +++ apps/k8s01/mastodon/mastodon-values.yaml | 60 ++++++++++++++++ 10 files changed, 327 insertions(+) create mode 100644 apps/base/mastodon/database.yaml create mode 100644 apps/base/mastodon/kustomization.yaml create mode 100644 apps/base/mastodon/namespace.yaml create mode 100644 apps/base/mastodon/networkpolicy.yaml create mode 100644 apps/base/mastodon/release.yaml create mode 100644 apps/base/mastodon/repository.yaml create mode 100644 apps/k8s01/mastodon/certificate.yaml create mode 100644 apps/k8s01/mastodon/database-override.yaml create mode 100644 apps/k8s01/mastodon/kustomization.yaml create mode 100644 apps/k8s01/mastodon/mastodon-values.yaml diff --git a/apps/base/mastodon/database.yaml b/apps/base/mastodon/database.yaml new file mode 100644 index 000000000..7e3c2eff0 --- /dev/null +++ b/apps/base/mastodon/database.yaml @@ -0,0 +1,25 @@ +apiVersion: "acid.zalan.do/v1" +kind: postgresql +metadata: + name: mastodon-postgres + namespace: mastodon +spec: + teamId: "mastodon" + volume: + size: 5Gi + numberOfInstances: 1 + users: + mastodon: + - superuser + - createdb + databases: + mastodon: mastodon + postgresql: + version: "14" + resources: + requests: + cpu: 200m + memory: 2048Mi + limits: + cpu: "1" + memory: 3072Mi diff --git a/apps/base/mastodon/kustomization.yaml b/apps/base/mastodon/kustomization.yaml new file mode 100644 index 000000000..417087c82 --- /dev/null +++ b/apps/base/mastodon/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: mastodon +resources: + - namespace.yaml + - repository.yaml + - release.yaml + - database.yaml + - ../../../shared/networkpolicies/allow-from-same-namespace.yaml + - ../../../shared/networkpolicies/allow-from-ingress.yaml + - ../../../shared/networkpolicies/allow-from-database.yaml + - ../../../shared/networkpolicies/allow-from-monitoring.yaml +patchesStrategicMerge: + - networkpolicy.yaml diff --git a/apps/base/mastodon/namespace.yaml b/apps/base/mastodon/namespace.yaml new file mode 100644 index 000000000..053b7f567 --- /dev/null +++ b/apps/base/mastodon/namespace.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: mastodon + labels: + pod-security.kubernetes.io/audit: restricted + pod-security.kubernetes.io/enforce: baseline + pod-security.kubernetes.io/warn: restricted + pod-security.kubernetes.io/audit-version: v1.23 + pod-security.kubernetes.io/enforce-version: v1.23 + pod-security.kubernetes.io/warn-version: v1.23 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: flux-reconciler + namespace: mastodon +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: flux-reconciler + namespace: mastodon +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: admin +subjects: + - kind: ServiceAccount + name: flux-reconciler + namespace: mastodon diff --git a/apps/base/mastodon/networkpolicy.yaml b/apps/base/mastodon/networkpolicy.yaml new file mode 100644 index 000000000..ce0d1df1a --- /dev/null +++ b/apps/base/mastodon/networkpolicy.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-from-ingress +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: mastodon +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-from-monitoring +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: mastodon diff --git a/apps/base/mastodon/release.yaml b/apps/base/mastodon/release.yaml new file mode 100644 index 000000000..73abfe825 --- /dev/null +++ b/apps/base/mastodon/release.yaml @@ -0,0 +1,83 @@ +apiVersion: helm.toolkit.fluxcd.io/v2beta1 +kind: HelmRelease +metadata: + name: mastodon + namespace: mastodon +spec: + serviceAccountName: flux-reconciler + timeout: 15m + releaseName: mastodon + chart: + spec: + chart: ./chart/ + sourceRef: + kind: GitRepository + name: mastodon + namespace: mastodon + interval: 5m + valuesFrom: + - kind: ConfigMap + name: mastodon-base-values + valuesKey: values.yaml + - kind: Secret + name: mastodon-override-values + valuesKey: values-overrides.yaml + optional: true + - kind: Secret + name: mastodon.mastodon-postgres.credentials.postgresql.acid.zalan.do + valuesKey: username + targetPath: postgresql.auth.username + optional: false + - kind: Secret + name: mastodon.mastodon-postgres.credentials.postgresql.acid.zalan.do + valuesKey: password + targetPath: postgresql.auth.password + optional: false +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: mastodon-base-values + namespace: mastodon +data: + values.yaml: | + postgresql: + enabled: false + postgresqlHostname: mastodon-postgres + auth: + database: mastodon + mastodon: + persistence: + assets: + accessMode: ReadWriteMany + system: + accessMode: ReadWriteMany + elasticsearch: + enabled: false + ingress: + enabled: false + resources: + limits: + cpu: 1500m + memory: 1280Mi + requests: + cpu: 200m + memory: 768Mi + redis: + master: + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + replica: + replicaCount: 1 + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi diff --git a/apps/base/mastodon/repository.yaml b/apps/base/mastodon/repository.yaml new file mode 100644 index 000000000..a2010d285 --- /dev/null +++ b/apps/base/mastodon/repository.yaml @@ -0,0 +1,16 @@ +--- +apiVersion: source.toolkit.fluxcd.io/v1beta2 +kind: GitRepository +metadata: + name: mastodon + namespace: mastodon +spec: + interval: 5m0s + url: https://git.shivering-isles.com/github-mirror/mastodon/mastodon + ref: + branch: main + ignore: | + # exclude all + /* + # Only allow helm chart + !/chart/ diff --git a/apps/k8s01/mastodon/certificate.yaml b/apps/k8s01/mastodon/certificate.yaml new file mode 100644 index 000000000..538bba9c5 --- /dev/null +++ b/apps/k8s01/mastodon/certificate.yaml @@ -0,0 +1,64 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: mastodon-tls + namespace: mastodon +spec: + dnsNames: + - ENC[AES256_GCM,data:niDgEwUYFvVwphsTTbyaTFgRFA485QWfu0qcoXQ=,iv:V4CQAUiXbERf6zm4+vvfcNWZT5NuwiWEo9eKJs/3I2s=,tag:mQskxy4Yor+X/VsDvxYHzA==,type:str] + issuerRef: + name: letsencrypt + kind: ClusterIssuer + secretName: ingress-mastodon-tls +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-04-26T00:23:14Z" + mac: ENC[AES256_GCM,data:y1Gm6OfQ8hfXzQJlKHFQbF1qnyxJzNrxY5rVnbRewfJz2p7mjelh2e9enJdKq+5DKQ3tpetoNQud2jP80TnNdjJ5/aU/XuV2hrK8rT5BdUjo70YLlMfYhFoHom6vSIAtpX6JEXs3XsaGLZzJhmRMF/SVx3yZsoZ3jBn2YLTzvK0=,iv:Qef5YmkK/GRZP4e+jYa1JZJNS4aWBx+/eUQPMd8VEOE=,tag:MrucEEqBUBjRg1JwdcFxXQ==,type:str] + pgp: + - created_at: "2022-01-21T18:13:48Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7kpg2bgzVHcARAAHhDshl1OJqNRUolNvbIXzOuDzssJnvyi6cIZuMmVMsxf + a6wAWAtYOehvtn1ODL7/h4fIpBtfp7d8VuwfJSrh3ghUeiOl3zRzQbmaFA2L5/iG + Jd94tFAVwIl30qjcYqGVB2RF27VF1RElzgDLQh3hiXn1hDC+WmNSnBF5hwnwCFOL + wM4BHuE2AB4TX3PlYSo1n71VSzcCqRzbIxelZasYLnJQVL0VE6AjEd/fHS468R8N + aZ3mhmHW3sWzuLHNREMD2Q3ghkguLhau0VoETlYRI9103I4k7/khFrhAj5l2/PUr + 2SWgpXyRqXVaKPeTiQs3QR8B5jNq3BlZj6Celw5Ig/wx3LY0EhI9e9WFgtSlZxM+ + 2yk65HQGvTIgsbys/z/0skA9vqik9csFRsH9iK42E/+XLvoAT6yxyl0cv1kBEyAS + ggPmKOq8+CT+voHzuh8kZHq9Sa8kH5xL1DQLzX2yIruV3OhTPSK+VlDpjUbycmI2 + qR1oCo/snOJwwwvfl9vu0B8FCwhrz8554ZQBErFfJl6GFiUV8LElRlZh5S9Jiysr + nYJS5gxrcvjF/0Y6EHEfWDRDxvCHoWQpWhl2hRkh5UlQKH0ab+QWLYpISyNJxjfl + orQJdaVX3BQwhqMLwiMLGoaNGrSpmxXveLOZmsdK0obXC67lyE6ZM/Wy6gx2dFnS + 5gFdXCLzQmmjYK8gIlsejQdnxZI2qWavZIN9T70OZQGaDE/S+U1uxKjuGBM7HTcP + 7f1nUa6z96A9ydWs1xHjtm7k172V16PMSrvjQ8KLhFJd9eJDq3ksAA== + =XgF6 + -----END PGP MESSAGE----- + fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601 + - created_at: "2022-01-21T18:13:48Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4oYbIHZIrAPAQ//S/9rOkbd3beNH20dxgZ7VuZxgnjiV3Hd3om717njcMm2 + kCfTJ3AmpLtQsT2s1W221tIyCwtHOobj82ANP9KzNi4e6v3LlNTIVHTQiHXk9KJP + AX6JoCOLu3bAI0xcdApNBU2wAlHBVC+T4BUfhPqD5AdHpW++e1qUIsM/6TViunHj + BWoIA0bpXqyOhTm1GbkJrHMgczJn2qgR5lBf8wgGmASd8jlNyfA7SxoKHj8sl/Ji + nucP/90dmyD2eBIJYdYS3anJYa2uP96oioG5xxIyfppnL5dwozDAit3Z5vvnBZNb + 1rrpUnN8H0cCcaj7tmDEmjGfjGwxLKegQRZX7Pg5hwaaOOPGheXf8Ip/DpDf6T0n + Sq24X6DC5gD1RBU+YY6ZayMt/OKpVVVwRlY4BTDIUe4M+ecK/fve5vpDW2M+KWMc + pOkO1B09/prsX0w5XjFh8hb/6HlDDhomiB+BszcRCUDzocRzSEIFwMf7/iTaExe8 + 2fKCCHB4kHo6GHpydlQOpnGMOvDmiNKopXxTkFQUFQjyRmHGXf/u79JNXBjHkniv + ZiokjTEarwMp68dyiaL4L/5Uk+4NG3MetobqSaeW2TbeBwif3G2eFleYscz7QPIR + 5ZBBhU/CoUEz2Xge6t8rlp8PNcQ1yq/R+tZjaeqIIT4++ZxCErhA0lsxyFrgLefU + aAEJAhD7hR3IMDGN2zOZSiw1IBz9P8Jss/oERQiuVpe/eTv5Vqj9vuL+koKftwnF + vSVkNo0fLwNLtnU659Mkoj9utoUL9tAhcCMpP3NehKkBG5RjF9crnIP6zT3lvVU0 + GYyW4Lsfrt/a + =FfV+ + -----END PGP MESSAGE----- + fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07 + encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL)$ + version: 3.7.1 diff --git a/apps/k8s01/mastodon/database-override.yaml b/apps/k8s01/mastodon/database-override.yaml new file mode 100644 index 000000000..d71bc4f0d --- /dev/null +++ b/apps/k8s01/mastodon/database-override.yaml @@ -0,0 +1,7 @@ +apiVersion: "acid.zalan.do/v1" +kind: postgresql +metadata: + name: mastodon-postgres + namespace: mastodon +spec: + numberOfInstances: 2 diff --git a/apps/k8s01/mastodon/kustomization.yaml b/apps/k8s01/mastodon/kustomization.yaml new file mode 100644 index 000000000..7ef6ec96d --- /dev/null +++ b/apps/k8s01/mastodon/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: mastodon +resources: + - ../../base/mastodon + - certificate.yaml + - mastodon-values.yaml +patchesStrategicMerge: + - database-override.yaml diff --git a/apps/k8s01/mastodon/mastodon-values.yaml b/apps/k8s01/mastodon/mastodon-values.yaml new file mode 100644 index 000000000..653e3a27b --- /dev/null +++ b/apps/k8s01/mastodon/mastodon-values.yaml @@ -0,0 +1,60 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mastodon-override-values + namespace: mastodon +type: Opaque +stringData: + values-overrides.yaml: ENC[AES256_GCM,data:WhRLgOniGALNUrc+mXEArPWqmiU3y90hxIISQgI/PaZ+DXlNZIfCSSvhyk7O6VdwHRSufY1IZyTtykO60NHkmBtk/jMai2q6+Mb4nrsgeYT4QHJez9uiipJlNGXxmjGkHoD72LOSbXW7AR2YBpr2itqic2VrNiFFmSL/ezZ5kVxk10/mGWu8PwisqPuXiuAsOOx7f4uwZjbiFZtrdcHCPz+nCCUc2WpAoDnj3Flo5D6ZPe39HchQbyJxLGMyiYWxMVUBwtvflCK3HL62uCjykr8B8GkCRX087FbQkC9K7P7o40Qt3NT5T9f7zMphcNxI5cXKVuHlnOlsC8KgOjAVxBPBM5IPBJj3VGvKx3Crrl61fCEgX0c8M33OTa6zqox9Oc9GaoqKCHZmjSkXakznQeNyRXT/7Wi56LMRIQ9t3il1u1oiT5NAPNA92rauDuHDRYCvM3HmV3BdSHJKQQYPbaE43+RgT0wwmFTMUQSNIUwdKF36lsitNDugT477Y2ewLzzzhG8RFLwPGmlwaScOPdfpiBplpu4WXtCCpEePO663jACxuawj4nJh3libOYO5QfsFPFToiNA6rCZHM4Kve0Nt70+HFmCglHMOTZjIqgREj/WFycR8b7aJFJBVmWpbbcdAERBMbhHY77a5ZDQWHrxp12kqMi6irvtQM2jERYvL69F7Sjs4MeO0wYrheQjZoNMGpLjxnXSB3/yl/yHXH75X4BP2Y6HQev+ioj1esI6M/1KBEn9hMA7n1TSj7ATGnC9+l/y3WvG8WYeuW5wQnULjNeVlul0reig307KXLCiCFihmqdOITO4EoXa0EVKxx3vubiGN32+wbWHqlxHAFa6/OlSTYPkvZg5feBYc0ILerwmEomWfin7brWm3aELwT6JE3+pWbB8yAyp6Q3KYt09L1Puo/l944zRmGNAw8Ct4PCfAUMPrVbT7oF0XNh31EnSmsHsr2yFnKUpTn1pOGKQT2Z4njxIEEKy2H1XaYiyWCp3R1O08klPDxpLVPfhgH5fqEQjunEIXhrS0MmmTeHp+nJboISw/B2mZ0/FUAvX2DhNkciCigZNcPgqv2msUQp9zUTsvjwdBlYQElDZt32wjbrkX3vNGW1TSMK04blkmQ5jg1KagOxIS5xM07xoh4ggVMjxj8JYxmlUROl4Cg0AV5sUK0Ubnfm60bsIB1aZinUauIDJcEErzpQL7rpqoEgHVZSqFBFt8sbsbXoIrrhGrjokDpNQmJN/zJ+0JBFJX3467d9zDfwA5q4ds6XICwyzlyU36btsS7ISC+ZKclayDVL7XeqDQGSryVxjNxspVLswUwMa8rR6He+uDtbPs2IgQmca1leXo17fbCl179tKnz0WyHqdXusc7thRwsrG6hizScX5SBlylsrNQ777dLNiDzExbodNddwy7ei2aVlvk/nZvT7a18p8LnAFTzQ83OYKfw5QsnK61IbfKwEwYqrLDWSVNgzy6EfWgkbekA3wIe9USQR9/BU4OUThbp6dscjwRWLdBxRj5WekYBsIoo32iqINgGFh17r0TotkOIU6xUkqGFIYu63Z/riMrf5HgFzrERLcw6fgHOBUx0mKjgle2n+UkXNYBR7dpgLRku02BPfGKxUQ/mHU3dky9Pu1Pbo1IFg6H4pvJOfkCw/7Abf/e+X5ufitqfrPENj88gWhXpkHbIDmaAlRgkFEepDFoQglC3cO2k7dblpASRQF7k8FmE+9RCeb0nB6gFd0QxLJRbyZ+o0NvZLD5clUCM8qWkaRi5/SsU26nahp69z8PmB1N0omuPzDHdJVN7hzgASgOodA4Ebj1TmfhI1bgtxXq8HrdVHTHg04UWJ68zZjQuJdcu53aOJJuJZnIaS3DJCxYVix4k+Sm4XjN0EQ0Ued4sFQW4Ae/F+eYoeJnhnJwUQmHeQvHUOI1ZXUKmbxqLitl1Hpk6H3Z10N3ZdmN7Hh4vd0OEwyAIGMIhKeeyd5V5McPoHxZRMWhxIhFFcjGVWZOk4pN6ZF2TAPAZhV1pRcPN6Sqdh4/Qyi8yGNpaSOBw067KecCDfXWqixU7hOfQfrU7D0kpJ0PWmjkKfKWmS9A8KFQ3IjeItNSFTEGyNyis0llZgkoRQQlQKKUFOzyZ/ethIZgNH/5bW/YVI6yOsowMxJ07LyI2njwL9GnDJk78/pztWOPEvpyPehxolw+UvR6UzLLP+XSUPtMVx1nEJaAeTHBlC0YQoBVIfDLJKLh6D08JV4XF9SpeRPqc6gB/Ary92biJw6Ggw+xv5rdXwb24KpAekDChwHhxZcyIfxXLvuArlIwAptiNMuQCnJAV9nk98XMBCABP841iiWv5q5u9YeCVXHkP0Np,iv:NbBLLwzing1X9eTrmdkI/Z2/qG8kvsbouW1AXyRaaD4=,tag:t0vwO6ZPRXkH4iAqJo0b3Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-11-01T21:28:48Z" + mac: ENC[AES256_GCM,data:ZfZCagGfk1car2uY+ORTEQUwF4SCbJbdndTGIg5tJWSqbHjKlcinZNLj01XB1MAv5bWRQnBmKElgZv+1zfjtQv8gBJfpnYOJkohM5nMgKTEuIquz8i5WUDfBULh1/gGdjxytapKhrlW6xeB49KpZ8mM/TM3wgwA/VmlxgrXBMds=,iv:aJYWUB4+QgIsUGkpQJnDqWEckXg9sQ9RmDRNTxTBCoM=,tag:M//jSL7oZ2Lw634LYw75jQ==,type:str] + pgp: + - created_at: "2022-03-22T22:26:35Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + wcFMA7kpg2bgzVHcARAApcdDAfEgx93xGtkm4f7xTuRhvUyl8lw85rIHbWcAveYU + ayU88OLaoQyeZDZkOXbtxMHpry8GbId6vPAJ7KflT2eMP0A4uQGSSCQO6+5QcaYg + sbO/zT4vdprN7icLbvmmoK2Dh+hOo5Z7/7YGmdJfaaATzT2BGL/cVS1bonI83vXR + lzlW/DglIe7oNEKGVT5vWR5uGvq/dJwSRe/34eutEnJuV30imxHOcpxy3uXJFFXJ + 3eKTk8dNLz3UE3IeUjbFdPFZYU+grOAOOCZRK0IOYFn+SF7E3dewgiwEdaXzz3gK + /6aEMEmf5vyVqn9jOaqZhKRqE7tW5HnhwIIlxcMPhkLVZvYf4F2EDA5f12C2hdp0 + s7fFhU7v5GgFaHMJuaWVPxDnWTrNIst9bgeJv/N4RVfrLifrZJcqa9lE8ou0iCr5 + dLi9d6UjsgWAREIViz+Uz7dJQ9QeJ6PGYgg/xgf0ihJFG7sx+TBG58DKb3G3tyUV + 8hfK8Ou9m+zYnd13mJ2mV3rY0rmXusT+NcqTG2G4bBG5NimGpJS3rO7tAjjp/8sN + hMM46ay0vVTUXx1FwmjUFDG1e4sc7fKxTaCBizMjeUfZpAOiy/10YQmrFHBsftpo + K5j0nFMoG9NeO+2ffEmLhRtxvMe3WpINk7du3F624rYIGCB0aNUP69FCeJKuUQHS + 5gH5AwnxOAtQakDksfLxJhUG1NlaS0iAFkZkTTibvOJwsY9L/scDDQlseb5zBKaZ + sOPwmn6hL4KavxF9BPG33ILkZKbkcvlaTlAMMY3iBs+MZeIB4+i/AA== + =SQqg + -----END PGP MESSAGE----- + fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601 + - created_at: "2022-03-22T22:26:35Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4oYbIHZIrAPAQ//fGGoDT5KfsG/o6r5xhDHSc0IFH6zT2TFIB6TuA5SwHfV + 8t3IeKD0bE//4f8AxGAVocw+AetolwrQL/Tl+n0UV9P44Jeh5VlCAGltHcowR53o + zdjS3+i9K3OOvQFhF+aYrPcnc+aTn9KbptHCam0w+Lr2UkYSAPAZHsBcoMp24mHX + 6A+5kP1kaRzFzEn4TCNeTt13W1AsJIoSagkBWfYRBkRPk1OzGOuYqX6yeqj7a0kM + 8uiloTQgWOiBSOyRtxUJi87CTrMXyb0F2E9HMyhgRnzF0YX0ZU0UVG8MNdRL8eFD + WYY68OK7DQw3zlJubscYQ2jltxKcq5g9qUCw/sXaNurtohIx9UeaHtfp036EMb22 + 5StgGEnBirUzfSrQGT3kuj20lcMtQAr/d1UsmQNjB36eOZSrx0m80pO8JVYL62/O + HLYnAHU52aAPtE7brNEVg4yRLCbWyVY3Z3H9OaTVXwNIMFoMEgkHHnNlsb+1ZnhV + cStKMO3H6W8eXQi3VGIVNhuC1ltsxHQL1I22Kr41JEnuaB9Jy5bsEbrO4XGyDdte + hMI8Gx+0KZAMlKuZKLS6sMa4oVnQTy8w20PtVrrS0zDrQRPpxBrOgzjrNeMj9FpS + q/efiCAOBc8eVd8N/7j66UItwrysfmIfsHWfoPotS7F6WmUHeAyoWjfcvTZyd4bU + ZgEJAhAtdCnHNvUSl5O9XZuSu51pRwj+O72kZXRSJWv7GTT9dsRfuM5Dy9A/tuVI + BuZraI4JyAWb2KbkM6onp3Rh9IcLuzqEYm/ETktxTtO1HlcVPJ2NMcFgTCzaIGX9 + +rtkG7tPbA== + =tvBa + -----END PGP MESSAGE----- + fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07 + encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey)$ + version: 3.7.3 -- GitLab