feat(mastodon): Add intial work for mastodon

This patch provides a full mastodon setup allowing to run mastodon instances on Kubernetes as well as migrating the existing mastodon instance of mine to the cluster. As part of that it switches to OIDC as authentication method and allows to run on a Database cluster instead of a single instance.

feat(mastodon): Add intial work for mastodon
0ae3c68b · Sheogorath · ab19589d · 0ae3c68b · 0ae3c68b · 0ae3c68b
Verified Commit 0ae3c68b authored 3 years ago by Sheogorath
--- a/apps/base/mastodon/database.yaml
+++ b/apps/base/mastodon/database.yaml
+apiVersion: "acid.zalan.do/v1"
+kind: postgresql
+metadata:
+  name: mastodon-postgres
+  namespace: mastodon
+spec:
+  teamId: "mastodon"
+  volume:
+    size: 5Gi
+  numberOfInstances: 1
+  users:
+    mastodon:
+    - superuser
+    - createdb
+  databases:
+    mastodon: mastodon
+  postgresql:
+    version: "14"
+  resources:
+    requests:
+      cpu: 200m
+      memory: 2048Mi
+    limits:
+      cpu: "1"
+      memory: 3072Mi
--- a/apps/base/mastodon/kustomization.yaml
+++ b/apps/base/mastodon/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: mastodon
+resources:
+  - namespace.yaml
+  - repository.yaml
+  - release.yaml
+  - database.yaml
+  - ../../../shared/networkpolicies/allow-from-same-namespace.yaml
+  - ../../../shared/networkpolicies/allow-from-ingress.yaml
+  - ../../../shared/networkpolicies/allow-from-database.yaml
+  - ../../../shared/networkpolicies/allow-from-monitoring.yaml
+patchesStrategicMerge:
+  - networkpolicy.yaml
--- a/apps/base/mastodon/namespace.yaml
+++ b/apps/base/mastodon/namespace.yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: mastodon
+  labels:
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/enforce: baseline
+    pod-security.kubernetes.io/warn: restricted
+    pod-security.kubernetes.io/audit-version: v1.23
+    pod-security.kubernetes.io/enforce-version: v1.23
+    pod-security.kubernetes.io/warn-version: v1.23
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: flux-reconciler
+  namespace: mastodon
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: flux-reconciler
+  namespace: mastodon
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: admin
+subjects:
+  - kind: ServiceAccount
+    name: flux-reconciler
+    namespace: mastodon
--- a/apps/base/mastodon/networkpolicy.yaml
+++ b/apps/base/mastodon/networkpolicy.yaml
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-from-ingress
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: mastodon
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-from-monitoring
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: mastodon
--- a/apps/base/mastodon/release.yaml
+++ b/apps/base/mastodon/release.yaml
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: mastodon
+  namespace: mastodon
+spec:
+  serviceAccountName: flux-reconciler
+  timeout: 15m
+  releaseName: mastodon
+  chart:
+    spec:
+      chart: ./chart/
+      sourceRef:
+        kind: GitRepository
+        name: mastodon
+        namespace: mastodon
+  interval: 5m
+  valuesFrom:
+    - kind: ConfigMap
+      name: mastodon-base-values
+      valuesKey: values.yaml
+    - kind: Secret
+      name: mastodon-override-values
+      valuesKey: values-overrides.yaml
+      optional: true
+    - kind: Secret
+      name: mastodon.mastodon-postgres.credentials.postgresql.acid.zalan.do
+      valuesKey: username
+      targetPath: postgresql.auth.username
+      optional: false
+    - kind: Secret
+      name: mastodon.mastodon-postgres.credentials.postgresql.acid.zalan.do
+      valuesKey: password
+      targetPath: postgresql.auth.password
+      optional: false
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mastodon-base-values
+  namespace: mastodon
+data:
+  values.yaml: |
+    postgresql:
+      enabled: false
+      postgresqlHostname: mastodon-postgres
+      auth:
+        database: mastodon
+    mastodon:
+      persistence:
+        assets:
+          accessMode: ReadWriteMany
+        system:
+          accessMode: ReadWriteMany
+    elasticsearch:
+      enabled: false
+    ingress:
+      enabled: false
+    resources:
+      limits:
+        cpu: 1500m
+        memory: 1280Mi
+      requests:
+        cpu: 200m
+        memory: 768Mi
+    redis:
+      master:
+        resources:
+          limits:
+            cpu: 100m
+            memory: 128Mi
+          requests:
+            cpu: 100m
+            memory: 128Mi
+      replica:
+        replicaCount: 1
+        resources:
+          limits:
+            cpu: 100m
+            memory: 128Mi
+          requests:
+            cpu: 100m
+            memory: 128Mi
--- a/apps/base/mastodon/repository.yaml
+++ b/apps/base/mastodon/repository.yaml
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: GitRepository
+metadata:
+  name: mastodon
+  namespace: mastodon
+spec:
+  interval: 5m0s
+  url: https://git.shivering-isles.com/github-mirror/mastodon/mastodon
+  ref:
+    branch: main
+  ignore: |
+    # exclude all
+    /*
+    # Only allow helm chart
+    !/chart/
--- a/apps/k8s01/mastodon/certificate.yaml
+++ b/apps/k8s01/mastodon/certificate.yaml
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+    name: mastodon-tls
+    namespace: mastodon
+spec:
+    dnsNames:
+        - ENC[AES256_GCM,data:niDgEwUYFvVwphsTTbyaTFgRFA485QWfu0qcoXQ=,iv:V4CQAUiXbERf6zm4+vvfcNWZT5NuwiWEo9eKJs/3I2s=,tag:mQskxy4Yor+X/VsDvxYHzA==,type:str]
+    issuerRef:
+        name: letsencrypt
+        kind: ClusterIssuer
+    secretName: ingress-mastodon-tls
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2022-04-26T00:23:14Z"
+    mac: ENC[AES256_GCM,data:y1Gm6OfQ8hfXzQJlKHFQbF1qnyxJzNrxY5rVnbRewfJz2p7mjelh2e9enJdKq+5DKQ3tpetoNQud2jP80TnNdjJ5/aU/XuV2hrK8rT5BdUjo70YLlMfYhFoHom6vSIAtpX6JEXs3XsaGLZzJhmRMF/SVx3yZsoZ3jBn2YLTzvK0=,iv:Qef5YmkK/GRZP4e+jYa1JZJNS4aWBx+/eUQPMd8VEOE=,tag:MrucEEqBUBjRg1JwdcFxXQ==,type:str]
+    pgp:
+        - created_at: "2022-01-21T18:13:48Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            wcFMA7kpg2bgzVHcARAAHhDshl1OJqNRUolNvbIXzOuDzssJnvyi6cIZuMmVMsxf
+            a6wAWAtYOehvtn1ODL7/h4fIpBtfp7d8VuwfJSrh3ghUeiOl3zRzQbmaFA2L5/iG
+            Jd94tFAVwIl30qjcYqGVB2RF27VF1RElzgDLQh3hiXn1hDC+WmNSnBF5hwnwCFOL
+            wM4BHuE2AB4TX3PlYSo1n71VSzcCqRzbIxelZasYLnJQVL0VE6AjEd/fHS468R8N
+            aZ3mhmHW3sWzuLHNREMD2Q3ghkguLhau0VoETlYRI9103I4k7/khFrhAj5l2/PUr
+            2SWgpXyRqXVaKPeTiQs3QR8B5jNq3BlZj6Celw5Ig/wx3LY0EhI9e9WFgtSlZxM+
+            2yk65HQGvTIgsbys/z/0skA9vqik9csFRsH9iK42E/+XLvoAT6yxyl0cv1kBEyAS
+            ggPmKOq8+CT+voHzuh8kZHq9Sa8kH5xL1DQLzX2yIruV3OhTPSK+VlDpjUbycmI2
+            qR1oCo/snOJwwwvfl9vu0B8FCwhrz8554ZQBErFfJl6GFiUV8LElRlZh5S9Jiysr
+            nYJS5gxrcvjF/0Y6EHEfWDRDxvCHoWQpWhl2hRkh5UlQKH0ab+QWLYpISyNJxjfl
+            orQJdaVX3BQwhqMLwiMLGoaNGrSpmxXveLOZmsdK0obXC67lyE6ZM/Wy6gx2dFnS
+            5gFdXCLzQmmjYK8gIlsejQdnxZI2qWavZIN9T70OZQGaDE/S+U1uxKjuGBM7HTcP
+            7f1nUa6z96A9ydWs1xHjtm7k172V16PMSrvjQ8KLhFJd9eJDq3ksAA==
+            =XgF6
+            -----END PGP MESSAGE-----
+          fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+        - created_at: "2022-01-21T18:13:48Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA4oYbIHZIrAPAQ//S/9rOkbd3beNH20dxgZ7VuZxgnjiV3Hd3om717njcMm2
+            kCfTJ3AmpLtQsT2s1W221tIyCwtHOobj82ANP9KzNi4e6v3LlNTIVHTQiHXk9KJP
+            AX6JoCOLu3bAI0xcdApNBU2wAlHBVC+T4BUfhPqD5AdHpW++e1qUIsM/6TViunHj
+            BWoIA0bpXqyOhTm1GbkJrHMgczJn2qgR5lBf8wgGmASd8jlNyfA7SxoKHj8sl/Ji
+            nucP/90dmyD2eBIJYdYS3anJYa2uP96oioG5xxIyfppnL5dwozDAit3Z5vvnBZNb
+            1rrpUnN8H0cCcaj7tmDEmjGfjGwxLKegQRZX7Pg5hwaaOOPGheXf8Ip/DpDf6T0n
+            Sq24X6DC5gD1RBU+YY6ZayMt/OKpVVVwRlY4BTDIUe4M+ecK/fve5vpDW2M+KWMc
+            pOkO1B09/prsX0w5XjFh8hb/6HlDDhomiB+BszcRCUDzocRzSEIFwMf7/iTaExe8
+            2fKCCHB4kHo6GHpydlQOpnGMOvDmiNKopXxTkFQUFQjyRmHGXf/u79JNXBjHkniv
+            ZiokjTEarwMp68dyiaL4L/5Uk+4NG3MetobqSaeW2TbeBwif3G2eFleYscz7QPIR
+            5ZBBhU/CoUEz2Xge6t8rlp8PNcQ1yq/R+tZjaeqIIT4++ZxCErhA0lsxyFrgLefU
+            aAEJAhD7hR3IMDGN2zOZSiw1IBz9P8Jss/oERQiuVpe/eTv5Vqj9vuL+koKftwnF
+            vSVkNo0fLwNLtnU659Mkoj9utoUL9tAhcCMpP3NehKkBG5RjF9crnIP6zT3lvVU0
+            GYyW4Lsfrt/a
+            =FfV+
+            -----END PGP MESSAGE-----
+          fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+    encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL)$
+    version: 3.7.1
--- a/apps/k8s01/mastodon/database-override.yaml
+++ b/apps/k8s01/mastodon/database-override.yaml
+apiVersion: "acid.zalan.do/v1"
+kind: postgresql
+metadata:
+  name: mastodon-postgres
+  namespace: mastodon
+spec:
+  numberOfInstances: 2
--- a/apps/k8s01/mastodon/kustomization.yaml
+++ b/apps/k8s01/mastodon/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: mastodon
+resources:
+  - ../../base/mastodon
+  - certificate.yaml
+  - mastodon-values.yaml
+patchesStrategicMerge:
+  - database-override.yaml
--- a/apps/k8s01/mastodon/mastodon-values.yaml
+++ b/apps/k8s01/mastodon/mastodon-values.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+    name: mastodon-override-values
+    namespace: mastodon
+type: Opaque
+stringData:
+    values-overrides.yaml: ENC[AES256_GCM,data:WhRLgOniGALNUrc+mXEArPWqmiU3y90hxIISQgI/PaZ+DXlNZIfCSSvhyk7O6VdwHRSufY1IZyTtykO60NHkmBtk/jMai2q6+Mb4nrsgeYT4QHJez9uiipJlNGXxmjGkHoD72LOSbXW7AR2YBpr2itqic2VrNiFFmSL/ezZ5kVxk10/mGWu8PwisqPuXiuAsOOx7f4uwZjbiFZtrdcHCPz+nCCUc2WpAoDnj3Flo5D6ZPe39HchQbyJxLGMyiYWxMVUBwtvflCK3HL62uCjykr8B8GkCRX087FbQkC9K7P7o40Qt3NT5T9f7zMphcNxI5cXKVuHlnOlsC8KgOjAVxBPBM5IPBJj3VGvKx3Crrl61fCEgX0c8M33OTa6zqox9Oc9GaoqKCHZmjSkXakznQeNyRXT/7Wi56LMRIQ9t3il1u1oiT5NAPNA92rauDuHDRYCvM3HmV3BdSHJKQQYPbaE43+RgT0wwmFTMUQSNIUwdKF36lsitNDugT477Y2ewLzzzhG8RFLwPGmlwaScOPdfpiBplpu4WXtCCpEePO663jACxuawj4nJh3libOYO5QfsFPFToiNA6rCZHM4Kve0Nt70+HFmCglHMOTZjIqgREj/WFycR8b7aJFJBVmWpbbcdAERBMbhHY77a5ZDQWHrxp12kqMi6irvtQM2jERYvL69F7Sjs4MeO0wYrheQjZoNMGpLjxnXSB3/yl/yHXH75X4BP2Y6HQev+ioj1esI6M/1KBEn9hMA7n1TSj7ATGnC9+l/y3WvG8WYeuW5wQnULjNeVlul0reig307KXLCiCFihmqdOITO4EoXa0EVKxx3vubiGN32+wbWHqlxHAFa6/OlSTYPkvZg5feBYc0ILerwmEomWfin7brWm3aELwT6JE3+pWbB8yAyp6Q3KYt09L1Puo/l944zRmGNAw8Ct4PCfAUMPrVbT7oF0XNh31EnSmsHsr2yFnKUpTn1pOGKQT2Z4njxIEEKy2H1XaYiyWCp3R1O08klPDxpLVPfhgH5fqEQjunEIXhrS0MmmTeHp+nJboISw/B2mZ0/FUAvX2DhNkciCigZNcPgqv2msUQp9zUTsvjwdBlYQElDZt32wjbrkX3vNGW1TSMK04blkmQ5jg1KagOxIS5xM07xoh4ggVMjxj8JYxmlUROl4Cg0AV5sUK0Ubnfm60bsIB1aZinUauIDJcEErzpQL7rpqoEgHVZSqFBFt8sbsbXoIrrhGrjokDpNQmJN/zJ+0JBFJX3467d9zDfwA5q4ds6XICwyzlyU36btsS7ISC+ZKclayDVL7XeqDQGSryVxjNxspVLswUwMa8rR6He+uDtbPs2IgQmca1leXo17fbCl179tKnz0WyHqdXusc7thRwsrG6hizScX5SBlylsrNQ777dLNiDzExbodNddwy7ei2aVlvk/nZvT7a18p8LnAFTzQ83OYKfw5QsnK61IbfKwEwYqrLDWSVNgzy6EfWgkbekA3wIe9USQR9/BU4OUThbp6dscjwRWLdBxRj5WekYBsIoo32iqINgGFh17r0TotkOIU6xUkqGFIYu63Z/riMrf5HgFzrERLcw6fgHOBUx0mKjgle2n+UkXNYBR7dpgLRku02BPfGKxUQ/mHU3dky9Pu1Pbo1IFg6H4pvJOfkCw/7Abf/e+X5ufitqfrPENj88gWhXpkHbIDmaAlRgkFEepDFoQglC3cO2k7dblpASRQF7k8FmE+9RCeb0nB6gFd0QxLJRbyZ+o0NvZLD5clUCM8qWkaRi5/SsU26nahp69z8PmB1N0omuPzDHdJVN7hzgASgOodA4Ebj1TmfhI1bgtxXq8HrdVHTHg04UWJ68zZjQuJdcu53aOJJuJZnIaS3DJCxYVix4k+Sm4XjN0EQ0Ued4sFQW4Ae/F+eYoeJnhnJwUQmHeQvHUOI1ZXUKmbxqLitl1Hpk6H3Z10N3ZdmN7Hh4vd0OEwyAIGMIhKeeyd5V5McPoHxZRMWhxIhFFcjGVWZOk4pN6ZF2TAPAZhV1pRcPN6Sqdh4/Qyi8yGNpaSOBw067KecCDfXWqixU7hOfQfrU7D0kpJ0PWmjkKfKWmS9A8KFQ3IjeItNSFTEGyNyis0llZgkoRQQlQKKUFOzyZ/ethIZgNH/5bW/YVI6yOsowMxJ07LyI2njwL9GnDJk78/pztWOPEvpyPehxolw+UvR6UzLLP+XSUPtMVx1nEJaAeTHBlC0YQoBVIfDLJKLh6D08JV4XF9SpeRPqc6gB/Ary92biJw6Ggw+xv5rdXwb24KpAekDChwHhxZcyIfxXLvuArlIwAptiNMuQCnJAV9nk98XMBCABP841iiWv5q5u9YeCVXHkP0Np,iv:NbBLLwzing1X9eTrmdkI/Z2/qG8kvsbouW1AXyRaaD4=,tag:t0vwO6ZPRXkH4iAqJo0b3Q==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2022-11-01T21:28:48Z"
+    mac: ENC[AES256_GCM,data:ZfZCagGfk1car2uY+ORTEQUwF4SCbJbdndTGIg5tJWSqbHjKlcinZNLj01XB1MAv5bWRQnBmKElgZv+1zfjtQv8gBJfpnYOJkohM5nMgKTEuIquz8i5WUDfBULh1/gGdjxytapKhrlW6xeB49KpZ8mM/TM3wgwA/VmlxgrXBMds=,iv:aJYWUB4+QgIsUGkpQJnDqWEckXg9sQ9RmDRNTxTBCoM=,tag:M//jSL7oZ2Lw634LYw75jQ==,type:str]
+    pgp:
+        - created_at: "2022-03-22T22:26:35Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            wcFMA7kpg2bgzVHcARAApcdDAfEgx93xGtkm4f7xTuRhvUyl8lw85rIHbWcAveYU
+            ayU88OLaoQyeZDZkOXbtxMHpry8GbId6vPAJ7KflT2eMP0A4uQGSSCQO6+5QcaYg
+            sbO/zT4vdprN7icLbvmmoK2Dh+hOo5Z7/7YGmdJfaaATzT2BGL/cVS1bonI83vXR
+            lzlW/DglIe7oNEKGVT5vWR5uGvq/dJwSRe/34eutEnJuV30imxHOcpxy3uXJFFXJ
+            3eKTk8dNLz3UE3IeUjbFdPFZYU+grOAOOCZRK0IOYFn+SF7E3dewgiwEdaXzz3gK
+            /6aEMEmf5vyVqn9jOaqZhKRqE7tW5HnhwIIlxcMPhkLVZvYf4F2EDA5f12C2hdp0
+            s7fFhU7v5GgFaHMJuaWVPxDnWTrNIst9bgeJv/N4RVfrLifrZJcqa9lE8ou0iCr5
+            dLi9d6UjsgWAREIViz+Uz7dJQ9QeJ6PGYgg/xgf0ihJFG7sx+TBG58DKb3G3tyUV
+            8hfK8Ou9m+zYnd13mJ2mV3rY0rmXusT+NcqTG2G4bBG5NimGpJS3rO7tAjjp/8sN
+            hMM46ay0vVTUXx1FwmjUFDG1e4sc7fKxTaCBizMjeUfZpAOiy/10YQmrFHBsftpo
+            K5j0nFMoG9NeO+2ffEmLhRtxvMe3WpINk7du3F624rYIGCB0aNUP69FCeJKuUQHS
+            5gH5AwnxOAtQakDksfLxJhUG1NlaS0iAFkZkTTibvOJwsY9L/scDDQlseb5zBKaZ
+            sOPwmn6hL4KavxF9BPG33ILkZKbkcvlaTlAMMY3iBs+MZeIB4+i/AA==
+            =SQqg
+            -----END PGP MESSAGE-----
+          fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+        - created_at: "2022-03-22T22:26:35Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMA4oYbIHZIrAPAQ//fGGoDT5KfsG/o6r5xhDHSc0IFH6zT2TFIB6TuA5SwHfV
+            8t3IeKD0bE//4f8AxGAVocw+AetolwrQL/Tl+n0UV9P44Jeh5VlCAGltHcowR53o
+            zdjS3+i9K3OOvQFhF+aYrPcnc+aTn9KbptHCam0w+Lr2UkYSAPAZHsBcoMp24mHX
+            6A+5kP1kaRzFzEn4TCNeTt13W1AsJIoSagkBWfYRBkRPk1OzGOuYqX6yeqj7a0kM
+            8uiloTQgWOiBSOyRtxUJi87CTrMXyb0F2E9HMyhgRnzF0YX0ZU0UVG8MNdRL8eFD
+            WYY68OK7DQw3zlJubscYQ2jltxKcq5g9qUCw/sXaNurtohIx9UeaHtfp036EMb22
+            5StgGEnBirUzfSrQGT3kuj20lcMtQAr/d1UsmQNjB36eOZSrx0m80pO8JVYL62/O
+            HLYnAHU52aAPtE7brNEVg4yRLCbWyVY3Z3H9OaTVXwNIMFoMEgkHHnNlsb+1ZnhV
+            cStKMO3H6W8eXQi3VGIVNhuC1ltsxHQL1I22Kr41JEnuaB9Jy5bsEbrO4XGyDdte
+            hMI8Gx+0KZAMlKuZKLS6sMa4oVnQTy8w20PtVrrS0zDrQRPpxBrOgzjrNeMj9FpS
+            q/efiCAOBc8eVd8N/7j66UItwrysfmIfsHWfoPotS7F6WmUHeAyoWjfcvTZyd4bU
+            ZgEJAhAtdCnHNvUSl5O9XZuSu51pRwj+O72kZXRSJWv7GTT9dsRfuM5Dy9A/tuVI
+            BuZraI4JyAWb2KbkM6onp3Rh9IcLuzqEYm/ETktxTtO1HlcVPJ2NMcFgTCzaIGX9
+            +rtkG7tPbA==
+            =tvBa
+            -----END PGP MESSAGE-----
+          fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+    encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey)$
+    version: 3.7.3