From 3d66c327ab586a33194b24712d60c0a5748ba8b4 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Wed, 14 Sep 2022 14:05:22 +0200
Subject: [PATCH] feat(nas): Add Minio console to global services
---
clusters/k8s01/nas/kustomization.yaml | 1 +
clusters/k8s01/nas/oauth2.yaml | 238 ++++++++++++++++++++++++++
clusters/k8s01/nas/s3.yaml | 106 +++++++++++-
3 files changed, 337 insertions(+), 8 deletions(-)
create mode 100644 clusters/k8s01/nas/oauth2.yaml
diff --git a/clusters/k8s01/nas/kustomization.yaml b/clusters/k8s01/nas/kustomization.yaml
index 06794365f..e9785d34b 100644
--- a/clusters/k8s01/nas/kustomization.yaml
+++ b/clusters/k8s01/nas/kustomization.yaml
@@ -3,3 +3,4 @@ kind: Kustomization
resources:
- namespace.yaml
- s3.yaml
+- oauth2.yaml
diff --git a/clusters/k8s01/nas/oauth2.yaml b/clusters/k8s01/nas/oauth2.yaml
new file mode 100644
index 000000000..df2b9973a
--- /dev/null
+++ b/clusters/k8s01/nas/oauth2.yaml
@@ -0,0 +1,238 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+ name: oauth2-proxy
+ namespace: nas
+spec:
+ interval: 30m
+ url: https://oauth2-proxy.github.io/manifests
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2022-09-14T12:03:08Z"
+ mac: ENC[AES256_GCM,data:QPSE+tmch9T5Byh35P4Nmh7OTrfB78S7j6BW+/GrteDZMHKA4E1CqCTO2ftEBhKRw1zcwT7uLah5O/NThc/duoig/CE4IcqYoCr4Qr2og/zijt5QYic0ayAPW+cbG6V3kzmXEWEhccVjvO/O05CHVL5yFeaoZzxHdvyf9EA74vc=,iv:0z0CJQFZjIakU9NlobTslVcbHsDnJjUDXmu9JJltzP4=,tag:xhCt0y5yCjKqaIz9ETzmUA==,type:str]
+ pgp:
+ - created_at: "2022-01-22T04:06:16Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ wcFMA7kpg2bgzVHcARAAgt+09YMPbbkGkg+/VgMgvxC4YDoQxlcklv3OfrS29yHF
+ 27d8LBexyRYUTqkKhxyFJl+1dOqoE+o2uZjg9J/WSNR4MIBMm4Whn9rly4hoyk1W
+ BSKqZxt/POdP7ZtZ1Ke3hrZiV4UlDDAagToxrSWG4suXr45i0wUGICbNakrlEB9P
+ 7Ub7nM6aIWjyRJpqPhtJaaq1EWsj/+2NagXOMi0cWjj4wzEy+KZMC3lMVM3db/zw
+ KDxsZWfK2/gRc7qqQWrmKB5bqQPhKVwUExrzKofExaSozXq9c694mmThVyR2SFc9
+ OvNLlqLpeRfBpoY9F19Wz0YhQRUxfPdYgV0ZqngxIYzx2+2DqCz1fkW/hIcMLyj9
+ LBNUTHXcRP9O3ZWWx0flnjcE8Cyz4qmMq9hf0iEWtZb1cO0v5Z6+lYo9ThQvcPCp
+ DMuZ2l65Sfto56y84j8FPshOS6Heo97mwbO/BmOZYnQ4RtGFc9KlFtLBMyRZfqEo
+ b6O77YyzCcKYOdgrXjEORxvUq2ftHxTQFBdYUHO2Rpf0tyrZwUYnIWBXnB5fOp/y
+ HjWzl8ZpQxhJQubiqteEovYdtv+1ionPBLZkzzx3EDbNvSroQijENSkQhyl7QbMj
+ XURIII47j0yda/kZ4mupPz4isY4kEi/AtwCI+tumI0c7gH7iew/kjoQcgyTVMOLS
+ 5gFZuhZ6ixAXhDms0RKfYq6iKAzXxslg0qcYAOcjwqq5u+cQJTfSrLjivxNs2cIo
+ M/5BCddS+GzLSTCNYStLfOfkFGlrOccM7I8Fzy3PYhtc9eLwlSI/AA==
+ =c/3x
+ -----END PGP MESSAGE-----
+ fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+ - created_at: "2022-01-22T04:06:16Z"
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4oYbIHZIrAPARAAyGLyK65vBqTfe/5iFAuaaWg9sWRTAfnGnDEgxAPdp4EQ
+ yKOT9AyRLes5yRtSz8ugRVjvQd/B9bj+VE7MosFarpjw5ckzRKjSHpanzPqGGWjI
+ 2Ce9gbSljx7AhmXujK+TRhf4PbliopQWdStNWZ08p17UG2G0UiNPgun0ocHxUqVN
+ 46iUl51aL5ElZUmA3bfcwpYu6lCiDCEvlrX+7ZSsKEYcg1VQ+oi0XTxfEugSFX1N
+ 4QjkSHfFYWCqt5IOB2+G5HCZfwD3n3a9tTjpehnTfC61Dn3r4tAVunD3dDaVvqNK
+ GOJJvvykUOGrszIInJbXd3Bvp/HGm5jp5eLiMo1GQeG7XxIuiIDV41AkAEEv5nYW
+ fpkeW/a+2NI/TzM3PsOOxEmghuG4k5lnpYwrEcp/s3OmYwDRLvSQRD9rIjw33VnU
+ WhgfsjwqlqLbyUTwssn8ztEUvoVXQ/lmsFJ2xrzBuWV4tSOUMX+jpA1bhJ1QCcOd
+ vR/fMH2ZMppho7bnUUVjFGtRZWLAh4OPdCZ4fTkWpUbrFE9HBP1rcPxe7DqzDlbl
+ tb5yfNLvHGWh/Myqm7CP04qIlWGyDT4UonAWFmPLt6mWXf6DrlOl8n+iAZbX7d+c
+ w8y/mAapNcTZZHG/+M5hq0anS9mZ65yR3X2znn8ErNot8alJBcOdulM2aDrwk9HU
+ aAEJAhDKMKsgECqiT3WYb8AVOHFk0O/CCKDFBTt+S+Bbjeb2vqBE8uRNMECpZPU9
+ NSZGFfj97fyI1At7TgVko8Ae/2w0xdb80g/81/kVuTNTm/0z60RqOooENSxfGRJ9
+ PNNoVr/LwxMQ
+ =e2fo
+ -----END PGP MESSAGE-----
+ fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+ encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secret|.*-domain)$
+ version: 3.7.1
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: oauth2-proxy
+ namespace: nas
+spec:
+ releaseName: oauth2-proxy
+ chart:
+ spec:
+ chart: oauth2-proxy
+ sourceRef:
+ kind: HelmRepository
+ name: oauth2-proxy
+ namespace: nas
+ version: 6.2.6
+ interval: 5m
+ install:
+ remediation:
+ retries: -1
+ values:
+ config:
+ clientID: minio-console
+ clientSecret: ENC[AES256_GCM,data:RewDTS7iqqQMwWWYTzNOjxngI3zKsOtGd2yidJfjqWU=,iv:qBbWEg7QA2pRHBopjo+O2QPFo25qId0yFXxQ2ZiVQYc=,tag:AKavMpQPh4FzbZaEahTZFw==,type:str]
+ cookieSecret: ENC[AES256_GCM,data:2peh/VSESdjO5HFMyCjw1an1/oLwjKY2wS0l4ZTXZHoSCgMOtEaeYTKBWQ==,iv:PBoklIo3LhvLloXUWP5IEtQ46VfJJE7EbXO+LdGD/ks=,tag:csWZ0NRhKJxH9yFA3PssWQ==,type:str]
+ extraArgs:
+ provider: keycloak-oidc
+ provider-display-name: SI-Auth
+ redirect-url: ENC[AES256_GCM,data:vDtGDhv20Ot5+8j41rwR6AZsWXBsz9c21lw2C3b+5vAxzBYHNWIOugresnGqkkACkrcDRhi2,iv:dBRABK+dazmG0C4OrsHs4pfOWQLVlFEFVuLnCcOyVnE=,tag:T1OMopItnHFbfl5NZY/4LQ==,type:str]
+ oidc-issuer-url: ENC[AES256_GCM,data:lcMt0EiZJPca/5iwNp4Ged6qchqzkuKAXOiyJNR99jfJPRwBjMp3JJJmvfhdU+dU1/VFqMgk3w==,iv:0avQixtcn6Mr87AcloKhIVAIcp08eQk9Ud80CjMRfB4=,tag:uGVgCeeqOoD7ZxhDHvfQmQ==,type:str]
+ allowed-role: minio-console:user
+ whitelist-domain: ENC[AES256_GCM,data:SKqK+unRFLC6Y5DNmhgTJ1Bq4Z+PSgT2NLa4/MVR,iv:+lzfSaArulzf8q9giuPFIoBbgGd9jogKTroyrYqeCT0=,tag:Dbdu3OKdwRfx/T4gZQuJIQ==,type:str]
+ replicaCount: 2
+ securityContext:
+ enabled: true
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchLabels:
+ app: oauth2-proxy
+ topologyKey: kubernetes.io/hostname
+ ingress:
+ enabled: true
+ path: /oauth2
+ pathType: Prefix
+ hosts:
+ - ENC[AES256_GCM,data:z2FG3Hw17BmN4ugvZzo7UUmRvo13KyKMovID4oVL,iv:J2n80jxA/mERXSGm2ubZLQnCPvXpm1CVT7NadRYPuXY=,tag:cf55KnUHRCtpJBSSNZ6U1w==,type:str]
+ tls:
+ - hosts:
+ - ENC[AES256_GCM,data:hfS3UudkpAhyyuf2T0sLGAa3+dGeNFPVh5BeZOuX,iv:nkKjDiJO6+GfZwyw8BPSbdHLQd5QeTjXkH1O7cYrRBY=,tag:/Z9Y0VU/ybw4cwsWBnwf4w==,type:str]
+ secretName: ingress-s3-tls
+ resources:
+ limits:
+ cpu: 200m
+ memory: 100Mi
+ requests:
+ cpu: 100m
+ memory: 25Mi
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2022-09-14T12:03:08Z"
+ mac: ENC[AES256_GCM,data:QPSE+tmch9T5Byh35P4Nmh7OTrfB78S7j6BW+/GrteDZMHKA4E1CqCTO2ftEBhKRw1zcwT7uLah5O/NThc/duoig/CE4IcqYoCr4Qr2og/zijt5QYic0ayAPW+cbG6V3kzmXEWEhccVjvO/O05CHVL5yFeaoZzxHdvyf9EA74vc=,iv:0z0CJQFZjIakU9NlobTslVcbHsDnJjUDXmu9JJltzP4=,tag:xhCt0y5yCjKqaIz9ETzmUA==,type:str]
+ pgp:
+ - created_at: "2022-01-22T04:06:16Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ wcFMA7kpg2bgzVHcARAAgt+09YMPbbkGkg+/VgMgvxC4YDoQxlcklv3OfrS29yHF
+ 27d8LBexyRYUTqkKhxyFJl+1dOqoE+o2uZjg9J/WSNR4MIBMm4Whn9rly4hoyk1W
+ BSKqZxt/POdP7ZtZ1Ke3hrZiV4UlDDAagToxrSWG4suXr45i0wUGICbNakrlEB9P
+ 7Ub7nM6aIWjyRJpqPhtJaaq1EWsj/+2NagXOMi0cWjj4wzEy+KZMC3lMVM3db/zw
+ KDxsZWfK2/gRc7qqQWrmKB5bqQPhKVwUExrzKofExaSozXq9c694mmThVyR2SFc9
+ OvNLlqLpeRfBpoY9F19Wz0YhQRUxfPdYgV0ZqngxIYzx2+2DqCz1fkW/hIcMLyj9
+ LBNUTHXcRP9O3ZWWx0flnjcE8Cyz4qmMq9hf0iEWtZb1cO0v5Z6+lYo9ThQvcPCp
+ DMuZ2l65Sfto56y84j8FPshOS6Heo97mwbO/BmOZYnQ4RtGFc9KlFtLBMyRZfqEo
+ b6O77YyzCcKYOdgrXjEORxvUq2ftHxTQFBdYUHO2Rpf0tyrZwUYnIWBXnB5fOp/y
+ HjWzl8ZpQxhJQubiqteEovYdtv+1ionPBLZkzzx3EDbNvSroQijENSkQhyl7QbMj
+ XURIII47j0yda/kZ4mupPz4isY4kEi/AtwCI+tumI0c7gH7iew/kjoQcgyTVMOLS
+ 5gFZuhZ6ixAXhDms0RKfYq6iKAzXxslg0qcYAOcjwqq5u+cQJTfSrLjivxNs2cIo
+ M/5BCddS+GzLSTCNYStLfOfkFGlrOccM7I8Fzy3PYhtc9eLwlSI/AA==
+ =c/3x
+ -----END PGP MESSAGE-----
+ fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+ - created_at: "2022-01-22T04:06:16Z"
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4oYbIHZIrAPARAAyGLyK65vBqTfe/5iFAuaaWg9sWRTAfnGnDEgxAPdp4EQ
+ yKOT9AyRLes5yRtSz8ugRVjvQd/B9bj+VE7MosFarpjw5ckzRKjSHpanzPqGGWjI
+ 2Ce9gbSljx7AhmXujK+TRhf4PbliopQWdStNWZ08p17UG2G0UiNPgun0ocHxUqVN
+ 46iUl51aL5ElZUmA3bfcwpYu6lCiDCEvlrX+7ZSsKEYcg1VQ+oi0XTxfEugSFX1N
+ 4QjkSHfFYWCqt5IOB2+G5HCZfwD3n3a9tTjpehnTfC61Dn3r4tAVunD3dDaVvqNK
+ GOJJvvykUOGrszIInJbXd3Bvp/HGm5jp5eLiMo1GQeG7XxIuiIDV41AkAEEv5nYW
+ fpkeW/a+2NI/TzM3PsOOxEmghuG4k5lnpYwrEcp/s3OmYwDRLvSQRD9rIjw33VnU
+ WhgfsjwqlqLbyUTwssn8ztEUvoVXQ/lmsFJ2xrzBuWV4tSOUMX+jpA1bhJ1QCcOd
+ vR/fMH2ZMppho7bnUUVjFGtRZWLAh4OPdCZ4fTkWpUbrFE9HBP1rcPxe7DqzDlbl
+ tb5yfNLvHGWh/Myqm7CP04qIlWGyDT4UonAWFmPLt6mWXf6DrlOl8n+iAZbX7d+c
+ w8y/mAapNcTZZHG/+M5hq0anS9mZ65yR3X2znn8ErNot8alJBcOdulM2aDrwk9HU
+ aAEJAhDKMKsgECqiT3WYb8AVOHFk0O/CCKDFBTt+S+Bbjeb2vqBE8uRNMECpZPU9
+ NSZGFfj97fyI1At7TgVko8Ae/2w0xdb80g/81/kVuTNTm/0z60RqOooENSxfGRJ9
+ PNNoVr/LwxMQ
+ =e2fo
+ -----END PGP MESSAGE-----
+ fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+ encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secret|.*-domain)$
+ version: 3.7.1
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: allow-ingress-to-oauth2
+ namespace: nas
+spec:
+ podSelector:
+ matchLabels:
+ app: oauth2-proxy
+ ingress:
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ ingress.shivering-isles.com/network-access-required: "true"
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2022-09-14T12:03:08Z"
+ mac: ENC[AES256_GCM,data:QPSE+tmch9T5Byh35P4Nmh7OTrfB78S7j6BW+/GrteDZMHKA4E1CqCTO2ftEBhKRw1zcwT7uLah5O/NThc/duoig/CE4IcqYoCr4Qr2og/zijt5QYic0ayAPW+cbG6V3kzmXEWEhccVjvO/O05CHVL5yFeaoZzxHdvyf9EA74vc=,iv:0z0CJQFZjIakU9NlobTslVcbHsDnJjUDXmu9JJltzP4=,tag:xhCt0y5yCjKqaIz9ETzmUA==,type:str]
+ pgp:
+ - created_at: "2022-01-22T04:06:16Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ wcFMA7kpg2bgzVHcARAAgt+09YMPbbkGkg+/VgMgvxC4YDoQxlcklv3OfrS29yHF
+ 27d8LBexyRYUTqkKhxyFJl+1dOqoE+o2uZjg9J/WSNR4MIBMm4Whn9rly4hoyk1W
+ BSKqZxt/POdP7ZtZ1Ke3hrZiV4UlDDAagToxrSWG4suXr45i0wUGICbNakrlEB9P
+ 7Ub7nM6aIWjyRJpqPhtJaaq1EWsj/+2NagXOMi0cWjj4wzEy+KZMC3lMVM3db/zw
+ KDxsZWfK2/gRc7qqQWrmKB5bqQPhKVwUExrzKofExaSozXq9c694mmThVyR2SFc9
+ OvNLlqLpeRfBpoY9F19Wz0YhQRUxfPdYgV0ZqngxIYzx2+2DqCz1fkW/hIcMLyj9
+ LBNUTHXcRP9O3ZWWx0flnjcE8Cyz4qmMq9hf0iEWtZb1cO0v5Z6+lYo9ThQvcPCp
+ DMuZ2l65Sfto56y84j8FPshOS6Heo97mwbO/BmOZYnQ4RtGFc9KlFtLBMyRZfqEo
+ b6O77YyzCcKYOdgrXjEORxvUq2ftHxTQFBdYUHO2Rpf0tyrZwUYnIWBXnB5fOp/y
+ HjWzl8ZpQxhJQubiqteEovYdtv+1ionPBLZkzzx3EDbNvSroQijENSkQhyl7QbMj
+ XURIII47j0yda/kZ4mupPz4isY4kEi/AtwCI+tumI0c7gH7iew/kjoQcgyTVMOLS
+ 5gFZuhZ6ixAXhDms0RKfYq6iKAzXxslg0qcYAOcjwqq5u+cQJTfSrLjivxNs2cIo
+ M/5BCddS+GzLSTCNYStLfOfkFGlrOccM7I8Fzy3PYhtc9eLwlSI/AA==
+ =c/3x
+ -----END PGP MESSAGE-----
+ fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+ - created_at: "2022-01-22T04:06:16Z"
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4oYbIHZIrAPARAAyGLyK65vBqTfe/5iFAuaaWg9sWRTAfnGnDEgxAPdp4EQ
+ yKOT9AyRLes5yRtSz8ugRVjvQd/B9bj+VE7MosFarpjw5ckzRKjSHpanzPqGGWjI
+ 2Ce9gbSljx7AhmXujK+TRhf4PbliopQWdStNWZ08p17UG2G0UiNPgun0ocHxUqVN
+ 46iUl51aL5ElZUmA3bfcwpYu6lCiDCEvlrX+7ZSsKEYcg1VQ+oi0XTxfEugSFX1N
+ 4QjkSHfFYWCqt5IOB2+G5HCZfwD3n3a9tTjpehnTfC61Dn3r4tAVunD3dDaVvqNK
+ GOJJvvykUOGrszIInJbXd3Bvp/HGm5jp5eLiMo1GQeG7XxIuiIDV41AkAEEv5nYW
+ fpkeW/a+2NI/TzM3PsOOxEmghuG4k5lnpYwrEcp/s3OmYwDRLvSQRD9rIjw33VnU
+ WhgfsjwqlqLbyUTwssn8ztEUvoVXQ/lmsFJ2xrzBuWV4tSOUMX+jpA1bhJ1QCcOd
+ vR/fMH2ZMppho7bnUUVjFGtRZWLAh4OPdCZ4fTkWpUbrFE9HBP1rcPxe7DqzDlbl
+ tb5yfNLvHGWh/Myqm7CP04qIlWGyDT4UonAWFmPLt6mWXf6DrlOl8n+iAZbX7d+c
+ w8y/mAapNcTZZHG/+M5hq0anS9mZ65yR3X2znn8ErNot8alJBcOdulM2aDrwk9HU
+ aAEJAhDKMKsgECqiT3WYb8AVOHFk0O/CCKDFBTt+S+Bbjeb2vqBE8uRNMECpZPU9
+ NSZGFfj97fyI1At7TgVko8Ae/2w0xdb80g/81/kVuTNTm/0z60RqOooENSxfGRJ9
+ PNNoVr/LwxMQ
+ =e2fo
+ -----END PGP MESSAGE-----
+ fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+ encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secret|.*-domain)$
+ version: 3.7.1
diff --git a/clusters/k8s01/nas/s3.yaml b/clusters/k8s01/nas/s3.yaml
index 1598962b7..9c7af64f3 100644
--- a/clusters/k8s01/nas/s3.yaml
+++ b/clusters/k8s01/nas/s3.yaml
@@ -16,8 +16,8 @@ sops:
azure_kv: []
hc_vault: []
age: []
- lastmodified: "2022-09-14T00:20:54Z"
- mac: ENC[AES256_GCM,data:lEiPanS6uS6AH87yZqQkUuPYrTNSRRSm5hjtrC/KzkE4E7521OeLx+WmRTUCuuxzx4DwhUEdK9Py3s77MdMGEtcH9ySnIptn+bJpT80TG2WW4sXVlyR1oFt6pC1NKwqCfJue0feHpm4XgR2qQDShh82h9TRppWupX6ukBq7ji20=,iv:2/AMs5Jcj0zR+Li3ZKVUSxPb5QBY0+uK8oPAomR/Qgw=,tag:r0lRAQKQEoV9PTNZd23SBQ==,type:str]
+ lastmodified: "2022-09-14T12:03:49Z"
+ mac: ENC[AES256_GCM,data:N0LQz81irYcURXaiEy5iQulwacUo4xL4fz6UA0UUyf2M5HESpkfU60h9VVgRIf+KT+IUgsL59hFqCt1T7A3GUAKq3ji0tJkziiTynu1Kl6UNJZpqODowFdXccPiyawTHbQDdyqCHF5T6eznheh/DCcImxTuXWEBd0OSiGKJKGR0=,iv:kfKptkMPtTHZw+vR6z/GxMijj+nN7hLb0R9gWenZHRE=,tag:91XmF//l8gQ+YFaTGnJLwQ==,type:str]
pgp:
- created_at: "2022-09-13T20:16:18Z"
enc: |-
@@ -82,8 +82,98 @@ sops:
azure_kv: []
hc_vault: []
age: []
- lastmodified: "2022-09-14T00:20:54Z"
- mac: ENC[AES256_GCM,data:lEiPanS6uS6AH87yZqQkUuPYrTNSRRSm5hjtrC/KzkE4E7521OeLx+WmRTUCuuxzx4DwhUEdK9Py3s77MdMGEtcH9ySnIptn+bJpT80TG2WW4sXVlyR1oFt6pC1NKwqCfJue0feHpm4XgR2qQDShh82h9TRppWupX6ukBq7ji20=,iv:2/AMs5Jcj0zR+Li3ZKVUSxPb5QBY0+uK8oPAomR/Qgw=,tag:r0lRAQKQEoV9PTNZd23SBQ==,type:str]
+ lastmodified: "2022-09-14T12:03:49Z"
+ mac: ENC[AES256_GCM,data:N0LQz81irYcURXaiEy5iQulwacUo4xL4fz6UA0UUyf2M5HESpkfU60h9VVgRIf+KT+IUgsL59hFqCt1T7A3GUAKq3ji0tJkziiTynu1Kl6UNJZpqODowFdXccPiyawTHbQDdyqCHF5T6eznheh/DCcImxTuXWEBd0OSiGKJKGR0=,iv:kfKptkMPtTHZw+vR6z/GxMijj+nN7hLb0R9gWenZHRE=,tag:91XmF//l8gQ+YFaTGnJLwQ==,type:str]
+ pgp:
+ - created_at: "2022-09-13T20:16:18Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ wcFMA7kpg2bgzVHcARAAs2wtI2PnfYFdrQMyzW9uwi06Wzi5NPO1PmRp896RrkCr
+ tqILIJoJayon4IFtoXmG99KZUqDfMWAb7wqAzw8+pwI6Qy+xJjzZ88fYnaP2m8yX
+ 2ebnaliurX7+VaRwJ0jBW5DJRUkpGqy4dm3kAA3uV8oyOU6QrCfVH5nekS38PKAH
+ QDQcCA+u3ERe6meAOTXyfJw/y8WMocTNrmFTQDImornspXaakDOBnN8WPOhizlvm
+ A8SmEZI1Mp4TlNuhRZaX8vu1zGMJ2Ut3QyzCBUy45cs1BVRtLQjj7LZ6zpyMSr7v
+ wNMxNByOiW4m5Ic6LrUSAoShLmIXqb+uUFno6uG8kyP5cQc3+9fXLhvPpwT2oedY
+ cnSpTkwqx7l1/lQ0xsnKrNhr+/RU3FK27Q5BgTj4NAQF5pCXkUa0QMeSHfKXtNo6
+ +/TE+KIHzbwvPoabWXXWl8odT3Jw6mmOy66otADlxXa6s+g5FhpZfQKQlCr54Lh/
+ EdAlQc3cGxPzDCeTVmDFZu53A9cXaeR/DpzILjJkdcw8muG9aJtGhq/taudZZhAv
+ +rgJHXYKvQu05LTGQLClMrlJidO2+B0qNV3aw40sYGyZ/n73nvnODrXaRzNG1jyR
+ +j5u4KQpWAUKpljlbAw3lKUll+wBhmmnPJ6UJQ87VmDDcadXFORua+yQsplKRtrS
+ 5gHPRhnLFveyK1PjYIcasVnKCoS3OiRG187uwx9iPJq95oZETk0VmnpUleiJcml5
+ kPy6qaM/qjIx7lo1ShovIfLk25sEge6NkiUwkx/WXI8b++JHZO27AA==
+ =sOCX
+ -----END PGP MESSAGE-----
+ fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+ - created_at: "2022-09-13T20:16:18Z"
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4oYbIHZIrAPAQ/+I/VVicoriCwyJ3X3RRUJ2v/hlV7DmUHNBghR6xl5Hqc6
+ KzDh/3vFYCD14aqFprgv7sBI+WpwVZh5bgqfWUiZ+ydCQZl++r/t71sGlrC0yYhU
+ IKgAoc/nCRyAnNrK+7vpcQ4tjyCrHzerSJSmE8X5x1yVi1VfE3NhtuwWhfjieW88
+ aSwIPsj4twmOMVTCjwOaCvOw/xdehJEsL4J0nOXTNUrjWO6TuNrhEBVL5avk/Vxc
+ zGL3KZBaykVH8lai+ZwpPyf5lZgjbeHb82Gl8VdEy0o0oyDWWriJOkxX5w09/ajv
+ PcpROSGXdjPvt/7jLgSQR50UY6Ekju6DsUYxaXeJ4QryPITDkcf2MbFstEA6e2np
+ HGbNTN3yMnoFBijLQPWxQotk9xufDaKLVxDFfSZXoDdMu+005DJnVykM8Pv5qck7
+ /fC+jy59mGO0eiDfltWGb1q6CRyJeXk0RTnt9X77I4EMLWjeid6zUhjCp4ZDLSK9
+ UuKlnwk5/vb0aH2w87y60M9qgaaIzwB0Be7hpSZ+/OPBhakCS3gU1LxNSMLlSw0o
+ zoNviDkFxEACkqt+YIYJ3phNRn71RUzNUObiz/LWyd2ZasN5IDnezW39t/4uKjYa
+ Y1YyZ5HvdJEGvtBYycftTY7IwqUK2DVicImSc4Dszk1PbqMDzIUUbmGN7MxR/gTU
+ aAEJAhALMJFcOgYratPE/GE+mWKliwdylZQU2pKCuX5DZD5c363wYdmLL5zx32g9
+ 3O9uQjmXIvIsKLQecFvk7L9W+F5H0Ya822Be5X1eQiIiYDmRLE3IDgrLypSGW870
+ XwzIGA4wMFDY
+ =5l9E
+ -----END PGP MESSAGE-----
+ fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+ encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|.*(H|h)osts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey|externalName)$
+ version: 3.7.1
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: s3-pad
+ namespace: nas
+ annotations:
+ nginx.ingress.kubernetes.io/client-body-buffer-size: 1G
+ nginx.ingress.kubernetes.io/proxy-body-size: 1G
+ nginx.ingress.kubernetes.io/proxy-buffering: "off"
+ nginx.ingress.kubernetes.io/backend-protocol: HTTPS
+ nginx.ingress.kubernetes.io/auth-response-headers: Authorization
+ nginx.ingress.kubernetes.io/auth-url: ENC[AES256_GCM,data:jKiHDoG05AspEOjtaHqDMJSR7JJWWxtIdg==,iv:Dl/5jLP9WVl6oZ26TvUbWPNI6U50hOI6YAKFx4rU65Y=,tag:u3D0MZQR/yVynTH1cu4KwQ==,type:str]
+ nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
+ nginx.ingress.kubernetes.io/configuration-snippet: |
+ auth_request_set $name_upstream_1 $upstream_cookie_name_1;
+
+ access_by_lua_block {
+ if ngx.var.name_upstream_1 ~= "" then
+ ngx.header["Set-Cookie"] = "name_1=" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match("(; .*)")
+ end
+ }
+spec:
+ rules:
+ - host: ENC[AES256_GCM,data:kOw3FuJWlRs3w+RZbW1ulP0O/A6OcHpYM4Q81gcZ,iv:E5KDcKFVPJGH6AeU+akpy/9q9gAC9pJVKhkEG0n3NZQ=,tag:649xzxg6xgs3ldylmOgqvQ==,type:str]
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: s3
+ port:
+ number: 9001
+ tls:
+ - hosts:
+ - ENC[AES256_GCM,data:j+ew4KtnbTlQE0e/q2s/yCkGm/gEFi3KeckzwFUt,iv:Z6rpxicpTP/O7YTWMTbBz6YRhZxUdZsg5dsMa/enkhY=,tag:av87Y4tL6f2h7Z0cs8QYpQ==,type:str]
+ secretName: ingress-s3-tls
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2022-09-14T12:03:49Z"
+ mac: ENC[AES256_GCM,data:N0LQz81irYcURXaiEy5iQulwacUo4xL4fz6UA0UUyf2M5HESpkfU60h9VVgRIf+KT+IUgsL59hFqCt1T7A3GUAKq3ji0tJkziiTynu1Kl6UNJZpqODowFdXccPiyawTHbQDdyqCHF5T6eznheh/DCcImxTuXWEBd0OSiGKJKGR0=,iv:kfKptkMPtTHZw+vR6z/GxMijj+nN7hLb0R9gWenZHRE=,tag:91XmF//l8gQ+YFaTGnJLwQ==,type:str]
pgp:
- created_at: "2022-09-13T20:16:18Z"
enc: |-
@@ -161,8 +251,8 @@ sops:
azure_kv: []
hc_vault: []
age: []
- lastmodified: "2022-09-14T00:20:54Z"
- mac: ENC[AES256_GCM,data:lEiPanS6uS6AH87yZqQkUuPYrTNSRRSm5hjtrC/KzkE4E7521OeLx+WmRTUCuuxzx4DwhUEdK9Py3s77MdMGEtcH9ySnIptn+bJpT80TG2WW4sXVlyR1oFt6pC1NKwqCfJue0feHpm4XgR2qQDShh82h9TRppWupX6ukBq7ji20=,iv:2/AMs5Jcj0zR+Li3ZKVUSxPb5QBY0+uK8oPAomR/Qgw=,tag:r0lRAQKQEoV9PTNZd23SBQ==,type:str]
+ lastmodified: "2022-09-14T12:03:49Z"
+ mac: ENC[AES256_GCM,data:N0LQz81irYcURXaiEy5iQulwacUo4xL4fz6UA0UUyf2M5HESpkfU60h9VVgRIf+KT+IUgsL59hFqCt1T7A3GUAKq3ji0tJkziiTynu1Kl6UNJZpqODowFdXccPiyawTHbQDdyqCHF5T6eznheh/DCcImxTuXWEBd0OSiGKJKGR0=,iv:kfKptkMPtTHZw+vR6z/GxMijj+nN7hLb0R9gWenZHRE=,tag:91XmF//l8gQ+YFaTGnJLwQ==,type:str]
pgp:
- created_at: "2022-09-13T20:16:18Z"
enc: |-
@@ -240,8 +330,8 @@ sops:
azure_kv: []
hc_vault: []
age: []
- lastmodified: "2022-09-14T00:20:54Z"
- mac: ENC[AES256_GCM,data:lEiPanS6uS6AH87yZqQkUuPYrTNSRRSm5hjtrC/KzkE4E7521OeLx+WmRTUCuuxzx4DwhUEdK9Py3s77MdMGEtcH9ySnIptn+bJpT80TG2WW4sXVlyR1oFt6pC1NKwqCfJue0feHpm4XgR2qQDShh82h9TRppWupX6ukBq7ji20=,iv:2/AMs5Jcj0zR+Li3ZKVUSxPb5QBY0+uK8oPAomR/Qgw=,tag:r0lRAQKQEoV9PTNZd23SBQ==,type:str]
+ lastmodified: "2022-09-14T12:03:49Z"
+ mac: ENC[AES256_GCM,data:N0LQz81irYcURXaiEy5iQulwacUo4xL4fz6UA0UUyf2M5HESpkfU60h9VVgRIf+KT+IUgsL59hFqCt1T7A3GUAKq3ji0tJkziiTynu1Kl6UNJZpqODowFdXccPiyawTHbQDdyqCHF5T6eznheh/DCcImxTuXWEBd0OSiGKJKGR0=,iv:kfKptkMPtTHZw+vR6z/GxMijj+nN7hLb0R9gWenZHRE=,tag:91XmF//l8gQ+YFaTGnJLwQ==,type:str]
pgp:
- created_at: "2022-09-13T20:16:18Z"
enc: |-
--
GitLab