diff --git a/clusters/k8s01/monitoring/certificate.yaml b/clusters/k8s01/monitoring/certificate.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..4685270f0f78e6d8452335f5374cce985efe6ef1
--- /dev/null
+++ b/clusters/k8s01/monitoring/certificate.yaml
@@ -0,0 +1,66 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: monitoring-tls
+ namespace: monitoring-system
+spec:
+ dnsNames:
+ - ENC[AES256_GCM,data:FausJT725sGrYNleSKOf0cmKv9FZmbD/1pm830i75tjiRuw=,iv:TFTg6q8mHbRKIDsf8liCcWyTLOoxQCy/CU1NbTmsOjg=,tag:IrfDl6hj4mz0YOAo0INIxg==,type:str]
+ - ENC[AES256_GCM,data:JJFgT3/dSSP63Df5pteQxGCh16UaHypGZhFBAT1GfCn0EZCm,iv:sj+tVKfOtcLVK9NLJRP40HFhkD9Jg8ZFolPFy40wA9Q=,tag:T5KeXCpUw/RBMkNOuY3tHg==,type:str]
+ - ENC[AES256_GCM,data:r1b3oJy97llLylgHbXA2dTjjl8CbtQm+t0DFodKCq9aB/3TqUyM=,iv:OdMQDjR/Hsj77/1RChADEgCQZ2zArw1OW36DoaQbMuE=,tag:cOhPf3RdvS5phoLNRduMhg==,type:str]
+ issuerRef:
+ name: letsencrypt
+ kind: ClusterIssuer
+ secretName: ingress-monitoring-tls
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2022-02-02T19:02:32Z"
+ mac: ENC[AES256_GCM,data:jzMEzcvIAhFm4GkBCyUJvc5GU6EcysN2voIMlnixY62dVFW/PT+7x6YmGO2Nm4ga7drQqezz4Jd/2aj9j0jT1QK/S54v0nqRLDqzuz6qd0YsSVt6ooBWlI91OEQcKNjpWIBpVzRKrxyjURhtBVYdidhdwgG1mCO81gVi5q/8hoE=,iv:tEEGYs1gy6nXWAguKTtnC5eGlVac/r60s/2jjtvUFiY=,tag:/ZSU+yaBkUWntCAsb7eMGA==,type:str]
+ pgp:
+ - created_at: "2022-01-21T18:13:48Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ wcFMA7kpg2bgzVHcARAAHhDshl1OJqNRUolNvbIXzOuDzssJnvyi6cIZuMmVMsxf
+ a6wAWAtYOehvtn1ODL7/h4fIpBtfp7d8VuwfJSrh3ghUeiOl3zRzQbmaFA2L5/iG
+ Jd94tFAVwIl30qjcYqGVB2RF27VF1RElzgDLQh3hiXn1hDC+WmNSnBF5hwnwCFOL
+ wM4BHuE2AB4TX3PlYSo1n71VSzcCqRzbIxelZasYLnJQVL0VE6AjEd/fHS468R8N
+ aZ3mhmHW3sWzuLHNREMD2Q3ghkguLhau0VoETlYRI9103I4k7/khFrhAj5l2/PUr
+ 2SWgpXyRqXVaKPeTiQs3QR8B5jNq3BlZj6Celw5Ig/wx3LY0EhI9e9WFgtSlZxM+
+ 2yk65HQGvTIgsbys/z/0skA9vqik9csFRsH9iK42E/+XLvoAT6yxyl0cv1kBEyAS
+ ggPmKOq8+CT+voHzuh8kZHq9Sa8kH5xL1DQLzX2yIruV3OhTPSK+VlDpjUbycmI2
+ qR1oCo/snOJwwwvfl9vu0B8FCwhrz8554ZQBErFfJl6GFiUV8LElRlZh5S9Jiysr
+ nYJS5gxrcvjF/0Y6EHEfWDRDxvCHoWQpWhl2hRkh5UlQKH0ab+QWLYpISyNJxjfl
+ orQJdaVX3BQwhqMLwiMLGoaNGrSpmxXveLOZmsdK0obXC67lyE6ZM/Wy6gx2dFnS
+ 5gFdXCLzQmmjYK8gIlsejQdnxZI2qWavZIN9T70OZQGaDE/S+U1uxKjuGBM7HTcP
+ 7f1nUa6z96A9ydWs1xHjtm7k172V16PMSrvjQ8KLhFJd9eJDq3ksAA==
+ =XgF6
+ -----END PGP MESSAGE-----
+ fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+ - created_at: "2022-01-21T18:13:48Z"
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4oYbIHZIrAPAQ//S/9rOkbd3beNH20dxgZ7VuZxgnjiV3Hd3om717njcMm2
+ kCfTJ3AmpLtQsT2s1W221tIyCwtHOobj82ANP9KzNi4e6v3LlNTIVHTQiHXk9KJP
+ AX6JoCOLu3bAI0xcdApNBU2wAlHBVC+T4BUfhPqD5AdHpW++e1qUIsM/6TViunHj
+ BWoIA0bpXqyOhTm1GbkJrHMgczJn2qgR5lBf8wgGmASd8jlNyfA7SxoKHj8sl/Ji
+ nucP/90dmyD2eBIJYdYS3anJYa2uP96oioG5xxIyfppnL5dwozDAit3Z5vvnBZNb
+ 1rrpUnN8H0cCcaj7tmDEmjGfjGwxLKegQRZX7Pg5hwaaOOPGheXf8Ip/DpDf6T0n
+ Sq24X6DC5gD1RBU+YY6ZayMt/OKpVVVwRlY4BTDIUe4M+ecK/fve5vpDW2M+KWMc
+ pOkO1B09/prsX0w5XjFh8hb/6HlDDhomiB+BszcRCUDzocRzSEIFwMf7/iTaExe8
+ 2fKCCHB4kHo6GHpydlQOpnGMOvDmiNKopXxTkFQUFQjyRmHGXf/u79JNXBjHkniv
+ ZiokjTEarwMp68dyiaL4L/5Uk+4NG3MetobqSaeW2TbeBwif3G2eFleYscz7QPIR
+ 5ZBBhU/CoUEz2Xge6t8rlp8PNcQ1yq/R+tZjaeqIIT4++ZxCErhA0lsxyFrgLefU
+ aAEJAhD7hR3IMDGN2zOZSiw1IBz9P8Jss/oERQiuVpe/eTv5Vqj9vuL+koKftwnF
+ vSVkNo0fLwNLtnU659Mkoj9utoUL9tAhcCMpP3NehKkBG5RjF9crnIP6zT3lvVU0
+ GYyW4Lsfrt/a
+ =FfV+
+ -----END PGP MESSAGE-----
+ fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+ encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL)$
+ version: 3.7.1
diff --git a/clusters/k8s01/monitoring/ingress.yaml b/clusters/k8s01/monitoring/ingress.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..61939ac6168759138452dfa0fbdc7a1eaab6e322
--- /dev/null
+++ b/clusters/k8s01/monitoring/ingress.yaml
@@ -0,0 +1,107 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: monitoring-ingress
+ namespace: monitoring-system
+ annotations:
+ nginx.ingress.kubernetes.io/auth-response-headers: Authorization
+ nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
+ nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
+ nginx.ingress.kubernetes.io/configuration-snippet: |
+ auth_request_set $name_upstream_1 $upstream_cookie_name_1;
+
+ access_by_lua_block {
+ if ngx.var.name_upstream_1 ~= "" then
+ ngx.header["Set-Cookie"] = "name_1=" .. ngx.var.name_upstream_1 .. ngx.var.auth_cookie:match("(; .*)")
+ end
+ }
+spec:
+ rules:
+ - host: ENC[AES256_GCM,data:k1mCBDKYvRLLC489r7yvk9PRDsQh5IgUpOaOfdhpQCwUNN8=,iv:AuBQnC2duZJM5/aYASq6gcovFPhECGk9EWjMaBgeRzQ=,tag:VdMb/Rn54dWpbDjxbEjPvA==,type:str]
+ http:
+ paths:
+ - path: /
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: kube-prometheus-stack-alertmanager
+ port:
+ number: 9093
+ - host: ENC[AES256_GCM,data:a86G2vJWzKHhQJpeXbNRZ3WHKY/pbm3lPF61ulkBjQJYwc1O,iv:nodf5XncIJF+oUCowJY8CQ+Se7drbsEVHHz/cabPdcs=,tag:vba78s7I5Y63WHJDDVkDoQ==,type:str]
+ http:
+ paths:
+ - path: /
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: kube-prometheus-stack-prometheus
+ port:
+ number: 9090
+ - host: ENC[AES256_GCM,data:9sul5zUv3BKd6Qs9nAqeB+kfpKGyWvUXYXeVGEv1m2vMqeRU8fk=,iv:NLn95mGBZFRtinnHk3rLSfLo1LrFRCdIWbhij9Q3bks=,tag:HySKfrxhndfcEOJooySKyw==,type:str]
+ http:
+ paths:
+ - path: /
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: kube-prometheus-stack-grafana
+ port:
+ number: 80
+ tls:
+ - hosts:
+ - ENC[AES256_GCM,data:Klq9rSdkSu5W1OcPycRUB2XmlMR/eN9SSxQtWawq0XeMccs=,iv:o5irI8NsSh505jKOStGLPoGs/jmpUAwII0oqe5agdbk=,tag:5kARB1kYRUNHBzVNsEKH6A==,type:str]
+ - ENC[AES256_GCM,data:TYNdDsbdzPrK6CdhhtNpoaWPqcWA1cwW4QrDMa/oykC6+PDv,iv:lTnvUd8T0ixf6gX3Rq0GeFUWgEcpmVd1E8HnzEz2dKE=,tag:gR/slipcARFJ4ahGEyTz3w==,type:str]
+ - ENC[AES256_GCM,data:5cpHZJk/zcLSjUEDd+XN8geQ7ay6r4m0omALR4jy73//fVRe1Gc=,iv:Tn1tZKxU0iNAk3HP/XV5pOt0VXohAu8+QouIuF5bW+8=,tag:d1P/YDjF5qhtBmRRLFwceQ==,type:str]
+ secretName: ingress-monitoring-tls
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2022-02-02T19:08:26Z"
+ mac: ENC[AES256_GCM,data:aTZIOV5x/aWKSpl++ICuQN8ypNu4Mnheo4mClzSqm5MpzHGbl61Wfin3tE8+9iA6mTlYsoO1XRwwVb0XAhel6PBgOf7lOna82GevyQTLSJ/N07I2p/HZPOmiuddQ3k/ztjDZghSw/wfZqgtZlOBFJnOPvLokYL7eBT+m2ncH1Xo=,iv:Erd5u0GtV+nDD1Xl6ZQZbikeSswMGGAxzmxT4+86NZo=,tag:oYLi8WVzcmeZzQe3HmF45w==,type:str]
+ pgp:
+ - created_at: "2022-01-22T02:43:51Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ wcFMA7kpg2bgzVHcARAAFvtohkvJRkXy/Xg0WB6vfDrlLkImoMDr0AdA43wLDb8g
+ asrWif9/RUwbackSqHMyArFznOgXEx2dH9fE7p2NAu1TdRZb8qU6XQULrGT699ZO
+ 0ndYeZiG8H2MTYW+0W+UKbpIZaaox2GW5RHFF0fxQCqUyYKmqdYOgozhlDnDbePT
+ xiCy8gVZMtfv7rFU8XmMP3wM9FJDT6dlddMP5QqS5CRw9loxo0LBNxwnBfEfkDRK
+ fRgNhZxnn77U4OCPtzjSgCMQvE4S+DckBjESzNLlsT/M4hTo7ALe1CrXlJQ70Hmc
+ WsYuQS+FI4D4JZ+5yhMAXwS1PjWASZvfx3ICwID3aodgT4z6Vo4vnpjQLD1rrRsp
+ d/BaIP7anI4QiAECfbiRS0eGGNMGqjSU/TADxaJ7oOoPnncp6oSWs+OOqCGq+LTm
+ 6NIhtp1dxN650xo3pNclSHcyzegPN9KbBSncZ753h/mf3ogndVcHX2JI6BJSDbeV
+ 1daSNxBPrO33/cyXJyeuAgjUqMH9v7Asm89i7qMXCTrS9ScNJLRKDq4Nt3kKMCuL
+ KZxrNMUGTwOY5wMnZRzzxmomWR3NinAuh4ig16mPGlPqz7Ytd3gXU8f90FM13wx/
+ Q4MH1/QK5ofquX5Kh1ynd8zao3rXCPssIjaRAaWUWuZg/Bx/M6w8ti4LRVcqlrfS
+ 5gF6jN7S2V6BypBOukyYxN6IS5omLpNJASnlPWtsWWs2z/J/oE8Ffl9CzXzMTmDw
+ guWmOXyAToL5AQv+yYTM7mDkAJgFW1nubQRc6UGeYu1UKeLtk/45AA==
+ =w2Ry
+ -----END PGP MESSAGE-----
+ fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+ - created_at: "2022-01-22T02:43:51Z"
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4oYbIHZIrAPAQ/+PiDZKJIrMbrffin3ZDaS3qoQswfaKOhxqytzN7mK0+kv
+ 7ePEHDTcHobwJXLiA7cT2p4c4VAa7imN3vew5Ock7b8F5A1kbKRqHWD1N6rCoVEM
+ jiczzb9AiAyh49kjF3YIgO2pCUCzbMDEqlrGDf9GTw+izQ2GWkWriZdRelXlnh7d
+ pgFoV1VKL/kwPivCZsGFxxnS/PDyxujl0GK+PYpLJJWnpxItDDfXtrcesvyLxE+/
+ lxc7myEvwoXMKkPIg0bD0rrkQ4aSfgEB7f456hY3+qi/mqeD8pRtRrD8gIGprd2G
+ N/tDA9DaDXXVJcan/bVTczIosY+QDf6jG3nvBx6gDTfng3YfaESiH1na2AqfYJDv
+ oDklg6bahF7SDWUHGuxdfP5je4/ChgqyiQR63NTvqE8C4/jcDkD8bo9zMxGtkMpp
+ KsjJ5Q8zugMpT7A0sOE82wj93EJR1cc1F9cWhPNfZpnPvW5d60VWVnXqvIlVT+sk
+ 9hzXtFVLwA1LOWtdcoIESZ9f2e7O2iJlf33E/OJjhC7pNtJesV8nlq0o9iyGSGrP
+ i5vQugZmsXrBQUaCuAqb6iygTjdWCZEzn+yGV/DfdCLe8e0mCO274cOHnshkGaH7
+ SqCtco5ZlUqnl+2s2IMTU45FWhd/OUopPZTdPcoUM2Sc68hQyrDbp6uPiygNdW3U
+ ZgEJAhBzTzVu56+K5xCdHSEVSSVSvrl7qBJQTGNOEfJPq+Az3VriPE5tbBe2RN7H
+ iQJf4UK17YwirkyyNHgLifSkbIW4N3DNKPC4JntSzJqyaDf7lO8L/TH+WPU+bCQa
+ lS1ReknhMw==
+ =adK1
+ -----END PGP MESSAGE-----
+ fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+ encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL)$
+ version: 3.7.1
diff --git a/clusters/k8s01/monitoring/kustomization.yaml b/clusters/k8s01/monitoring/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..422b08334938538a7f90d2c5c1ff9e73b0bd4b5f
--- /dev/null
+++ b/clusters/k8s01/monitoring/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- certificate.yaml
+- oauth2.yaml
+- ingress.yaml
diff --git a/clusters/k8s01/monitoring/oauth2.yaml b/clusters/k8s01/monitoring/oauth2.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..4c40564241f8abcb83f46e6f833ec0237f40632b
--- /dev/null
+++ b/clusters/k8s01/monitoring/oauth2.yaml
@@ -0,0 +1,241 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: HelmRepository
+metadata:
+ name: oauth2-proxy
+ namespace: monitoring-system
+spec:
+ interval: 30m
+ url: https://oauth2-proxy.github.io/manifests
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2022-02-02T19:45:12Z"
+ mac: ENC[AES256_GCM,data:EAj6rLRoYG2ws04G/avfzdr7H2Kv332spObfaiV9i7U/KIKG+tyhUGDIQi0EBJgB1+O6wqiD2dKAjNTZujtTernJhUAJu2U9zv7PxkuYYWnb7Zqt9zUT/RGJaQ1HyogjHPU5fahAxMuKKF1hprMXYXPakM4+jcBGGq0Naf0tO3s=,iv:06Czv/7fUDZWbt3Jq/1nrp7a2HGAOpZ1w8jN08g3niU=,tag:0CVJ1oDb9DBh5ZFpvS2k/A==,type:str]
+ pgp:
+ - created_at: "2022-01-22T04:06:16Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ wcFMA7kpg2bgzVHcARAAgt+09YMPbbkGkg+/VgMgvxC4YDoQxlcklv3OfrS29yHF
+ 27d8LBexyRYUTqkKhxyFJl+1dOqoE+o2uZjg9J/WSNR4MIBMm4Whn9rly4hoyk1W
+ BSKqZxt/POdP7ZtZ1Ke3hrZiV4UlDDAagToxrSWG4suXr45i0wUGICbNakrlEB9P
+ 7Ub7nM6aIWjyRJpqPhtJaaq1EWsj/+2NagXOMi0cWjj4wzEy+KZMC3lMVM3db/zw
+ KDxsZWfK2/gRc7qqQWrmKB5bqQPhKVwUExrzKofExaSozXq9c694mmThVyR2SFc9
+ OvNLlqLpeRfBpoY9F19Wz0YhQRUxfPdYgV0ZqngxIYzx2+2DqCz1fkW/hIcMLyj9
+ LBNUTHXcRP9O3ZWWx0flnjcE8Cyz4qmMq9hf0iEWtZb1cO0v5Z6+lYo9ThQvcPCp
+ DMuZ2l65Sfto56y84j8FPshOS6Heo97mwbO/BmOZYnQ4RtGFc9KlFtLBMyRZfqEo
+ b6O77YyzCcKYOdgrXjEORxvUq2ftHxTQFBdYUHO2Rpf0tyrZwUYnIWBXnB5fOp/y
+ HjWzl8ZpQxhJQubiqteEovYdtv+1ionPBLZkzzx3EDbNvSroQijENSkQhyl7QbMj
+ XURIII47j0yda/kZ4mupPz4isY4kEi/AtwCI+tumI0c7gH7iew/kjoQcgyTVMOLS
+ 5gFZuhZ6ixAXhDms0RKfYq6iKAzXxslg0qcYAOcjwqq5u+cQJTfSrLjivxNs2cIo
+ M/5BCddS+GzLSTCNYStLfOfkFGlrOccM7I8Fzy3PYhtc9eLwlSI/AA==
+ =c/3x
+ -----END PGP MESSAGE-----
+ fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+ - created_at: "2022-01-22T04:06:16Z"
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4oYbIHZIrAPARAAyGLyK65vBqTfe/5iFAuaaWg9sWRTAfnGnDEgxAPdp4EQ
+ yKOT9AyRLes5yRtSz8ugRVjvQd/B9bj+VE7MosFarpjw5ckzRKjSHpanzPqGGWjI
+ 2Ce9gbSljx7AhmXujK+TRhf4PbliopQWdStNWZ08p17UG2G0UiNPgun0ocHxUqVN
+ 46iUl51aL5ElZUmA3bfcwpYu6lCiDCEvlrX+7ZSsKEYcg1VQ+oi0XTxfEugSFX1N
+ 4QjkSHfFYWCqt5IOB2+G5HCZfwD3n3a9tTjpehnTfC61Dn3r4tAVunD3dDaVvqNK
+ GOJJvvykUOGrszIInJbXd3Bvp/HGm5jp5eLiMo1GQeG7XxIuiIDV41AkAEEv5nYW
+ fpkeW/a+2NI/TzM3PsOOxEmghuG4k5lnpYwrEcp/s3OmYwDRLvSQRD9rIjw33VnU
+ WhgfsjwqlqLbyUTwssn8ztEUvoVXQ/lmsFJ2xrzBuWV4tSOUMX+jpA1bhJ1QCcOd
+ vR/fMH2ZMppho7bnUUVjFGtRZWLAh4OPdCZ4fTkWpUbrFE9HBP1rcPxe7DqzDlbl
+ tb5yfNLvHGWh/Myqm7CP04qIlWGyDT4UonAWFmPLt6mWXf6DrlOl8n+iAZbX7d+c
+ w8y/mAapNcTZZHG/+M5hq0anS9mZ65yR3X2znn8ErNot8alJBcOdulM2aDrwk9HU
+ aAEJAhDKMKsgECqiT3WYb8AVOHFk0O/CCKDFBTt+S+Bbjeb2vqBE8uRNMECpZPU9
+ NSZGFfj97fyI1At7TgVko8Ae/2w0xdb80g/81/kVuTNTm/0z60RqOooENSxfGRJ9
+ PNNoVr/LwxMQ
+ =e2fo
+ -----END PGP MESSAGE-----
+ fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+ encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secret|.*-domain)$
+ version: 3.7.1
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: oauth2-proxy
+ namespace: monitoring-system
+spec:
+ releaseName: oauth2-proxy
+ chart:
+ spec:
+ chart: oauth2-proxy
+ sourceRef:
+ kind: HelmRepository
+ name: oauth2-proxy
+ namespace: monitoring-system
+ version: 5.0.6
+ interval: 5m
+ install:
+ remediation:
+ retries: 5
+ values:
+ config:
+ clientID: monitoring-k8s01
+ clientSecret: ENC[AES256_GCM,data:O9p9U9nOib+ozArhJilHlczHbl5j0Jh9kfXADP9bwrE=,iv:NcR7lQjDvzyYc7Eqmrco98tl32yCLsh6wXrU80DXGtk=,tag:iSMD+x+ffRUyCQtllTjFsg==,type:str]
+ cookieSecret: ENC[AES256_GCM,data:lHOpXWk/ngEwpoY9c4zdVV8MGjsrzqwOeHSAg6KpjUlVfQpKYolE7Q==,iv:5L2xO2Pvz6RcmsoRsEEeUa3L+eZ0va9e6DZA5gJ5uYk=,tag:xFul8ji1TFjVf+ycmxbLiQ==,type:str]
+ extraArgs:
+ provider: keycloak-oidc
+ provider-display-name: SI-Auth
+ oidc-issuer-url: ENC[AES256_GCM,data:cjpWCSaUohFnsNuTQglIASmY2DrdmRoNFUu6f8UiqLjTNMRWdPgGhliZxsL6u56Jmw2Ec4yj9lKuNJfA,iv:vKIdjDG4FZWJMlVqoeeu1USEy+Ig3UZdMKXPkZqWTro=,tag:9EBs55eqkItBnJ7JNFMnLA==,type:str]
+ allowed-role: monitoring-k8s01:admin
+ whitelist-domain: ENC[AES256_GCM,data:L0V+E3JH5u68KaY/Gn6IyegzzS6gMWasRyAnPac61Z7d95Ovm0g=,iv:I35zh1LnDxS3FuRsKG2qPszLA7aKMSCZLmt6YIRmWsE=,tag:NmwRekfuZpG2OePHNc1X1g==,type:str]
+ replicaCount: 1
+ securityContext:
+ enabled: true
+ affinity:
+ podAntiAffinity:
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ matchLabels:
+ app: oauth2-proxy
+ topologyKey: kubernetes.io/hostname
+ ingress:
+ enabled: true
+ path: /oauth2
+ pathType: Prefix
+ hosts:
+ - ENC[AES256_GCM,data:k0YMsGdOxibO/WnTd6lWD3cp3AvMatywGUz12yv0mUC+Ot6nFRw=,iv:a1i4PSOangx0FIOfP8X2oyGwCZKnAxkADf9kYe+mJdg=,tag:vSRHDSse9BWwok+FbS/0iw==,type:str]
+ - ENC[AES256_GCM,data:qHrXuqaun8cbJzAej4NbJwgixjAg0xDQdGrnrjTO/8LzAZjT,iv:liTzoWWZwq+U8eceEQMBmZKRWFeld4yUXaQBZxUEMdw=,tag:cEkVL/jJV8iEREWYV797jw==,type:str]
+ - ENC[AES256_GCM,data:m4yzapFZV/R/zm+Bk8dHoyngfNommbHbO1EfGwUqyDX6PLo=,iv:efmgJDWYqEsNZVVOLE82SGsgFCjLQFs5HC1XFrwETG8=,tag:4x22lYMV7UySXy6BxYvRIA==,type:str]
+ tls:
+ - hosts:
+ - ENC[AES256_GCM,data:CVPUFMkDOeaqsVw7yXac4tmOg+Qbemp7y/uy/qJbGuz3t5yWPes=,iv:AlDn5BfvIq70kmDDbCZ8a6ayyQYSiwCPTYgFYp9D2ks=,tag:P4IRT/k+iEUQhNKDEGfF8Q==,type:str]
+ - ENC[AES256_GCM,data:bIxM8aPJRxF7p9OSK8o2+mFhaouGr7nDmHreW18Pm4YR82lK,iv:dDn9SKdV4JXQIKzLQtpTHcW9KTf+QVZ8oDVCA2zoByk=,tag:2ZlN0qkO+nANiwcjNA/LMw==,type:str]
+ - ENC[AES256_GCM,data:vfbaD0ospbqDI1/85RbgcPn7ly+qhx8GkhZIIQtbnDu2Ozo=,iv:2cTkAt9H8GnaNwFO+Nr9l5mmY+y+kwpC1fH8F9kc64M=,tag:10nIyvU7AbNnR6wFGIEMmQ==,type:str]
+ secretName: ingress-monitoring-tls
+ resources:
+ limits:
+ cpu: 200m
+ memory: 100Mi
+ requests:
+ cpu: 100m
+ memory: 25Mi
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2022-02-02T19:45:12Z"
+ mac: ENC[AES256_GCM,data:EAj6rLRoYG2ws04G/avfzdr7H2Kv332spObfaiV9i7U/KIKG+tyhUGDIQi0EBJgB1+O6wqiD2dKAjNTZujtTernJhUAJu2U9zv7PxkuYYWnb7Zqt9zUT/RGJaQ1HyogjHPU5fahAxMuKKF1hprMXYXPakM4+jcBGGq0Naf0tO3s=,iv:06Czv/7fUDZWbt3Jq/1nrp7a2HGAOpZ1w8jN08g3niU=,tag:0CVJ1oDb9DBh5ZFpvS2k/A==,type:str]
+ pgp:
+ - created_at: "2022-01-22T04:06:16Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ wcFMA7kpg2bgzVHcARAAgt+09YMPbbkGkg+/VgMgvxC4YDoQxlcklv3OfrS29yHF
+ 27d8LBexyRYUTqkKhxyFJl+1dOqoE+o2uZjg9J/WSNR4MIBMm4Whn9rly4hoyk1W
+ BSKqZxt/POdP7ZtZ1Ke3hrZiV4UlDDAagToxrSWG4suXr45i0wUGICbNakrlEB9P
+ 7Ub7nM6aIWjyRJpqPhtJaaq1EWsj/+2NagXOMi0cWjj4wzEy+KZMC3lMVM3db/zw
+ KDxsZWfK2/gRc7qqQWrmKB5bqQPhKVwUExrzKofExaSozXq9c694mmThVyR2SFc9
+ OvNLlqLpeRfBpoY9F19Wz0YhQRUxfPdYgV0ZqngxIYzx2+2DqCz1fkW/hIcMLyj9
+ LBNUTHXcRP9O3ZWWx0flnjcE8Cyz4qmMq9hf0iEWtZb1cO0v5Z6+lYo9ThQvcPCp
+ DMuZ2l65Sfto56y84j8FPshOS6Heo97mwbO/BmOZYnQ4RtGFc9KlFtLBMyRZfqEo
+ b6O77YyzCcKYOdgrXjEORxvUq2ftHxTQFBdYUHO2Rpf0tyrZwUYnIWBXnB5fOp/y
+ HjWzl8ZpQxhJQubiqteEovYdtv+1ionPBLZkzzx3EDbNvSroQijENSkQhyl7QbMj
+ XURIII47j0yda/kZ4mupPz4isY4kEi/AtwCI+tumI0c7gH7iew/kjoQcgyTVMOLS
+ 5gFZuhZ6ixAXhDms0RKfYq6iKAzXxslg0qcYAOcjwqq5u+cQJTfSrLjivxNs2cIo
+ M/5BCddS+GzLSTCNYStLfOfkFGlrOccM7I8Fzy3PYhtc9eLwlSI/AA==
+ =c/3x
+ -----END PGP MESSAGE-----
+ fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+ - created_at: "2022-01-22T04:06:16Z"
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4oYbIHZIrAPARAAyGLyK65vBqTfe/5iFAuaaWg9sWRTAfnGnDEgxAPdp4EQ
+ yKOT9AyRLes5yRtSz8ugRVjvQd/B9bj+VE7MosFarpjw5ckzRKjSHpanzPqGGWjI
+ 2Ce9gbSljx7AhmXujK+TRhf4PbliopQWdStNWZ08p17UG2G0UiNPgun0ocHxUqVN
+ 46iUl51aL5ElZUmA3bfcwpYu6lCiDCEvlrX+7ZSsKEYcg1VQ+oi0XTxfEugSFX1N
+ 4QjkSHfFYWCqt5IOB2+G5HCZfwD3n3a9tTjpehnTfC61Dn3r4tAVunD3dDaVvqNK
+ GOJJvvykUOGrszIInJbXd3Bvp/HGm5jp5eLiMo1GQeG7XxIuiIDV41AkAEEv5nYW
+ fpkeW/a+2NI/TzM3PsOOxEmghuG4k5lnpYwrEcp/s3OmYwDRLvSQRD9rIjw33VnU
+ WhgfsjwqlqLbyUTwssn8ztEUvoVXQ/lmsFJ2xrzBuWV4tSOUMX+jpA1bhJ1QCcOd
+ vR/fMH2ZMppho7bnUUVjFGtRZWLAh4OPdCZ4fTkWpUbrFE9HBP1rcPxe7DqzDlbl
+ tb5yfNLvHGWh/Myqm7CP04qIlWGyDT4UonAWFmPLt6mWXf6DrlOl8n+iAZbX7d+c
+ w8y/mAapNcTZZHG/+M5hq0anS9mZ65yR3X2znn8ErNot8alJBcOdulM2aDrwk9HU
+ aAEJAhDKMKsgECqiT3WYb8AVOHFk0O/CCKDFBTt+S+Bbjeb2vqBE8uRNMECpZPU9
+ NSZGFfj97fyI1At7TgVko8Ae/2w0xdb80g/81/kVuTNTm/0z60RqOooENSxfGRJ9
+ PNNoVr/LwxMQ
+ =e2fo
+ -----END PGP MESSAGE-----
+ fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+ encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secret|.*-domain)$
+ version: 3.7.1
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: allow-ingress-to-oauth2
+ namespace: monitoring-system
+spec:
+ podSelector:
+ matchLabels:
+ app: oauth2-proxy
+ ingress:
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ ingress.shivering-isles.com/network-access-required: "true"
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2022-02-02T19:45:12Z"
+ mac: ENC[AES256_GCM,data:EAj6rLRoYG2ws04G/avfzdr7H2Kv332spObfaiV9i7U/KIKG+tyhUGDIQi0EBJgB1+O6wqiD2dKAjNTZujtTernJhUAJu2U9zv7PxkuYYWnb7Zqt9zUT/RGJaQ1HyogjHPU5fahAxMuKKF1hprMXYXPakM4+jcBGGq0Naf0tO3s=,iv:06Czv/7fUDZWbt3Jq/1nrp7a2HGAOpZ1w8jN08g3niU=,tag:0CVJ1oDb9DBh5ZFpvS2k/A==,type:str]
+ pgp:
+ - created_at: "2022-01-22T04:06:16Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ wcFMA7kpg2bgzVHcARAAgt+09YMPbbkGkg+/VgMgvxC4YDoQxlcklv3OfrS29yHF
+ 27d8LBexyRYUTqkKhxyFJl+1dOqoE+o2uZjg9J/WSNR4MIBMm4Whn9rly4hoyk1W
+ BSKqZxt/POdP7ZtZ1Ke3hrZiV4UlDDAagToxrSWG4suXr45i0wUGICbNakrlEB9P
+ 7Ub7nM6aIWjyRJpqPhtJaaq1EWsj/+2NagXOMi0cWjj4wzEy+KZMC3lMVM3db/zw
+ KDxsZWfK2/gRc7qqQWrmKB5bqQPhKVwUExrzKofExaSozXq9c694mmThVyR2SFc9
+ OvNLlqLpeRfBpoY9F19Wz0YhQRUxfPdYgV0ZqngxIYzx2+2DqCz1fkW/hIcMLyj9
+ LBNUTHXcRP9O3ZWWx0flnjcE8Cyz4qmMq9hf0iEWtZb1cO0v5Z6+lYo9ThQvcPCp
+ DMuZ2l65Sfto56y84j8FPshOS6Heo97mwbO/BmOZYnQ4RtGFc9KlFtLBMyRZfqEo
+ b6O77YyzCcKYOdgrXjEORxvUq2ftHxTQFBdYUHO2Rpf0tyrZwUYnIWBXnB5fOp/y
+ HjWzl8ZpQxhJQubiqteEovYdtv+1ionPBLZkzzx3EDbNvSroQijENSkQhyl7QbMj
+ XURIII47j0yda/kZ4mupPz4isY4kEi/AtwCI+tumI0c7gH7iew/kjoQcgyTVMOLS
+ 5gFZuhZ6ixAXhDms0RKfYq6iKAzXxslg0qcYAOcjwqq5u+cQJTfSrLjivxNs2cIo
+ M/5BCddS+GzLSTCNYStLfOfkFGlrOccM7I8Fzy3PYhtc9eLwlSI/AA==
+ =c/3x
+ -----END PGP MESSAGE-----
+ fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+ - created_at: "2022-01-22T04:06:16Z"
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4oYbIHZIrAPARAAyGLyK65vBqTfe/5iFAuaaWg9sWRTAfnGnDEgxAPdp4EQ
+ yKOT9AyRLes5yRtSz8ugRVjvQd/B9bj+VE7MosFarpjw5ckzRKjSHpanzPqGGWjI
+ 2Ce9gbSljx7AhmXujK+TRhf4PbliopQWdStNWZ08p17UG2G0UiNPgun0ocHxUqVN
+ 46iUl51aL5ElZUmA3bfcwpYu6lCiDCEvlrX+7ZSsKEYcg1VQ+oi0XTxfEugSFX1N
+ 4QjkSHfFYWCqt5IOB2+G5HCZfwD3n3a9tTjpehnTfC61Dn3r4tAVunD3dDaVvqNK
+ GOJJvvykUOGrszIInJbXd3Bvp/HGm5jp5eLiMo1GQeG7XxIuiIDV41AkAEEv5nYW
+ fpkeW/a+2NI/TzM3PsOOxEmghuG4k5lnpYwrEcp/s3OmYwDRLvSQRD9rIjw33VnU
+ WhgfsjwqlqLbyUTwssn8ztEUvoVXQ/lmsFJ2xrzBuWV4tSOUMX+jpA1bhJ1QCcOd
+ vR/fMH2ZMppho7bnUUVjFGtRZWLAh4OPdCZ4fTkWpUbrFE9HBP1rcPxe7DqzDlbl
+ tb5yfNLvHGWh/Myqm7CP04qIlWGyDT4UonAWFmPLt6mWXf6DrlOl8n+iAZbX7d+c
+ w8y/mAapNcTZZHG/+M5hq0anS9mZ65yR3X2znn8ErNot8alJBcOdulM2aDrwk9HU
+ aAEJAhDKMKsgECqiT3WYb8AVOHFk0O/CCKDFBTt+S+Bbjeb2vqBE8uRNMECpZPU9
+ NSZGFfj97fyI1At7TgVko8Ae/2w0xdb80g/81/kVuTNTm/0z60RqOooENSxfGRJ9
+ PNNoVr/LwxMQ
+ =e2fo
+ -----END PGP MESSAGE-----
+ fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+ encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secret|.*-domain)$
+ version: 3.7.1