diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml deleted file mode 100644 index a63463d..0000000 --- a/.github/workflows/deploy.yaml +++ /dev/null @@ -1,23 +0,0 @@ -name: "Deploy" -run-name: Deploy (${{ github.ref_name }} -> ${{ inputs.environment }}) by @${{ github.actor }} -on: - workflow_dispatch: - inputs: - environment: - description: 'Deploy to Environment' - required: true - default: 'staging' - type: choice - options: - - staging - - production - debug_enabled: - type: boolean - description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)' - required: false - default: false - -jobs: - deploy: - uses: notch8/actions/.github/workflows/deploy.yaml@v1.0.7 - secrets: inherit diff --git a/ops/helm.yaml b/ops/helm.yaml deleted file mode 100644 index ef516ec..0000000 --- a/ops/helm.yaml +++ /dev/null @@ -1,3 +0,0 @@ -extraEnvVars: - - name: CONFDIR - value: /app/samvera/hyrax-webapp/solr/config diff --git a/ops/production-deploy.tmpl.yaml b/ops/production-deploy.tmpl.yaml deleted file mode 100644 index f1e639b..0000000 --- a/ops/production-deploy.tmpl.yaml +++ /dev/null @@ -1,598 +0,0 @@ -replicaCount: 2 - -resources: - requests: - memory: "4Gi" - cpu: "1000m" - limits: - memory: "8Gi" - cpu: "2000m" - -livenessProbe: - enabled: false -readinessProbe: - enabled: true - path: "/healthz" - periodSeconds: 30 - timeoutSeconds: 10 - -brandingVolume: - storageClass: efs-sc -derivativesVolume: - storageClass: efs-sc -uploadsVolume: - storageClass: efs-sc - -extraVolumeMounts: &volMounts - - name: uploads - mountPath: /app/samvera/hyrax-webapp/tmp/imports - subPath: imports - - name: uploads - mountPath: /app/samvera/hyrax-webapp/tmp/exports - subPath: exports - - name: uploads - mountPath: /app/samvera/hyrax-webapp/public/system - subPath: public-system - - name: uploads - mountPath: /app/samvera/hyrax-webapp/public/uploads - subPath: public-uploads - - name: uploads - mountPath: /app/samvera/hyrax-webapp/tmp/network_files - subPath: network-files - -ingress: - enabled: true - hosts: - - host: b2.adventistdigitallibrary.org - paths: - - path: / - - host: "*.b2.adventistdigitallibrary.org" - paths: - - path: / - annotations: { - kubernetes.io/ingress.class: "nginx", - nginx.ingress.kubernetes.io/proxy-body-size: "0", - cert-manager.io/cluster-issuer: wildcard-issuer - } - tls: - - hosts: - - '*.b2.adventistdigitallibrary.org' - - b2.adventistdigitallibrary.org - secretName: adventist-wild-tls - -extraEnvVars: &envVars - - name: AWS_ACCESS_KEY_ID - value: $AWS_ACCESS_KEY_ID - - name: AWS_REGION - value: us-east-1 - - name: AWS_S3_BUCKET - value: space-stone-production-preprocessedbucketf21466dd-15sun4xy658nh - - name: AWS_SECRET_ACCESS_KEY - value: $AWS_SECRET_ACCESS_KEY - - name: AUXILIARY_QUEUE_TENANTS - value: sdapi - - name: BUNDLE_DISABLE_LOCAL_BRANCH_CHECK - value: "true" - - name: BUNDLE_LOCAL__HYKU_KNAPSACK - value: /app/samvera - - name: CH12N_TOOL - value: fits_servlet - - name: CLIENT_ADMIN_USER_EMAIL - value: $CLIENT_ADMIN_USER_EMAIL - - name: CLIENT_ADMIN_USER_PASSWORD - value: $CLIENT_ADMIN_USER_PASSWORD - - name: CONFDIR - value: "/app/samvera/hyrax-webapp/solr/config" - - name: DATABASE_ADAPTER - value: postgresql - - name: DATABASE_HOST - value: acid-postgres-cluster-bravo.postgres.svc.cluster.local - - name: DATABASE_NAME - value: hyku-production-hyrax - - name: DATABASE_USER - value: hyku-production-hyrax - - name: DB_ADAPTER - value: postgresql - - name: DB_HOST - value: acid-postgres-cluster-bravo.postgres.svc.cluster.local - - name: DB_NAME - value: hyku-production-hyrax - - name: DB_PORT - value: "5432" - - name: DB_USER - value: hyku-production-hyrax - # - name: EXTERNAL_IIIF_URL - # value: https://d3pg70bdc74ala.cloudfront.net/iiif/2 - - name: FCREPO_BASE_PATH - value: /adventist-production - - name: FCREPO_HOST - value: fcrepo.default.svc.cluster.local - - name: FCREPO_PORT - value: "8080" - - name: FCREPO_PATH - value: /rest - - name: FEDORA_URL - value: http://fcrepo.default.svc.cluster.local:8080/rest - - name: FITS_SERVLET_URL - value: http://adventist-knapsack-production-fits:8080/fits - - name: GOOD_JOB_CLEANUP_DISCARDED_JOBS - value: "false" - - name: GOOD_JOB_CLEANUP_PRESERVED_JOBS_BEFORE_SECONDS_AGO - value: "604800" - - name: GOOD_JOB_CLEANUP_INTERVAL_SECONDS - value: "86400" - - name: GOOGLE_ACCOUNT_JSON - value: $GOOGLE_ACCOUNT_JSON - - name: HYRAX_VALKYRIE - value: "true" - - name: HYKU_BLOCK_VALKYRIE_REDIRECT - value: "false" - - name: HYKU_ADMIN_HOST - value: b2.adventistdigitallibrary.org - - name: HYKU_ADMIN_ONLY_TENANT_CREATION - value: "true" - - name: HYKU_ALLOW_SIGNUP - value: "false" - - name: HYKU_ATTACK_RATE_THROTTLE_OFF - value: "true" - - name: HYKU_BULKRAX_ENABLED - value: "true" - - name: HYKU_CONTACT_EMAIL - value: donotreply@adventistdigitallibrary.org - - name: HYKU_DEFAULT_HOST - value: "%{tenant}.b2.adventistdigitallibrary.org" - - name: HYKU_FILE_ACL - value: "true" - - name: HYKU_GEONAMES_USERNAME - value: 'scientist' - - name: HYKU_MULTITENANT - value: "true" - - name: HYKU_QUEUED_RUNNER - value: "false" - - name: HYKU_ROOT_HOST - value: b2.adventistdigitallibrary.org - - name: HYRAX_ACTIVE_JOB_QUEUE - value: good_job - - name: HYRAX_ANALYTICS - value: "false" - - name: HYRAX_FITS_PATH - value: /app/fits/fits.sh - - name: HYRAX_FLEXIBLE - value: "false" - - name: INITIAL_ADMIN_EMAIL - value: donotreply@adventistdigitallibrary.org - - name: INITIAL_ADMIN_PASSWORD - value: $INITIAL_ADMIN_PASSWORD - - name: IN_DOCKER - value: "true" - - name: LD_LIBRARY_PATH - value: /app/fits/tools/mediainfo/linux - - name: LOGGING_WITH_COLOR - value: "false" - - name: NEGATIVE_CAPTCHA_SECRET - value: $NEGATIVE_CAPTCHA_SECRET - - name: OMP_THREAD_LIMIT - value: "1" - - name: PASSENGER_APP_ENV - value: production - - name: RAILS_CACHE_STORE_URL - value: redis://:$REDIS_PASSWORD@adventist-knapsack-production-redis-master:6379/0 - - name: RAILS_ENV - value: production - - name: RAILS_LOG_TO_STDOUT - value: "true" - - name: RAILS_MAX_THREADS - value: "5" - - name: RAILS_SERVE_STATIC_FILES - value: "true" - - name: REDIS_HOST - value: adventist-knapsack-production-redis-master - - name: REDIS_URL - value: redis://:$REDIS_PASSWORD@adventist-knapsack-production-redis-master:6379/0 - - name: REPOSITORY_S3_STORAGE - value: "true" - - name: REPOSITORY_S3_BUCKET - value: samvera-original-files - - name: REPOSITORY_S3_REGION - value: us-east-1 - - name: REPOSITORY_S3_ACCESS_KEY - value: $AWS_ACCESS_KEY_ID - - name: REPOSITORY_S3_SECRET_KEY - value: $AWS_SECRET_ACCESS_KEY - - name: SECRET_KEY_BASE - value: $SECRET_KEY_BASE - - name: SENTRY_DSN - value: $SENTRY_DSN - - name: SENTRY_ENVIRONMENT - value: "adv-knapsack-production" - - name: SERVERLESS_ALTO_DLQ - value: https://sqs.us-east-1.amazonaws.com/031107666127/space-stone-production-alto-xml-dlq - - name: SERVERLESS_BATCH_SIZE - value: "10" - - name: SERVERLESS_COPY_DLQ - value: https://sqs.us-east-1.amazonaws.com/031107666127/space-stone-production-copy-dlq - - name: SERVERLESS_COPY_SQS_URL - value: https://sqs.us-east-1.amazonaws.com/031107666127/space-stone-production-copy - - name: SERVERLESS_COPY_URL - value: https://3oqe2l9evk.execute-api.us-east-1.amazonaws.com/copy - - name: SERVERLESS_OCR_DLQ - value: https://sqs.us-east-1.amazonaws.com/031107666127/space-stone-production-ocr-dlq - - name: SERVERLESS_OCR_SQS_URL - value: sqs://us-east-1.amazonaws.com/031107666127/space-stone-production-ocr/ - - name: SERVERLESS_OCR_THUMB_DLQ - value: https://sqs.us-east-1.amazonaws.com/031107666127/space-stone-production-split-ocr-thumbnail-dlq - - name: SERVERLESS_PLAIN_TEXT_DLQ - value: https://sqs.us-east-1.amazonaws.com/031107666127/space-stone-production-plain-text-dlq - - name: SERVERLESS_S3_URL - value: s3://space-stone-production-preprocessedbucketf21466dd-15sun4xy658nh.s3.us-east-1.amazonaws.com/ - - name: SERVERLESS_SPLIT_SQS_URL - value: sqs://us-east-1.amazonaws.com/031107666127/space-stone-production-split-ocr-thumbnail/ - - name: SERVERLESS_TEMPLATE - value: "{{ `{{dir_parts[-1..-1]}}/{{ basename }}{{ extension }}` }}" - - name: SERVERLESS_THUMBNAIL_DLQ - value: https://sqs.us-east-1.amazonaws.com/031107666127/space-stone-production-thumbnail-dlq - - name: SERVERLESS_THUMBNAIL_SQS_URL - value: sqs://us-east-1.amazonaws.com/031107666127/space-stone-production-thumbnail/ - - name: SERVERLESS_WORD_DLQ - value: https://sqs.us-east-1.amazonaws.com/031107666127/space-stone-production-word-coordinates-dlq - - name: SMTP_ADDRESS - value: mail.adventistdigitallibrary.org - - name: SMTP_DOMAIN - value: adventistdigitallibrary.org - - name: SMTP_ENABLED - value: "true" - - name: SMTP_PASSWORD - value: $SMTP_PASSWORD - - name: SMTP_PORT - value: "587" - - name: SMTP_TYPE - value: plain - - name: SMTP_USER_NAME - value: donotreply@adventistdigitallibrary.org - - name: SOLR_ADMIN_PASSWORD - value: $SOLR_ADMIN_PASSWORD - - name: SOLR_ADMIN_USER - value: admin - - name: SOLR_COLLECTION_NAME - value: hyku-adventist-production - - name: SOLR_CONFIGSET_NAME - value: hyku-adventist-production - - name: SOLR_HOST - value: solr.default - - name: SOLR_PORT - value: "8983" - - name: SOLR_URL - value: http://admin:$SOLR_ADMIN_PASSWORD@solr.default:8983/solr/ - - name: VALKYRIE_ID_TYPE - value: string - - name: VALKYRIE_TRANSITION - value: "true" - -worker: - replicaCount: 1 - resources: - requests: - memory: "4Gi" - cpu: "1000m" - limits: - memory: "8Gi" - cpu: "2000m" - podSecurityContext: - runAsUser: 1001 - runAsGroup: 101 - fsGroup: 101 - fsGroupChangePolicy: "OnRootMismatch" - extraVolumeMounts: *volMounts - extraEnvVars: *envVars - -workerAux: - extraEnvVars: - - name: GOOD_JOB_QUEUES - value: "auxiliary_default,auxiliary_reimport,auxiliary_ingest,auxiliary_destroy_collections,auxiliary_collections,auxiliary_relationships,auxiliary_import,auxiliary_export:5" - -extraDeploy: - - |- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: {{ include "hyrax.fullname" . }}-worker-aux - labels: - {{- include "hyrax.labels" . | nindent 4 }} - spec: - replicas: {{ .Values.worker.replicaCount }} - selector: - matchLabels: - {{- include "hyrax.workerSelectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "hyrax.workerSelectorLabels" . | nindent 8 }} - spec: - initContainers: - - name: db-wait - image: "{{ .Values.worker.image.repository }}:{{ .Values.worker.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.worker.image.pullPolicy }} - envFrom: - - configMapRef: - name: {{ include "hyrax.fullname" . }}-env - - secretRef: - name: {{ template "hyrax.fullname" . }} - env: - {{- toYaml .Values.worker.extraEnvVars | nindent 12 }} - {{- toYaml .Values.workerAux.extraEnvVars | nindent 12 }} - command: - - sh - - -c - - "service-wait.sh {{ include "hyrax.redis.host" . }}:6379" - {{- if .Values.worker.extraInitContainers }} - {{- toYaml .Values.worker.extraInitContainers | nindent 8 }} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "hyrax.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.worker.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }}-worker - securityContext: - {{- toYaml .Values.worker.securityContext | nindent 12 }} - image: "{{ .Values.worker.image.repository }}:{{ .Values.worker.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.worker.image.pullPolicy }} - envFrom: - - configMapRef: - name: {{ include "hyrax.fullname" . }}-env - - secretRef: - name: {{ template "hyrax.fullname" . }} - {{- if .Values.solrExistingSecret }} - - secretRef: - name: {{ .Values.solrExistingSecret }} - {{- end }} - {{- with .Values.worker.extraEnvFrom }} - {{- toYaml . | nindent 12 }} - {{- end }} - env: - {{- toYaml .Values.worker.extraEnvVars | nindent 12 }} - {{- toYaml .Values.workerAux.extraEnvVars | nindent 12 }} - {{- if .Values.worker.readinessProbe.enabled }} - readinessProbe: - exec: - command: - {{- toYaml .Values.worker.readinessProbe.command | nindent 16 }} - failureThreshold: {{ .Values.worker.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.worker.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.worker.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.worker.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.worker.readinessProbe.timeoutSeconds }} - {{- end }} - volumeMounts: - - name: derivatives - mountPath: /app/samvera/derivatives - - name: uploads - subPath: file_cache - mountPath: /app/samvera/file_cache - - name: uploads - subPath: uploads - mountPath: /app/samvera/uploads - {{- if .Values.applicationExistingClaim }} - - name: application - mountPath: /app/samvera/hyrax-webapp - {{- end }} - {{- with .Values.worker.extraVolumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - resources: - {{- toYaml .Values.worker.resources | nindent 12 }} - {{- with .Values.extraContainerConfiguration }} - {{- toYaml . | nindent 10 }} - {{- end }} - volumes: - - name: "derivatives" - {{- if and .Values.derivativesVolume.enabled .Values.derivativesVolume.existingClaim }} - persistentVolumeClaim: - claimName: {{ .Values.derivativesVolume.existingClaim }} - {{- else if .Values.derivativesVolume.enabled }} - persistentVolumeClaim: - claimName: {{ template "hyrax.fullname" . }}-derivatives - {{ else }} - emptyDir: {} - {{ end }} - - name: "uploads" - {{- if and .Values.uploadsVolume.enabled .Values.uploadsVolume.existingClaim }} - persistentVolumeClaim: - claimName: {{ .Values.uploadsVolume.existingClaim }} - {{- else if .Values.uploadsVolume.enabled }} - persistentVolumeClaim: - claimName: {{ template "hyrax.fullname" . }}-uploads - {{ else }} - emptyDir: {} - {{ end }} - {{- if .Values.applicationExistingClaim }} - - name: "application" - persistentVolumeClaim: - claimName: {{ .Values.applicationExistingClaim }} - {{- end }} - {{- with .Values.worker.extraVolumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.worker.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.worker.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.worker.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - -podSecurityContext: - runAsUser: 1001 - runAsGroup: 101 - fsGroup: 101 - fsGroupChangePolicy: "OnRootMismatch" - -embargoRelease: - enabled: false -leaseRelease: - enabled: false - -imagePullSecrets: - - name: github-registry - -fcrepo: - enabled: false -postgresql: - enabled: false -redis: - image: - repository: bitnamilegacy/redis - tag: 7.0.2-debian-11-r9 - architecture: standalone - cluster: - enabled: false - password: $REDIS_PASSWORD -solr: - enabled: false - -fcrepoBasePathOverride: "/adventist-production" - -externalFcrepoHost: fcrepo.default.svc.cluster.local -externalPostgresql: - host: acid-postgres-cluster-bravo.postgres.svc.cluster.local - username: hyku-production-hyrax - password: $DATABASE_PASSWORD - database: hyku-production-hyrax - -externalSolrHost: solr.default.cluster.local -externalSolrUser: admin -externalSolrPassword: $SOLR_ADMIN_PASSWORD -externalSolrPort: "8983" -externalSolrCollection: "hyku-adventist-production" - -global: - hyraxHostName: adventist-knapsack-production-hyrax - -nginx: - service: - port: 80 - enabled: true - image: - registry: ghcr.io - repository: notch8/scripts/bitnamilegacy-nginx - tag: 1.21.6-debian-11-r21 - serverBlock: |- - upstream rails_app { - server {{ .Values.global.hyraxHostName }}; - } - - map ${DOLLAR}status ${DOLLAR}loggable { - ~^444 0; - default 1; - } - - log_format loki 'host=${DOLLAR}host ip=${DOLLAR}http_x_forwarded_for remote_user=${DOLLAR}remote_user [${DOLLAR}time_local] ' - 'request="${DOLLAR}request" status=${DOLLAR}status bytes=${DOLLAR}body_bytes_sent ' - 'referer="${DOLLAR}http_referer" agent="${DOLLAR}http_user_agent" request_time=${DOLLAR}request_time upstream_response_time=${DOLLAR}upstream_response_time upstream_response_length=${DOLLAR}upstream_response_length'; - - error_log /opt/bitnami/nginx/logs/error.log warn; - #tcp_nopush on; - - # Cloudflare ips see for refresh - # https://support.cloudflare.com/hc/en-us/articles/200170786-Restoring-original-visitor-IPs-logging-visitor-IP-addresses - # update list https://www.cloudflare.com/ips/ - set_real_ip_from 103.21.244.0/22; - set_real_ip_from 103.22.200.0/22; - set_real_ip_from 103.31.4.0/22; - set_real_ip_from 104.16.0.0/13; - set_real_ip_from 104.24.0.0/14; - set_real_ip_from 108.162.192.0/18; - set_real_ip_from 131.0.72.0/22; - set_real_ip_from 141.101.64.0/18; - set_real_ip_from 162.158.0.0/15; - set_real_ip_from 172.64.0.0/13; - set_real_ip_from 173.245.48.0/20; - set_real_ip_from 188.114.96.0/20; - set_real_ip_from 190.93.240.0/20; - set_real_ip_from 197.234.240.0/22; - set_real_ip_from 198.41.128.0/17; - set_real_ip_from 2400:cb00::/32; - set_real_ip_from 2606:4700::/32; - set_real_ip_from 2803:f800::/32; - set_real_ip_from 2405:b500::/32; - set_real_ip_from 2405:8100::/32; - set_real_ip_from 2a06:98c0::/29; - set_real_ip_from 2c0f:f248::/32; - - real_ip_header X-Forwarded-For; - real_ip_recursive on; - include /opt/bitnami/nginx/conf/conf.d/*.conf; - server { - listen 8080; - server_name _; - root /app/samvera/hyrax-webapp/public; - index index.html; - - client_body_in_file_only clean; - client_body_buffer_size 32K; - client_max_body_size 0; - access_log /opt/bitnami/nginx/logs/access.log loki; - # if=${DOLLAR}loggable; - - sendfile on; - send_timeout 300s; - - include /opt/bitnami/nginx/conf/bots.d/ddos.conf; - include /opt/bitnami/nginx/conf/bots.d/blockbots.conf; - - location ~ (\.php|\.aspx|\.asp) { - return 404; - } - - # deny requests for files that should never be accessed - location ~ /\. { - deny all; - } - - location ~* ^.+\.(rb|log)${DOLLAR} { - deny all; - } - - # serve static (compiled) assets directly if they exist (for rails production) - location ~ ^/(assets|packs|fonts|images|javascripts|stylesheets|swfs|system)/ { - try_files ${DOLLAR}uri @rails; - - # access_log off; - gzip_static on; # to serve pre-gzipped version - - expires max; - add_header Cache-Control public; - - # Some browsers still send conditional-GET requests if there's a - # Last-Modified header or an ETag header even if they haven't - # reached the expiry date sent in the Expires header. - add_header Last-Modified ""; - add_header ETag ""; - break; - } - - # send non-static file requests to the app server - location / { - try_files ${DOLLAR}uri @rails; - } - - location @rails { - proxy_set_header X-Real-IP ${DOLLAR}remote_addr; - proxy_set_header X-Forwarded-For ${DOLLAR}proxy_add_x_forwarded_for; - proxy_set_header Host ${DOLLAR}http_host; - proxy_redirect off; - proxy_pass http://rails_app; - } - } \ No newline at end of file diff --git a/ops/provision/.backend.enc b/ops/provision/.backend.enc deleted file mode 100644 index 3f28d0b..0000000 --- a/ops/provision/.backend.enc +++ /dev/null @@ -1,21 +0,0 @@ -{ - "data": "ENC[AES256_GCM,data:F71gQmwtpzUxcee7SEcjzAXlIlrii9u+6lpEp3mmqXWsr8OCm6X75amZ6zG+3gqjSlPTa2g1qI8bMHzEM6WqRra5OchJmyTXL0X2krVybNNYmK8Ztj1n1PIE7qvoqLyS9ocx+Kul/ukMbEyZY36Y8pMCxOcu,iv:80QbUbaU9hcNslO3MN4JsTjmxlQxnsJ228NFY8W6czI=,tag:E5TTkiwZJT4E28boRJ+IQw==,type:str]", - "sops": { - "kms": null, - "gcp_kms": null, - "azure_kv": null, - "hc_vault": null, - "age": null, - "lastmodified": "2022-07-20T17:22:37Z", - "mac": "ENC[AES256_GCM,data:cytPNy+SsyGU5Sp024ldtQ29GRc9y7sMI56rzKyvzTYAc38iKrljfGqUxBlu5lkbRasgwRLYgRFdJS2wrbtXQD1qi2ceJ6YAjf2O4Di2kmr/Afn12i/qawvfRlDWjIOfWNG4BZKj1obS/004GkPVq07LNYl5lmPFZZoHVimPQRs=,iv:LQgsTf4BCcMmvI7eNNdIoe1WjQZERo1/63s6L7P2bIc=,tag:/y0pZKBnF9zWj8Bqkxfouw==,type:str]", - "pgp": [ - { - "created_at": "2022-07-20T17:22:36Z", - "enc": "-----BEGIN PGP MESSAGE-----\n\nwcFMAyipFqBchOAqARAADPXxgO8Pq6zM8lJEOMtV2IOkB8qEVi1pg2riDSPvI5lD\nGtFHFbKHNDBouHABOUsM68YtWOh2uvkxskz97aCg9LJsnM0x27MoRpSDe0EbeGmI\nX2CZmP5+653jWRuQvHIuEY2zQQhyLpr9fLMGXi2PiMzMjm9NAr1B7ilPvl29UQvh\n91rNVnHkyBFFktafTGfezuCT6a5SAKC3JlenYWiQwJptL9Ni6uOItjDdAGC7i5X9\n+CHLll6fV16cvawvYdCZUlaZj1o8S2+tx+XwUDnaekKAByNAkiqlJ090t9Ju7UQt\nnvKcZpir3t8VpIbkcNCzQC/ujCphgwAMP6fYcSSal5gu8uCOWZGvO5sZzYQp0/KC\nhqdTPsVVb3Z9GxZpQRlXrhHEoN+SfNrB77+Ik4pDe910NW69WaB8IDk8jsS0AReU\nvspsoWFfJh4dMhQK8xyYs3bbZ+E/gVKyI5UylHQJv4g7BAUkkOlYjXz/FKrXVujg\nm4GQknSS+fyTAe3CKDtSWOGwBs4AX5iSCHIya0/I9TVTPN6HKWlQuLS+Iz0Fdg30\ne+PPKvMmB/6WHIPV80wUPWkLjmb4fTJnYmLOZAO8kTbO0h1KvQai6fDd3jP8b2aB\nZH99dyVbXU4+H87ruWiYYyEJZJu/Wk8eygJuSggWPoBs83TBxR4rvg27SjzbCTHS\n5gGV0jYBB8VQQUhl+Sio29aY0yadTlaAlwzfkLUa5CE1sp08M37l+7xBFx6NT/cw\nFoOd3sPn79+D8DbxflNO9InkpePskmIEfluu1m1Uitu+QuIpGPHsAA==\n=faE4\n-----END PGP MESSAGE-----", - "fp": "FD9645989F8F5113C93F7E8C1585560D0A87BA6A" - } - ], - "unencrypted_suffix": "_unencrypted", - "version": "3.7.2" - } -} \ No newline at end of file diff --git a/ops/provision/.gitignore b/ops/provision/.gitignore deleted file mode 100644 index d2cdb58..0000000 --- a/ops/provision/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -kube_config.yml -k8s/*-values.yaml -.backend -.terraform* \ No newline at end of file diff --git a/ops/provision/efs_name b/ops/provision/efs_name deleted file mode 100644 index 8cf9e82..0000000 --- a/ops/provision/efs_name +++ /dev/null @@ -1 +0,0 @@ -fs-b3a1e007 diff --git a/ops/provision/k8s/fcrepo-values.enc.yaml b/ops/provision/k8s/fcrepo-values.enc.yaml deleted file mode 100644 index a8d3ad9..0000000 --- a/ops/provision/k8s/fcrepo-values.enc.yaml +++ /dev/null @@ -1,59 +0,0 @@ -replicaCount: ENC[AES256_GCM,data:cw==,iv:WojjwFIjvDikgSm0LPSwyroMm3qBwrMWEtGILuxcLgk=,tag:8jY/rNw/mnrbSdve0khSTw==,type:int] -storage: - size: ENC[AES256_GCM,data:6YlHcPI=,iv:qg/uk1j65L/w8drvba6dPhl+FnNZxQB8IY5FsRuHR44=,tag:GotLKuZlz/79SzYc2qpmwQ==,type:str] - className: ENC[AES256_GCM,data:kuVu,iv:TtvSOj+T90EwPJcQvHFS33dWPcqQ+O6AGg+bQwS+rPk=,tag:7zxHHg73Uzw8IQ2gq2TECw==,type:str] -image: - repository: ENC[AES256_GCM,data:0cGur4NUht+QoBwvnASz,iv:ep1pkWBODONzFGE9K/j4j5cips/W+KOcWeppuYcaF8A=,tag:HGvi9qQ6bBRxMFW2H/JAhg==,type:str] - pullPolicy: ENC[AES256_GCM,data:aKv8/1PFMyx7XmRn,iv:9UCxe2MNOXqCF2CxFkDmljkOPvC16cXZnZMBm3pUi6I=,tag:XkwFSypPBk0kCIPwQdEN+g==,type:str] - tag: ENC[AES256_GCM,data:85xb/Jc=,iv:uyo2QraLcdoj2z6n15Uy3VzJ5BYKDeB9AjX1QDMOTuI=,tag:hXAuF4Q9mfzgy4s3MTXjQQ==,type:str] -postgresql: - enabled: ENC[AES256_GCM,data:da9OBgM=,iv:IZPq0aWybTHP3jKaHRZD7zypBnKIqhvSHuJ2VP3Vk48=,tag:L7Rprlx7ZEMHyIF/mVzJoA==,type:bool] -externalPostgresql: - host: ENC[AES256_GCM,data:YbPJ5QEEkylCTR9mpsQMGNWA3i9QMYE5zsfluD5cAc/L6BG8UbZ/XavBDBhFPj9P39l7vUXw,iv:aW49hMPHKvoNC3cH+xEXtXAHZ366GJdba+vfbY5oeEc=,tag:VctZ9z8o3oGsh1fsuZV7Gw==,type:str] - #ENC[AES256_GCM,data:z8jyXGZtP3nd83bS/Ae9WOyRRRR1M5FRbjx13PUH31gV+g==,iv:BO+AqoTK0vpo6wgb9ptKWi6pM4LWVMNHAzyklikOxjQ=,tag:lnCwfvH2wBIokMqErVge2g==,type:comment] - username: ENC[AES256_GCM,data:ZVlDSBBqEyk=,iv:cA4FOIpuyOEnyfNwPMElyLgn8Ur3huwVmT/FJ6S8pUY=,tag:IQ2QcUsa2/WAoRy+3/SOwg==,type:str] - #ENC[AES256_GCM,data:zG8HcCmVKD64ENvmLoK28+gHqfvXH+w4VbAcxKjYh7SIxA==,iv:jRHp/y5uMAZht5muQL9Pi6526k6HF7VxeYk41MfM7uM=,tag:zmiMXSTV9syBLd2CNRgr9A==,type:comment] - password: ENC[AES256_GCM,data:GNzFTRWffoiIGFh1vwSCvqr7xLI=,iv:RzSiVKjrE9fyXerp2QXBQZeKloHFuLnzyMDhnzFtfbU=,tag:Qj2n20QVu8a0ArjO52E00g==,type:str] -resources: - limits: - memory: ENC[AES256_GCM,data:NRdR,iv:FgAbFdqNVPo7zX8MEJT/rg6zJJRRmfeTVuaLpV/LoIg=,tag:TedSTf2+b0l4HGUf5wNODg==,type:str] - cpu: ENC[AES256_GCM,data:3w==,iv:udonDBwVaImgkuYQcdBodtr8MAOwem6z/xYWqJLUqDI=,tag:ZLH3I3wM+oqm/s1U5ehm3g==,type:str] - requests: - memory: ENC[AES256_GCM,data:J5VP,iv:hEqmXlNvc/0wNQFlmIJr/QUv6Yj3KhwaaFgmf2EQesA=,tag:lOnh7jqYPez9L5hF6OFc6g==,type:str] - cpu: ENC[AES256_GCM,data:+w==,iv:cZUKzws+AGzrPVfDddS9yDz0nM3Q3KLuHcai6ryFKns=,tag:ZLVKnzx2NBY7M6+WdsDFNQ==,type:str] -s3: - enabled: ENC[AES256_GCM,data:MhhJlw==,iv:kUIaCVJvFBIjVo3PmGvKN3XEuwroIM/w2MqwFPSDINE=,tag:aN1yfp0Ry1HFnmZ2PSz7cA==,type:bool] - bucket: ENC[AES256_GCM,data:lAnkiZC+yzz9bnd3m14=,iv:QXzp8y2pKl/PnJVN57Fn7ehuu9U8T1m0NrSwpla1rj4=,tag:k6wGNq4k/ie7VmgeH4dHUQ==,type:str] - access_key: ENC[AES256_GCM,data:b9/UyPXWx3DHZ5rluigYd9La+Ik=,iv:Ac//1WI1P3paHME6TEnV8lfaGC3+/2dx2KpxThXFRMI=,tag:MWhnm8tloHv5025nhi3V4w==,type:str] - secret_key: ENC[AES256_GCM,data:X/CaRegZacuC/qyIIWwyOj0XVINMM3q3wLH44fLCdZ4p3zw1pYr5gQ==,iv:VdL2TOj/KmnhzoDKwoJRnE4qf6UdchBgYPTXSQMxV34=,tag:Oo3GPA8FRZnWpCblY4Czhw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2022-07-21T22:45:20Z" - mac: ENC[AES256_GCM,data:o09C2MzeNbjEICs7//8gopMDHoBI05J98nSnt132qvJ7ZNG/iroabL+I3t1tm841QsCxVxxYBmLuxx9vKvoIqoE0v+7JuLvBBYdKlJVHGNYU8kS/fCEMvcQf125B0Y4TlaNW8xSP4jt3V/uwYmBtLHhPL3S/RypgvacskScTezU=,iv:LP/72mIoF1QhiGXqnCKdhprezwc+M9YWXPkdnG9IbM4=,tag:PA4aypilAaN/kKq5ujzFkw==,type:str] - pgp: - - created_at: "2022-07-21T22:45:19Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcFMAyipFqBchOAqAQ//TlR/a646E5UCkRIqAwK+xCQiiThB7o4RfUtqAeA726KA - 1HlbEHc6XohEw8hKeqnGmGoDM4BzQLrE24CAWqG8mouvVJUXUGjn5zdlsdgG1pSA - tU/UO76j9Wl5sD4/53a2OnP43Z8bU139ZA13KhiNjHN6sMRXEAXKvDsrx15s9qeI - TiChKGnKVCVuxqCA3glxLfkrmnFZ19Mg+y8Kt5k4DS783SOB9C8Pc1prfBoq/b55 - 7jAf9dtHBH/sxX5rC03H5PDcy5XgbwLHkogaVTASAXWRk9kidRMrFAUCQGZj3rY3 - 7nyQIjCeLK2kyHNFA3+/zCorwNfkVYOQpJPXVgTe/PVJUzrBjF2J6SB9hWRgt6ZU - Xi8bqAOVfQQrx5S1y70z39DD7XoMpHH7ZRUehIFb5FZngAIKK1rO9cDr1qfpuic0 - bWxHQKG/HOxsR6YAThi32ugy8Db2WdR2xtcLxt1Jq49AoD7kTAY4ppl8k/s78g/m - jSNnnaH8HSKZ6FuHKmzOy7v8ymsiTaYpqq4XeJ8YDh/xoQfTbEM9CEF83o4jsOtE - KpIFWwTa4vQ8VJ8p56k83IBT8yFAUmoh3RP+d37Ji+vr2IAQTj/N8q9z6NTJ0LJt - /b2Sik5eUObWfS6A/Ay3xs07UyDPx2GHeJrvAcUTCV6PUqqq5qfh1LVJkVzm3C/S - UQGuUCC8GC9ZnH88bHeW2yHkYQ1XaGcJJcFixg8Lh/KTFj9EqRK3k6qCce7UjbH7 - dFV422KqkZwESwSzDDJTlgBF0KuMtt2l6wwhHcRSGQdMhQ== - =bj20 - -----END PGP MESSAGE----- - fp: FD9645989F8F5113C93F7E8C1585560D0A87BA6A - unencrypted_suffix: _unencrypted - version: 3.7.3 diff --git a/ops/provision/k8s/gitlab-secret-values.enc.yaml b/ops/provision/k8s/gitlab-secret-values.enc.yaml deleted file mode 100644 index c8f9c7b..0000000 --- a/ops/provision/k8s/gitlab-secret-values.enc.yaml +++ /dev/null @@ -1,79 +0,0 @@ -apiVersion: ENC[AES256_GCM,data:UwM=,iv:vx4Hvwby0ZAyjPcWZMy8YLGfOVJcmakTRox8wieX5Jk=,tag:/VCCH21/ZcwSUynqfKqc+Q==,type:str] -data: - .dockerconfigjson: ENC[AES256_GCM,data:gDpqeBlAOBy0ynS+U4WNn+MpjVpkwfU7bJPhfjv7s0cwDOCUTsw7+7MtFWlnrdQbeJAb/Kf3GgL1vOBy6Qmz1kPN6Veo/SD28HDsSRRpqZ5WWbvPEGV/25MlC4DMbJYOA50y26ypbBqn8vFg8sVa4c1t9UmOfmSTt7nvxA==,iv:vOLlX6hk80F6Wu0c9gNFi+VkFAkWHxt6OG/A5yFdCeo=,tag:Lr1UNtz3ZcsnfRSFNI0dAQ==,type:str] -kind: ENC[AES256_GCM,data:trV3iajX,iv:pD5lSajXdTlpTAIzIdqlI3+RYhHPFGTmnffme5CuPZU=,tag:1/HrL+9mUWERzBo8CuzKvw==,type:str] -metadata: - name: ENC[AES256_GCM,data:tEDJNfC2,iv:kQHiJ2ib1gR1NBmDkgSSELVWh/F1Ykj8umkRUe9LoAk=,tag:N72e4Yl0VoOu/LjYnqRhbg==,type:str] - namespace: ENC[AES256_GCM,data:dPqk,iv:VYTnTBfsat6UERtwVvCwwWFk27io0IN7bT+ifZFbssU=,tag:z0WsuzUCerhlROPfMSfxUA==,type:str] -type: ENC[AES256_GCM,data:hhsWsvDATad4QOdnOCjarLAdMv7Tn1wfRITvTlQJ,iv:MPNnESWc2ZxDgqZXy4rrrXhRCjd2lnhvXI9zxb2bXIQ=,tag:p3w8gZ8DrdV41a6iAUJbQw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2022-07-20T17:22:40Z" - mac: ENC[AES256_GCM,data:8H6KYyEx0gJuxJtycCRtf25QThxY3ApKwOoORtKrLabsj7PW3DoW0kKDzrfWLVpXAyOYy70VxQB+RBZyYMf1AKe68V9NxzQXW/4Vw1/W780v/t9wFvIbYAIOaFIVXfJRJrJ4/BU3xHrxKr52WvSEQvHb/Jnr7SQxWvf6BHzvpPY=,iv:+nIKg8hem6orDkVUzg7harU/eyHm5gcLBDUfipBQwkI=,tag:Ma1wRpa2ND87e1+nR/lh2g==,type:str] - pgp: - - created_at: "2022-07-20T17:22:39Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcFMAyipFqBchOAqARAAaktX1DJaoD274dKZkOGc+30oK13qhs04Da0eIFVqTL8+ - 1M4KLhhBXbWe+CTwGPo+67mcptSVOVmyEKRU35ud+TytgBXiFzhRLTNeUt5XLGEy - eQzKypwayb4RJ9/oXQZ4ek2OwScXFhnCuea9QKTAUx3+b2NYYvNEwbbQ7FdSrH6J - neDzntoVRZEem56P0JZWmoYW4OoDe+Bv0dT5OT5lK1k3ZAXUeS/f30OigjDyIxkx - 6W8CPHDOfD0tUwPicbjaWmjLGayfphEU4qBr6J/QpyK4yduehBYaa/u0CWl+O1M8 - WBzuqw0HBxYYHzSMlG0LR4+DQEm+BBb8MFDoBCCFE+BWEZvQOdO02jrGQjFHwW4s - l1GZt0X0c7PoQAArT4a4sO/eLurReMo2vJud8Iktdc/T1SEualgFQpdkTlfWEQNn - /955z0cw1ZidSaf5jL+He3k529O24ktxaQ2Vz3NYMiN/akT6EXJfAac0XOwdOl+O - 7EHzNl02MzMFwm0/7+3hWcjXElgyFpfwo+WwxZ9qqf1bCHZx93tDHeKFsI8OwSgn - YtL+YOItQuyKjHWbht1nHbExTKZk8woy47qKRNf8qY+MfiLvszEC2XL/bkNd39+s - 9YABX9uoWKSXVPe+Kcn0XQtPUpVkrSIULqUI2LjJrEMZosKzpY+FOdB7rY+CgiLS - 5gG4NoDO1Dz3ESNqQamQmihuaBHOq/bLtQ12zjEu6AiidHjrEvvZauuDHbxmnc2Z - v2yqRkkrc1amFQ6YwQGeyCzkTbGGniDNs7MTjubWx1MXiuKLN+NTAA== - =irOR - -----END PGP MESSAGE----- - fp: FD9645989F8F5113C93F7E8C1585560D0A87BA6A - unencrypted_suffix: _unencrypted - version: 3.7.2 ---- -apiVersion: ENC[AES256_GCM,data:iUQ=,iv:17jT7PEY9UmEYnhs3wAMGI9X9feFnuZJtn1YMwpVgo0=,tag:CIRTz9sibKGOSO4RkIfi0Q==,type:str] -data: - .dockerconfigjson: ENC[AES256_GCM,data:YWOS88ZMBnDdA5TQ+uSqicf0QzKAS/M09oAQsEDk1qt4sXzEvtR8klZU601VH8EtAUPpS/yDALal2+3Oa8MZA54rwGY2gS2AxlfBaRI33XcMuEo6xqyEZHtycjPo4K0gFSBaEKlvMX/feSpPRaifMqj2hrpJsNWESFxYxQ==,iv:v63dcsiZwS6y3VJ8jXYGuzAwYrzZ+sR41RFxiR29ahc=,tag:F0B4/IDRHvm9N7r/wWSvxA==,type:str] -kind: ENC[AES256_GCM,data:STT37GGe,iv:uDKVdvtI0SDid85T2k3ZWRBx508uZZxKHxFueqxskGY=,tag:64yYA9ljXQkstY0RGi33AA==,type:str] -metadata: - name: ENC[AES256_GCM,data:jd/rUoRc,iv:4+ciiw2hdUV0u+FJ3GXeoyKZmE8AtU7PjtR7pVFpGm4=,tag:HrG6V8H2Xg5XtDz4Kd/QVA==,type:str] - namespace: ENC[AES256_GCM,data:sHuZj7slsIxvPA==,iv:DhvcyRWoahrzCnlrWAvxpuzY4+rSxynhO4ryE6xOLL4=,tag:CtyGDqkVxhu08aJlYH7DYg==,type:str] -type: ENC[AES256_GCM,data:yDC/FjZfvGIxYAXmZKlWpU1Dcwd0d29la5z//sJ3,iv:wAJCOgRBf/B50iZfePX0DO5eM91Ts8+oRTpo7pvA7UY=,tag:ZGJgU0+s8C70H1CzYlSL8Q==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2022-07-20T17:22:40Z" - mac: ENC[AES256_GCM,data:8H6KYyEx0gJuxJtycCRtf25QThxY3ApKwOoORtKrLabsj7PW3DoW0kKDzrfWLVpXAyOYy70VxQB+RBZyYMf1AKe68V9NxzQXW/4Vw1/W780v/t9wFvIbYAIOaFIVXfJRJrJ4/BU3xHrxKr52WvSEQvHb/Jnr7SQxWvf6BHzvpPY=,iv:+nIKg8hem6orDkVUzg7harU/eyHm5gcLBDUfipBQwkI=,tag:Ma1wRpa2ND87e1+nR/lh2g==,type:str] - pgp: - - created_at: "2022-07-20T17:22:39Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcFMAyipFqBchOAqARAAaktX1DJaoD274dKZkOGc+30oK13qhs04Da0eIFVqTL8+ - 1M4KLhhBXbWe+CTwGPo+67mcptSVOVmyEKRU35ud+TytgBXiFzhRLTNeUt5XLGEy - eQzKypwayb4RJ9/oXQZ4ek2OwScXFhnCuea9QKTAUx3+b2NYYvNEwbbQ7FdSrH6J - neDzntoVRZEem56P0JZWmoYW4OoDe+Bv0dT5OT5lK1k3ZAXUeS/f30OigjDyIxkx - 6W8CPHDOfD0tUwPicbjaWmjLGayfphEU4qBr6J/QpyK4yduehBYaa/u0CWl+O1M8 - WBzuqw0HBxYYHzSMlG0LR4+DQEm+BBb8MFDoBCCFE+BWEZvQOdO02jrGQjFHwW4s - l1GZt0X0c7PoQAArT4a4sO/eLurReMo2vJud8Iktdc/T1SEualgFQpdkTlfWEQNn - /955z0cw1ZidSaf5jL+He3k529O24ktxaQ2Vz3NYMiN/akT6EXJfAac0XOwdOl+O - 7EHzNl02MzMFwm0/7+3hWcjXElgyFpfwo+WwxZ9qqf1bCHZx93tDHeKFsI8OwSgn - YtL+YOItQuyKjHWbht1nHbExTKZk8woy47qKRNf8qY+MfiLvszEC2XL/bkNd39+s - 9YABX9uoWKSXVPe+Kcn0XQtPUpVkrSIULqUI2LjJrEMZosKzpY+FOdB7rY+CgiLS - 5gG4NoDO1Dz3ESNqQamQmihuaBHOq/bLtQ12zjEu6AiidHjrEvvZauuDHbxmnc2Z - v2yqRkkrc1amFQ6YwQGeyCzkTbGGniDNs7MTjubWx1MXiuKLN+NTAA== - =irOR - -----END PGP MESSAGE----- - fp: FD9645989F8F5113C93F7E8C1585560D0A87BA6A - unencrypted_suffix: _unencrypted - version: 3.7.2 diff --git a/ops/provision/k8s/postgres-cluster-alpha-values.enc.yaml b/ops/provision/k8s/postgres-cluster-alpha-values.enc.yaml deleted file mode 100644 index dd6178e..0000000 --- a/ops/provision/k8s/postgres-cluster-alpha-values.enc.yaml +++ /dev/null @@ -1,345 +0,0 @@ -apiVersion: ENC[AES256_GCM,data:tNQ=,iv:FtvvEOTjg85py2tKLNlVoZTWKxPD9xfqnsfGU6eb0qE=,tag:omrpm00fasOwxBndXz6Tbg==,type:str] -kind: ENC[AES256_GCM,data:tYvhvBPcN0g0,iv:e5qgljjo5MP6tBecB5Bg17qaU+ZyuMMUzZe+c/7cmw4=,tag:qIE3pyVT/R5tzvsj60RQ8g==,type:str] -metadata: - name: ENC[AES256_GCM,data:dzVlKhvji1k=,iv:YHh80N8lcq/D+lccV6QTQ3TEOXuM2Uey0T4Bpf++nLo=,tag:tqwdJe8Ub72VW0Xx4e6nQg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-07-17T18:53:25Z" - mac: ENC[AES256_GCM,data:xuhs4xwYUWMmx3i8n5+eIH9YhuPG3iC8DHzL6cx+UPXu/nV36sUempnDrpMtv8pEsbnxJkTHNEdalvu69jRDguQ+qJjRd+RXRlKmeBfXnXCV4BMaIiBL+ZPmp59CoE0xhPq0L6AFB/Tjp2NXQvOeTOxt+YACbrDuw+x/WWYLn6U=,iv:fMoCDGnJU3vmk1KMp6lT/qf+XTvgMHr4rocyLHamPJg=,tag:1N4OUkLTZoHJHo7vUpDUmA==,type:str] - pgp: - - created_at: "2023-07-17T18:53:24Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcFMAyipFqBchOAqARAAxAJHQTsqp3/5tfRw340JtN/KN0QDXu+WfRojtwtWimHj - dgSylF7qkwsjj21pB+H2jY6Cqe0kpD8kyxlDA675H2qgrP/Epx5zmoRe8oC+lFui - NaOSGTz9IeLNwNBZ8RAng2YbWTQen4J5vLj/9cYxqHs18//PnGXCkX5eQ7kZ2dD+ - qIH0zTygKQxH14YeOIgRWd95DiqZrU6xOHt6jPU9dAXVZ3I75wXYiPdDCyK5kfXi - QcF4iLh/7FSF+va4+L1siJmDD5B9hBzw6xoZJo2eUoTMsyVMJU9x2Gv/dPs40+yA - ie41O0Yfq0KnpdrjDgBd9Ous14AXb1bviPa6boErnA7LJkSsZiQr0a8fpMcEtv6r - 9iud08kGaA3g62t9eIVeJI0XsE357L9SH0NsIgzKQFJ2N/PA9tPblStwMvhtqFJx - XAAsfBGriP1EMWwQW5jFUgEzA193BOFkyPcvxNyvEW/b7eXznto1o7zIDa0ROXd7 - XpVhQkklnRw5a+qgQ7krp/1s/eY4Vsf0ioW5VyZW4eyj9bDj91a3mdf/B7HOqTkR - pV1ltsrVOoiYw2MAWKA+n0FiBMNUioxBSzxEs0Abt4BWe2I8ZgVwAmIg7mrvrNLv - QzHoDFMSY+LnabMxni3F6vagqr0p8lZpRcft92Xsf6aQs74L+hVHsVKhv8MJBhzS - 5gHK+ZJAutu3L3SeY7R8yIITF5GmvIHFLNphdzABTRVwLUweYZqY6OvqbZRdSgbA - akYELv2A3G9M7o+nduSZxqnkaUpjIizSpupX6ma4eadGteJtHXcKAA== - =1ICh - -----END PGP MESSAGE----- - fp: FD9645989F8F5113C93F7E8C1585560D0A87BA6A - unencrypted_suffix: _unencrypted - version: 3.7.2 ---- -apiVersion: ENC[AES256_GCM,data:9NIdT9aaLB1WMmvGFn6jig==,iv:f95ls26QulA2MX4cfk86sUWa/J+wnQpmk1GiXJD1RXU=,tag:sNcFmLBzBfDMNlj61wNTCA==,type:str] -kind: ENC[AES256_GCM,data:5zQtUeCPOcfUbA==,iv:2sLRg2IekSrRlttJhjDhP16lTf5X2on2vKLtPTF91dI=,tag:WJdubwl6FNJoqeUSkpkFyg==,type:str] -metadata: - name: ENC[AES256_GCM,data:rf9pTWOxzdl0T08Rws6c34BvmrJV6S8QvBah,iv:r7PNSo5mN8hvUzwrcbxXcSCg3E/ZVHt5dBLUcu396aI=,tag:4WCAM90AdQ08Ot/cmpCl/Q==,type:str] - namespace: ENC[AES256_GCM,data:7GhM9BATY74=,iv:EleGydQJ1yJP1+8jmExH4tJnVGJAGSTY17Y9C1KB4U8=,tag:Z/sj5yGfYa/r1aRIkjK3wA==,type:str] - labels: - app: ENC[AES256_GCM,data:2V/rBU6troA=,iv:UQXmgTLSx6YyW1Sg981TgCSCXkgMH5tTIkKXo6ifwxw=,tag:mUpctiz99uBbM8ZD7PScfQ==,type:str] -spec: - teamId: ENC[AES256_GCM,data:Jyf0Gg==,iv:qem9UPE8AUxVLg1xeHROeOxk2G/NyGfENMapIQWbM0U=,tag:s+TAsF6rEiHwifIZ7H7Szg==,type:str] - numberOfInstances: ENC[AES256_GCM,data:cA==,iv:ETeEw+zcnw4YysStt55PhTac84+cTH7zoMgDG11TqOk=,tag:Y3ZGeAsviN3y4nBu9Aldkg==,type:int] - enableMasterLoadBalancer: ENC[AES256_GCM,data:Wq+rROE=,iv:Q6FigAtZmkYv0gNi+DG9TTjWiSdWj0Fk1WlsDCxMITk=,tag:ioeSZM/Q3L+CHgGwF3tNjw==,type:bool] - enableReplicaLoadBalancer: ENC[AES256_GCM,data:Pr0o3jA=,iv:/cZVRZCxV0PtAkYeZzXYrF8m++wwkHry1A6VxTwFXMQ=,tag:6P6YQKAAk/CEeusQ6vhAfg==,type:bool] - enableConnectionPooler: ENC[AES256_GCM,data:eSKJlg==,iv:ozZaBZQ3llhBH7xLJGf/JjRHWp0FaUYkn8Ny6wfGrFI=,tag:Xu21ygcA89CSlpp79KHNxA==,type:bool] - patroni: - pg_hba: - - ENC[AES256_GCM,data:Gf3n2cz9pBlltuqV85ViBXtL2ZxRtzIsdw==,iv:MNA+irJ/L5rUb5hOkAvgt0h1TIfcOt8oQOTxmeE4XHQ=,tag:2OagOcq/fpM5vUOEiRQtAg==,type:str] - - ENC[AES256_GCM,data:OqrzNjF5J6IH/EWJ7uypfRuVKrPbgQv52tzLQLeNSoWycUM=,iv:nX58t5Jph+VGvJQlN7M0ZZ+hGmJN3s9xjphgqSNtjhc=,tag:DoTTFuQPjYUEkEOSNSKW0Q==,type:str] - - ENC[AES256_GCM,data:KraS7+oHR8P+FXpo8OX9Lg+3MY9PEDS5n0qSDbADat5ujyQ=,iv:Ou3/9bptr6+p/7/4ZrlZf2UqB11LuGeZcf/GYrsDpmk=,tag:txr28Eg0/HQeRMuWQbhtQA==,type:str] - - ENC[AES256_GCM,data:p0yIwxia9146sGphVQ336p0o5+b2CPvAbzXuIUigCRccgzKT4nFkaEmSGXohQbW+6ow2EoF3ms8i0Wc=,iv:qDywpoDdVTlcyWSQM38aoCCavXQgw5Bz1TLkC6NAkuc=,tag:86a6CKObAgvliHEqZONGBg==,type:str] - - ENC[AES256_GCM,data:BdvR+cOvfTRKfli67IwjmtHxyvt8bPcUSVqik4UsiVRjwQ/cQWBbo9WoRUTBoE06kio40+s1xrDwNlk=,iv:GqZMKOl0dz2u06S3/skwHS7q78YboBwcdiBNom36X7o=,tag:XevvkAeIm4jrAgD8n0IBDQ==,type:str] - - ENC[AES256_GCM,data:N8IxOsYXXUUK+IMDB5jNu+XVyvtscWGHqO84qkE5ivgJsBbRysfkjlQKGk49Gm5RKZG1pkx1hys=,iv:f3eEEquAdoTp5+7oHocGgjzX9yY7qTtT4B1zS9TbqMI=,tag:IzWmH0KDlhtgXYZiqiHCcQ==,type:str] - - ENC[AES256_GCM,data:/k9iiazHjMZSPk7AqN8lLpKdGbXikT2ALoOB4xzs5/zWFBD/mbi9g220xWpEilyined9yJcu,iv:M6dlSSM2WUO5QUxNVmP8aRexTnEVB1hSMCwiUYYxq7Y=,tag:EZAZED07CSyc2VjxcJc6tQ==,type:str] - - ENC[AES256_GCM,data:RVXvX8IXDSCaydCTs61w+LFzgJOJITYYoD4IRUa3Wehgn2HDRERI5N7lKRKQu6kdlpOXqibqVA4qATc=,iv:R/OtxkLP+qWNxOdV7Z8VEIguTFM+4Ke7CmOcMHinyhA=,tag:gwIsAlKNHoOTqrQTQ28uMg==,type:str] - - ENC[AES256_GCM,data:LIfM3UksNs6TZ6EmT8XW0g8dy5BbbfeL9owbuVzOjs9jVuoPhtpz01/n5+TysA9sw4yPP4EITdCNxFgx2DI6Hjk=,iv:hP6dHdEmoXlUnjlnAgLcesr7XPygKt+1p/wMADo4zL0=,tag:wt39KTM5MZY8EKngCgDgSw==,type:str] - volume: - size: ENC[AES256_GCM,data:W/1qIQ==,iv:mgL4dznXiUvMEygxFL5nUMv82tvbkj0HwnKPLConnJg=,tag:RFREmRpnZ3VPY+nH5/TY5g==,type:str] - throughput: ENC[AES256_GCM,data:32IZ,iv:jk+6w6Vt57LNZZBbHS0Era2hf7rvWioLL++bpyBwgT8=,tag:ASwM56dS9Kp0y9IbAJ0GCA==,type:int] - iops: ENC[AES256_GCM,data:3LcnEA==,iv:iZwyZYqJl4o51zTX3miR4QF5LXloXYVjUIGd5WlDe4Y=,tag:dQJy+JN1R0Ac+ONJZk2YIg==,type:int] - postgresql: - version: ENC[AES256_GCM,data:LGk=,iv:/jPNf5oDf14c67s9+vKFDE/43j6kDZogM9F8yvimONA=,tag:d475rMAmkxf4NzPbaCPh3w==,type:str] - users: - fcrepo: [] - hyku-dev-hyrax: [] - hyku-production-hyrax: [] - databases: - fcrepo: ENC[AES256_GCM,data:4Q4EEaaQ,iv:hURWMOhwWdIUZW5vbUmDNmms0VjjiKN9DiukqoL0z4A=,tag:CPkf/le8YfUqPAMCEpYQEQ==,type:str] - hyku-dev-hyrax: ENC[AES256_GCM,data:Xmbi7ZUfS8i80Ig9k64=,iv:K3vZpvJmsVvupNNroW+pDI2aoanE/gWq1BWlagRdT6c=,tag:4vzPpf+VEYEq5uK+Pzt4Ag==,type:str] - hyku-production-hyrax: ENC[AES256_GCM,data:GkbVIw/6KgmPlcT2EmPmJ5no0xMI,iv:87eFHD5kHzTj4VtA6b/4maSvH4MahKKxnho/kaWTOhM=,tag:3879zFFrN9TXL23ccXOTWA==,type:str] - resources: - limits: - cpu: ENC[AES256_GCM,data:nLms0bE=,iv:/kGlrfEk67vpG238Ry2H4QaSaCGeBkco3otNV/f6WG8=,tag:9RqyHOCjX0vwfzE7J40Uhw==,type:str] - memory: ENC[AES256_GCM,data:CLOmmkj1,iv:IFXPcqudrn3Dr6oE7B7jM69JM/52vsgg8JD+rfwmjpg=,tag:pWewRUmyXy4ReBhnZVyNQA==,type:str] - requests: - cpu: ENC[AES256_GCM,data:dchdXQ==,iv:UuRe4RZHv9FK6SG0vQGyHq2x7JhVzUG8BwpqTGwKcro=,tag:02RvPY1X9SkYccMsNrIlvw==,type:str] - memory: ENC[AES256_GCM,data:nGYwRk0=,iv:OA02f93KweVBoQ4oZjO1VgLI8OPuTeTrwxqVbwyGHms=,tag:CxtBwewO8hbIURNXVAuzwA==,type:str] - sidecars: - - name: ENC[AES256_GCM,data:Cgw00yHsUyQ=,iv:/jE6RHzq3YsKFnQUD7lUQWyN1Ajyjr2UdeNSXVSQF4E=,tag:5Uba6xS7E5ipgrpmcWfuOQ==,type:str] - image: ENC[AES256_GCM,data:bYnFPOKYvWRDRMIOZxlS1HLSy6gnVTXMBKly,iv:YgSv565u1TqZChcVthhhGn3HLPY+WdgwZi2OSX1gNtw=,tag:m7YXy6KxC0Z3D2j1NwV3dg==,type:str] - ports: - - name: ENC[AES256_GCM,data:tdgWuV2w1Z4=,iv:QbCzR2Ff7lnPbplO1CffvHBVhuTH7FUp3E3fLREUAgk=,tag:F9IsAcnWZ1MEtlO7e8nstA==,type:str] - containerPort: ENC[AES256_GCM,data:fFvHNA==,iv:ZluvPyqxFP4+DOWrvMp3Hfpbp3fFEhrfUIz/tmmpAJk=,tag:DSKqbPwgsceJCtBdbfEufg==,type:int] - protocol: ENC[AES256_GCM,data:U2rj,iv:6HjVMbgbNHz83/fCCEyoztOnaBb7pAQ4r1W3VYfMrRc=,tag:obSYVLdRZm7dz+ln2/2plg==,type:str] - resources: - limits: - cpu: ENC[AES256_GCM,data:6G//yw==,iv:MoGkStirjbPW1R7CVesaqYEeO27VlSYXvbNI1J3DRbQ=,tag:GRZh+wXARfpeJaWPopiJMw==,type:str] - memory: ENC[AES256_GCM,data:xRdwjw==,iv:k+vBYCbkEqAhRyy3NlKRPv+Qdm41kDLSNJ0qfutcuT4=,tag:zLw2DKLsDEDpKL2UjY647Q==,type:str] - requests: - cpu: ENC[AES256_GCM,data:HXq4Qg==,iv:lgCrv5yn8ukLLWD72+c6lrwSo2t88ZEek+FUhiEZaD8=,tag:6dAJLK6oXLpunyJtnnGT4Q==,type:str] - memory: ENC[AES256_GCM,data:lDT5pg==,iv:B6TkGEyzHDngYqL/nJexoYETaWC62bDneEIL2dAOT3s=,tag:kGbuEqJWGYQCFhXxj5RmDw==,type:str] - env: - - name: ENC[AES256_GCM,data:Ds9xVKgYfbvjVr44zKrj,iv:0Z7YZ8ZLGi9w1B2916g2QvFHr1cOS/hmYa++o/dQzsM=,tag:CkgfiJVPT4/NtzgO5Cf84Q==,type:str] - value: ENC[AES256_GCM,data:RKQ7HJwVJjI77y6kFqrfUCuB3gDHj6Uh4EpUnOUi9iZNvPAm,iv:xfDlShNHcTsJI4I6Om3PrrUsSCnZz8tVeSmR4c33s1Q=,tag:M+GbS8YZS4KMcvqGwHon5Q==,type:str] - - name: ENC[AES256_GCM,data:woMTKX7TjlxFnFrOSojSaQ==,iv:I22owzOql3LOo4+lSJCKp6As473bnEc2ENATLwDMFNo=,tag:Xbp5l1yQtkiLUW8pYvPZHA==,type:str] - value: ENC[AES256_GCM,data:fFu2qcuVFxaz38SnkOKjSw==,iv:eFuSzMH0Ti31mBRrpNEo2NFgxQ3yTiMvyhBF5S4d+IY=,tag:KB8s4XfC6zD0jE/JNT4cZQ==,type:str] - - name: ENC[AES256_GCM,data:qPUUhpzt+FsRcz977oLEzQ==,iv:4SU+fT81hBtvqL0+e0rVVERdhaDHTNBPwKC4Jm/OpkM=,tag:66o4UDus3PulcbCcHw7aPw==,type:str] - value: ENC[AES256_GCM,data:NnSOTsUEmOA8+DUWxZn4DZ1OZDQ=,iv:92Tq1O660wxNUaeLi2fJYxsKl2N2E+iXhCj5+y6hdzU=,tag:72XN3+HH7wfbXEaaZGUJGQ==,type:str] - - name: ENC[AES256_GCM,data:Z9OUz4HTnsR5k3Ym3qBDI9drYOF3q2qXcjAc1hz1VSVas7o=,iv:i5EtJR1IbkS/nBH2I7nVLq03UC6efyHaavl1YAbRKOo=,tag:GI++UtuR5SVhN2ECjcstow==,type:str] - value: ENC[AES256_GCM,data:BjNDsw==,iv:V2vZ8/fKjdsc93hspY+IoS3M9fvS7KDwiOCPcQ6oOh4=,tag:N6+uZncqEgKDkjPpSK31Ng==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-07-17T18:53:25Z" - mac: ENC[AES256_GCM,data:xuhs4xwYUWMmx3i8n5+eIH9YhuPG3iC8DHzL6cx+UPXu/nV36sUempnDrpMtv8pEsbnxJkTHNEdalvu69jRDguQ+qJjRd+RXRlKmeBfXnXCV4BMaIiBL+ZPmp59CoE0xhPq0L6AFB/Tjp2NXQvOeTOxt+YACbrDuw+x/WWYLn6U=,iv:fMoCDGnJU3vmk1KMp6lT/qf+XTvgMHr4rocyLHamPJg=,tag:1N4OUkLTZoHJHo7vUpDUmA==,type:str] - pgp: - - created_at: "2023-07-17T18:53:24Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcFMAyipFqBchOAqARAAxAJHQTsqp3/5tfRw340JtN/KN0QDXu+WfRojtwtWimHj - dgSylF7qkwsjj21pB+H2jY6Cqe0kpD8kyxlDA675H2qgrP/Epx5zmoRe8oC+lFui - NaOSGTz9IeLNwNBZ8RAng2YbWTQen4J5vLj/9cYxqHs18//PnGXCkX5eQ7kZ2dD+ - qIH0zTygKQxH14YeOIgRWd95DiqZrU6xOHt6jPU9dAXVZ3I75wXYiPdDCyK5kfXi - QcF4iLh/7FSF+va4+L1siJmDD5B9hBzw6xoZJo2eUoTMsyVMJU9x2Gv/dPs40+yA - ie41O0Yfq0KnpdrjDgBd9Ous14AXb1bviPa6boErnA7LJkSsZiQr0a8fpMcEtv6r - 9iud08kGaA3g62t9eIVeJI0XsE357L9SH0NsIgzKQFJ2N/PA9tPblStwMvhtqFJx - XAAsfBGriP1EMWwQW5jFUgEzA193BOFkyPcvxNyvEW/b7eXznto1o7zIDa0ROXd7 - XpVhQkklnRw5a+qgQ7krp/1s/eY4Vsf0ioW5VyZW4eyj9bDj91a3mdf/B7HOqTkR - pV1ltsrVOoiYw2MAWKA+n0FiBMNUioxBSzxEs0Abt4BWe2I8ZgVwAmIg7mrvrNLv - QzHoDFMSY+LnabMxni3F6vagqr0p8lZpRcft92Xsf6aQs74L+hVHsVKhv8MJBhzS - 5gHK+ZJAutu3L3SeY7R8yIITF5GmvIHFLNphdzABTRVwLUweYZqY6OvqbZRdSgbA - akYELv2A3G9M7o+nduSZxqnkaUpjIizSpupX6ma4eadGteJtHXcKAA== - =1ICh - -----END PGP MESSAGE----- - fp: FD9645989F8F5113C93F7E8C1585560D0A87BA6A - unencrypted_suffix: _unencrypted - version: 3.7.2 ---- -apiVersion: ENC[AES256_GCM,data:Dp4=,iv:WALYTX42t3NndwtpyPlRUC/MEX4PyFXhrq5cPntfnoA=,tag:1qYNyW5yrTr7KPjOO6Q+MA==,type:str] -kind: ENC[AES256_GCM,data:UGMfyG5oVw==,iv:pnZgCJeFdJDIldR4yS+E9D7UKsdMMtYHgj5YdsurTA4=,tag:1+WQUkqSHlI/pmvkt5pOrg==,type:str] -metadata: - name: ENC[AES256_GCM,data:Sba5wqOUhHB16n9itgDu/hZcHUJF/PsoQJUckFlTAE6M8a9veDB9ghgg09oeCg==,iv:+xpIQZui1p1ED401P8BSyjxpBHK66gMCAvts9OrPkFM=,tag:ynVtBBOrHpKxFi7/xwC/xw==,type:str] - namespace: ENC[AES256_GCM,data:4bZbfX4/4s4=,iv:BOFcu8NsrMtNeewJxN/vFMlmMhvjNk2mtJN/KooqD4g=,tag:qfKyxUwezMNzpWzFQRZDTA==,type:str] - labels: - app: ENC[AES256_GCM,data:VKApX9iupfY=,iv:TG5ME05e/N1FwGZvuOa1aBBXMRPoMDWGMGNXE+Z06MI=,tag:L5hENNtkWLufGVRMtqclfg==,type:str] - spilo-role: ENC[AES256_GCM,data:avq/9ZSB,iv:FnAnm01a64dnZm9G1HekoK+kreZVrQAAAoKtdj2P9GE=,tag:j1J5anl+Q+YmtLoAFkszlQ==,type:str] - annotations: - prometheus.io/scrape: ENC[AES256_GCM,data:RMn69A==,iv:UTtVep9RfIWplkc5CmN/Vp75Xpxr91x13+jTp6y3HJo=,tag:oLJ7pSrJQVPJdmZO7h4Fow==,type:str] - prometheus.io/port: ENC[AES256_GCM,data:5ADtJg==,iv:/W9l2yN2goiKEMa8nU4wbmrnW9tsSrXIIRZF5fwCjeQ=,tag:0HW5ZQV+34Lc6aAa3zKfVw==,type:str] -spec: - type: ENC[AES256_GCM,data:wl0lHivlHf3A,iv:H8LRIXcYYPmFucP5xdIK7RDB2Pf7b476GdZAmqeVyF8=,tag:Ly8ZOoQgmQAyC+g+t4Qwaw==,type:str] - ports: - - name: ENC[AES256_GCM,data:JqgIVf+UWEM=,iv:hZKv7iKffTVd1qlzHIM8DDVnGStD7QXpQ14iNvg+LpY=,tag:LPD9WIpeU97aL3b9ln/P1w==,type:str] - port: ENC[AES256_GCM,data:2XFSaw==,iv:JMjMLA1JlYowdEqSkOb7yWGWp+Ip+WUVcEZ/+KYAKRI=,tag:hEqjnJyowDZcQF+2R1kSUQ==,type:int] - targetPort: ENC[AES256_GCM,data:PPKPBIge5jg=,iv:+YDGv0Nh2hrGDH1heR5/hYNhTmS1RPPibVRUGDUMoSQ=,tag:of43Ut00eZ8ExEbczUtCPA==,type:str] - selector: - application: ENC[AES256_GCM,data:xAJL3sE=,iv:diLXDp4aDSpRcVgIxrF45bsCfzkGE8XlFk18Q0dKx3c=,tag:03CRatyes/av7NJrwD/goA==,type:str] - cluster-name: ENC[AES256_GCM,data:7BZ89M7ArwDnlyDfF0/24z4tuK9tCvPAJNpk,iv:7yzpbTWK8h2yi9diScQ7Et5+ehcKV9FFKVt5CBlz/6w=,tag:TWmt7PsPUxvlAsApXoiJIA==,type:str] - spilo-role: ENC[AES256_GCM,data:Yb500gCS,iv:cz/d45wWkA8p6aAaGqwCEVJnJt1LJ8wtn4jTyVjw87k=,tag:F4/By10N8gVn3PiJN/0KbQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-07-17T18:53:25Z" - mac: ENC[AES256_GCM,data:xuhs4xwYUWMmx3i8n5+eIH9YhuPG3iC8DHzL6cx+UPXu/nV36sUempnDrpMtv8pEsbnxJkTHNEdalvu69jRDguQ+qJjRd+RXRlKmeBfXnXCV4BMaIiBL+ZPmp59CoE0xhPq0L6AFB/Tjp2NXQvOeTOxt+YACbrDuw+x/WWYLn6U=,iv:fMoCDGnJU3vmk1KMp6lT/qf+XTvgMHr4rocyLHamPJg=,tag:1N4OUkLTZoHJHo7vUpDUmA==,type:str] - pgp: - - created_at: "2023-07-17T18:53:24Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcFMAyipFqBchOAqARAAxAJHQTsqp3/5tfRw340JtN/KN0QDXu+WfRojtwtWimHj - dgSylF7qkwsjj21pB+H2jY6Cqe0kpD8kyxlDA675H2qgrP/Epx5zmoRe8oC+lFui - NaOSGTz9IeLNwNBZ8RAng2YbWTQen4J5vLj/9cYxqHs18//PnGXCkX5eQ7kZ2dD+ - qIH0zTygKQxH14YeOIgRWd95DiqZrU6xOHt6jPU9dAXVZ3I75wXYiPdDCyK5kfXi - QcF4iLh/7FSF+va4+L1siJmDD5B9hBzw6xoZJo2eUoTMsyVMJU9x2Gv/dPs40+yA - ie41O0Yfq0KnpdrjDgBd9Ous14AXb1bviPa6boErnA7LJkSsZiQr0a8fpMcEtv6r - 9iud08kGaA3g62t9eIVeJI0XsE357L9SH0NsIgzKQFJ2N/PA9tPblStwMvhtqFJx - XAAsfBGriP1EMWwQW5jFUgEzA193BOFkyPcvxNyvEW/b7eXznto1o7zIDa0ROXd7 - XpVhQkklnRw5a+qgQ7krp/1s/eY4Vsf0ioW5VyZW4eyj9bDj91a3mdf/B7HOqTkR - pV1ltsrVOoiYw2MAWKA+n0FiBMNUioxBSzxEs0Abt4BWe2I8ZgVwAmIg7mrvrNLv - QzHoDFMSY+LnabMxni3F6vagqr0p8lZpRcft92Xsf6aQs74L+hVHsVKhv8MJBhzS - 5gHK+ZJAutu3L3SeY7R8yIITF5GmvIHFLNphdzABTRVwLUweYZqY6OvqbZRdSgbA - akYELv2A3G9M7o+nduSZxqnkaUpjIizSpupX6ma4eadGteJtHXcKAA== - =1ICh - -----END PGP MESSAGE----- - fp: FD9645989F8F5113C93F7E8C1585560D0A87BA6A - unencrypted_suffix: _unencrypted - version: 3.7.2 ---- -apiVersion: ENC[AES256_GCM,data:tUA=,iv:1vokVlMYj2g01cHtF8LbAubA1p1c4d/cMNxdm/RGMuY=,tag:jV8swnRAC6JWVubfBIjihA==,type:str] -kind: ENC[AES256_GCM,data:rqBSH2zj8w==,iv:jEM7854pj0vK4J3xdvul4HVgqrYRv3bzHDLqTIuJ4t4=,tag:LY9v0/oLhDRoApQ3uL1Jeg==,type:str] -metadata: - name: ENC[AES256_GCM,data:kXX8eNrbNGo8mL4NoyrYlBVvA9Fa1VPYkGHv40art0ydmjcuhNWN0VrLqSooDAo=,iv:AGGnsNJC1yXRRrwabI/OsVzuMjwLS4JMN9Ohy2GrZZY=,tag:YgFExboqxcF5GVrDoe/k4w==,type:str] - namespace: ENC[AES256_GCM,data:wQBt6yq25UQ=,iv:9LWla9tEsmGMjRdPu9AJe+cS09xcuZwX0Y1d4xHnoSw=,tag:+08apH2D7jhmkmrktllgRA==,type:str] - labels: - app: ENC[AES256_GCM,data:3zDrS/AEsXI=,iv:kW/gdO4NFlu1Td6IgxzzXcUZjD7aenBfadeOx0ZF/0o=,tag:rg86jKo4c7sJU/qi/CcVqQ==,type:str] - spilo-role: ENC[AES256_GCM,data:TbnG4JN1WQ==,iv:gcNaN4TyOHqTuyzshhBOVBA9bTRQ7kiNqcUHYNOYtrM=,tag:4htbX50HsJWrmhkKuo672Q==,type:str] - annotations: - prometheus.io/scrape: ENC[AES256_GCM,data:X8jvAA==,iv:XuEjdHs7z7rvpWFMDEvT2hOaDaftPxkg0MJQ/eqxmkA=,tag:H5RosnOZzGcye7Kg36rFsA==,type:str] - prometheus.io/port: ENC[AES256_GCM,data:I6k2mg==,iv:VByO0vDPXFDL9bq7MWFNeqyU2enTMNCQD2S4F/d6+Wo=,tag:ORFQDc8gmNBgvbgW4UrkxQ==,type:str] -spec: - type: ENC[AES256_GCM,data:Ub26k9D4GKcH,iv:OOLF2GiS5fHWlfB50/nghCjeEQp7VUrJ3fziMvaHWCs=,tag:my91GN4DZxB/eT+LK1oszQ==,type:str] - ports: - - name: ENC[AES256_GCM,data:HLlU3B3BqyI=,iv:CWrbnNJI6Gw+rymA/ZKsRNnrDwvGhjBE5E35sU0gva0=,tag:BwX/ZYKO4k4nwfq4wn++bg==,type:str] - port: ENC[AES256_GCM,data:BRT/sQ==,iv:xAuGd6ys1vahH29ifXmT6/IVmpbygfYcZoMPMDWziWc=,tag:5LBJ3RxbLgQIp9XAKXBGuQ==,type:int] - targetPort: ENC[AES256_GCM,data:0MGyhNcDaXI=,iv:3x3P7Fg95P2CL0pJGuCVlzvxuhQDZLFKtfbV7u+w69s=,tag:dW8fgNqCzGOduJyNxjg88g==,type:str] - selector: - application: ENC[AES256_GCM,data:+MrN1Bc=,iv:yMjeoUsN8WaJydh6EfAqS22YNjENRzDsoIRZObVvFbY=,tag:VvwWNA92+DnUfLGDrI+zxA==,type:str] - cluster-name: ENC[AES256_GCM,data:VJAFIFZn9s/hUwM8hw4K23Sjwl76byDLg7cb,iv:GojLqXxI66pqxXia2nqqsmApwR84KaHolHUSvJTuzhc=,tag:uHh9++mP4picCCuX1xJ3CQ==,type:str] - spilo-role: ENC[AES256_GCM,data:vd1pOShUKw==,iv:xJ3roqSeJw1viQKPbu0rSJwwXuFH3zCc7b2NXgktsNQ=,tag:bQpsbbzvXGMr/tbzjONPkA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-07-17T18:53:25Z" - mac: ENC[AES256_GCM,data:xuhs4xwYUWMmx3i8n5+eIH9YhuPG3iC8DHzL6cx+UPXu/nV36sUempnDrpMtv8pEsbnxJkTHNEdalvu69jRDguQ+qJjRd+RXRlKmeBfXnXCV4BMaIiBL+ZPmp59CoE0xhPq0L6AFB/Tjp2NXQvOeTOxt+YACbrDuw+x/WWYLn6U=,iv:fMoCDGnJU3vmk1KMp6lT/qf+XTvgMHr4rocyLHamPJg=,tag:1N4OUkLTZoHJHo7vUpDUmA==,type:str] - pgp: - - created_at: "2023-07-17T18:53:24Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcFMAyipFqBchOAqARAAxAJHQTsqp3/5tfRw340JtN/KN0QDXu+WfRojtwtWimHj - dgSylF7qkwsjj21pB+H2jY6Cqe0kpD8kyxlDA675H2qgrP/Epx5zmoRe8oC+lFui - NaOSGTz9IeLNwNBZ8RAng2YbWTQen4J5vLj/9cYxqHs18//PnGXCkX5eQ7kZ2dD+ - qIH0zTygKQxH14YeOIgRWd95DiqZrU6xOHt6jPU9dAXVZ3I75wXYiPdDCyK5kfXi - QcF4iLh/7FSF+va4+L1siJmDD5B9hBzw6xoZJo2eUoTMsyVMJU9x2Gv/dPs40+yA - ie41O0Yfq0KnpdrjDgBd9Ous14AXb1bviPa6boErnA7LJkSsZiQr0a8fpMcEtv6r - 9iud08kGaA3g62t9eIVeJI0XsE357L9SH0NsIgzKQFJ2N/PA9tPblStwMvhtqFJx - XAAsfBGriP1EMWwQW5jFUgEzA193BOFkyPcvxNyvEW/b7eXznto1o7zIDa0ROXd7 - XpVhQkklnRw5a+qgQ7krp/1s/eY4Vsf0ioW5VyZW4eyj9bDj91a3mdf/B7HOqTkR - pV1ltsrVOoiYw2MAWKA+n0FiBMNUioxBSzxEs0Abt4BWe2I8ZgVwAmIg7mrvrNLv - QzHoDFMSY+LnabMxni3F6vagqr0p8lZpRcft92Xsf6aQs74L+hVHsVKhv8MJBhzS - 5gHK+ZJAutu3L3SeY7R8yIITF5GmvIHFLNphdzABTRVwLUweYZqY6OvqbZRdSgbA - akYELv2A3G9M7o+nduSZxqnkaUpjIizSpupX6ma4eadGteJtHXcKAA== - =1ICh - -----END PGP MESSAGE----- - fp: FD9645989F8F5113C93F7E8C1585560D0A87BA6A - unencrypted_suffix: _unencrypted - version: 3.7.2 ---- -apiVersion: ENC[AES256_GCM,data:u1FQVBS1zYz8W8YSpi+/flrcQIs4wXin,iv:6o/wJHnkmpuM19ZnKCDg/e0ow4ns2AUGQ10MOa1AiGI=,tag:vIioDo25qVCqN4U2YdfbjA==,type:str] -kind: ENC[AES256_GCM,data:9VlQWLPp5swP+wtWn/I=,iv:mpEclZ2PblQC+WBkN3nPUhWeq7teY8B9Go1u9XaWGJk=,tag:Bw2gipPvFse5978yRJk0Fw==,type:str] -metadata: - name: ENC[AES256_GCM,data:Gt8xzI27LtLD1N/sw9muf4rHhEStkThn680Vq7b5IjTD+EqrkV86,iv:04WSc9hfD3uCIZ3NZHNpSXulKWDFqsJz1kt1pNXC9GM=,tag:tZKb4P9RTosT6H3mwBcELg==,type:str] - namespace: ENC[AES256_GCM,data:dJZe5K6b90g=,iv:zSM8OsdsxxjdERHJD9vNhoyzjuxC4ePkWhXVFvuOtuw=,tag:dOQobUjS9zCwypKvfSKsFg==,type:str] - labels: - app: ENC[AES256_GCM,data:4gdakfJwgsE=,iv:2+l0Y6FwSDmuHdLuGcIUMTZFw2VUl0VHiNWDxjHVFyA=,tag:ETWqgBPzy6TP3OoVe/N44A==,type:str] - spilo-role: ENC[AES256_GCM,data:yTR1/HOh,iv:9nLP9Fi7uVjVr4gaASjDnKqMRPdR469CKK8XB/LhllA=,tag:5/M+/H20CWnIqs/N2Bxs8Q==,type:str] -spec: - endpoints: - - port: ENC[AES256_GCM,data:Vok14502h34=,iv:a3f9HhBjSb1CIb53u6edL5y4qwBjNG6hNffhLr/euug=,tag:kLyU4CZyfjto/yax2RgX+g==,type:str] - interval: ENC[AES256_GCM,data:0E/P,iv:bax6YQzt0SVM6FATiVU2fFfnBXFXzj4RDa1rnYw55WU=,tag:jofXC8AwoyTk0kKUhGxOKQ==,type:str] - scrapeTimeout: ENC[AES256_GCM,data:BqoK,iv:NrwIOqZ62nqRgMB2bGIOO4hd6bMNK538nBawJ354Xew=,tag:kIl+3xVmJrhVBy1tImoj9w==,type:str] - namespaceSelector: - matchNames: - - ENC[AES256_GCM,data:tlRSy25/1rU=,iv:HvMZmVZnGWCOzjVsc0/e8tsAheFjaopg0TCVtpNPTFw=,tag:p8FezMTdl1pbt/OiyegSWA==,type:str] - selector: - matchLabels: - app: ENC[AES256_GCM,data:1b3nqvWCaec=,iv:5aA2u/9XosEXJ4r7qVx5EstyZIXqSGy4ejkU4gl/n7I=,tag:ne1wcwFGJBLCEdI8xfsRww==,type:str] - spilo-role: ENC[AES256_GCM,data:gJST5jK7,iv:KmosHVv+u7vbhHX7Nv1fHyH6t/vQGq5BI77Jxj5zM7U=,tag:AzAWQO5rhE08IAiJQl0KnA==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-07-17T18:53:25Z" - mac: ENC[AES256_GCM,data:xuhs4xwYUWMmx3i8n5+eIH9YhuPG3iC8DHzL6cx+UPXu/nV36sUempnDrpMtv8pEsbnxJkTHNEdalvu69jRDguQ+qJjRd+RXRlKmeBfXnXCV4BMaIiBL+ZPmp59CoE0xhPq0L6AFB/Tjp2NXQvOeTOxt+YACbrDuw+x/WWYLn6U=,iv:fMoCDGnJU3vmk1KMp6lT/qf+XTvgMHr4rocyLHamPJg=,tag:1N4OUkLTZoHJHo7vUpDUmA==,type:str] - pgp: - - created_at: "2023-07-17T18:53:24Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcFMAyipFqBchOAqARAAxAJHQTsqp3/5tfRw340JtN/KN0QDXu+WfRojtwtWimHj - dgSylF7qkwsjj21pB+H2jY6Cqe0kpD8kyxlDA675H2qgrP/Epx5zmoRe8oC+lFui - NaOSGTz9IeLNwNBZ8RAng2YbWTQen4J5vLj/9cYxqHs18//PnGXCkX5eQ7kZ2dD+ - qIH0zTygKQxH14YeOIgRWd95DiqZrU6xOHt6jPU9dAXVZ3I75wXYiPdDCyK5kfXi - QcF4iLh/7FSF+va4+L1siJmDD5B9hBzw6xoZJo2eUoTMsyVMJU9x2Gv/dPs40+yA - ie41O0Yfq0KnpdrjDgBd9Ous14AXb1bviPa6boErnA7LJkSsZiQr0a8fpMcEtv6r - 9iud08kGaA3g62t9eIVeJI0XsE357L9SH0NsIgzKQFJ2N/PA9tPblStwMvhtqFJx - XAAsfBGriP1EMWwQW5jFUgEzA193BOFkyPcvxNyvEW/b7eXznto1o7zIDa0ROXd7 - XpVhQkklnRw5a+qgQ7krp/1s/eY4Vsf0ioW5VyZW4eyj9bDj91a3mdf/B7HOqTkR - pV1ltsrVOoiYw2MAWKA+n0FiBMNUioxBSzxEs0Abt4BWe2I8ZgVwAmIg7mrvrNLv - QzHoDFMSY+LnabMxni3F6vagqr0p8lZpRcft92Xsf6aQs74L+hVHsVKhv8MJBhzS - 5gHK+ZJAutu3L3SeY7R8yIITF5GmvIHFLNphdzABTRVwLUweYZqY6OvqbZRdSgbA - akYELv2A3G9M7o+nduSZxqnkaUpjIizSpupX6ma4eadGteJtHXcKAA== - =1ICh - -----END PGP MESSAGE----- - fp: FD9645989F8F5113C93F7E8C1585560D0A87BA6A - unencrypted_suffix: _unencrypted - version: 3.7.2 ---- -apiVersion: ENC[AES256_GCM,data:zgQb7hB6zSgxBaEKmLksXDrQ9c3ipR2F,iv:uDnAwcgRvZsxRCnoNgS1vMeoqH2fURAoYzNRTVd0Ep0=,tag:y68doXlzFs74o4jrcXNT4Q==,type:str] -kind: ENC[AES256_GCM,data:Cy7LQLiEtZj0RjHwNJU=,iv:74dFLsH7IuIwvjdoq263ld2z3/0F9XYPkyCJ8MZoyTc=,tag:dUPE0iIxletJSlu3unkZqg==,type:str] -metadata: - name: ENC[AES256_GCM,data:lExnfz50ziiBtxt0b/tEa7LOdGU2BaMBFHJUYtGB0LgrkfOVGwUbkw==,iv:kd4X7KcZ+ISKvA94f0dfLA7lWdR//Z9omh6tb0JaK/k=,tag:m0d5bbRVgY8fuMYpdsNMsg==,type:str] - namespace: ENC[AES256_GCM,data:YTljQ0Yiooo=,iv:6BP5NWg4y2oQ2L5auMqway7a7yejb0qV25ycjKKNnUI=,tag:E+MLWaQVZgWyM1FbwtmtGA==,type:str] - labels: - app: ENC[AES256_GCM,data:EjBdp46q4g4=,iv:QIvp1ZLj19bPKLqHZcWtqV5rzfDc7Oc3NwBFWdA7ORQ=,tag:W3TMwzuc5zWyouNDDG1mjw==,type:str] - spilo-role: ENC[AES256_GCM,data:W2xy+McmTA==,iv:RH/1xoKYrmaJBBmdGe2pHtZaeKGGitGaBT0Gbbc/qn8=,tag:0tmWs2gwewK0x7FDPnUQbw==,type:str] -spec: - endpoints: - - port: ENC[AES256_GCM,data:oBWIiJcnn/Y=,iv:K8+1kM/71bG514F/GqidlWletW+cRzInA5/yErR3WtE=,tag:hgSOKAcYr75sDmwKNMiGzg==,type:str] - interval: ENC[AES256_GCM,data:vUXu,iv:zq+UwDm8JKh2Kkq7G1cxj7okSVO0ZGm4jJWjGF2RC9U=,tag:nsrEK8Jgq4P2AEwrvC4AAw==,type:str] - scrapeTimeout: ENC[AES256_GCM,data:Goc4,iv:SwnpbB+RJ+RWXl1WjRGmhR12kmJjrXd+BQxt7RpzCtQ=,tag:3rL/BYhcuWEbNaD7HqSTqw==,type:str] - namespaceSelector: - matchNames: - - ENC[AES256_GCM,data:hm6PRt8zzV4=,iv:qMZNzoXBIdZCndW1Tmw6HrZWl/FTHufalfTc3/WQUWY=,tag:ciMH+SP2tglpz7nJ+KEOZA==,type:str] - selector: - matchLabels: - app: ENC[AES256_GCM,data:uDdMFCm22Rk=,iv:KVtPAoIsmZxX8mDV35r/qNTCia3OKDtWa7bZL3nvAX0=,tag:3yiEQR3qF4JAjHznR6hbWg==,type:str] - spilo-role: ENC[AES256_GCM,data:nBTdEQ7sJA==,iv:siex6SDH6gQMALMzWTkLeT3aZ8wUHl2mIrkWGNjmh/g=,tag:u7dntAsqUB8MqM7R+3PWVg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-07-17T18:53:25Z" - mac: ENC[AES256_GCM,data:xuhs4xwYUWMmx3i8n5+eIH9YhuPG3iC8DHzL6cx+UPXu/nV36sUempnDrpMtv8pEsbnxJkTHNEdalvu69jRDguQ+qJjRd+RXRlKmeBfXnXCV4BMaIiBL+ZPmp59CoE0xhPq0L6AFB/Tjp2NXQvOeTOxt+YACbrDuw+x/WWYLn6U=,iv:fMoCDGnJU3vmk1KMp6lT/qf+XTvgMHr4rocyLHamPJg=,tag:1N4OUkLTZoHJHo7vUpDUmA==,type:str] - pgp: - - created_at: "2023-07-17T18:53:24Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcFMAyipFqBchOAqARAAxAJHQTsqp3/5tfRw340JtN/KN0QDXu+WfRojtwtWimHj - dgSylF7qkwsjj21pB+H2jY6Cqe0kpD8kyxlDA675H2qgrP/Epx5zmoRe8oC+lFui - NaOSGTz9IeLNwNBZ8RAng2YbWTQen4J5vLj/9cYxqHs18//PnGXCkX5eQ7kZ2dD+ - qIH0zTygKQxH14YeOIgRWd95DiqZrU6xOHt6jPU9dAXVZ3I75wXYiPdDCyK5kfXi - QcF4iLh/7FSF+va4+L1siJmDD5B9hBzw6xoZJo2eUoTMsyVMJU9x2Gv/dPs40+yA - ie41O0Yfq0KnpdrjDgBd9Ous14AXb1bviPa6boErnA7LJkSsZiQr0a8fpMcEtv6r - 9iud08kGaA3g62t9eIVeJI0XsE357L9SH0NsIgzKQFJ2N/PA9tPblStwMvhtqFJx - XAAsfBGriP1EMWwQW5jFUgEzA193BOFkyPcvxNyvEW/b7eXznto1o7zIDa0ROXd7 - XpVhQkklnRw5a+qgQ7krp/1s/eY4Vsf0ioW5VyZW4eyj9bDj91a3mdf/B7HOqTkR - pV1ltsrVOoiYw2MAWKA+n0FiBMNUioxBSzxEs0Abt4BWe2I8ZgVwAmIg7mrvrNLv - QzHoDFMSY+LnabMxni3F6vagqr0p8lZpRcft92Xsf6aQs74L+hVHsVKhv8MJBhzS - 5gHK+ZJAutu3L3SeY7R8yIITF5GmvIHFLNphdzABTRVwLUweYZqY6OvqbZRdSgbA - akYELv2A3G9M7o+nduSZxqnkaUpjIizSpupX6ma4eadGteJtHXcKAA== - =1ICh - -----END PGP MESSAGE----- - fp: FD9645989F8F5113C93F7E8C1585560D0A87BA6A - unencrypted_suffix: _unencrypted - version: 3.7.2 diff --git a/ops/provision/k8s/postgres-cluster-alpha-values.yaml.bak b/ops/provision/k8s/postgres-cluster-alpha-values.yaml.bak deleted file mode 100644 index 4886801..0000000 --- a/ops/provision/k8s/postgres-cluster-alpha-values.yaml.bak +++ /dev/null @@ -1,148 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: postgres ---- -apiVersion: "acid.zalan.do/v1" -kind: postgresql -metadata: - name: acid-postgres-cluster-alpha - namespace: postgres - labels: - app: postgres -spec: - teamId: "acid" - numberOfInstances: 3 - enableMasterLoadBalancer: false - enableReplicaLoadBalancer: false - enableConnectionPooler: true - volume: - size: 10Ti - throughput: 125 - iops: 3000 - postgresql: - version: '11' - users: - %{ for d in databases ~} - ${d}: [] - %{ endfor ~} - databases: - %{ for d in databases ~} - ${d}_db: [] - %{ endfor ~} - resources: - limits: - cpu: 1000m - memory: 1000Mi - requests: - cpu: 500m - memory: 250Mi - sidecars: - - name: "exporter" - image: "wrouesnel/postgres_exporter" - ports: - - name: exporter - containerPort: 9187 - protocol: TCP - resources: - limits: - cpu: 500m - memory: 256M - requests: - cpu: 100m - memory: 200M - env: - - name: "DATA_SOURCE_URI" - value: "$(POD_NAME)/postgres?sslmode=require" - - name: "DATA_SOURCE_USER" - value: "$(POSTGRES_USER)" - - name: "DATA_SOURCE_PASS" - value: "$(POSTGRES_PASSWORD)" - - name: "PG_EXPORTER_AUTO_DISCOVER_DATABASES" - value: "true" ---- -apiVersion: v1 -kind: Service -metadata: - name: acid-postgres-cluster-alpha-svc-metrics-master - namespace: postgres - labels: - app: postgres - spilo-role: master - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9187" -spec: - type: ClusterIP - ports: - - name: exporter - port: 9187 - targetPort: exporter - selector: - application: spilo - cluster-name: acid-postgres-cluster-alpha - spilo-role: master ---- -apiVersion: v1 -kind: Service -metadata: - name: acid-postgres-cluster-alpha-svc-metrics-replica - namespace: postgres - labels: - app: postgres - spilo-role: replica - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9187" -spec: - type: ClusterIP - ports: - - name: exporter - port: 9187 - targetPort: exporter - selector: - application: spilo - cluster-name: acid-postgres-cluster-alpha - spilo-role: replica ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: acid-postgres-cluster-alpha-svcm-master - namespace: postgres - labels: - app: postgres - spilo-role: master -spec: - endpoints: - - port: exporter - interval: 15s - scrapeTimeout: 10s - namespaceSelector: - matchNames: - - postgres - selector: - matchLabels: - app: postgres - spilo-role: master ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: acid-postgres-cluster-alpha-svcm-replica - namespace: postgres - labels: - app: postgres - spilo-role: replica -spec: - endpoints: - - port: exporter - interval: 15s - scrapeTimeout: 10s - namespaceSelector: - matchNames: - - postgres - selector: - matchLabels: - app: postgres - spilo-role: replica diff --git a/ops/provision/k8s/postgresql-values.enc.yaml b/ops/provision/k8s/postgresql-values.enc.yaml deleted file mode 100644 index 8ca59bc..0000000 --- a/ops/provision/k8s/postgresql-values.enc.yaml +++ /dev/null @@ -1,35 +0,0 @@ -replication.enabled: ENC[AES256_GCM,data:JMc+eg==,iv:lLEB3MJffHR0sKyejotObrboMaxC2Z9Xi1P76xUnvCM=,tag:doDDAhhpT++ZlMZbJlPHzw==,type:bool] -persistence: - size: ENC[AES256_GCM,data:ABJ6NA==,iv:A8z/NGcDQHkHERqhRK35AAGuZEkthZuVJmH9PhHd54E=,tag:EaTOZpHJmR6dtMNM67hAWw==,type:str] - storageClass: ENC[AES256_GCM,data:oS7C,iv:lzjz0sJcYMObaihasmD9nTMn6xMEm1Ws+e6m1znGLRs=,tag:XiUL/X1uwrDn4aURJMX5zg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2022-07-20T17:22:39Z" - mac: ENC[AES256_GCM,data:XBsYqj+2T/YaYY44+CxCZSVcc3yvfrcThME6h/3MLLUKJWmmbquIEuxk5LtpeTXMyoZ8ynrmV9Ty130IE49lUJ7IIf4gEMCQRo5hdSBqMapXlsAW0ILj0fYZlfAILTqLdKdbahNHZHO7/Ff+2BBuYxkYnTWTkIIl4Lg6qUiFzsk=,iv:fDyPQtwipaUiQQLc3i8FBPms9fudXpTetB1XfEVYHN8=,tag:Bp7HxaHKQoePp+pvizNKHQ==,type:str] - pgp: - - created_at: "2022-07-20T17:22:38Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcFMAyipFqBchOAqARAAqtWV3jhw0c5YLOjUarNTefEEhwhti/e7rcRSzP5k/doy - 9b1En5CSwjS7DIPfEYOZtE5txvcDyOT2Ecd1xrKM9Rk+t6tckJhC/Sx4BDMJiJ2v - IVos8VhqpRn59GkIQ9ilct5N4CsEUJaXPaBqLk4E9oMQqBQytC+GA6dC7f51xDt1 - fW1I+aYSEdCTcrgRixmP1dfGNrmS5VdMIW5Pel4o2k2q+L7+1Y1I3VjtJgHXe0F4 - TkHuaCIoJhsMSogSQocooiqDH3EWvSkHfdDQrNMumKQfaM0jytfzLO+OKhWtmSy9 - co1X1lFQm1vjhrXiQ5zysP2CT5RZol+dXQ4ykYHAic+3rox7uI5HyP8ceYjjmeIQ - 4jkcX82qCnB/SGoxnytiqKn0Nduc56aFhBken8skkm9odk9nWwRYcH+6vA7rzFfo - HGQc2QTWG/p/AOBn8V7Cl6pv744oFpt5z3VIj2gzvfQ44Wqhp2y0e8f/B88Q6BGs - Nz1XCSjvSt3f3FED26vd4sQ8Zkx7T+kbo3kMyTQmfC4m4y36Y8pzrR8xpDI7VRgv - ApOjj2kx9yrKRyF19MRx+JEUvSJdfvtRjgXG9JxaghVRqkxGOjaqdUbsKVcbqUOu - srvB//9sg2HeAc42WF9erwcziALoekQcrg1wq15NTHW7dDKL/Im0UlpEeBoZgJTS - 5gFDsbHx/Q/W46ZY/QgLrRXIjxpK8vNYY4oAcaEzBUXUNgSM3q4/kl5CGPL771XW - asSMr3gl9qhNetfmDDX8hJnkB2kyiM+a8dUYDsphUPKBqeIlzJSEAA== - =AbvQ - -----END PGP MESSAGE----- - fp: FD9645989F8F5113C93F7E8C1585560D0A87BA6A - unencrypted_suffix: _unencrypted - version: 3.7.2 diff --git a/ops/provision/k8s/prod_issuer.yaml b/ops/provision/k8s/prod_issuer.yaml deleted file mode 100644 index f47db26..0000000 --- a/ops/provision/k8s/prod_issuer.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-prod - namespace: cert-manager -spec: - acme: - # The ACME server URL - server: https://acme-v02.api.letsencrypt.org/directory - # Email address used for ACME registration - email: support@notch8.com - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: letsencrypt-prod - # Enable the HTTP-01 challenge provider - solvers: - - http01: - ingress: - class: nginx diff --git a/ops/provision/k8s/solr-values.enc.yaml b/ops/provision/k8s/solr-values.enc.yaml deleted file mode 100644 index a13ec01..0000000 --- a/ops/provision/k8s/solr-values.enc.yaml +++ /dev/null @@ -1,65 +0,0 @@ -#ENC[AES256_GCM,data:SRX5pL4QPWs3MPKV,iv:RX7QZP+yoGjCcWsWRPCz+X6TP0IYGj8IJReM0TVtMQg=,tag:zRiWM6VFBnuhNkNCNtXqxA==,type:comment] -image: - #ENC[AES256_GCM,data:cOLODlP8WFyFGF6KWFOMBE6Zb6OcidXStw==,iv:JLAeGoOpxKzkEcu7hjq8gaGcJxihAb5M76Nmn7xaTT0=,tag:n3h0qjAP2fF0xr2wkHtNDQ==,type:comment] - repository: ENC[AES256_GCM,data:mtuf5obUcRKuH9gPisToi6zr,iv:3hoZHBWwp25dBEBO6BZA2WO/GZ6HMdhaI6eLy/DhfAA=,tag:yupMAdnDaG/bd5vuQZ+kAQ==,type:str] - tag: ENC[AES256_GCM,data:2W4Yb24=,iv:1nvVIilNPpbcdSfKHD8x3H4xG/yYHoq7u+ZFNbLT4sk=,tag:lRAKuFBtKH1pvSYoF1pavQ==,type:str] -replicaCount: ENC[AES256_GCM,data:tQ==,iv:RdUmlThK6mPtaxxVBXcfbSvXCvKc1DHY3fDKUB/2MvI=,tag:EMmB+JYT0MHmJ+3qWEHp2w==,type:int] -collectionReplicas: ENC[AES256_GCM,data:Yg==,iv:KVjoJP5BcKJ7Y50G8xiuG3vGHOK1pNgw6Y/dyqsiFbc=,tag:RO6S02HyhWPOM5gsMDrr9Q==,type:int] -authentication: - enabled: ENC[AES256_GCM,data:oLenRA==,iv:b/jqbwXCVj5v4SYNO6u7ziT5Baspi6IcItubtmVq66U=,tag:OyxS455+4PrzWAI6Un/Lvg==,type:bool] - adminUsername: ENC[AES256_GCM,data:N49MgJs=,iv:4cwvYTlhXrNymahQaCP0f1FKQPTWQ59GPn7uUU/SKVk=,tag:lEXaQ+zvDZiI/LA8Y9u50Q==,type:str] - adminPassword: ENC[AES256_GCM,data:yBe+Pi0=,iv:mky1hP+enPnkHjCzqlx0+DqQfA5flm/C71MCWHVQ6Q0=,tag:1xB1T+yGSq2TSXZzt+5myQ==,type:str] -javaMem: ENC[AES256_GCM,data:+H7K5QpkGM+74+4xWQ==,iv:s8iCtWJ38EOqQnOjob9L/lWaYxIzYkzjcFwRslcMlfg=,tag:HDFZstFOHfhUreAtcX0YdA==,type:str] -resources: - limits: - memory: ENC[AES256_GCM,data:InsN,iv:a1lVjas1hTtpf6k601CtxmAh7W09wWbyGmg7E9kOEIk=,tag:jIBGIt0N5uNNsd0HGmfVbQ==,type:str] - requests: - memory: ENC[AES256_GCM,data:xEUT,iv:JWEGZhoLYrCEbBJg2lKHTt/ZCdgc9fX3WnDaYkQoc+M=,tag:KY0ob4LerO9y2r+j5XkB7Q==,type:str] -zookeeper: - image: - #ENC[AES256_GCM,data:mnvEGnV8DbBUJ4uQhswUjGxuLsdVreMZ25r2of397+j2aTrb9x1V/VjCpbYj,iv:s93YQ6BWuAOD84OT2ghSbnwwTsPRoPzHNoOAMaR9nxY=,tag:A7D1IFY5AEyuXhX5BW4cJA==,type:comment] - repository: ENC[AES256_GCM,data:eU9nsY57rV4jDazlV1ZR3prJB9e9PJA=,iv:StPYoiw+F3+JAu7FvqXJuM9FX9SEe6D/NXK2PuvZbT0=,tag:xS0nSsrLGx7bqYVxNn6Fsw==,type:str] - tag: ENC[AES256_GCM,data:e+/Ho8lOhfFFNHEHWf27hMzZLcM=,iv:YWHX4kOCAu92JKFvrV6TqxOGjvxEYLWeiQjgvEEkVGw=,tag:mjDQ4JrHzv3g8korB89Gpw==,type:str] - replicaCount: ENC[AES256_GCM,data:mA==,iv:Bt5pRGZKBEq2yx/tzam3/IFHtGSTo/YRZJ/g9uaXiqU=,tag:fX/2srGwSENmoadBjvByCQ==,type:int] - env: - JVMFLAGS: ENC[AES256_GCM,data:Fw4BlOH35ZteDsdvWKZ3,iv:mFnr9QViQXQsvTzRIeJb8mXaC8AJUf6GCIM+hIcmKM4=,tag:S2Ydo3vR4OfzWKB2M6uS1g==,type:str] - resources: - limits: - memory: ENC[AES256_GCM,data:IgJv,iv:zkgjse/150+OTh3O80wNz4rZVVFRkaiAt4qCFIMpLoQ=,tag:GwS14cLmYkXd5MUp/0InQA==,type:str] - requests: - memory: ENC[AES256_GCM,data:pCEZkkE=,iv:BrAQ7t7iIaAWF5eAVB40cmXDbtBV78yebJn9cAy0jGw=,tag:v0eGYqvH5ljlObpXeBJPiQ==,type:str] -persistence: - enabled: ENC[AES256_GCM,data:GH5T3Q==,iv:gxwTNsu17rtONITGJ/tfJKGVq1nD62bjokQ692hKM5Y=,tag:uY92olw3vTiwGjNAYYdo8g==,type:bool] - storageClass: ENC[AES256_GCM,data:d+ig,iv:wS4yFH43tCdiuYDnQ+BL/y30XDPobxFOPN8uwFrXOn8=,tag:rdV0Gb4HzNmKPD7z2ciW0w==,type:str] - size: ENC[AES256_GCM,data:lxX49oc=,iv:dNH06z5+S5+u4QRdXcgSCVmP7f8um3gBdSEpt2BwWt4=,tag:LC5ECCgUCfL7hGTO3FwZDw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2025-08-21T20:02:26Z" - mac: ENC[AES256_GCM,data:qQxZrcSSEuAbsDeVvK0H6d/LG27o4ZKG5X/ZtdRa6yQJG1Qj4NbvqqZUucGFiHqKpQy8htmD8C73Bhg4RRlAnmlJxSrU4dPjfUu2sCrbKhi/zMAFwA/tqfd3zAUi0P1cIvu98hJNkC8zJhE9LthfKS2TGOGkWxAtRqxME5czYyY=,iv:9axnKrQTMdExtUUWXKsZ53OHPkiYnRf5lgru957NYPs=,tag:R0Pw88Pi+G+c3EhbYpF+Ag==,type:str] - pgp: - - created_at: "2025-08-21T20:02:26Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - hQIMAyipFqBchOAqAQ//Tx5G75FZX/fAcXXi7lA+oES7QpASUD7tGCuq2HGBgp5q - yqso63flS0+jB/VyeAmo+3PPbvGB00YGI8sc5tKerFdk/nj4jVQMO3z9RZVMbbKP - Dp6Sr9pJBgUHSUoRPOFiTD0zTU1kP8SWffU9IQR1qZT92rsesag5CZrYsSxXpd1x - L3QO7qS+QcfpLlEdtcmhDXhMumCRW667Y9oQKmEXuTYkhbgJ81jrIAcPo8K1UYEM - gJONg41Vf+kcj7PrJgywFPPXoS+hQUBb40qZ0u6bbScA8BbbyVvP/WcaHuxxIwL/ - Evvu6PobTXGUtmvvUNrWLBo2b0CQ36urkMrtHRNyK8sMWi549CN3Z7g4ankzKGHh - Ln4WUOk1iP3YEA/jCBNj9a5CcwhGkRRG3vmfKN7IKYXWRGAPGALumS5eVb05RWJI - yjjVfeX0yMnRT8vkk9XqRysquTS8E7bfLkorbcMJpaaomyA/PDNHeWMCHfKP/rVp - o1S/sFoGC+x1LrqOkhu11TD/1J4mEqhi7d5uWsaOonVEwrFNVwsh2kOrCVw9NgYC - VS58fNjOkE1y8VR7jcGTBDXnHtS1XQvCkEHp7fkHqVIHivf0dtZ3jiL4UtzrZl4D - yL3FkH/bOCbA4GrdUmxmJcuiQPdhYh8SEiNzcPoyKiwsemucS5dO9x7BhG2HJFvS - XgGcBEKFpaoH++i32OwTrn3ZLEXCz/m472KnEPXDacI0C8J4eUMUwuWPnjTiyTXn - 3cytvu2WGm7wwozqcFnCcqLOY0tvhgGJlIM/4hxf7jWMMslmca57F1CxjPhuFeQ= - =5kib - -----END PGP MESSAGE----- - fp: FD9645989F8F5113C93F7E8C1585560D0A87BA6A - unencrypted_suffix: _unencrypted - version: 3.8.1 diff --git a/ops/provision/k8s/staging_issuer.yaml b/ops/provision/k8s/staging_issuer.yaml deleted file mode 100644 index e14d64e..0000000 --- a/ops/provision/k8s/staging_issuer.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: ClusterIssuer -metadata: - name: letsencrypt-staging - namespace: cert-manager -spec: - acme: - # The ACME server URL - server: https://acme-staging-v02.api.letsencrypt.org/directory - # Email address used for ACME registration - email: support@notch8.com - # Name of a secret used to store the ACME account private key - privateKeySecretRef: - name: letsencrypt-staging - # Enable the HTTP-01 challenge provider - solvers: - - http01: - ingress: - class: nginx diff --git a/ops/provision/k8s/zalando-postgres-operator-ui-values.enc.yaml b/ops/provision/k8s/zalando-postgres-operator-ui-values.enc.yaml deleted file mode 100644 index eff76ee..0000000 --- a/ops/provision/k8s/zalando-postgres-operator-ui-values.enc.yaml +++ /dev/null @@ -1,44 +0,0 @@ -extraEnvs: - - name: ENC[AES256_GCM,data:hZ9xgYocpEBULTtOFHaiYQ==,iv:ZUSfY0fqrinEngFE8Ekf5cvyHjDZJKwo/dhRewq+Knc=,tag:DOCiA25CupjRMv28t0+9pg==,type:str] - value: ENC[AES256_GCM,data:RSi7Fclh1LEBwGkER6KLgvbe07+GJ1gnzS51sXqwCO83N29xgbMp36Q/9w==,iv:GByfYDmlom/pwkj9D9G9+wu98MjvIJw17Pzh76iUWnU=,tag:7uq5v5kM1fjbk//pg3GcoA==,type:str] - - name: ENC[AES256_GCM,data:bbhwfT+WP5uBF78PY0FGwvOe/X6Nyg==,iv:8EI9HP1mBU63GZxp/PjPiOo2V0bDqJ3y/CqqaxfAb6o=,tag:bEFsLW8GfZjyLSN3cyCNLQ==,type:str] - value: ENC[AES256_GCM,data:b7WmogLW,iv:fuFcC/r6N9Wovk2lfakcGp78cbviLfpHM6W7fxJg7P0=,tag:comt8yugBAvrLfoB2/+t3Q==,type:str] - - name: ENC[AES256_GCM,data:BDGJ7M1VQBhGNWOrdrbCGpI=,iv:cu8Qd9Ap5hFPYbRTu+WWK5Jo0CEShn1vof2XRMz+QFw=,tag:19jlVANNy+ib601o6cxMOw==,type:str] - value: ENC[AES256_GCM,data:7Eu0YS7xT4+//+8URA6bzOhTp+Q=,iv:vJSgA6lNTeI2XMp60EijXnBUv9UaEddpyu4XezIMhek=,tag:TDorMrgAcQrjw0JV+ozWpA==,type:str] - - name: ENC[AES256_GCM,data:6rZ+K4GY4kshcEckMw7lz/KvQ14n,iv:j952mTlFjkJC75sTdJy6utMGKzap0aVnN84Rxk3TIP0=,tag:RNUPFATaHn8GJ5ZllTE4Ew==,type:str] - value: ENC[AES256_GCM,data:1ox4Is1nd1lIXi/GDbDdTMTK55rfLWaa,iv:fH9ckFg1ieYKlJ79dggtM3ts09RdPGSiP/hZE5VIaxE=,tag:cATD8txgUV8LkD2/f3z7fw==,type:str] - - name: ENC[AES256_GCM,data:v2a+7V4ZRTrnwPq9RPSLXSgJ,iv:7ojJQUXBYFtQErB2MXDwD77mZIrjccaHAOiVcpfoXA8=,tag:HZFx0LQm173XstnXH4NolA==,type:str] - value: ENC[AES256_GCM,data:7K2vWEb0sfuB,iv:Y7+ZW4SuWzasSCAY39CB46VcbyWjC3Pi/0qSt0hA/2U=,tag:vKm8CQD5ORQtiYR9hYchNg==,type:str] - - name: ENC[AES256_GCM,data:z7xxr3sFzqu8jhkUlZn7pwTcgCd9eQ==,iv:T0gk5SKGAEw6AdFefkkXfnCzFnqbHQk4kE+J1weq0og=,tag:jKpJoCta5/bsd2A72uO+yw==,type:str] - value: ENC[AES256_GCM,data:eOmPgVDxkJIijeeGtydSng==,iv:adIDWi8sIJHE/VVXdU9Lj+5yvSbIt6vVqt+IBY51HbI=,tag:NejcHldY+foMLGqpgadelg==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-07-17T18:53:27Z" - mac: ENC[AES256_GCM,data:UTVcpmIA1M2MpRUUr7XlaGLEkfDyGy1eoyBFZ3uxL0x1k+opr8XGxQGIAI3WqM1FYCE9OPpkDv04huoadJpmqWdwBkeu/CIOPrD7wfCxN0svPVFNJZNPyCN7KZA9mw5qD1LAdvpqmrd5bQNjtPTYNKWMfrFTUum8/z5ipGrtudw=,iv:7lyxCIXjqYe84leb76DWkzxtsc0lKMEoz3ok9mflsLw=,tag:0+OuURGNSrDM/7bAy2emZQ==,type:str] - pgp: - - created_at: "2023-07-17T18:53:26Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcFMAyipFqBchOAqARAAUlOzQzpG+t1rZekOjWXZSl2zqnJP07Hsdlt+niYT9UmM - eFpSxTiKy1Tcls6G72z/vcBkQr0ogzN4p6wN82XbxPYo/19HDYbWsICOtV8LTtFH - 3I3Qa2YzcZVvQAjnhv2yRufwit1ltt9yn4ZrUom9Vixl11sysZaD25wqhcMtVNu8 - /ciO6FBjWvd9znYY9BarXw/9G5V/MP+rdgdf4qgMtU7MO9TJ1vm5KPaj/sSCqYHP - kdq0//nmjVnFvXZhU5QnF8cUy+ziOT8M/Q2+GYgKKlJLfq6DJSJE/7H8u937xH3Y - 9QK3Pen0868Qa4LOytFDSy+VN2Lw6ELIx933HVZdjFyfXZqBfNm015hdLE+voW3g - SGqm35Suk3LSHnSRswAZ0O5IAAeQPnPYqDfgvMvO9cxr6D3+mg5iSQrVgbcybNjY - oJKpImQYzk38TKl2Wq8HrfEhq3D9rXHOAmrSGhFxyrvCu3qErOA9Ot/97AyC99io - JKp8g57snmj67zwgkR4a/tFXNylKYI4no/+8YQEizNwUVlY+9LJFcw99twCjToxU - oI8ku7/gAhG7emck9aT74Y7LZ3TPNQSpf5V/SfCCuACrhyKzmWcTbsHiqTK6hMHS - bsy7VFBhvvVuwa5+ZXYRly86cr+hglYhSZLay/aN5DtPsSoA8j6mH2ZaQXr+NH/S - 5gGjybproAHFCnaexhKfbxNmuLkRuz/afj2crIZ4Q/vtuZMDsn3En8mlkhIxCMW8 - zMLvMnvSyJ52/iI001UR7znkK4tza9vcLzXRcskUNMOde+L5+F+IAA== - =E5bH - -----END PGP MESSAGE----- - fp: FD9645989F8F5113C93F7E8C1585560D0A87BA6A - unencrypted_suffix: _unencrypted - version: 3.7.2 diff --git a/ops/provision/k8s/zalando-postgres-operator-values.enc.yaml b/ops/provision/k8s/zalando-postgres-operator-values.enc.yaml deleted file mode 100644 index 69e7fb8..0000000 --- a/ops/provision/k8s/zalando-postgres-operator-values.enc.yaml +++ /dev/null @@ -1,50 +0,0 @@ -configGeneral: - #ENC[AES256_GCM,data:hZbp2g0gA2+8SRiYwjaQjk+4fqtgBqtIP3xJk98H5scI0TVyBlDFhyFjSHYD+UZgH1SQ5utD5BD+GCL76ZewyYzvWlHapbn7,iv:YxDyH1nwtYfpfmYE6yIfe0r+pmgf7wPMc9biGFM/k98=,tag:+OefpMKy78TYXBfVX7qRRQ==,type:comment] - workers: ENC[AES256_GCM,data:2A==,iv:SxT22oq+h41umV1Y9o6y4JxAb3QhB9y5kU1B2R1Z1CU=,tag:igi9AZLeul+oy9gvDb5i4w==,type:int] -configMajorVersionUpgrade: - #ENC[AES256_GCM,data:oGUaqxSL/Or5UzaBLQ2kN5Jcpis+JcxgcDvNZVNnBrCCpu10zDbXxUyV5FF0asMWj/lv/LgnOkIscXEsRAiz3OxEJS3s74P2/nzH3pvcDfMWf+80dByKwgB0OX3nQ2q6q4CBfkry,iv:3znz8aUg2rdAOXLuhNv6AneoW1aey+RzWRixmFdZ0gc=,tag:xosDFBRcFmbBVai/WZwb4g==,type:comment] - major_version_upgrade_mode: ENC[AES256_GCM,data:nkACzr/N,iv:7uD9xljrjGYv8MDADvpVLXpHZk2JP4CxTipf4whn9R4=,tag:7zywxcYcfoVrD7pmh/BNeA==,type:str] -configAwsOrGcp: - aws_region: ENC[AES256_GCM,data:0TxZGXpYsl2+,iv:/y9TInuwnZGwQBFDhxXTtcs3MUHIXN6Nm2fKJvSXvis=,tag:KhiOa15zUOeMo/SBXKxX9A==,type:str] - log_s3_bucket: ENC[AES256_GCM,data:MeTquH4AKTE3QVXOz6PMOQ==,iv:MoOde6GdCJ0x9v0YhzE42wP0aVoqflXurpJO0YVJfJs=,tag:I6Wh5daVinMJTihXX9rWpQ==,type:str] - wal_s3_bucket: ENC[AES256_GCM,data:9kEQ1w+UKovFmCaQr3YULw==,iv:7ljihvYd1Mnj8LeZIWPlwKnsD57Z6kEkKnyjonRFwrI=,tag:foqaT/B/Qosj5P72+P4D6w==,type:str] - kube_iam_role: ENC[AES256_GCM,data:Fe72mzna2NMgsiMJ2Gx6XvbFYbhmaMu08uog1dYLaboJ253mApPPfBHHbC3KsJQG5GodPrtFpZczPNypI4Af,iv:gVl6CP69XtFdJEZqThvw2G9d25EHIFLT18DODWD6DLs=,tag:S5E58Yo5VGSbOnyIdRZ0sA==,type:str] -configLogicalBackup: - logical_backup_s3_access_key_id: ENC[AES256_GCM,data:mONi72kfozFTsV9TQ+oDt4hsMbs=,iv:SrxBJ8+8wgUWwQTnaBPbii8SPhkB8gP6RnNt40fY/Dg=,tag:tp5uRqVryC5roJGUfi+WHQ==,type:str] - #ENC[AES256_GCM,data:wnAwSd/pkT4Dv2PPkdFjGwizQ9k4eURfufQGDlsMh88JDQ==,iv:gDKDn4AlRvLlcHZxSfO062Ufaj6dBb3rWMwtNyvLwZ0=,tag:dr4fHbBRB1sA7K2ymcLbSA==,type:comment] - logical_backup_s3_bucket: ENC[AES256_GCM,data:1sto9aWVChb/6hKnV42tqg==,iv:3niAwkErHn8E5tYsyoYYZxJfUmgYYyPqLmGxMHB/3ZY=,tag:4/VxrmmzDxqU09QPOI3xJw==,type:str] - #ENC[AES256_GCM,data:zeq3sltQMVw5JI4mxrxZA328HBg=,iv:oVm6nKBhJO8cgssvFar/AjqD9Uuws5zuWO3+97EDF5s=,tag:py5yyBOFoD2plRHlLx3I0g==,type:comment] - logical_backup_s3_region: ENC[AES256_GCM,data:QbpDAIgHuxS7,iv:ZiyUZBgbHWKzT/4fwtrQxNgegGTW2YZmsldTtIh/eow=,tag:1uo2lfZdmUn6czCQecIAjg==,type:str] - #ENC[AES256_GCM,data:a/s3x7pcHYPlVTtG80lC6gi5QG8L,iv:XCw2V2ah8uhjyNXWWMEY8X80Nt705boXP45TjAoBqBU=,tag:AJxArh6cZR8/LJLzBMjnJA==,type:comment] - logical_backup_s3_secret_access_key: ENC[AES256_GCM,data:dyPi1OfpHJ1wJGt3fCHQ/0puR1sk0BYP,iv:hZfkBEpYMiemtjG2ZMbpURYTWeln6jbN8oOtcM39/7E=,tag:8CKXKm4qeK9GecSQVi8uuw==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2023-07-17T18:53:30Z" - mac: ENC[AES256_GCM,data:9WTiahepXOaachD+YvUkQqC7KwySdtmX21AZ1kfobxai6nPrsJLBMst/Qr7OCXWhL0zclxSCpNIn18CoZchu7ysuQoS0LIG7C8AYWtOI8SX6IOc0dbMxtx8u80Av0fviUyHzXoQTuG9CYpAV66GvP6vDIf8L2Jt6JdpoBJiwobU=,iv:0OdHSP38Ou6OP4KYOzD/VuaVLttWVuV2j4AJRTUymyI=,tag:KBwLjpz0CuiNwNEouQKF2Q==,type:str] - pgp: - - created_at: "2023-07-17T18:53:30Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcFMAyipFqBchOAqARAArspVpWYyS63I4/+Qa2XTZKF0P/JfIyckdwmuejpK4s7e - WXHGMLIdg7PkcGmLTkdo4rm09HcsXdBkzs8mQZCWA4U6vC1fHY5Lf40yw829BV+N - +q+oscVmh+bZiJ2FEcj3e1E3gBm5p9FomUu8G9W2WOh9fp5ducL8CYRFeT8p7BY9 - cRit2q7tWX/xKG9TQINNr2WGK/3HmzHSTT/rHvOMweb8f9Et5Vp4YYowmWA1XMg2 - 1Nmes8YIg1f3HmIFxYBwUsV/YCDurzsDgXoO4RbHZOfYSIiAYBrKBMz1vt4E1r6y - ta40LwsjLBFyfwbYccAFK6Y7YGi9vnCWA3zGCSqqZ+GdvZSn4bMEvCkDeVkUrscz - F5WQ8sxVF6g2Hs3RfLYPfe++aMfJCW9OMOU9bGjPV2tamuZGx6x35AyBjLsy3WkJ - O3LmkwQqBeaY/qZXOdnec+1dm+ljhbINu83FwppNVW9NVtGiNHS7lL6/D404r7VB - pUG9wJK4AKnBsWFsourPVEA6iApGbfCYKCLjjFtkf+nMBOPl/N0NYiQAqc1IRfNP - MZODZ13r+eqYpQ5dfHTh/wdzjedHl3vHJjyGqeMraFgh4W3VwinBT4qvwWU3plCN - qEqPygwZ1Y3q/YdSvdVZ1Lz2n0S6m/FcHszLlr0J8OzGq7DhRlOw9NpFATbtd6fS - 5gGjSceOqq2cKcgSmwuiqVzPHO7d61ZrwJfOfvHNDhmWETiZfiYhSmknstdtR9d5 - u0KHYCBvWergv93MfoGsV4TkqCLw4l6YqFUQs/Rii413TOIj3nNZAA== - =4Esk - -----END PGP MESSAGE----- - fp: FD9645989F8F5113C93F7E8C1585560D0A87BA6A - unencrypted_suffix: _unencrypted - version: 3.7.2 diff --git a/ops/provision/kube_config.enc.yml b/ops/provision/kube_config.enc.yml deleted file mode 100644 index 36c097f..0000000 --- a/ops/provision/kube_config.enc.yml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: ENC[AES256_GCM,data:StM=,iv:Rug4Ouvh7JTfvNmecLXCGHiG/eIwPliZ5uunFG283T4=,tag:bFw1dWqyswbm5M0LAKX5vg==,type:str] -clusters: - - cluster: - server: ENC[AES256_GCM,data:Eu2Naa+++hHO4rUAEMnE0X//6DeFxc1tMzygcMymWISW2Cy6dIyvSszHxQ==,iv:n148HVxui/T6cREIiFFZNDQ3poISzsrvP6dAL+KQFHY=,tag:f2bghbN8FqBl1Vgq7sOUKQ==,type:str] - name: ENC[AES256_GCM,data:jX9JwS1J+yBZPMabMPAgVTBGCw0=,iv:W7HnAdGdxP0Yot4pYWZQr3nZy50B3tVsxENMhrVn3wc=,tag:s7izZiKXJxNpJLffEj0AXQ==,type:str] -contexts: - - context: - cluster: ENC[AES256_GCM,data:1q9ppYjTxTyXVwNDlQ2ajMXS0Sc=,iv:koidGWL0VJ9khNyrFi7gGpeANuhV6kZXh/YQ4o9fQKk=,tag:LWo//uQMcmH3C5pjYX+Zkw==,type:str] - namespace: ENC[AES256_GCM,data:DmWi,iv:wWf+wSZ/JSjKmQVZJn2yINy0gRef8xnXZ7BiFQZL5mI=,tag:dUrC8lEMzA0PyMJtxxrJ7w==,type:str] - user: ENC[AES256_GCM,data:unNtDQ02ZJGdY27mBJxMQKCgjAI=,iv:WX6bByXonjuToqECLbNXaDsLHwHmnNaq/iqFXSZJpNY=,tag:8X69hJck1VUzQMhJ/M7d9Q==,type:str] - name: ENC[AES256_GCM,data:S869k5Mn/mNl0ZLVfg9xs+NA1Y4=,iv:3RfUYCgam+SK0PTns/cctoX+s6xnSXjsSkvhorEzOG8=,tag:0j8gNyhh6ybF/+r/kLvEEw==,type:str] -current-context: ENC[AES256_GCM,data:IoZC5VVhNSWYkjV6htRB83hVvGc=,iv:LUcb5ubq/MqW2fRIY3OJdQHM5TCp6y5BiHLW4cNo3xc=,tag:B2qEM//nd63j4N0GzTG0tg==,type:str] -kind: ENC[AES256_GCM,data:hvIFBTJ8,iv:cDj1Ro1YSwfNNIFlKfdi/AL0LNJ6vggFfDiWccsA/CE=,tag:zst9yH84unChn2T3+KUjAQ==,type:str] -preferences: {} -users: - - name: ENC[AES256_GCM,data:k+uAB39rsfoi5u/svis6pPk6dl4=,iv:qe9iORXk5RZ2E3+SVGTTHDadnLx/v+3phkDPwqLZ7Rw=,tag:OTKNaPqeTdGB4aR3tnHyRQ==,type:str] - user: - token: ENC[AES256_GCM,data:Lw4toa3rq79KOQ636tEZUmfOrJggNu7DBrk96NWmBprraXfH5+gb6vmTV/rK0SB+/ezq6OgqzTYMRckeR12NtkiLUeHgx3CweafArQ==,iv:XOthNlySafLTeUnTmtyYBO48rmvTsvDIolzJCNd/9MA=,tag:QnPM4a9VkntFvjir5JueBQ==,type:str] -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: [] - lastmodified: "2022-07-20T17:22:36Z" - mac: ENC[AES256_GCM,data:wpTRdw9x+Tm6f1YKdzNLnQcZTMcjqmgRWj0w05KPvXb+0vfoXsQipFzH4LvzsQAj71rNsI6K1qvERboPZsbPqUWtzVu4fnkpXvRnlnbTXcqKQnRCJnuYyqoIviJTPsuZ14+dHFl89Ov2D0Gsf8xPXiLBAYA7Vjd3yq3wJy2hILk=,iv:RMzhPVwudM3SZosVnnzmMdgXSx4z5Ok3pW42FAClhaU=,tag:SpH2xGSPgLMeAGWedEn4WA==,type:str] - pgp: - - created_at: "2022-07-20T17:22:35Z" - enc: |- - -----BEGIN PGP MESSAGE----- - - wcFMAyipFqBchOAqARAANPP1vGvr6zAO03qhMVSR7UmPQYHgJolmWhnujw3gduJR - mJAH6iu4JowafAHZrd0OqBIFgidwQRoBnXpMMdV+4VgVnAkPzxDhkoRYM9zSgtml - VrWAt/CZgQwZPJ5zWr0X9gX5w+SBkjRzsDTpGVTb663rau+NoyKklI8HVusEPI7P - A1GPFVgAZGzrJ8vrxfO2AmgmvurZEg+vpA3SDS4Xefbdb4TkU/zPdNwaS+DS/o0s - fDw284IMSy0x9jpOffIc9WrViPP/2JSRvJXWTvKqRvg1bwY8hR+nBz2C/KP5bLMM - De2jzJHJNq2+JNxTFBuxlUhC3GC7aCGPrtd7NTnqC6vcaBQupE/NmbA58nqhfREd - imPKw6OJDXP2vSviJPKyHyWZyOwtuOAsvd52tz+96CbdGmOpJFT3q89mwDATHBKa - v/2B9pSE4XJHT2DLoSLkFhHurzkwdSwM+oi+WOthpsVkUtYl2aEYMAmCy0EiWOq9 - a0r9Sp/taxofMBzxC6NIqrQd5RdYPVN85qY+ZRfj3TBcPy9dEavYG6tMO/MrJBri - 3oK/zQUQ4ZQb4MTPFHnQEpR67d1mK80uX8p2nlohHSjBy6pFuguPq2Nt5DRz6VIp - aAvj/qi/Ny6NMLL7RS/KuMpFOqsG8UneV6549UKVs77Y89N0iGVpJagFtwpDR4jS - 5gGsTw696twoFR32u2hpQ+dUayvmTdnacWO687U/kSs/xSh6b/WawRnjuvCRvTUm - S5+r0EbSe7+AvQgxCRgjvcrkuB9YuJL4D6OX7JY7WXRUwOLezuZAAA== - =cp/b - -----END PGP MESSAGE----- - fp: FD9645989F8F5113C93F7E8C1585560D0A87BA6A - unencrypted_suffix: _unencrypted - version: 3.7.2 diff --git a/ops/provision/main.tf b/ops/provision/main.tf deleted file mode 100644 index 5bdec32..0000000 --- a/ops/provision/main.tf +++ /dev/null @@ -1,275 +0,0 @@ -terraform { - backend "pg" {} - required_version = ">= 0.13" - - required_providers { - rancher2 = { - source = "rancher/rancher2" - version = "1.11.0" - } - kubectl = { - source = "gavinbunney/kubectl" - version = ">= 1.7.0" - } - } -} - -provider "helm" { - kubernetes { - config_path = "kube_config.yml" - } -} - -provider "kubectl" { - config_path = "kube_config.yml" -} - -provider "kubernetes" { - config_path = "kube_config.yml" -} - -data "local_file" "efs_name" { - filename = "efs_name" -} - -resource "helm_release" "ingress-nginx" { - name = "ingress-nginx" - namespace = "ingress-nginx" - create_namespace = true - version = "3.12.0" - repository = "https://kubernetes.github.io/ingress-nginx" - chart = "ingress-nginx" - - set { - name = "controller.service.type" - value = "LoadBalancer" - } -} - -resource "helm_release" "eks_efs_csi_driver" { - chart = "aws-efs-csi-driver" - name = "efs" - namespace = "storage" - create_namespace = true - repository = "https://kubernetes-sigs.github.io/aws-efs-csi-driver/" - - set { - name = "image.repository" - value = "602401143452.dkr.ecr.${var.region}.amazonaws.com/eks/aws-efs-csi-driver" - } -} - -resource "kubernetes_storage_class" "storage_class" { - storage_provisioner = "efs.csi.aws.com" - - parameters = { - directoryPerms = "700" - fileSystemId = trimspace(data.local_file.efs_name.content) - provisioningMode = "efs-ap" - } - reclaim_policy = "Retain" - metadata { - name = "efs-sc" - } -} - -resource "helm_release" "cert_manager" { - name = "cert-manager" - namespace = "cert-manager" - create_namespace = true - version = "1.1.0" - repository = "https://charts.jetstack.io" - chart = "cert-manager" - - set { - name = "installCRDs" - value = "true" - } -} - -resource "kubectl_manifest" "prod_issuer" { - depends_on = [helm_release.cert_manager] - yaml_body = file("./k8s/prod_issuer.yaml") -} - -resource "kubectl_manifest" "staging_issuer" { - depends_on = [helm_release.cert_manager] - yaml_body = file("./k8s/staging_issuer.yaml") -} - -resource "helm_release" "fcrepo" { - name = "fcrepo" - namespace = "default" - create_namespace = true - repository = "https://samvera-labs.github.io/fcrepo-charts" - chart = "fcrepo" - values = [ - file("k8s/fcrepo-values.yaml") - ] - -} - -resource "helm_release" "solr" { - name = "solr" - namespace = "default" - create_namespace = true - repository = "https://charts.bitnami.com/bitnami" - chart = "solr" - values = [ - file("k8s/solr-values.yaml") - ] -} - -resource "helm_release" "keel" { - name = "keel" - namespace = "keel" - repository = "https://charts.keel.sh" - chart = "keel" - create_namespace = true - version = "0.9.5" - - set { - name = "debug" - value = "true" - } - - set { - name = "service.enabled" - value = "true" - } - - set { - name = "helmProvider.enabled" - value = "false" - } - - set { - name = "basicauth.enabled" - value = "true" - } - - set { - name = "basicauth.user" - value = "admin" - } - - set { - name = "basicauth.password" - value = var.keel_password - } - - set { - name = "image.tag" - value = "latest" - } -} - -resource "kubernetes_namespace" "dev" { - metadata { - name = "dev" - annotations = { - "cattle.io/status" = jsonencode( - { - Conditions = [ - { - LastUpdateTime = "2021-07-28T05:25:40Z" - Message = "" - Status = "True" - Type = "ResourceQuotaInit" - }, - { - LastUpdateTime = "2021-07-28T05:25:41Z" - Message = "" - Status = "True" - Type = "InitialRolesPopulated" - }, - ] - }) - "field.cattle.io/projectId" = "c-d2h56:p-pdrrv" - "lifecycle.cattle.io/create.namespace-auth" = "true" - } - labels = { - "field.cattle.io/projectId" = "p-pdrrv" - } - } -} - -resource "kubernetes_namespace" "productionn" { - metadata { - name = "production" - annotations = { - "cattle.io/status" = jsonencode( - { - Conditions = [ - { - LastUpdateTime = "2021-07-28T05:25:40Z" - Message = "" - Status = "True" - Type = "ResourceQuotaInit" - }, - { - LastUpdateTime = "2021-07-28T05:25:41Z" - Message = "" - Status = "True" - Type = "InitialRolesPopulated" - }, - ] - } - ) - "field.cattle.io/projectId" = "c-d2h56:p-pdrrv" - "lifecycle.cattle.io/create.namespace-auth" = "true" - } - labels = { - "field.cattle.io/projectId" = "p-pdrrv" - } - } -} - -resource "kubectl_manifest" "gitlab-secrets" { - depends_on = [helm_release.cert_manager] - yaml_body = file("k8s/gitlab-secret-values.yaml") -} - -# Zalando -# v 1.8 is max version until we go to k8s 1.25+ -resource "helm_release" "zalando-postgres-operator" { - name = "zalando-postgres-operator" - create_namespace = true - namespace = "zalando-postgres-operator" - version = "1.8.2" - repository = "https://opensource.zalando.com/postgres-operator/charts/postgres-operator" - chart = "postgres-operator" - values = [ - templatefile("k8s/zalando-postgres-operator-values.yaml", { - backup_bucket = var.pg_bucket - region = var.region - aws_access_key_id = var.aws_access_key_id - aws_secret_access_key = var.aws_secret_access_key - }) - ] -} - -resource "helm_release" "zalando-postgres-operator-ui" { - depends_on = [helm_release.zalando-postgres-operator] - name = "zalando-postgres-operator-ui" - create_namespace = true - namespace = "zalando-postgres-operator" - version = "1.8.2" - repository = "https://opensource.zalando.com/postgres-operator/charts/postgres-operator-ui" - chart = "postgres-operator-ui" - values = [ - templatefile("k8s/zalando-postgres-operator-ui-values.yaml", { - backup_bucket = var.pg_bucket - region = var.region - aws_access_key_id = var.aws_access_key_id - aws_secret_access_key = var.aws_secret_access_key - }) - ] -} - -resource "kubectl_manifest" "postgres-cluster-alpha" { - depends_on = [helm_release.zalando-postgres-operator-ui] - yaml_body = templatefile("k8s/postgres-cluster-alpha-values.yaml", { - databases = split(",", var.pg_alpha_databases) - }) -} diff --git a/ops/provision/variables.tf b/ops/provision/variables.tf deleted file mode 100644 index 1e6d779..0000000 --- a/ops/provision/variables.tf +++ /dev/null @@ -1,21 +0,0 @@ -variable "region" { - default = "us-east-1" - description = "AWS region" -} - -variable "keel_password" { -} - -variable "pg_bucket" { - default = "samvera-pg" -} - -variable "aws_access_key_id" { -} - -variable "aws_secret_access_key" { -} - -variable "pg_alpha_databases" { - default = "fcrepo,hyku-dev-hyrax,hyku-production-hyrax" -} diff --git a/ops/provision/variables.tf.bak b/ops/provision/variables.tf.bak deleted file mode 100644 index 9f6a76d..0000000 --- a/ops/provision/variables.tf.bak +++ /dev/null @@ -1,24 +0,0 @@ -variable "region" { - default = "us-east-1" - description = "AWS region" -} - -variable "keel_password" { - default = "6618755f46e1" -} - -variable "pg_bucket" { - default = "samvera-pg" -} - -variable "aws_access_key_id" { - default = "AKIAQOPRJKDH6VRAJZFT" -} - -variable "aws_secret_access_key" { - default = "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" -} - -variable "pg_alpha_databases" { - default = "fcrepo,hyku-dev-hyrax,hyku-production-hyrax" -} diff --git a/ops/staging-deploy.tmpl.yaml b/ops/staging-deploy.tmpl.yaml deleted file mode 100644 index 8bc11aa..0000000 --- a/ops/staging-deploy.tmpl.yaml +++ /dev/null @@ -1,506 +0,0 @@ -replicaCount: 2 - -resources: - requests: - memory: "1Gi" - cpu: "250m" - limits: - memory: "2Gi" - cpu: "1000m" - -livenessProbe: - enabled: false -readinessProbe: - enabled: false - -brandingVolume: - storageClass: efs-sc -derivativesVolume: - storageClass: efs-sc -uploadsVolume: - storageClass: efs-sc - size: 200Gi - -extraVolumeMounts: &volMounts - - name: uploads - mountPath: /app/samvera/hyrax-webapp/tmp/imports - subPath: imports - - name: uploads - mountPath: /app/samvera/hyrax-webapp/tmp/exports - subPath: exports - - name: uploads - mountPath: /app/samvera/hyrax-webapp/public/system - subPath: public-system - - name: uploads - mountPath: /app/samvera/hyrax-webapp/public/uploads - subPath: public-uploads - - name: uploads - mountPath: /app/samvera/hyrax-webapp/tmp/network_files - subPath: network-files - - name: uploads - mountPath: /app/samvera/hyrax-webapp/storage/files - subPath: storage-files - -ingress: - enabled: true - hosts: - - host: s2.adventistdigitallibrary.org - paths: - - path: / - - host: "*.s2.adventistdigitallibrary.org" - paths: - - path: / - annotations: - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/proxy-body-size: "0" - cert-manager.io/cluster-issuer: wildcard-issuer - tls: - - hosts: - - "*.s2.adventistdigitallibrary.org" - - s2.adventistdigitallibrary.org - secretName: adventist-staging-wild-tls - -extraEnvVars: &envVars - - name: AWS_ACCESS_KEY_ID - value: $AWS_ACCESS_KEY_ID - - name: AWS_REGION - value: us-east-1 - - name: AWS_S3_BUCKET - value: space-stone-production-preprocessedbucketf21466dd-15sun4xy658nh - - name: AWS_SECRET_ACCESS_KEY - value: $AWS_SECRET_ACCESS_KEY - - name: AUXILIARY_QUEUE_TENANTS - value: sdapi - - name: BUNDLE_DISABLE_LOCAL_BRANCH_CHECK - value: "true" - - name: BUNDLE_LOCAL__HYKU_KNAPSACK - value: /app/samvera - - name: CONFDIR - value: "/app/samvera/hyrax-webapp/solr/conf" - - name: CH12N_TOOL - value: fits_servlet - - name: CLIENT_ADMIN_USER_EMAIL - value: $CLIENT_ADMIN_USER_EMAIL - - name: CLIENT_ADMIN_USER_PASSWORD - value: $CLIENT_ADMIN_USER_PASSWORD - - name: CONFDIR - value: "/app/samvera/hyrax-webapp/solr/conf" - - name: DATABASE_ADAPTER - value: postgresql - - name: DATABASE_HOST - value: acid-postgres-cluster-bravo.postgres.svc.cluster.local - - name: DATABASE_NAME - value: hyku-dev-hyrax - - name: DATABASE_USER - value: hyku-dev-hyrax - - name: DB_ADAPTER - value: postgresql - - name: DB_HOST - value: acid-postgres-cluster-bravo.postgres.svc.cluster.local - - name: DB_NAME - value: hyku-dev-hyrax - - name: DB_PASSWORD - value: $DATABASE_PASSWORD - - name: DB_PORT - value: "5432" - - name: DB_USER - value: hyku-dev-hyrax - # - name: EXTERNAL_IIIF_URL - # value: https://d3pg70bdc74ala.cloudfront.net/iiif/2 - - name: FCREPO_BASE_PATH - value: /adventist-dev - - name: FCREPO_HOST - value: fcrepo.default.svc.cluster.local - - name: FCREPO_PORT - value: "8080" - - name: FCREPO_PATH - value: /rest - - name: FCREPO_REST_PATH - value: rest - - name: FITS_SERVLET_URL - value: http://adventist-knapsack-staging-fits:8080/fits - # - name: GOOGLE_ANALYTICS_ID - # value: $GOOGLE_ANALYTICS_ID - # - name: GOOGLE_OAUTH_APP_NAME - # value: hyku_staging - # - name: GOOGLE_OAUTH_APP_VERSION - # value: '1.0' - # - name: GOOGLE_OAUTH_PRIVATE_KEY_SECRET - # value: $GOOGLE_OAUTH_PRIVATE_KEY_SECRET - # - name: GOOGLE_OAUTH_PRIVATE_KEY_PATH - # value: prod-cred.p12 - # - name: GOOGLE_OAUTH_PRIVATE_KEY_VALUE - # value: $GOOGLE_OAUTH_PRIVATE_KEY_VALUE - # - name: GOOGLE_OAUTH_CLIENT_EMAIL - # value: hyku-demo@s2.adventistdigitallibrary.org - - name: GOOD_JOB_CLEANUP_DISCARDED_JOBS - value: "false" - - name: GOOD_JOB_CLEANUP_PRESERVED_JOBS_BEFORE_SECONDS_AGO - value: "604800" - - name: GOOD_JOB_CLEANUP_INTERVAL_SECONDS - value: "86400" - - name: GOOGLE_ACCOUNT_JSON - value: $GOOGLE_ACCOUNT_JSON - - name: HYRAX_VALKYRIE - value: "true" - - name: HYKU_BLOCK_VALKYRIE_REDIRECT - value: "false" - - name: HYKU_ADMIN_HOST - value: "s2.adventistdigitallibrary.org" - - name: HYKU_ADMIN_ONLY_TENANT_CREATION - value: "false" - - name: HYKU_ALLOW_SIGNUP - value: "false" - - name: HYKU_BULKRAX_ENABLED - value: "true" - - name: HYKU_CONTACT_EMAIL - value: "support@notch8.com" - - name: HYKU_DEFAULT_HOST - value: "%{tenant}.s2.adventistdigitallibrary.org" - - name: HYKU_FILE_ACL - value: "true" - - name: HYKU_GEONAMES_USERNAME - value: "scientist" - - name: HYKU_MULTITENANT - value: "true" - - name: HYKU_QUEUED_RUNNER - value: "false" - - name: HYKU_ROOT_HOST - value: s2.adventistdigitallibrary.org - - name: HYRAX_ACTIVE_JOB_QUEUE - value: good_job - - name: HYRAX_ANALYTICS - value: "false" - - name: HYRAX_FITS_PATH - value: /app/fits/fits.sh - - name: HYRAX_FLEXIBLE - value: "false" - - name: HYKU_SHOW_BACKTRACE - value: "true" - - name: IN_DOCKER - value: "false" - - name: INITIAL_ADMIN_EMAIL - value: admin@example.com - - name: INITIAL_ADMIN_PASSWORD - value: testing123 - - name: LD_LIBRARY_PATH - value: /app/fits/tools/mediainfo/linux - - name: LOGGING_WITH_COLOR - value: "false" - - name: NEGATIVE_CAPTCHA_SECRET - value: $NEGATIVE_CAPTCHA_SECRET - - name: OMP_THREAD_LIMIT - value: "1" - - name: PASSENGER_APP_ENV - value: production - - name: RAILS_CACHE_STORE_URL - value: redis://:$REDIS_PASSWORD@adventist-knapsack-staging-redis-master:6379/0 - - name: RAILS_ENV - value: production - - name: RAILS_LOG_TO_STDOUT - value: "true" - - name: RAILS_MAX_THREADS - value: "5" - - name: RAILS_SERVE_STATIC_FILES - value: "true" - - name: REDIS_HOST - value: adventist-knapsack-staging-redis-master - - name: REDIS_URL - value: redis://:$REDIS_PASSWORD@adventist-knapsack-staging-redis-master:6379/0 - - name: REPOSITORY_S3_STORAGE - value: "true" - - name: REPOSITORY_S3_BUCKET - value: samvera-original-files-staging - - name: REPOSITORY_S3_REGION - value: us-east-1 - - name: REPOSITORY_S3_ACCESS_KEY - value: $AWS_ACCESS_KEY_ID - - name: REPOSITORY_S3_SECRET_KEY - value: $AWS_SECRET_ACCESS_KEY - - name: SECRET_KEY_BASE - value: $SECRET_KEY_BASE - - name: SENTRY_DSN - value: $SENTRY_DSN - - name: SENTRY_ENVIRONMENT - value: "adv-knapsack-staging" - - name: SERVERLESS_ALTO_DLQ - value: https://sqs.us-east-1.amazonaws.com/031107666127/space-stone-production-alto-xml-dlq - - name: SERVERLESS_BATCH_SIZE - value: "10" - - name: SERVERLESS_COPY_DLQ - value: https://sqs.us-east-1.amazonaws.com/031107666127/space-stone-production-copy-dlq - - name: SERVERLESS_COPY_SQS_URL - value: https://sqs.us-east-1.amazonaws.com/031107666127/space-stone-production-copy - - name: SERVERLESS_COPY_URL - value: https://3oqe2l9evk.execute-api.us-east-1.amazonaws.com/copy - - name: SERVERLESS_OCR_DLQ - value: https://sqs.us-east-1.amazonaws.com/031107666127/space-stone-production-ocr-dlq - - name: SERVERLESS_OCR_SQS_URL - value: sqs://us-east-1.amazonaws.com/031107666127/space-stone-production-ocr/ - - name: SERVERLESS_OCR_THUMB_DLQ - value: https://sqs.us-east-1.amazonaws.com/031107666127/space-stone-production-split-ocr-thumbnail-dlq - - name: SERVERLESS_PLAIN_TEXT_DLQ - value: https://sqs.us-east-1.amazonaws.com/031107666127/space-stone-production-plain-text-dlq - - name: SERVERLESS_S3_URL - value: s3://space-stone-production-preprocessedbucketf21466dd-15sun4xy658nh.s3.us-east-1.amazonaws.com/ - - name: SERVERLESS_SPLIT_SQS_URL - value: sqs://us-east-1.amazonaws.com/031107666127/space-stone-production-split-ocr-thumbnail/ - - name: SERVERLESS_TEMPLATE - value: "{{ `{{dir_parts[-1..-1]}}/{{ basename }}{{ extension }}` }}" - - name: SERVERLESS_THUMBNAIL_DLQ - value: https://sqs.us-east-1.amazonaws.com/031107666127/space-stone-production-thumbnail-dlq - - name: SERVERLESS_THUMBNAIL_SQS_URL - value: sqs://us-east-1.amazonaws.com/031107666127/space-stone-production-thumbnail/ - - name: SERVERLESS_WORD_DLQ - value: https://sqs.us-east-1.amazonaws.com/031107666127/space-stone-production-word-coordinates-dlq - - name: SMTP_ADDRESS - value: smtp.mailtrap.io - - name: SMTP_DOMAIN - value: smtp.mailtrap.io - - name: SMTP_ENABLED - value: "true" - - name: SMTP_PASSWORD - value: $SMTP_PASSWORD - - name: SMTP_PORT - value: "2525" - - name: SMTP_TYPE - value: cram_md5 - - name: SMTP_USER_NAME - value: $SMTP_USER_NAME - - name: SOLR_ADMIN_PASSWORD - value: $SOLR_ADMIN_PASSWORD - - name: SOLR_ADMIN_USER - value: admin - - name: SOLR_COLLECTION_NAME - value: hyku-adventist-staging - - name: SOLR_CONFIGSET_NAME - value: hyku-adventist-staging - - name: SOLR_HOST - value: solr.default - - name: SOLR_PORT - value: "8983" - - name: SOLR_URL - value: http://admin:$SOLR_ADMIN_PASSWORD@solr.default:8983/solr/ - - name: TEST_USER_EMAIL - value: user@example.com - - name: TEST_USER_PASSWORD - value: testing123 - - name: VALKYRIE_ID_TYPE - value: string - - name: VALKYRIE_TRANSITION - value: "true" - -worker: - replicaCount: 1 - resources: - requests: - memory: "4Gi" - cpu: "1000m" - limits: - memory: "8Gi" - cpu: "2000m" - podSecurityContext: - runAsUser: 1001 - runAsGroup: 101 - fsGroup: 101 - fsGroupChangePolicy: "OnRootMismatch" - extraVolumeMounts: *volMounts - extraEnvVars: *envVars - -# When adding/removing key-value pairs to this block, ensure the -# corresponding changes are made in the `extraDeploy` block below. -workerAux: - extraEnvVars: - - name: GOOD_JOB_QUEUES - value: "auxiliary_default,auxiliary_reimport,auxiliary_ingest,auxiliary_destroy_collections,auxiliary_collections,auxiliary_relationships,auxiliary_import,auxiliary_export:5" - -extraDeploy: - - |- - apiVersion: apps/v1 - kind: Deployment - metadata: - name: {{ include "hyrax.fullname" . }}-worker-aux - labels: - {{- include "hyrax.labels" . | nindent 4 }} - spec: - replicas: {{ .Values.worker.replicaCount }} - selector: - matchLabels: - {{- include "hyrax.workerSelectorLabels" . | nindent 6 }} - template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} - labels: - {{- include "hyrax.workerSelectorLabels" . | nindent 8 }} - spec: - initContainers: - - name: service-wait - image: "{{ .Values.worker.image.repository }}:{{ .Values.worker.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.worker.image.pullPolicy }} - envFrom: - - configMapRef: - name: {{ include "hyrax.fullname" . }}-env - - secretRef: - name: {{ template "hyrax.fullname" . }} - env: - {{- toYaml .Values.worker.extraEnvVars | nindent 12 }} - {{- toYaml .Values.workerAux.extraEnvVars | nindent 12 }} - command: - - sh - - -c - - "service-wait.sh {{ include "hyrax.redis.host" . }}:6379" - {{- if .Values.worker.extraInitContainers }} - {{- toYaml .Values.worker.extraInitContainers | nindent 8 }} - {{- end }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "hyrax.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.worker.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }}-worker - securityContext: - {{- toYaml .Values.worker.securityContext | nindent 12 }} - image: "{{ .Values.worker.image.repository }}:{{ .Values.worker.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.worker.image.pullPolicy }} - envFrom: - - configMapRef: - name: {{ include "hyrax.fullname" . }}-env - - secretRef: - name: {{ template "hyrax.fullname" . }} - {{- if .Values.solrExistingSecret }} - - secretRef: - name: {{ .Values.solrExistingSecret }} - {{- end }} - {{- with .Values.worker.extraEnvFrom }} - {{- toYaml . | nindent 12 }} - {{- end }} - env: - {{- toYaml .Values.worker.extraEnvVars | nindent 12 }} - {{- toYaml .Values.workerAux.extraEnvVars | nindent 12 }} - {{- if .Values.worker.readinessProbe.enabled }} - readinessProbe: - exec: - command: - {{- toYaml .Values.worker.readinessProbe.command | nindent 16 }} - failureThreshold: {{ .Values.worker.readinessProbe.failureThreshold }} - initialDelaySeconds: {{ .Values.worker.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.worker.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.worker.readinessProbe.successThreshold }} - timeoutSeconds: {{ .Values.worker.readinessProbe.timeoutSeconds }} - {{- end }} - volumeMounts: - - name: derivatives - mountPath: /app/samvera/derivatives - - name: uploads - subPath: file_cache - mountPath: /app/samvera/file_cache - - name: uploads - subPath: uploads - mountPath: /app/samvera/uploads - {{- if .Values.applicationExistingClaim }} - - name: application - mountPath: /app/samvera/hyrax-webapp - {{- end }} - {{- with .Values.worker.extraVolumeMounts }} - {{- toYaml . | nindent 12 }} - {{- end }} - resources: - {{- toYaml .Values.worker.resources | nindent 12 }} - {{- with .Values.extraContainerConfiguration }} - {{- toYaml . | nindent 10 }} - {{- end }} - volumes: - - name: "derivatives" - {{- if and .Values.derivativesVolume.enabled .Values.derivativesVolume.existingClaim }} - persistentVolumeClaim: - claimName: {{ .Values.derivativesVolume.existingClaim }} - {{- else if .Values.derivativesVolume.enabled }} - persistentVolumeClaim: - claimName: {{ template "hyrax.fullname" . }}-derivatives - {{ else }} - emptyDir: {} - {{ end }} - - name: "uploads" - {{- if and .Values.uploadsVolume.enabled .Values.uploadsVolume.existingClaim }} - persistentVolumeClaim: - claimName: {{ .Values.uploadsVolume.existingClaim }} - {{- else if .Values.uploadsVolume.enabled }} - persistentVolumeClaim: - claimName: {{ template "hyrax.fullname" . }}-uploads - {{ else }} - emptyDir: {} - {{ end }} - {{- if .Values.applicationExistingClaim }} - - name: "application" - persistentVolumeClaim: - claimName: {{ .Values.applicationExistingClaim }} - {{- end }} - {{- with .Values.worker.extraVolumes }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.worker.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.worker.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.worker.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} - -podSecurityContext: - runAsUser: 1001 - runAsGroup: 101 - fsGroup: 101 - fsGroupChangePolicy: "OnRootMismatch" - -embargoRelease: - enabled: false -leaseRelease: - enabled: false - -imagePullSecrets: - - name: github-registry - -fcrepo: - enabled: false -postgresql: - enabled: false -redis: - image: - repository: bitnamilegacy/redis - tag: 7.0.2-debian-11-r9 - architecture: standalone - cluster: - enabled: false - password: $REDIS_PASSWORD -solr: - enabled: false - -externalFcrepoHost: fcrepo.default.svc.cluster.local -externalPostgresql: - host: acid-postgres-cluster-bravo.postgres.svc.cluster.local - username: hyku-dev-hyrax - password: $DATABASE_PASSWORD - database: hyku-dev-hyrax -externalSolrHost: solr.default.cluster.local -externalSolrUser: admin -externalSolrPassword: $SOLR_ADMIN_PASSWORD -externalSolrCollection: "hyku-adventist-staging" - -global: - hyraxName: hyku-staging-hyrax - -nginx: - enabled: false - service: - port: 80