diff --git a/kustomize/base/files/es_ca.crt b/kustomize/base/files/es_ca.crt new file mode 100644 index 0000000..31a3116 --- /dev/null +++ b/kustomize/base/files/es_ca.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSjCCAjKgAwIBAgIVALoaO+vyeJc6elKN4SMIOb9AKm8HMA0GCSqGSIb3DQEB +CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu +ZXJhdGVkIENBMB4XDTIxMDkwMzEyMTIwNFoXDTIyMDkwMzEyMTIwNFowNDEyMDAG +A1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5lcmF0ZWQgQ0Ew +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSkIH2QlzcEncmAAwtkVw7 +Nsr7WEBO7eIIST3mY9XJwlqP4IsR9C9UnSXUSpWSJEcv1I6mrZE38Hyq/rvcEFZK +ZSgHYDsJiVglkUZFdv5S84vgVSROoy+8r10fokHfpbidtJmXabP5T6VD+LE+Mg7y +RddhHZCoM4wHveo/q55c3RCoVc0PEELrk0vVqvYK99LO+yAprBPzRuXDZx5oJkxD ++Uc4rTyNCcTTo8CkK1BfccXktBHTQvOzOYxuwyGxb/GCaKwcGG+XQ4TRt3o7r3GR +TOKCNO+sM6c0g7W0OoL38v7/IKAufTcmU7QO/tb9NBz/G9N57EOqhPdp/46ih1XX +AgMBAAGjUzBRMB0GA1UdDgQWBBQTPREWSx37K1IpHecIquNdDE7ztDAfBgNVHSME +GDAWgBQTPREWSx37K1IpHecIquNdDE7ztDAPBgNVHRMBAf8EBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQAGVoeS1hfVOrDnnLYzPSrF9IfHEzt/eSr3ymEiNUK8ZaRS +9gpvRgX8n0pS197wVyK8hd2iXzH58H6KMkhcWZH2uNLEB8aOFOCkQxnU4NsMYRjT +RaS+qf29YbH6LkyO1kxCtGxldKybj8I8MFf8X0mBLN4Nk+w+KqKVFsl63AMtsJkq +WOgjoYZcY+FQW0HqS2AzDVkDZiXAtjwtXXjONAJOylRHDieA3UByukNHI0OtIurX +ePsDUoEakawtgXZmD8/RCt8Jpqm5UDwAioa18KJv3u5yqtX+whUnFSI7u5+Mzlay +2aOT5tIpOXQPV3tuUSvC6CYpoJOrLjgJSJhcP8Uo +-----END CERTIFICATE----- diff --git a/kustomize/base/files/exporter.cfg b/kustomize/base/files/exporter.cfg new file mode 100644 index 0000000..ade1708 --- /dev/null +++ b/kustomize/base/files/exporter.cfg @@ -0,0 +1,36 @@ +[query_authlog_root_login] +# The DEFAULT settings can be overridden. +QueryIntervalSecs = 60 +QueryTimeoutSecs = 15 +QueryIndices = <*-authlog-*> +QueryOnError = preserve +QueryOnMissing = zero +QueryJson = { + "size": 0, + "query": { + "bool": { + "must": [], + "filter": [ + { + "range": { + "@timestamp": { + "format": "strict_date_optional_time", + "gte": "now-5m/m", + "lte": "now" + } + } + }, + { + "exists": { + "field": "system.auth.user" + } + }, + { + "match_phrase": { + "system.auth.user": "root" + } + } + ] + } + } + } diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml new file mode 100644 index 0000000..58a1855 --- /dev/null +++ b/kustomize/base/kustomization.yaml @@ -0,0 +1,15 @@ +resources: +- resources/deployment.yaml +- resources/servicemonitor.yaml +- resources/service.yaml + +generatorOptions: + disableNameSuffixHash: false + +configMapGenerator: +- name: prometheus-es-exporter-cacert + files: + - files/es_ca.crt +- name: prometheus-es-exporter-config + files: + - files/exporter.cfg diff --git a/kustomize/base/resources/deployment.yaml b/kustomize/base/resources/deployment.yaml new file mode 100644 index 0000000..70636a4 --- /dev/null +++ b/kustomize/base/resources/deployment.yaml @@ -0,0 +1,69 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: prometheus-es-exporter + release: prometheus-es-exporter + name: prometheus-es-exporter +spec: + replicas: 1 + selector: + matchLabels: + app: prometheus-es-exporter + template: + metadata: + creationTimestamp: null + labels: + app: prometheus-es-exporter + spec: + containers: + - args: + - --es-cluster=https://dev-elastic-stack-elastic-01:9200,https://dev-elastic-stack-elastic-02:9200,https://dev-elastic-stack-elastic-03:9200 + - --port=9206 + - --config-file=/mnt/config/exporter.cfg + - --ca-certs=/mnt/certs/es_ca.crt + env: + - name: ES_EXPORTER_BASIC_USER + valueFrom: + secretKeyRef: + name: prometheus-es-exporter-es-creds + key: username + - name: ES_EXPORTER_BASIC_PASSWORD + valueFrom: + secretKeyRef: + name: prometheus-es-exporter-es-creds + key: password + image: braedon/prometheus-es-exporter:0.14.0 + livenessProbe: + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: prometheus + timeoutSeconds: 1 + name: prometheus-es-exporter + ports: + - containerPort: 9206 + name: prometheus + protocol: TCP + readinessProbe: + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: prometheus + timeoutSeconds: 1 + volumeMounts: + - mountPath: /mnt/config + name: config-volume + - mountPath: /mnt/certs + name: cert-volume + volumes: + - name: config-volume + configMap: + defaultMode: 420 + name: prometheus-es-exporter-config + - name: cert-volume + configMap: + defaultMode: 420 + name: prometheus-es-exporter-cacert diff --git a/kustomize/base/resources/service.yaml b/kustomize/base/resources/service.yaml new file mode 100644 index 0000000..cb0b04b --- /dev/null +++ b/kustomize/base/resources/service.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + app: prometheus-es-exporter + name: prometheus-es-exporter +spec: + ports: + - name: http-metrics + port: 9206 + protocol: TCP + targetPort: prometheus + selector: + app: prometheus-es-exporter + release: prome-es-exporter + type: ClusterIP diff --git a/kustomize/base/resources/servicemonitor.yaml b/kustomize/base/resources/servicemonitor.yaml new file mode 100644 index 0000000..b423912 --- /dev/null +++ b/kustomize/base/resources/servicemonitor.yaml @@ -0,0 +1,20 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + app: prometheus-es-exporter + jobLabel: prometheus-es-exporter + release: prometheus + name: prometheus-es-exporter + namespace: monitoring +spec: + endpoints: + - + interval: 60s + path: /metrics + scrapeTimeout: 30s + targetPort: 9206 + jobLabel: jobLabel + selector: + matchLabels: + app: prometheus-es-exporter diff --git a/kustomize/dev/.sops.yaml b/kustomize/dev/.sops.yaml new file mode 100644 index 0000000..027d3fd --- /dev/null +++ b/kustomize/dev/.sops.yaml @@ -0,0 +1,15 @@ +# Fingerprint | User ID +# A7A1D860AA45B6B5B29BC192C55BD9B4CD8DE439 | smardigo automation DEV +# 890B2EB48F343D4C6DB9DA0916826F30002D3C1D | smardigo automation QA +# E5B4FE1E0209DFFE320D2A2E47087747D89B72EC | smardigo automation PRODNSO +# D65D400040387210377B6A71DFD775644EAAC77B | Friedrich Goerz +# BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 | GPG DevOps +# 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 | Claus Paetow +creation_rules: + # list of keys for encryption in __DEV__ stage + - encrypted_regex: "^(data|stringData)$" + pgp: >- + A7A1D860AA45B6B5B29BC192C55BD9B4CD8DE439, + D65D400040387210377B6A71DFD775644EAAC77B, + BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5, + 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 diff --git a/kustomize/dev/kustomization.yaml b/kustomize/dev/kustomization.yaml new file mode 100644 index 0000000..5f8d02d --- /dev/null +++ b/kustomize/dev/kustomization.yaml @@ -0,0 +1,8 @@ +bases: +- ../base + +generators: +- resources/secgen-es-creds.yaml + +patchesStrategicMerge: +- patches.yaml diff --git a/kustomize/dev/patches.yaml b/kustomize/dev/patches.yaml new file mode 100644 index 0000000..52ec4c7 --- /dev/null +++ b/kustomize/dev/patches.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: prometheus-es-exporter + release: prometheus-es-exporter + name: prometheus-es-exporter +spec: + template: + spec: + containers: + - args: + - --es-cluster=https://dev-elastic-stack-elastic-01:9200,https://dev-elastic-stack-elastic-02:9200,https://dev-elastic-stack-elastic-03:9200 + - --port=9206 + - --config-file=/mnt/config/exporter.cfg + - --ca-certs=/mnt/certs/es_ca.crt + env: + - name: ES_EXPORTER_BASIC_USER + valueFrom: + secretKeyRef: + name: prometheus-es-exporter-es-creds + key: username + - name: ES_EXPORTER_BASIC_PASSWORD + valueFrom: + secretKeyRef: + name: prometheus-es-exporter-es-creds + key: password + image: braedon/prometheus-es-exporter:0.14.0 + livenessProbe: + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: prometheus + timeoutSeconds: 1 + name: prometheus-es-exporter + ports: + - containerPort: 9206 + name: prometheus + protocol: TCP + readinessProbe: + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: prometheus + timeoutSeconds: 1 + volumeMounts: + - mountPath: /mnt/config + name: config-volume + - mountPath: /mnt/certs + name: cert-volume + hostAliases: + - hostnames: + - dev-elastic-stack-elastic-01 + ip: 10.0.0.5 + - hostnames: + - dev-elastic-stack-elastic-02 + ip: 10.0.0.6 + - hostnames: + - dev-elastic-stack-elastic-03 + ip: 10.0.0.7 diff --git a/kustomize/dev/resources/secgen-es-creds.yaml b/kustomize/dev/resources/secgen-es-creds.yaml new file mode 100644 index 0000000..c11b8f3 --- /dev/null +++ b/kustomize/dev/resources/secgen-es-creds.yaml @@ -0,0 +1,6 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: prometheus-es-exporter-es-creds +files: + - secrets/es_basic_auth.enc.yaml diff --git a/kustomize/dev/secrets/es_basic_auth.enc.yaml b/kustomize/dev/secrets/es_basic_auth.enc.yaml new file mode 100644 index 0000000..6dbbc85 --- /dev/null +++ b/kustomize/dev/secrets/es_basic_auth.enc.yaml @@ -0,0 +1,100 @@ +apiVersion: v1 +kind: Secret +metadata: + name: prometheus-es-exporter-es-creds + annotations: + kustomize.config.k8s.io/needs-hash: "true" +stringData: + username: ENC[AES256_GCM,data:Mghly4FFAg==,iv:mIiUQlDCCcFvsl+s3FmNdQCRnVH0dMPg8VAwGOMDhs8=,tag:B36tpKrZK2uFjmbptZnNnw==,type:str] + password: ENC[AES256_GCM,data:6otBEdMQHWx3bBtF,iv:Ii0/Wzt0yrDrx0AgziPluLHYMWoJga+gFTQQQDElg7Y=,tag:hPiTjb3rp+tHsPi2yTzKAQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-04-28T10:16:06Z" + mac: ENC[AES256_GCM,data:ejK0T06nxYyPMxgzae5A8H+zdDGu1JhfcC5RZ9rq1VvNWecni6OIbeX/EWxH1/EUyKmHjOvRDRLsPTzeonyjtGjGxkR5Rv/boojSvDfRhFpAgpkQNRCIBpbNZOtl1mvYt0QR2jGZUT9DeWqDeQtJJU1wdJeJB4nOiv2pXgtFVvQ=,iv:VC2qLqRGV5NKXlmqZJEFq7Tpmr1eBxg9iQQp/J/o1eQ=,tag:aYEHv0TFHhHRonMtPXELlQ==,type:str] + pgp: + - created_at: "2022-04-28T09:58:53Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA/3nDyRfgQqhAQ//Q+cNKuWEaLW6gjYwd5cG4bnWVBsFnu3ZceXQj6NtbPvA + faFdBEkTTF+3q/evnmLZbpIktJF8bi0khnxvC1QlwtqhQ4p44Apd6zBUtPDKntKg + 0MCu+R17lK8j5J6H5NZjG8ciSnPY3Ti7Zn8ElypMlr6jjofOyJ2vPBR745Z7UNjI + Vjkdk1DrHr77dKzW5F4CSYpIyPWGZXwsPPatpmwdHtRgF6PycR3UOwzfR4bOHu9H + l3LQvu1WwFOJnwHXwqGffSYs3drTtyT34L/tHKfws13o3t/UW1z6E8ofYQlaMub3 + 5Z1ETAxfVqoOzdmG/H/TYa+f7PUgtnqCC5Conac0qaoYjHCBTxM02Xh/1jyTwi4F + odexsZNGlb9jFR1uZCzRltdBlsoSj7+PusQ7bfmpCO0MdvXG064N/SJaGmQJgZED + YoIXTnjLoC2jr5j14ENKbmizERzRMQ0D5UClKjxykGA4vrnS5wA47yd42fXWFw3f + Zm0umpAy5T0GUpBh+KCvf2/QOGI8aUZSZlq+UnkL3UixRZxEDQznC8fP+05AtkgT + zo4Rv9TCStPLNi1ivwrCZhBUZuCxjfZtCMnwglUrrHNAxmIY3UWVj9LpbIisglJF + P2azyXRYq7fKCna1bk8Nbr38CkiVqmpCbzhESTwQCGb0IcwFUxJY2AS06s6WV4XS + XgHzCkUD2iYyAxL7aSQe3tLsPqkdZGJVf9K7ABmqGbnGiEb6UkvszBBf/rxQpJNe + TZ2Ns3LD+BPWrjL4IuDcYEZxKHHz7SZFaxPck35rFhsC39B3Gzjz8+gtBZ6CAw0= + =0Muj + -----END PGP MESSAGE----- + fp: A7A1D860AA45B6B5B29BC192C55BD9B4CD8DE439 + - created_at: "2022-04-28T09:58:53Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQILA4Npij8bx0m7AQ/3eurFZFiU47Aj41AO8NtNZHT2ZTWD1YNwb9kPD7JSV6cu + cv+KWEQt76KG+O5UidXLboDpH39j9wYfzw1t8cn8HUSGoGv71v+oYh+nn1djTt8H + y7nYg//+i4jxCTKynI1SxePc36nY1NsZb5duMgln8XrYNohqGBd5Mnab5m9pHl4t + 58Mn+N0WA1qLA0voH/WZqngVklhZZLbkWE3AYned1aPshed5GmJk8l/DsfIiWoHf + X2k4GP96hmjV7hIvNdRZg4tJ4YAmdA1Ze29qEJoctS+Pn5zbY7z2CxRFqwjVzXZb + NAMYKy1s+kSN8Mi9pHv8j23SqbV1+pO/W6uVVPWBoVjP5TmxrdhnxEIIfN88Tmsu + E23qC0m8eEfyl/K9nClWvDNJQOjCX+sKUvxJhyL2XB/pRNXMijsfV5vHpaOLidnm + AwO2xU+Jeb5ujloYQHMHsK7tkiKwqmsupug51ExQ/9K2+1MSwnoXdGUyKp3RLcU9 + gDwoBrE+9bnbmOQ5tYjBsFxi7FylaCUCUox2rlKQ7GbxFWFrNqmdiH6PH9fxJEtl + Ym4PxnA22DJVeRSMt2FfPVJ/hljfqSePwaQGM1CBhZkXn5wVm2ZH07nura41pCzw + CGsFHs15SMCwalaDS5hWr0ID80SLE0J921XZQ4UvsKTz/w7EqFxeR3bsJyRF0NJe + AYixkvSPUJTKGRNMu2aa7Dk9albqhahUPSRuJV12kWv1qC5Cw8e8HUMifBLNoEKX + ZDxLYDpi+jF1dGmOAnIjQ1vgb1PJ1ln4F+CqM6Tgov652KXi8AMb7q3N8b1Qrw== + =OoQE + -----END PGP MESSAGE----- + fp: D65D400040387210377B6A71DFD775644EAAC77B + - created_at: "2022-04-28T09:58:53Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA+5f33GLJ89bAQ//YUDnkf1n2gLZaewGWu5D47nU8wxGFSmoyHbQ9d8OiuvD + 5AeKuj7alE1eaOp4RrRxwYgbVd+QZ+R/rcbp+KoSB4DiA+4mIA1K0iaw1eVw2OAz + 3zBsgysGs6K6U/wUvJf9hnNyjaWL1UjVdLnaMzKWplPjp/ypr975FDAt1Lwzrg+i + Vrpg8+HMN6CE7BAyK9tFWAWn3atLHQO/hpGHwvKMHW9pXqq85Ild0xzdTYndgKyG + JYYJbCeLqWfSAVsta9WSGpAZgr0olBocXNsDEZEE9ksc+rGL54hm+PbmIYcFXiEy + iLg21D25q0jAfkt8gi9Adz3Cddi6f2OEX/HyMJoJXx2/OHsOzYKIOS6Il1AmJyy+ + uPzSvUR4Pc1omnvSz1TuG4i3GsLSXbaKiiFkkRPIMlLTFdy3Tbm/mCkrGoiWmH3P + 00xT74GwR7DNwHfEWhaKnWk7uEh8z0L9gAInj7srJ9SUeUrxu/2HSgz7voEWw/tE + e21pvKmflmzFhP8jpmyuVdhPdhBNl1Lbc0J7kLGpmZCX1Vg3IzdufynyiGgbdzGL + Nj+XbwFE9uqc3xrrI6SHa7gPDWoItXV55280ZgqzZShPZoZePr5XqyClGx7vf9/x + zkJhFrBBo0nq16mBwwSfHMax50RXnF5Fankzk50XI2EEQ5/YwDPNYbGX+TbiPGTS + XgF7FOTFxHJ6ilRaNpoBzpwS1erg3+H5jW885sqU5rqky9G/LiDOHF2zAbOvX3ZO + E0YXJjTzzeLyHuwuBfvYCJpRT7DZJF9knrn+aQnmQF4syNyuX1XccP6i5dpR8iU= + =PYnN + -----END PGP MESSAGE----- + fp: BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 + - created_at: "2022-04-28T09:58:53Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA1kDHheI9SLWAQ/+KZ0og96FSxU0cWxTx8upT+yRWILOhGNEYu8fUlh0SORc + q3ThfpzgXAMrYyoeRLLEiDl3B09cyZmGiFfOXZu/X0RSgmt8jK9DS3aC+38+XMzR + a3xaH6OuGzEhX3tHnB5P0TPfsu7VtqkJ21q+/LcN+5Q4U1cgaIz3E57/uDzNrnYf + AQ/coDGU9QatQVooku+ZIlJ965rwcuB2fVfay+bLNoX+KhKoPgJqYRi0YJ6+4WRb + Sy1Bln2VrXlqx0iRI62QSsaE+3Xhv1EBvBLJvYhkcv/5vJC9ZM8EEJ/KAUrBC5Jr + wcA6+UfFLn4k5wNMgl3BNudPLmX/HITMkkdbiGp/KbS745liV3Dku/bwi3HTHj2i + BWTAGIK4C2lZzIw8btLeg4kc1ysnUBqaX0hf8Rdzo9ektytUDatp/ozhcdS5/zBx + ctGY6YYY3SB3NupOe1BC3QOTbB55gwtGthjdgVI2AzFK/2qkqwhANV2kwLeSPXbI + 9Y0KOQCfBH5LXDopakCoyOR4bAIT+aPV3rIHmDaUbVLDts9AILNPsiwKaSYZhH9z + VLtZqfbbc/wcbtokdNUy5R1YwLfvHbdnhbaw/tfQurbzYIa37N9fW0JJOyL7onyu + 9nlwIZKWAsvrpwxvYhdL9Bvn97LZhaW+NqR3Hvchwnt2GI0ogK3TQ0N5Jo5fb5HS + XgH3MaL/oqJIB6RsL7pvuiT5urkl9MN3NmiuFQoN/+W5nUGtSSLhUNdQLFwYTDDE + 7iZMJJM7y8EhdbEgk3Q75KEZ9S7dT+g2LB2PyYUyriN7JGHJMjmwgXT9dE+1EWw= + =nToY + -----END PGP MESSAGE----- + fp: 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 + encrypted_regex: ^(data|stringData)$ + version: 3.7.1 diff --git a/kustomize/prodnso/.sops.yaml b/kustomize/prodnso/.sops.yaml new file mode 100644 index 0000000..30d6e1c --- /dev/null +++ b/kustomize/prodnso/.sops.yaml @@ -0,0 +1,15 @@ +# Fingerprint | User ID +# A7A1D860AA45B6B5B29BC192C55BD9B4CD8DE439 | smardigo automation DEV +# 890B2EB48F343D4C6DB9DA0916826F30002D3C1D | smardigo automation QA +# E5B4FE1E0209DFFE320D2A2E47087747D89B72EC | smardigo automation PRODNSO +# D65D400040387210377B6A71DFD775644EAAC77B | Friedrich Goerz +# BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 | GPG DevOps +# 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 | Claus Paetow +creation_rules: + # list of keys for encryption in __DEV__ stage + - encrypted_regex: "^(data|stringData)$" + pgp: >- + E5B4FE1E0209DFFE320D2A2E47087747D89B72EC, + D65D400040387210377B6A71DFD775644EAAC77B, + BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5, + 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 diff --git a/kustomize/prodnso/kustomization.yaml b/kustomize/prodnso/kustomization.yaml new file mode 100644 index 0000000..5f8d02d --- /dev/null +++ b/kustomize/prodnso/kustomization.yaml @@ -0,0 +1,8 @@ +bases: +- ../base + +generators: +- resources/secgen-es-creds.yaml + +patchesStrategicMerge: +- patches.yaml diff --git a/kustomize/prodnso/patches.yaml b/kustomize/prodnso/patches.yaml new file mode 100644 index 0000000..272b58a --- /dev/null +++ b/kustomize/prodnso/patches.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: prometheus-es-exporter + release: prometheus-es-exporter + name: prometheus-es-exporter +spec: + template: + spec: + containers: + - args: + - --es-cluster=https://prodnso-elastic-stack-elastic-01:9200,https://prodnso-elastic-stack-elastic-02:9200,https://prodnso-elastic-stack-elastic-03:9200 + - --port=9206 + - --config-file=/mnt/config/exporter.cfg + - --ca-certs=/mnt/certs/es_ca.crt + env: + - name: ES_EXPORTER_BASIC_USER + valueFrom: + secretKeyRef: + name: prometheus-es-exporter-es-creds + key: username + - name: ES_EXPORTER_BASIC_PASSWORD + valueFrom: + secretKeyRef: + name: prometheus-es-exporter-es-creds + key: password + image: braedon/prometheus-es-exporter:0.14.0 + livenessProbe: + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: prometheus + timeoutSeconds: 1 + name: prometheus-es-exporter + ports: + - containerPort: 9206 + name: prometheus + protocol: TCP + readinessProbe: + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: prometheus + timeoutSeconds: 1 + volumeMounts: + - mountPath: /mnt/config + name: config-volume + hostAliases: + - hostnames: + - prodnso-elastic-stack-elastic-01 + ip: 10.0.0.17 + - hostnames: + - prodnso-elastic-stack-elastic-02 + ip: 10.0.0.3 + - hostnames: + - prodnso-elastic-stack-elastic-03 + ip: 10.0.0.16 diff --git a/kustomize/prodnso/resources/secgen-es-creds.yaml b/kustomize/prodnso/resources/secgen-es-creds.yaml new file mode 100644 index 0000000..c11b8f3 --- /dev/null +++ b/kustomize/prodnso/resources/secgen-es-creds.yaml @@ -0,0 +1,6 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: prometheus-es-exporter-es-creds +files: + - secrets/es_basic_auth.enc.yaml diff --git a/kustomize/prodnso/secrets/es_basic_auth.enc.yaml b/kustomize/prodnso/secrets/es_basic_auth.enc.yaml new file mode 100644 index 0000000..a5062e3 --- /dev/null +++ b/kustomize/prodnso/secrets/es_basic_auth.enc.yaml @@ -0,0 +1,100 @@ +apiVersion: v1 +kind: Secret +metadata: + name: prometheus-es-exporter-es-creds + annotations: + kustomize.config.k8s.io/needs-hash: "true" +stringData: + username: ENC[AES256_GCM,data:XwUkrdK2gg==,iv:8gl8UZMHAhBfbzpxOlkH6U2+0VU0flj0qBAe8p7DEBk=,tag:tKdRxpZE7DxuaCZYGBEfEw==,type:str] + password: ENC[AES256_GCM,data:yMXTmDTVFdFYo6S7W8W8iXnpcBE=,iv:RGt8fIlD2VyLvZ7eSPxpuZuq4DffeS1V6bupbK7i+aU=,tag:kKfYznqSJWHv3J1aSCjwXw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-04-28T10:17:37Z" + mac: ENC[AES256_GCM,data:3wGW8U0WoYOZ8hvZdTmtYlC41xhuyZjKMhOTgMo/WDim58oKpUcaR1ZDm0pA0/5QtHVyX07dUAPRWxkhsb1QonPvf4FnjZdIQYpgajcv7rRQphrP0EUCxHRQ7AOdwHS7tsl3j/5ZwqhHMlWapJB/zbLdr65iuurr6L8/2s6948U=,iv:mYDGFhwt1/u7cr5+ehkPPIaiMKVQrJk+m2UXCIPMgvA=,tag:UIgmhAWK6smFfWHwlil5NA==,type:str] + pgp: + - created_at: "2022-04-28T10:01:05Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA911WKxzIy2nARAArkkgv58Kpa9vu09oK1bWviB4WEs4a7KK/9nTvMLk+dz8 + rJkmAKD88ToOUf07nJW10PPV/59kYWfvyZHMCsweQFopjU8x3PQoV+ugXyElLQGe + UuNrfhWjIEivFTxOTIPN/Q3Tr+KHH6/0MjfaqKpxBRXHVJniMMmamJXpftEThyDt + 87EbXKXW/qMi9uHDSguBOBUubJD/l/efJIMmSN55jbVP4Q5hEwch6lbKoGiEq04p + o2YeFq0ij1c/kQdrt40zwW0t+4O6yyMEh5IW6IAFLojAS/PcLrfHABnXAnctn994 + W/11YxQO5BmDfUVk8gKKZKevR7ObYfS/RqDdJl4yTfdufxRW27Qxg9P91YefYaJz + S8HKJ1bR50KxUOUBld4C5rjuRQSnj6Oe6r7nz5uboafgqpY0fw2cEtgTTe8w5+mC + DRS8eR2slWIayi3RK6LKP4iIahLE+0P3xnh0l0uk3eVRZNkCex9A0kku8N5uP5dN + GnipGOgx4IvjXGheaoJUmiILo2W2mizrKF1oUkOgXDbpWarPPXJ4wDpgsUjbGJD/ + BVGy/0Tvi3d3F5GDGXb12qnbRGsuEseX9zHR4kSMsDxYP+/1e5dRhTLhlM2jRK2U + Q0juqW7QKGxo7kEnjuB6uest8nRjpeEQduJL5vT0vK7Qa7yueOYFmTkTnB//RWrS + XgG04H+BBPvXSPlrKBelyMY7AatL0yAS3KuHpxECZuldH0iKlctf5uisvWlMl13e + fDCL+OBhpDQHLJ+6VcLMzetFUjpHFviL3Pz7OCBQh4V3WvGXN/VHY7+N/KtucAQ= + =e4zn + -----END PGP MESSAGE----- + fp: E5B4FE1E0209DFFE320D2A2E47087747D89B72EC + - created_at: "2022-04-28T10:01:05Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4Npij8bx0m7ARAAjXn9pJJHB/ab1jQKhIVrW5fmYGWjiYiHIOrgoXkkLpZt + SWml5c9v2nwjjdqmP6twmwanCVbdA5ideesci2oZCpHFdoo0iZCYGOp9gcCBNMsv + CIj8INR+nqgOT5u8AddH+BJPzwqepkaT56vKRLI85eS/txLCZkpHCzD65ePfGSyU + R0H1pwh9m8aewlqZAURJ3pQ2XgJsnaLl8s1+BzwQf7jDhNVtR3ZdBtcfjDocOfOD + JP2gJ1wNRH4BFocfFOLB0gcJK9zestWILwSedLK9b2sq+uuBzADDn5wS/+1eOQU2 + 1HO0ATqbWwS9Svk6QlCokxm9iu9ILJXviJnaRA9x9F/nM8Juek7NJWxNnsb1iz7f + v2Ho3wnqfphZCKF+/epAaqc5gdNiHPEpevEMLOc1mHn0KTqVtxQcq8vmJTqpyiBh + 8y1qKFMbKAe71SBMhf/rNIOO5516ULbasL7h8i2c8Lpj6AkUs5JTnfKCK+wdVOLc + dH+zIrR6JixJmALTu9/LJB55Bs9ESO/qCbQiV4Kh1L/lkCwLRP4zf5ajRzfOH+n7 + yI8cezr9PX6mvxFVBTJFviopQfp0GX0VcBjd+chMXj9zgrJ2tPo2z1BL3/wDdjvv + dIhTEZVkgEBj9e6nrwf61ovYHl0f3jOHGkpgjqjofL5Hn8vU1mVw8F2HqNe2z9jS + XgHuq4l4BvB4G9PeQEzVR69NjzdSm3lLaNzNmbAjZxVHxarpNXHxD6mU/TF0oZ5f + uIps9kA+vr4vyZ03ZL3H5AgD3z1nRXb/MZ5vGVl52fntQd7GD0xAKj1R+woWVDY= + =IevT + -----END PGP MESSAGE----- + fp: D65D400040387210377B6A71DFD775644EAAC77B + - created_at: "2022-04-28T10:01:05Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA+5f33GLJ89bAQ//SBb9LME9Rz6gxGsCJLAD0Mc8UIpwEvU0FVaomZe+5lRg + zcIlfbV3lm2t9a7kBQlsOJ2KknsraIEqgRsj7I3V8KOT40QLXlR3MAf52BsF8/LG + E60RqGnxOPRcgdSZST1ppikZV73gx2qNkxcai9fcJ9ezwAqxvrF1Do/qmBxK/TL9 + vIRol4PERPf1iFxXf0hKMaGvsNsfZt/xcvi1GstShg0tNEpzM+Nr/i/pPanmGFoI + uZKkCAofqUnb1uytWcItcOJlXLc2DNgV7XJd6g+OGAPEL3Vrb/IQfbofdwS4lLVI + 8lmihS8dS4vfuh3Odf+/ys6A+OZj7yhThdt+M54tJozrVDiaNETGHdAB+KoWsOj6 + EGMr6/R18GYbPi6XykqDEFHaI31olZ1nCC6p+Fw0B+TC7XA0z+TaiW7AHgOM/ED1 + p6lr89aI7NsT82AO0+XJLU+oIjWNepf/W9Y3ewpw2URXk2DfNeRxvCgtiVaOk98d + eq+PI9LDD/jtzKlKtOrZEYkxlp/VQUuHyACi/+OIsP86bpxHHNscMUm+UBxS0fow + zFj/Itrw55VaHWvPgs8VckQ5V/ktFIDExiGbGyGxzehVu7HCOR2uciELxEar3uUY + B5Slxnoeh8pKk6jL2WgB3Px2jeNPHtQQOilEZSeogrfhugYjWNogRjxUq/gUqUbS + XgFB0oOrTM/iIGM3FBv7C5kKIiL04v8HHuYkJkYDygLenf7wh+qI6ufH5x8xaUPS + 8iz90QTj8nib042Rs1o2TVEuc3HmRH1pY8ZZBcb2ezPU+i2sIP9r5U4Qcod/Ih4= + =blRz + -----END PGP MESSAGE----- + fp: BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 + - created_at: "2022-04-28T10:01:05Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA1kDHheI9SLWARAAv8ZERlfoG9AU6JIa+iMZMcUHFk7/sksH9QfSilWYUGnh + uhXaLOWd66JgiM9YJfMlcagbUn6KxEMAC9wlQmIJsDF1iTGx0WRBgIJs8t0VvHGV + EXasNHu+k3sMisGcuesavfzWzm+fw5YKLVk6CNwN31sXidUstwhuwrl77nT57lVE + 6OF//gWVqKhGwkTO62N5kGLj77Tu+Irxmgyf7V6k9uEhbcydLEgQl87k0kw3R/1G + OcB9cQ2GEXOKS9o6nilkGOo2pK65hLF7rvrfsA4WzUtaSu0jcDjc1zPfUMpSFpVP + +PkldOjnkdXIfMSo5g8IWzv5gqfCofZdB+gPA1P7zd1BekuGIUEY9jyZwFVVZeTG + VDMNUxCrbdLq05IwlZ5AL9CfjQg+AemJbA94DboDguo6f04vYCXjY1bjsS4q7Fum + d/tdK031oLmK1v/epG/VSOCVhXoiboja1nOcFkshB12T/QSpBwPqDpKueurKx6xk + EOmfeAgejfBydiIwAZ6uHCISw6K0gKhrd8YlZFaX+zLESM4Nqts8c7dc9aQ/kTtX + t9olsouZC7dyovhG+qwGj0sTP682wsVpS3PuogWM+op6zGPnbzupW6I2+frLxetc + DBn1LKeSBfmgnq65Ex49e9wK1nj/081iarrOYXrQ0g7urQ0r+djkjtlytoie1a7S + XgFDPzoSAxk15WRkUPumMdGJF8Xgh5qh4cdWd7sW/W6c3lRJcSMwUcPAvOh4QFyR + Go02fcCdPGZ2VlwFW8nP2zgeaKLwDZgcZMlmZsPWW37oXzcRtcgRTd6qaeDpaDs= + =KjmP + -----END PGP MESSAGE----- + fp: 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 + encrypted_regex: ^(data|stringData)$ + version: 3.7.1 diff --git a/kustomize/qa/.sops.yaml b/kustomize/qa/.sops.yaml new file mode 100644 index 0000000..cfe4759 --- /dev/null +++ b/kustomize/qa/.sops.yaml @@ -0,0 +1,15 @@ +# Fingerprint | User ID +# A7A1D860AA45B6B5B29BC192C55BD9B4CD8DE439 | smardigo automation DEV +# 890B2EB48F343D4C6DB9DA0916826F30002D3C1D | smardigo automation QA +# E5B4FE1E0209DFFE320D2A2E47087747D89B72EC | smardigo automation PRODNSO +# D65D400040387210377B6A71DFD775644EAAC77B | Friedrich Goerz +# BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 | GPG DevOps +# 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 | Claus Paetow +creation_rules: + # list of keys for encryption in __DEV__ stage + - encrypted_regex: "^(data|stringData)$" + pgp: >- + 890B2EB48F343D4C6DB9DA0916826F30002D3C1D, + D65D400040387210377B6A71DFD775644EAAC77B, + BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5, + 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 diff --git a/kustomize/qa/kustomization.yaml b/kustomize/qa/kustomization.yaml new file mode 100644 index 0000000..5f8d02d --- /dev/null +++ b/kustomize/qa/kustomization.yaml @@ -0,0 +1,8 @@ +bases: +- ../base + +generators: +- resources/secgen-es-creds.yaml + +patchesStrategicMerge: +- patches.yaml diff --git a/kustomize/qa/patches.yaml b/kustomize/qa/patches.yaml new file mode 100644 index 0000000..284b4c8 --- /dev/null +++ b/kustomize/qa/patches.yaml @@ -0,0 +1,62 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: prometheus-es-exporter + release: prometheus-es-exporter + name: prometheus-es-exporter +spec: + template: + spec: + containers: + - args: + - --es-cluster=https://qa-elastic-stack-elastic-01:9200,https://qa-elastic-stack-elastic-02:9200,https://qa-elastic-stack-elastic-03:9200 + - --port=9206 + - --config-file=/mnt/config/exporter.cfg + - --ca-certs=/mnt/certs/es_ca.crt + env: + - name: ES_EXPORTER_BASIC_USER + valueFrom: + secretKeyRef: + name: prometheus-es-exporter-es-creds + key: username + - name: ES_EXPORTER_BASIC_PASSWORD + valueFrom: + secretKeyRef: + name: prometheus-es-exporter-es-creds + key: password + image: braedon/prometheus-es-exporter:0.14.0 + livenessProbe: + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: prometheus + timeoutSeconds: 1 + name: prometheus-es-exporter + ports: + - containerPort: 9206 + name: prometheus + protocol: TCP + readinessProbe: + failureThreshold: 3 + periodSeconds: 10 + successThreshold: 1 + tcpSocket: + port: prometheus + timeoutSeconds: 1 + volumeMounts: + - mountPath: /mnt/config + name: config-volume + - mountPath: /mnt/certs + name: cert-volume + hostAliases: + - hostnames: + - qa-elastic-stack-elastic-01 + ip: 10.1.0.2 + - hostnames: + - qa-elastic-stack-elastic-02 + ip: 10.1.0.3 + - hostnames: + - qa-elastic-stack-elastic-03 + ip: 10.1.0.4 diff --git a/kustomize/qa/resources/secgen-es-creds.yaml b/kustomize/qa/resources/secgen-es-creds.yaml new file mode 100644 index 0000000..c11b8f3 --- /dev/null +++ b/kustomize/qa/resources/secgen-es-creds.yaml @@ -0,0 +1,6 @@ +apiVersion: viaduct.ai/v1 +kind: ksops +metadata: + name: prometheus-es-exporter-es-creds +files: + - secrets/es_basic_auth.enc.yaml diff --git a/kustomize/qa/secrets/es_basic_auth.enc.yaml b/kustomize/qa/secrets/es_basic_auth.enc.yaml new file mode 100644 index 0000000..cb94628 --- /dev/null +++ b/kustomize/qa/secrets/es_basic_auth.enc.yaml @@ -0,0 +1,100 @@ +apiVersion: v1 +kind: Secret +metadata: + name: prometheus-es-exporter-es-creds + annotations: + kustomize.config.k8s.io/needs-hash: "true" +stringData: + username: ENC[AES256_GCM,data:YpNU/zWylQ==,iv:I4gnQhvnra+kC5JZfoJysHCOiIYQvMUFwlMIGmmlCB4=,tag:9fFmfMrBbtVZegbU8gQEAg==,type:str] + password: ENC[AES256_GCM,data:KHftrmefTVkxOzec,iv:z3lEIDVJEwprYCEpOueuWU1XJaEN3JTPkoHhc2J5SiI=,tag:PW2zt+QwQ/Qhdc/Zp4SfNg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2022-04-28T10:17:09Z" + mac: ENC[AES256_GCM,data:W+zUs8JJEixQd5qHaJgrfT80CAG1hFGtiKQji0dUPXFPLBKEzHp+lZdMB2h8GJIrjgubsVkjo15HvlguEYGs+cdm72EXtGRZGTdCsGOfJwXRUbeteJ2uNbSWh8W93kuG+1MuGZ+qCm0yhOFnh14EHr9VXnp29ANwKjXlyMRcrL4=,iv:1+1g3RWZW0RHYRwejSsAYEXYitldcnRBZvqLupH4cwI=,tag:ek/BpSVoMM9vEyq32wGAxg==,type:str] + pgp: + - created_at: "2022-04-28T10:00:17Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA2Cr/drkb+8JARAAr0nTkX6gluTP2YKRxRV4Csad2bqEJc/mBPNT+zGzkRTW + LuTZIvxeyTeHrKhLs5QsuYgQqAzqIYuJVz/g2kt1/OoEDg/MNZD0XLenXdaJkHBq + QNmQyXqb0A75utr9db3S6vE8iayE9OB1jE0f85ESwetgQO4DbyTXsou5qzCdOqTt + WzSCwcoG1xI4Pd/J/jMDvTT0CnarzxyucY3Vlps0j0W03M9CcOvAfetAwFcvMGcH + 7ruk1tQpaNi8uyRHszz4zs4slRT/Vt83aWc0iOFuZBuLM8HU5edGjI6vjO5sC5Fy + olevvSmcPqOjSueo8liY5YFaChIkNyGIgjkieM7Dh9BaKgTWcXLNqOH4wlT99WL8 + qsIbI5WkDpx649H3hOgRp/eo1vAm0vJHc8NjMb2G2nOqf243lifjA4Pr5wjBCNuW + cxBhnocY2UNeqTlO5fdero3PXedD/8jkc+djdE++y2nH9pVcveEMBogpnD1euXnj + twPI8Gh3fBzPIjDtGYXpF5ROpWIoYeYES8LbBHDbT2LLoX241Q82SAYEkVQXDjco + uj/i9X8tUFalI+MzUiyo+2lCeqRoeg4PMrO7p/08rU2HffbBXwansuCAlXPTXtGl + svGb/c/SypQNCAEexsJEfQxrczMO89Bw+GLDCKidCnwxe6DTrperg22XkmR4YiTS + XgHjirFjSts1abaR2qWeSCZRa33i3/U3iTKo2yQk9AnjCAv/lYGfdABlIYG3z4Ko + L95zlpFf0P+7AWzV5ZQ7qKyfklGWmFIDWHj2rgTDKGdfJZe2tvm7piGDY2naF5A= + =QxBy + -----END PGP MESSAGE----- + fp: 890B2EB48F343D4C6DB9DA0916826F30002D3C1D + - created_at: "2022-04-28T10:00:17Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA4Npij8bx0m7AQ//fu4MuWpA0Ja2TmXJRtl5/8aW89ZI8sbChDWjHhbd1USv + Tm0dngPSAebD4pUAYu6nQr+4GzS251e7D2PVEcokxXhQoZOATG/FsJSa6dGpDp5e + ec5ACmQ9//dbp7lNwSDEPLhRM4D8z9V2+8Vb7bO5JeoMRgFuPuN8xjPOB9b0yU6B + gvvZkMMNo2CcHRfHt9am9LeFoeqJA7eTg3qqudnyiUANdmlzbVez+2piQqOZ0Y/m + YA/5G/vvHwP0YW3RbeBVJfFllYXKplx8eRmqCm9yOTLvn4d+Mqp16sZpQ1bxWF1H + Gwn2F2Vo25iyh1Um2UCR49ydwQydRXzjUxrUqg5cZLidPGope/9tm1Y7kJe8U8o/ + JirFp5fnj0l/CvVNJUzikwlDmWQi8ZnCYHfUFD8roFQIstBKN4yiXL+TW1zF84CM + GaUj4l1rJi8Yr40bvS/pEPMfFPVO82NHFvgjO9zvZ2hI51I2AEyHv5FdCW1t/Wim + jnZWZo5EmyUevqHW/d5Ax6fgl0kMw8ds7mSrGedtro0wLD6pZ1QCydD4AEO994kc + Doe0+0iZXlemiMY8eCDftBtU2w8cveoHiqQUThty+yNGxxZ8RVclPWiiClUwixs2 + eNkf+RFM6Q1MAhFVhwtyJfF1v3ClebcMjSKO5H2skTLevZ1xEHqXvrN3OduBIELS + XgE2b6mn/Df8hXES0hXpoJBl/o3os2ZBg6ouWzkRTEa8N2BPoO3hmWiEaRUsmuOZ + SmBeRnE40GUE1iPq+9fX8b8Vp9yJqh86G+EYd2eU7iILtFPAuCJ39gr0YyVanrU= + =CSCL + -----END PGP MESSAGE----- + fp: D65D400040387210377B6A71DFD775644EAAC77B + - created_at: "2022-04-28T10:00:17Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA+5f33GLJ89bAQ//T2PHYYpzZynxGYnt/vvl981O5uTLApbAl2Qj7LWzvM1C + j5H+A1QoRU4FuwRrfcp9owBxJJZPovpPV5/RFhODWMTgQnjnJope/7GzJ+WgbK7z + OmvGqFYYjE0Ul60T7x1M3x+4FxIubAi1AcOpjgpPUvwS4RaxCx/fpvwj/pBCEFkx + mVtK3CinUEK5HI9ZaC6gcwMlwFVjAPF11Dzuv0y10os/FqFKTSwIU9VirPPo4gLm + L+ecXnUsPnAO6ZAzbmGMPEoOVuOL0YftagAPfyHdH5JfxFSrKqzJ2nUD8e2xwykC + 7IVLRuEwg4EPcwZ8nqxPkGsNVmwLVzBzzUI5YuQ7FKBbi4taSjMa1srskOSwzHFB + kJcrn/OWyiSKjJ4z3Q5Sq4B59ilTDXrvWCmudkzrHnEXmM+nPVePi2lleIWPzKbA + MBgiriLgqLN6DU+qgYPKXqnED5mqJO0Qi+rHWbgTbMFovE7j+y5keZQw2E6w+ibF + MZv7Ox3QkhvCTSZWMoKrtm/rtFRg2sbyBqAuDazKPFnCL2ABsa6/DLo9ITFGf9UP + wojSzAkIShMrwaOrZkn7OraI+U3pdY0Q1Lc67da8a2uVTQ19VbKPh+2ZYPFndjD+ + jgzPlzpkBhoGNiUsciX3wNWQElLUi79Kfe8De87k7qdEfVi+S3nJVO4J3aK5jVfS + XgEh1MNKp1q7+yvF3hSYeT9eFYCTzr3VVlodA40a0kyJEYFIjml/ixsxXUdCRxvj + uzUc9gX5KSPWIsBE1PUZRS8tno7ykqhOW8wxUJcP+mfFAyD5z/TsQIVn7Zze1L4= + =AD2U + -----END PGP MESSAGE----- + fp: BE3FB94982C2DE95B1EDD388A96613A6B1DB15B5 + - created_at: "2022-04-28T10:00:17Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hQIMA1kDHheI9SLWARAA0h44QCA1neZ7tkeaLSMKV0+xK0J+kmSgCN2QMfN+XHOJ + Oku57FD44k3XSgpMuQdxeniOCv3p9fyaMb6PEBqIxzACJ9K2LIaMa0ORjbuoUbB6 + alxi+hD3Zug/z0ziU+mphthRE8C5eoP5Oo5LUSz+VXLyYKk9aoqh9Pa8388/oECr + lgJQvnMEGzbvffwCE1xKRTv3A6qZqzpaXmJgLfaf47JQcFD7334PIC8aOQYsVHCO + 3T+j1Dhx8vA7ImWj92oP2AvAtmIE/TJr4oLmCEHT01cxK2YOcuIwRuA4ehD5QNJV + PDuO0Z6EZk0gMOZqinNUNe1Rkva+nhdTRBGQKT3ucnmX44Ew1c1JMkEcaRypWpJL + 9SW1UQGcR1nWiisWxt36iJHD0OfIbfsnA2yaQ5dht5LKyRQBSZZYCSqEZaC/1ihR + TNckMyXiVq9rfQhs072uICPONcjw+xjssBO5RZwfYJZsR26kJsBFcThJ3XdAi6EY + ZZEnZHweWXySGZQNjSaqPfAq/T2JFobqs9rCSstNoHlqK4cYMNeLNX/Ky/BXR2+h + SnKn6wHp6Yq5r3iX5Icao0cluezNZEMw+hRsl6+sN9AIlEJRgMr57yYwp7O0hZ42 + ozL4uFewAtyG1iV94J61GU/jphnuy01S7MmBP2E/Z/BsRVwim2NvNrjE3i+kOezS + XgHFW1otrPmHG8ekvsuwhazSDBYFzSR6boXU/UR49H2nsO0edAxf5h6ym8fWRUys + eMfewYzKaPzLqPPLuduZfQ7lqtEE9gEFZ6Qnbf/kSmPJTQkY/uqmCcNglWahFnQ= + =UMAi + -----END PGP MESSAGE----- + fp: 17B8FDF68AC123EB666934B17D0DF6EC048A5D77 + encrypted_regex: ^(data|stringData)$ + version: 3.7.1