diff --git a/cgw/.sops.yaml b/cgw/.sops.yaml new file mode 100644 index 0000000..fcaa26c --- /dev/null +++ b/cgw/.sops.yaml @@ -0,0 +1,2 @@ +creation_rules: +- kms: 'arn:aws:kms:us-east-2:289708231103:alias/helm-secrets' diff --git a/cgw/README.md b/cgw/README.md new file mode 100644 index 0000000..cc79503 --- /dev/null +++ b/cgw/README.md @@ -0,0 +1,35 @@ +# CGW Charts + +## Pre-requisites + +The following binaries are needed: +- [helmfile](https://github.com/helmfile/helmfile/releases/download/v0.165.0/helmfile_0.165.0_linux_amd64.tar.gz) +- helm +- kubectl + +The following helm plugins are needed: +```bash +helm plugin install https://github.com/aslafy-z/helm-git --version 0.16.0 +helm plugin install https://github.com/databus23/helm-diff +helm plugin install https://github.com/jkroepke/helm-secrets +``` + +## Configuration + +_helmfile.yaml_ contains the configuration for all the environments. External values files are used for secrets or where appropriate. Each environment needs to be created in this file before it can be deployed. The files in ./secrets/ are encrypted with SOPS. Use `helm secrets edit secrets/FILE` to edit. + +## Installation + +To install the entire stack: `helm --environment ENVNAME apply`. +To install just cgw: `helm --environment ENVNAME -l app=cgw apply`. +To install just cgw with a specific image tag: `helm --environment ENVNAME -l app=cgw apply --state-values-set "cgw.tag=latest"`. + +## Removal + +To remove the entire stack: `helm --environment ENVNAME delete`. +To remove just cgw: `helm --environment ENVNAME -l app=cgw delete`. +Delete the namespace manually if it is no longer required. + +# Re-installation + +Note that the kafka, postgres and redis charts do not want to be reinstalled so will have to be removed and installed. If you wish to upgrade these then you must follow the respective Bitnami instructions on how to upgrade these charts. diff --git a/cgw/helmfile.yaml b/cgw/helmfile.yaml new file mode 100644 index 0000000..858e549 --- /dev/null +++ b/cgw/helmfile.yaml @@ -0,0 +1,210 @@ +environments: + default: + secrets: + - secrets/values.postgres.yaml + - secrets/certs.tip.yaml + values: + - global: + name: devcgw + namespace: openwifi-devcgw + domain: cicd.lab.wlan.tip.build + certificateARN: arn:aws:acm:us-east-2:289708231103:certificate/299d7444-acc4-46c2-ae83-40d2cd5f49be + - kafka: + enabled: true + - redis: + enabled: true + - postgres: + enabled: true + - cgw: + enabled: true + tag: next + cgw01: + secrets: + - secrets/values.postgres.yaml + - secrets/certs.tip.yaml + values: + - global: + name: cgw01 + namespace: openlan-cgw01 + domain: cicd.lab.wlan.tip.build + certificateARN: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c + - kafka: + enabled: true + - redis: + enabled: true + - postgres: + enabled: true + - cgw: + enabled: true + tag: next + +--- + +helmDefaults: + force: false + timeout: 300 + createNamespace: true + +releases: +- name: kafka + version: 28.3.0 + namespace: {{ .Environment.Values.global.namespace }} + condition: kafka.enabled + chart: oci://registry-1.docker.io/bitnamicharts/kafka + labels: + group: base + app: kafka + values: + - fullnameOverride: kafka + - volumePermissions: + enabled: true + - commonAnnotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + - readinessProbe: + initialDelaySeconds: 45 + - livenessProbe: + initialDelaySeconds: 60 + - heapOpts: -Xmx1024m -Xms1024m + - kraft: + enabled: true + - zookeeper: + enabled: false + - provisioning: + enabled: true + topics: + - name: CnC + partitions: 1 + replicationFactor: 1 + - name: CnC_Res + partitions: 1 + replicationFactor: 1 + - controller: + replicaCount: 1 + extraConfig: |- + maxMessageBytes = 1048588 + extraEnvVars: + - name: ALLOW_PLAINTEXT_LISTENER + value: "yes" + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 750m + memory: 2Gi + - listeners: + client: + protocol: PLAINTEXT + containerPort: 9092 + controller: + protocol: "PLAINTEXT" + - broker: + replicaCount: 2 + persistence: + size: 20Gi + resources: + requests: + cpu: 500m + memory: 512Mi + limits: + cpu: 750m + memory: 2Gi + +- name: postgres + namespace: {{ .Environment.Values.global.namespace }} + chart: oci://registry-1.docker.io/bitnamicharts/postgresql + version: 13.4.3 + condition: postgres.enabled + labels: + group: base + app: postgres + values: + - fullnameOverride: pgsql + # workaround for: postgresql.conf file not detected. Generating it... + # cp: cannot create regular file '/bitnami/postgresql/conf/postgresql.conf': Permission denied + - volumePermissions: + enabled: true + - global: + postgresql: + auth: + postgresPassword: {{ .Environment.Values.postgres.pgUser.password }} + - auth: + postgresPassword: {{ .Environment.Values.postgres.pgUser.password }} + - primary: + extendedConfiguration: |- + max_connections = 550 + shared_buffers = 128MB + log_error_verbosity = verbose + tcp_keepalives_idle = 300 + tcp_keepalives_interval = 30 + tcp_user_timeout = 300 + initdb: + scripts: + initusers.sql: |- + CREATE USER {{ .Environment.Values.postgres.cgwUser.name }}; + ALTER USER cgw WITH ENCRYPTED PASSWORD '{{ .Environment.Values.postgres.cgwUser.password }}'; + CREATE DATABASE cgw OWNER {{ .Environment.Values.postgres.cgwUser.name }}; + \c cgw + CREATE TABLE infrastructure_groups (id INT PRIMARY KEY, reserved_size INT, actual_size INT); + CREATE TABLE infras (mac MACADDR PRIMARY KEY, infra_group_id INT, FOREIGN KEY(infra_group_id) REFERENCES infrastructure_groups(id) ON DELETE CASCADE); + +- name: redis + namespace: {{ .Environment.Values.global.namespace }} + chart: oci://registry-1.docker.io/bitnamicharts/redis + version: 19.5.2 + condition: redis.enabled + labels: + group: base + app: redis + values: + - architecture: standalone + - auth: + enabled: false + - master: + extraEnvVars: + - name: ALLOW_EMPTY_PASSWORD + value: "yes" + +- name: cgw + namespace: {{ .Environment.Values.global.namespace }} + chart: ../../openlan-cgw/helm + #chart: "git+https://github.com/Telecominfraproject/openlan-cgw@helm?ref=next" + version: 0.1.0 + condition: cgw.enabled + labels: + group: apps + app: cgw + secrets: + - secrets/certs.tip.yaml + values: + - images: + cgw: + tag: {{ .Environment.Values.cgw.tag }} + - public_env_variables: + CGW_DB_HOST: pgsql + CGW_DB_PORT: "5432" + CGW_DB_USERNAME: "{{ .Environment.Values.postgres.cgwUser.name }}" + CGW_KAFKA_HOST: kafka + CGW_KAFKA_PORT: "9092" + CGW_REDIS_HOST: redis-master + CGW_REDIS_PORT: "6379" + CGW_ALLOW_CERT_MISMATCH: "yes" + DEFAULT_WSS_THREAD_NUM: "4" + # Useful for debugging: + #CFG_LOG_LEVEL: "Debug" + #RUST_BACKTRACE: "full" + - secret_env_variables: + CGW_DB_PASSWORD: "{{ .Environment.Values.postgres.cgwUser.password }}" + - services: + cgw: + type: LoadBalancer + annotations: + external-dns.alpha.kubernetes.io/hostname: cgw-{{ .Environment.Values.global.name }}.{{ .Environment.Values.global.domain }} + #service.beta.kubernetes.io/aws-load-balancer-type: nlb-ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: ssl + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Environment.Values.global.certificateARN }} + service.beta.kubernetes.io/aws-load-balancer-healthcheck-port: "15003" + service.beta.kubernetes.io/aws-load-balancer-target-group-attributes: preserve_client_ip.enabled=true + service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "16002" + alb.ingress.kubernetes.io/healthcheck-path: /health diff --git a/cgw/secrets/certs.tip.yaml b/cgw/secrets/certs.tip.yaml new file mode 100644 index 0000000..70e55f1 --- /dev/null +++ b/cgw/secrets/certs.tip.yaml @@ -0,0 +1,20 @@ +certs: + root.pem: ENC[AES256_GCM,data:rUJ/sNXAFuCEAWMp/XIb4NZvoN2VWqHfDePF+qnf8DYdlyWaMa/12bRCJ3bo8vA+yoGZYIJZZYw7+QFRATWr2c7evHwqiCu/T7YRX7sVxmTYWv2muboaUyzbzFb8rS7Jrxh2AxHoWXtAbLjQraYEFuCR0EVo4fQFtgiAujM42kmuL9Sq6C3cGLcCi4F2Ac1BNjCjY+4kWtOgR+5jD9L4gxrB1Eo2wtAAA+nFo2dFTI6DcNxz2sSZIxthZnCnzW6ENRqnxlsugBoB0o0L6UTipGpgm/GChe20Peh7jlj2O15h6Ew7gIV8A1viYZ9/oi/nAe+zG3ljaFkuOz4oOYFuGlie+rDae8s7zxx2Ny20Blm1UtFOzGxS9RF2mT9oTJMcv2AJAeSbnNIlrGrwUWPWET9JC2dqEcr3xjikSPLEIXB4AqNCqW1H+GPlrI/wH72Mv2dlfngoW6VkVKnBilotccLvtHZ0DFwqkDP0tuVh8AsP+KG2X1LFJ2buGKVCd9RLo/PUYHHO2r1VNvS4BtgSRdGFHE3aSJTErlTtE6Kdkw05jwqVgJebmBMOyt9VmAn0lu5Fix0xFHzTt8KsGkz3vSlQ6qEb++eX162hWDeeQOjV+QU+7hgpLVTuxjVoFzZNnifYQD1vlKCQ0hYNBJS8b4ULx4anhokCou8W+POG4Xp/Ag2rp0ZyAELb1Ptjh/CExy0y5DfBo8D3JNJONxM4LX/N0Aak0A4Gouou8Fu75DcACrbAW3icq4E8TJrVukFAC9HGZ8KaEvITlT+CH96KSeznBU0XB2oQ0JUlPovcWOKZymIl21z0pE6kHfU4FuWJfSmfxf8YlqU2ib/nyG5vmTygVF06pEONaxbvXmwhI7Ihf3rv/lK/GaSJFX3QWj/w9m0F7vZZxKr2aB94huz8MMpMhVENJTVkhTKLu47Mi8Uov7EN/4VjviS+Uxby5qVNv1f2wlYIecNTPgLcshCfKPL5q7QG1X/NvXytcGGXxoRZ9y4NDpl7c+dypfxieh/VeRvgY26DXHfAxKw0+EoY+C4oKqQtSoY+L9G1fy+wYKoAKWA5yoni4QmiOhGr+0H4GOmwnAffwOS9Ybbpb54DQjcvEZwx3Io9RNjgj2eeBKKvaU8qbL4gwBpmL167AjyJg5pJ7zsT6B7rxOdKyu3y3XVoFihQx/CEO31B52cMndc35c3ttt+8/CqU9onvwBGAjh2j1Wa7wzdBDpp/8J7Wa1+fs5XzwFiK0Q3lktoHW3EM50Cra6Vj5l7Fy7a/MVwMpDPBDQaB4R6/B2Qw0OrJmWPkptIAGYnfUKq3uk68dV59na6ohKDD4dmu5tbuXE1MtlRb5bvvq7dqTafZPiqBGr0FocAkv6cDC4ULi4YXswbovCblTC0JpgvDECbxOizKASvTRCqpm0LLLH5lOkCypufGZGGm31qwsLTn3+Nw4PkgQ3djRDFT+HfWvsxPEbcxAOvmqZoKzRcMcGqG+8AJJOgdqB5cwRwis0Alagh1PY8sAFFOz+kSKOc4hwTq3QkxB/tFJ/Fm88S+99orsuiejG2auyPukk2ttgRAhDWQjBTAOUXYCc4hmh75nikEqFM0c4cDi97mzQ/CJLtnGEfDQKOaF8KvbUYTxlxwF0izU/5aHc+yDv4PS5qyhn0ou004LRSfEUYYf4HVppSFXwiSrpPZPyI+rAso3ivNnhQVw2hUkJrriybJSJOJ58tA2OHOkSqOWjnEWNqT6K+yzoBXurVltydzslc8tv0=,iv:ZeAur10r2klRjinjcxvWkcgpzqcm9jgovAAxk5dJv3U=,tag:6AP3KOS9zcAr+uYRroz5+Q==,type:str] + websocket-cert.pem: ENC[AES256_GCM,data:gnMbKhRSvBouEjLaso5+QrdSLUNi0lM+OLnsq3RGvHzQcbPLHeQmRYt8ir+18BKdav5/BNv4Wt142Q4d47KFbO5opNyB6x9nzuks3/ID2bLR6VKrzuvXn/ZzbCDOZYwaAcDZhpG0LyXpedygHa48K7I5JIK/pnTu12edCEb4Thz9mEn77NHL3VIKzxIkDw4cyJc/LFdqxq3EWOXSKje86fsi7mmprRVG4CWQuadGp7eWeZX4TiB3rpEddgRpeJrYgZ9r9efXPq0jrkAtIABxcFfm/nAK3rAKJ6yEBLj9Kko7rNwFguopuDsKPjz94cLlsbkclQ810x7SX4Q5k5Rmg1EC0rMcu0upp8jLlEy2wK/tgWP7kCqrxv85o3YXIWXjJFpflZmiThyLCtppNzIqM5c2MfpBcqM3viyu5ktFHBaaybnropqR/xh2jYJpfJb+xHZbmJ8AZZerloCo8oqAtXNaX0I6tmgMWjT8SFDZ7L1NAgaRfcnDHj+QWkhh2NEemosVJ2kLrN3WzcOsvvuSPhnS+e+Fm8T4/twRAYoRmg49OHV9omFLYYX7CjrLXwMJtYghqDqLCO1pkR7TbrgonHTfOqg/y/02LcgmhBwRcGN1HYDKBOoSR7tsKVbZR7o+h3+m2K3ynmz00JpD2A+jd05Caz/R0caNBnNIr7+b0YVNt4i4AwmReBzYPnu7h1Lhw6iBEUnZGZ/Jcp85xFIiDzN8J/dgunrYyOXmcj603YO1a0NPHWiA5ZcPdV48XxF89L3TKpzowfBQ4S/vNS9uUcWa+XUN1TAs8Nh5pj54U/qVUkvbFnE0jpbHpyIXcsvOy0P6Mg+fqc/hhI1PdvSxm2dwTShMmUNz6s3KYglJ0RBdpAgcbw9PM7DGYo6BXmJQ0/kxWaSCRbODZeNFeCVNnWhjdJVqybC3nkOoCRG9ly/fG0cvBtPJ0C3CxWV8PairjjnHg5E8CAbLi5LalQqwfolEpywQ0XXl+vT2YEOiyR9/avVY1pwITEwOymmwSje8u/pyq09ZFwvPTh8Yz8vBnOHHrXEs05dnAB8JWzocNRTPJXJWjI+0iTrjejR9gAjuu+oaNBJZ7qffSij/j4DsdWZN8V6hoIi6xVgrIjTqJtD+vTsE9VYiiU6RPi63MomM9ZlEqhN3p/DAMHYymIAZPOKoTo+hoHtLIk8ddtpf+JhQNZHa0PP5SMvWQ5g1w/H6sDYXz7cLX6ve5JUTkT6a7n40M6S/DD0DpO/gWRM3IW+pxL3rfSSIfJiDmyblyJFDkHGOfNzT6hBKaFuUtN9ENu/xWNsiHrKATPLjPrMmBAEOJSW9LZEP4km4EWEHliC1LrlHoxfru5jb0YiAR5S7eTKILxFLzzPI3iXMorFNusQqY270WPo9/Aes3zsGGnqBQ92oZklplQ3ITdjEXjUdsKkPgoHJIE8xcnwQ69kbqN/csARPojKFn1fyjEyEKNS7ymJ0LXqZAk8qURrSbffmQ4p0T95ooWJofyhGzCDSqN3xThqPNvr0Ha5qmRjifQ4SvKuDmCxKJ0Q8NH70wWHeyswlJrAy7mL/CYfMfDI0STBM/4fghRfY05FCFJqrWiRLPK39QLHFtaQgdBwozYjAfZLCQTjWPo4zexlpVZHfyS8tYQoxQ+nzOARrXIaDU0TyZreoeoLRyGZNGyTopOjwfeFxI/G4Gmw8I/3hwUvXYu8uXeWv0Jwj6pHVhNDfKNwN4VRP4GabATnu7UV9bd4i3rtk2ni9e7R1BJUe1gLYuD+aMw+l71RB9jP5p4OdzRcX8yaDkQRfbnaiFbGye0RVie+hoXS0MNmqgCm6Mk2yRgl0kEVHdsA4BfaVY9JB5O6e4y71wH7k6EWuxz1fls8wSESysOJuLVflzybQhdzGxSfyvmo1G+ASvG2Dz7HA5XgDPBPIFXanr3Ck+az7ggJRxpwRdVqi3w5dc14Hc+i/XXQI2EHRwwNqsb35SZ5dYkgLSRGp3itpywB3OB9vZ8NFTtlFLRPTz2fnNdCqNm+DLGgxdoEUC8tGE6fAD6WOaQFBiEJKpOnHgzJM+YZnHHrzsY/csUpqYkS+5vda+ROfv+VwfhxxQcuu1dns1VErMv5eo+ZCprhDAq4DDmNKwFUzaXflnR3BT7UcB23Z+OV+BWOul1+laq6VcH7jPJ3+MrQdJTIQC7dZhtw7WwFLDnsXUqYbDA==,iv:1WQKr3w8silYXk8LU4slB+H2Vc+EDL3gUBmJhFhywXk=,tag:k3sGC23rX8naISeosxZd2w==,type:str] + websocket-key.pem: ENC[AES256_GCM,data:tli36Kzo7X4998P6ptpkQunuJHhuDp5eFXjWkMCOxEYuwAEoNlzjrP1J8nwWyoSPrD3/XUD1r3y8SMC2BC6FBlva1JmQQQzsdyn+eXmkcLwEpKLCS+ncVE6R2tnPQx4sBXh82coENHZkNi8JlB3xI5cj1aHG4JJISE7/YARhtfR5Zx+peBTFdgZ59Gx71M31967LKn9UvdoMbn1Ek1lTjFjemu0x+JO2ZQE7GfuWVBURYg3ye4joOm3diJWUW5edu6cv6D2se4dzMlF36qWhjLk7r02Ooz3TznV4zf9RlM9q2jeD5afL6GM3r1zw+K1gH2TxaVItLnyjzKzONddGyUXZ490y0aoNFVW2qMatImzw4FENYtg0NmQZT+9ow4XP1wJ8xJRjbwlhxraaLwv6KGju3NuzDkd7348GaFcadD4lg2jb6gr37oagmipoY4qYSs3kf6H3z3TE17TSidvbGly+zRHVDE57Ovx9ndYCtEFDOU70ljDMpvLJPlFEOFlItKTKt7R+LOsD7ytWDmOHtY7DIU+NLlcuByfF6zDSndS/p0zarHpo3kyhxAcImQO4n+BqY1eYD0ghvVkOJdYhEn+JyVVkqpI7atcv3edHCwNPNHPNC7x5Sj2cRTTFG4M2kvXHXtByTqtmV57AODV/Hm5X9Vf8wt0yU2AlzdJTo4SAeETmT7zt7Q91ll063yKHBxUCLI8JU3EgobcYFsNqGbp0IO4+oVk2Hwyq+i6Jum7zPCBHNkoojJ60s8yuWewpDmxgsW3wK13UwNWoXVEfGGPk12avmTCdXwVy3MbU6lzwTUR0n1A882k8mmycmmPHP7jS/d5hOcAVrEYtHtyMxZzadXVs7fEzWA5ZWYHxH2wRaMbuKKGDpPY2y0nQRRlHoxGc7JDv5zAubn51+NDgJZoHmfrH35eGGlY9ds7uDdZTw8q/4O4gsiOlywjLD/PBiSHm67+5717+MJyJfOHXh6r1nkSdwizTQtqa9V3CMBNDnnd4K5aychlB8fYdSGuhVQU1cyXKv5D+IohOUG+rpovaackrkAtgvmHplzbzT3YhzB9S4RRYOEKdLoKGBMYkhEZfIYdB8C7omqPs2AN6P1QT2b7BM44oOze5rFIS8SOYYt1xtx2fVKKI3O07LMPhfcoctSTFfRlBsSSYDO0xmVqbpKPFGmpg1LRqIuCocTmI/PQvcenN9sY6AxIre9LRa1QIMbvmvx9VB6mp1TwFAlreySDNGfHgcKtVSzzr2kmKKlIS22xK1gBwS5dv5WCMzGPgkIzsmN6a4tSMY6l7QPWuI9d57GuagriSRIeR6FeMO4RE64maYS3NI7mD+8NDY28qCwK/wjvSn2Hr0+9IH7uVrsLl84sPK1AxowsIHW4Ro0yqrf0bgNwpxKZ+AAqpiyKuE9Dfrj/sHAx09ffpxm/Vpi0sJBJLUYuSdtzvLSEUCZTEZKl7okUxP58GHe0nQ/HbUtX9BN5r/aDiDnDtYLsjQwQDxFmCtgl26zA7PZGHdEuwQVS4X3rIQ1Go8/pX2ksaUZFWV9dg5Di2vPQDYmAi3PN5qw53hP5WPj/YbhNEDaU2xl87a3Ky4daNbXCBqvzr/rORneG+Bhd4cX/c8QoC+hZzfFhfesTywiroXWQNX9eU69Ca5uOGZ7Azmk260a4jb64lXY6RPLDACFpJgn80mkwGWepWElc0Jm2HGChTNtfedKz4Bn058Tnfb9YPyRV3cKV9jgR4uLUm7SG9tUUMDFo/YsdhgKBxXKTp+HDBENJgLuvVfWyGDo0tGHaOMsyXUk+3SGAYF4RiG9g/Z92uTCBrxYFO8ru4KS/8RWeVM0CRw20P2LR0v2dAuAhOtTXePaA+4deOHrIwkx5yRAeoJZa6UZCQ4pzJ8yLAaaBkW/Vir4VY5Ahc4L9KYMNhRLOuk7EzYJyUa8E806pH/hsgH/5INuJTY2RJq565TnXgM9zkb87NtGpHzEBlpVcWQOFJ41666i0Sh9HyT0tqjcCAGb2v4YVsSRH4CZe8+0FvgmZRUfnU1gwZM7AX6oRzdxRQngaA+L4UmsVszj6fe8iZIOPGJoYgm5O/HxMso5+HEg8pkESh1bTrmmLXUjPO9Y6kmhnf6xisE8faKWGQinbBIeytswpw1CyO7RegyiwNbFESk1iDwU+InrhblLPXsXxgUD5fgNJg8gLYzZGl68jPJunnELJyzVfmbh52SFnu8adZ0MwP87xanr6sz0k=,iv:V5Hl7CY98R/brjfsN4+/KFeaSbzGx9V9ei2nj7onCZo=,tag:QEqhRx1j1lMuzi6V9uZmpw==,type:str] + cas.pem: ENC[AES256_GCM,data:/dyF2flNjqVB841BIDw9gQqurL7LAYC985RqjVMhqYXDWBIu/c9J5I9eK57pKmuRzupuiyEkBU4z0gEUH5RTbxLuNnqp6cspoiNavWi0Cb9hxmHBwjXNQQe26MCIZPSKS3pH4yfw8oSiiFK6DHcGi6oUiwXgqD1NZoNPz3eh1SLOFKsd5UoPdvIGHXJISlLlBmnmZBzRyYrE6w+aEu50NJHp7nzlTa2BoaBWURqCgRYJKV0BvJW5D1n5JuTM5aJdv98ySeOZWzq3Vbx/7TO4OaRvfCWnChS+EPviLYaFEw3Tx4TaJxdHY2AT6RaRtqCBl13uRJYiHXBZ60X/oXYQcpva9Km72oqH0hc8Hxvz8Ah7noESqUDU0y54MgciALO0q7ztip4TUlWsPGUh8ht3hRUosxBCvEN5vqkaj96/tpv+aWatTS9iEBSBwwWC3dLJDeg4LQwIWdb5N8wKXoorVuaVDps54keVe4fos8dPGQl5xBSgWx0Eia3uNaE5INc3nM3MlL+VurBekKXNsCcztoSjI0LmP0EkM1/BFAtGJxm1LSW0E+c+d5wGmUhH6VXKjssiOIghUrQFNa4n48sTXcjsv02jubqYKCJ1zvb06cA8VMphS+cihp+7wcT+JfuAi8/5ZLseYAaMb3A3wax1MY8Kr8f2bw4t0uB+JYm28ZQvrvYfk8EP78raBkWp0cgjI4FT3cchoXCiutuYxJHrLFovs40wGhYyoNMUrjiYfS+npM/AUg2Sx/Ev+1TQ1YPGdTFht0i5yfNwx2fPfvBV160kMzuCjWs6Gtm6J+LjMdLTwxsRNEReVadIR0zdBw7iEzqzinLlgpusbGwjL9bM9JbSFvp90fLBcohN4feW6CfQ48ur/nAK7CBYRceEReF+iGC/9k2cb4hobSuBFlJihGiM4LImxc3dbI9tVIE7lzpI+C1WP43OtUiN+vR9yCzqTjIfGrI71Sw4kqELpSsgecB1SN0/HzN8AkfLNFuP7cAcfPghIa+7n2gavpXrIQNvKwQYPDsPsjADMaGZnrQxYR3yw8OCGxZX3VzdoQy6l5lLmW7P+qAjiYa1krJSmrpKvbN9k817cRn3uyMM10M6sab0sxAZHh62Abb23A7a2oUWtyBHUK6WGF0sB3dQzer3MRgmZFAjNyuJZ9RXI6fFcKwUAXBs7/sirDn10yfKA854fjxzaRAbyQvzvWCkRtfiBC/UA1WS5qWMEOpIakrsf5i9VoQR2WUxoREpyjraqvlWW+fOxcP72ZiPt4ZK/FgXOt5czyAwwF8dbSdY1jqaztshP3JwuxUbbkfzv74G/y4A2MSQvm2nhroTiaU4cSFsNzXxjgYGwGtn8ksTqi2kpz/VPhFFRoO7y6P+B+odMqfp+IP3es5R9kp7xnNYMcP6wsaEP9EZYVEakWG3nMRGtWWpqYdl1j4FXDWKbCsaEJAjlhmUKK1bxEQ3I1+jXAGJe+XmTdCzv2Mg9rbNVQPkimkkKjfbr71NFWPJ3BZ3Ga5luiuMPiShlF7hG0LrfrhOEvayOSm2siWw8TsQSQfKnyWlCf+JgMB/PvwzvJnoeM+f59eJk/NPX7hdHO2RUrG6r18KrMM6EeM55A2m6xebxmarDBIm/0edc45igbuJy1nPY8sppxmYiXTCthkHiTaUWFuC56XRW94/h12v/wNJJTbt2BzisHPaNkaM3SSEbrZjQGcyIIOYgO01eUcwYc6+dqooWYbtdl+wD+L1RJ9Om8CcLQuDsnBf9MgS0jBEnZHa6f7Y+VQ+akq3eVQ/+eWTzMf6PPG9LWRzpssGegXFHiseZc/k0wdr9fBWLEyY766kXXZKR0x8ZE2rhflCkZUvyq5QSxRPjOndCejovbiYaHQBMgQJB6bdzJcnZs3k6rBa8xi8WI0OPZvmn3e+LCGzjA713AsqUswBlVpROsn7sz7yj+UqM7o4Y9BBRbR9IJB0gK9QyGOYX37OcJbHoV9IJcHBFQ4Bb+WaMBbwnJ7+kDf5mHZoa3HvMmX7DRxoicbm5JFhYXJyQnOUYFUaupkisRLqfkPGlY/DX7CZQ6F5TDaFqrNz7L9XXWmvUAq8TyWa6eopL38XHgys4t1eYFPGanO3b3WKxvDSRaj7nesMIqCxhG8woS5vQ71s06Tkc8fQzEgS9JTRQiF6hnOvlimdj1KKAv2gWfVzmrmatw9+ROalCQY367JOh8vzpOkQd7/V6I63anhEq3pjXmSHlcLeLJUacbE6rFaVmyBzJmQQ7kXslvlUaG6UgfV5YONpabD8ftJWZwL6DiP6CoVjNrqTw9fhAGdmzcs9gWHE9In59GaeJ4u3hpZViWIw0PEHIRG4wIHCgI4BVz6cmmsLQ3xPY2XIlYmlH/Jnzjn2YsddtNKFf9tIbjV2WvN919ehz4NKF/bFqErja8W0y7xaG1pakAAZPiYn1o5OBYvhnqXhTS+zfXW/V828gA1zaO7i+leocmqE6uDnBtG5S8cYmlhqPwamwnl+W2MGZ9U98FZKI/KmcKxx0O54YwOQTSQIseasfw+PC2SmCeqGYME8qi4qwqFJexKxikOFupiHSYAKAJiSA3lNRMjVCnh0tt/TQNnYQ0UeHR9fGZs2j1gnxATItFSQO9i+WgRQIDEl4fIoAJA5ha0mru/+Lf4LXVSILdhf5oxejkKrk88CV53E1LcbydBNSgmScGvv3fuIG/RdWDomxikfuKN0rLKN6aih7+/ZHlr2Lvy2mIzdBo80lQYsoUwNkXe9ngBuZDkAOp8Tb8AzURLqCGzJRWqiKlGkbuWC8foZA/jIe+fN4HLc4/tf++2GyWLQOME+bKobIJ9e08cMG5cof4/LKNCgk4nCOYm1ak62KPdBl8ATM9Sd579Td2nKazYle8+qmvrli98aZbwFMggDDw/gAzSwu1XmTtoLDl1dk78YuLhjVavvOkJrgJSPES/0bDkHWuZi9Nu0oHcUg+aiahXaTt5CPR1LkDZXVrvORebPwH2LUuf3dM2u2sQcd9/KH0vdv1BR2PmlFiuYOQQASNscTl1VNeRLjyxSZc3fR0k8f6NrxZKdAcwbg5HcisukvMTbn+fEescTrjdQXzutmvvWjHHLZsbNbHKbw8J3TuRIc4UBUlLumHW2R6Xun+e0aGzE+gG/RfJELxNOFqIOAAMhd2YIRn5tr9MBUxH8RzogJDq3opo3xh/vHbqvYugDYp6cQXLb/LZjmiXpNGpcbjkN9yq7dezqcgjERZGpaecMwH6WGSKeQFNkJnfiqRCyQulNCo+ENE6VU4SJM6yuvmXmqIRGoK1VxvtfGa6estNzdfxOHzCRt7g+oNh1w4AsL7xLbD25+OBb1+x/yoAgAjU7RQbd4cO7ANWjHumnXWh8LfUvSUCTo5Zgr//+eY+p/CjYKABA64wzuIZJ02i9lQrrknSDC0x8Hcv/6uWujQIVtmOIdm099M48PwU4+oIAqz83nkPkZqc4D/ou+qMy7tTuMnIQxGp4WEy+vrGEq+fyU82jTMidIUbB0xaskS/8b3j04sJ2FSs0q3BIOdHZdDZ0hOYylIW7ePZGqU3p+PCGuGpdXGswbnE+1gKYly/VyHdnFVZxZLnAIs3Hw8ZrXA/xPoM1Xvj5SvW4wGB2nqp/4+/0pOQRqk+xBwazfqqoRjflojtDTB8DUTA5xiPhnJVX6FBm5p8nQCT5ZgnhjSR/3Pu4tmqDG5FqHa5k34ij2MwBQ4TY8dUVBv1dzbJfGKWr5X36DiUeSLLmgEEnK7GZYOo/6KuLNbWZUQ8lv28EIzskqE7IZVZRP6j4Cfo+v/V0sEFcbyzlYEp2nkBOVnVoSRqBZaZwSZCdJjRqG/vnu5aPCcM7I+8OBURhWmT9v1U/+MRAU6McBNbe+f9/457yxlHXHXEtyFQkF/ZVNB68ZxDuPen9gnKD2e/ntT347nRPbUduH4mvtQvZMxMGNx6s1FwmT+Fv9OGiLRzHGlxvb3xrxCr6ld+ar1Xv8JxNUqdsY9qo6rQ4YMLBc7M9BxKt0oZ/l5WksYZNYvrwLjHWUgC7vmB/Qn6x3xmBI5aZIZ4ZoL6Y0N5lHD1ENSqIIF8cn+zcVUY6lYT5VSC9kog4/28JYeyZQFf7IKUt+Xl2u47SMUdmeKHnagMWPC+ABErr8qKT78BD6sVJjzfpg0MO0APLkBRKIG2XOx+pU0+vVOSDzykz4hNOTjANN039f+43JyiRjbjn3jcfjAvMN84u/RJoAvZHny/PVN8Ycrs4019Nv1ftgalmlc/ny0GdalHq+7lHaWVlFN2xK7voZPqi/HL7umllFWB5yMrZx5v+zYoCQJqWt8BfgdpijUSktUeM2OuxgqquBIx4L0bEzfEdy82Qafbi8Tmmqjil72pwPomNeIHQMmMkH3xYDnvdvouG6IiNXqZeiPu2f6qjuan44zlSMp/yn4zX7+sO2lUUhgvbKmVpvMT3JPHsCVHSCB+11KVO6wNBxFu43XjQHdXUT3cmsq/IS8gIYbo2iaTt284PDYpUrNnqVqI81s5uecHbBg8eJQPPiKMJdEqSZXmlQ//OdftpGh8sSO4msruZS5HT+A/6j6OQ1D7GY5zH3StByP8lTsqEaIxBDkhDtLuq2rw2j2POsPXnbuVOpVzV0HLeii/vGJR1i4aOOEEbUPsRYnp3vzLK6u0yCBwKi29LADinFqK/SeJy7p8HGeCrFlSyjqhMec0pi5tFtNoeP53zgNAnyzD8I+pHfCJ8fk2tFQJVvjmxWWMbWXx51dY1dr5Ygqn4x9H4p4Uvo6Qi7ZCi2fSl0f64pQIEpb/2GaRNZdbc/hlO445pIVHXVcCvEBdS2aD1+DFimzert2y46v1F2ryWyNfeOJ46aB2YuPowC4VacSd8pb9ACckmrfo3ImKQsQHnDy3tfProV8Soy6Lf8lkScC9fmGed9aq42fsDSjg1529NoXnRixt7Y/jAUipdL96EqRxF3Hq3mfHQKx3W2CI//FWOGMKMU5+xUQIJ3VDBvHrS81SdOnWGoLtAhuyaMnTPaPb8GYm9goMo5xWBWoEjsjiOnQZmq9wcTeNv1ZQ5bsGdqWqrirwep1OkY34sJ0g0TT20R2zXrtRpdLQTPE9YhmSX6xZNiDa/d97rUkQieadZ6UV3AwYu7DQcBeplslznKfJh3Cenqh4NzdxHXqnsBRVNhjmKGnSkhUcKb2RTDuI7UHwakQHcu+0C0Fj2XP0BZSwIIXdeWeangv0GXxFW0legju+yOwYzGuFuoQ1/1rTU2mArLe0AsRAijtJifd1Z5dzwekq0qLxiu7a7pK1Lu+zAhFGJ9jRX1c68MQeY2QkI0rjHEXIsPXrAP8sIeSbL26WFdkKAselu3tZ5LBOC07Kn+8/ZWKvgQjXnlTw2NjlABPD1e/QcDNtcMh0gT36QpscwMfG2sjOM04+cPkvkZmhIm43BH144KPBIUr3wXYDll1va0wIqASxbu3BuabK9rTVuXGGAt8s8JZmzEQCl6bzP4BKJskbisj70y+7UDU7Q8c4besI4c8bu279rVyKTylRJQ5+SHMeVasIuvg/jV3UwFsVDuRvRcMnnVNuZum9m3L2pG52hb6Na23fDGo0lGXre7AEigOcNtkZOP3H+mcTvmqCMpogWNAKSTkd8hrYMsVC5psBq9TgbbDEQ/NRnEvUo4TtBm+e/fwSuamMmxfzW7awxvaPSt9HhALoRtcWvdYUezQidKCPms8M6BvaDoazIexq8vW/lfWFpTXbVd7Sjl62pQmncvD+3Qt9SgU+nESna73FGxeijKgXzdnOysGgBQ/U62zWFaR6UvuEe9yeAKsx1rhMffvCkIpLtgw23ffONM+Sq3hnTBW9ajFu5IBqNr32NYvRvb2EgFBfBJ7dxSG72syfktUu6qP3paW8I/yF+oeeLm/cpHrdvGr9QXDGO63dNGFZBXUQMG6TZfheqEbBa3pt5xnQXx+GHjWPmkXVuHwRBACnVzw39aPWYO+p/cvhcebJk0HGUT0YuHbzik+8bsjHIDCswuGS0PzTJvQIoKVDhd23z6yLmHQyrV3GrE+UJzRmeI0a5NlbaxUb19UxysGAFGedyqht2HnfYXSTGD2rPoK/DBaEkd8zmw6yBROEae2ALSmrMCYqcxQH1uNDNaH463M9NU4HVX5ondPzO8clEhDoVJyFifh6pIaBZaL6UQKYslR97hau74ZgR06WMtisN8yrw7Hg7oFgq3BhdPQkBLC0bnMT8rLzUkcttR7RmRSnVHS/++Tu86uaHP7Sfsfw2/yVgoz303wVtkSlpLZpCg6FFBMLzy57tV7L2toHsIg==,iv:rtK6wLav+VVlaMPkQHGOTC83Lch1fzkxop2fcxta8rc=,tag:teD9W7ah7yyu9ivmUSNMHw==,type:str] +sops: + kms: + - arn: arn:aws:kms:us-east-2:289708231103:alias/helm-secrets + created_at: "2024-06-12T15:34:29Z" + enc: AQICAHiG/4CitJjM31GdYxTw9OLz/Zs5oK+DCq0cU2fAjtAA3AGziO9KTtjnygn1XeF6zhFoAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMjWt4GXS6utJk8bo8AgEQgDuDngm34YpmieVdz5PNG6c4cFuw8uQUk3irnkPLg8/vKjbkUNr25d00kvnIje8B/myJbz3irpUItFzW+Q== + aws_profile: "" + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-06-14T15:44:36Z" + mac: ENC[AES256_GCM,data:lXCOEwiwHk8SYFepgOWikUbJ0nyeiUMZgZ5hFOLJemh2RN+1XORyMv//EzA/ybrUzcfEwxoFq3WuPx0LQ6LT/CYQtWqyuHnE8Mm4OqVAIWWWZVBMSvPpL5O0pto80jWW1pFFmzES/1hzcgsvbBMHTwGvI5AZMqSyaspA+h8/eZ4=,iv:JKb239VLt/gwtrZydRwPqghH09hiUAqfu84VoqGGFSQ=,tag:dGHOLBfevSFy7ixZhavRjg==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/cgw/secrets/values.postgres.yaml b/cgw/secrets/values.postgres.yaml new file mode 100644 index 0000000..3053a84 --- /dev/null +++ b/cgw/secrets/values.postgres.yaml @@ -0,0 +1,21 @@ +postgres: + pgUser: + password: ENC[AES256_GCM,data:QHV7Y5Jfes4=,iv:QTs0fu7behn1g2CLheoJROFHNYvN6OpS/vcQQC0NrMs=,tag:PeaRcoDsOrEjDN9KgHUEPA==,type:str] + cgwUser: + name: ENC[AES256_GCM,data:g6J6,iv:H4HxE5orLFXZFDDVD2tAS0PkOqNJ9j6SNu1ief7Snk0=,tag:Tuj9yjBcJzZBBZRtwAY33w==,type:str] + password: ENC[AES256_GCM,data:5K0f,iv:+g61dhYOOTbr8TwnwwLHgW17R+6zXpQT2PfgjvofvlI=,tag:1nSVXgkTC41d1AnDDE19Hg==,type:int] +sops: + kms: + - arn: arn:aws:kms:us-east-2:289708231103:alias/helm-secrets + created_at: "2024-06-12T13:45:13Z" + enc: AQICAHiG/4CitJjM31GdYxTw9OLz/Zs5oK+DCq0cU2fAjtAA3AEPrxIAaT+xE4C1IFYmWvmkAAAAfjB8BgkqhkiG9w0BBwagbzBtAgEAMGgGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMrFaPNxf0atKVKnFsAgEQgDu8uqj035qrcelG0Dq4/Ond4H5bmpUHNRVEj0C8BFxg+a4R3loIk4NBeyuA0yqC0cQeWnA5e+/SjVtGAA== + aws_profile: "" + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2024-06-25T17:29:15Z" + mac: ENC[AES256_GCM,data:gbXt2MRhlx9zGcm9ZvXjWuwSPh/QHkNngGx0j0UQ61jZTINRh4ZgERuUj7Vpo1tg/blIFWbl768wB89RAGq3n1C4AcQpX3xvC33QyCT0i4pitQmnec9RnJL0L197mioOikPxl8z56WE1014EV+Vvbk7rf1CQkqrrEIJINoqSdfE=,iv:ThbvKhY0fsaXJz9rORnvxY64vMWyM/IOgSI+kuFFbAQ=,tag:fSF4tdyf3wc5+uIfoYLc5g==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1