From ae5bfdf2f7d2d35e73cc3fd1f1b51d39ac4958c2 Mon Sep 17 00:00:00 2001 From: Nikholas Pcenicni <82239765+nikpcenicni@users.noreply.github.com> Date: Fri, 27 Mar 2026 19:16:31 -0400 Subject: [PATCH] Update Cilium application configuration to ignore differences for hubble-server-certs Secret, add Helm value files for better management, and enhance Argo CD kustomization with resource ordering and sync options. --- clusters/noble/apps/cilium/application.yaml | 44 ++-- clusters/noble/apps/cilium/helm-values.yaml | 36 +++ .../noble/bootstrap/argocd/kustomization.yaml | 1 + kubeconfig | 10 + talos/README.md | 210 +++++++++++++++++- talos/kubeconfig | 4 +- talos/talconfig.yaml | 10 + talos/talsecret.sops.yaml | 28 +-- 8 files changed, 294 insertions(+), 49 deletions(-) create mode 100644 clusters/noble/apps/cilium/helm-values.yaml create mode 100644 kubeconfig diff --git a/clusters/noble/apps/cilium/application.yaml b/clusters/noble/apps/cilium/application.yaml index cbf12ca..41b7d84 100644 --- a/clusters/noble/apps/cilium/application.yaml +++ b/clusters/noble/apps/cilium/application.yaml @@ -7,6 +7,15 @@ metadata: argocd.argoproj.io/sync-wave: "0" spec: project: default + # Helm TLS material for Hubble is rotated/generated; Argo SSA and CLI helm + # upgrades both touch Secret data and cause apply conflicts unless ignored. + ignoreDifferences: + - group: "" + kind: Secret + name: hubble-server-certs + namespace: kube-system + jqPathExpressions: + - .data destination: server: https://kubernetes.default.svc namespace: kube-system @@ -15,39 +24,16 @@ spec: chart: cilium targetRevision: 1.16.6 helm: - valuesObject: - k8sServiceHost: 192.168.50.20 - k8sServicePort: 6443 - cgroup: - autoMount: - enabled: false - hostRoot: /sys/fs/cgroup - ipam: - operator: - clusterPoolIPv4PodCIDRList: - - 10.244.0.0/16 - securityContext: - capabilities: - ciliumAgent: - - CHOWN - - KILL - - NET_ADMIN - - NET_RAW - - IPC_LOCK - - SYS_ADMIN - - SYS_RESOURCE - - DAC_OVERRIDE - - FOWNER - - SETGID - - SETUID - cleanCiliumState: - - NET_ADMIN - - SYS_ADMIN - - SYS_RESOURCE + valueFiles: + - $values/clusters/noble/apps/cilium/helm-values.yaml + - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git + targetRevision: HEAD + ref: values syncPolicy: automated: prune: true selfHeal: true syncOptions: - CreateNamespace=true + - RespectIgnoreDifferences=true diff --git a/clusters/noble/apps/cilium/helm-values.yaml b/clusters/noble/apps/cilium/helm-values.yaml new file mode 100644 index 0000000..faa43b9 --- /dev/null +++ b/clusters/noble/apps/cilium/helm-values.yaml @@ -0,0 +1,36 @@ +# Same settings as the Argo CD Application (keep in sync). +# Used for manual `helm install` before Argo when Talos uses cni: none. +# +# operator.replicas: chart default is 2 with required pod anti-affinity. If fewer +# than two nodes can schedule (e.g. NotReady / taints), `helm --wait` never finishes. +k8sServiceHost: 192.168.50.20 +k8sServicePort: 6443 +cgroup: + autoMount: + enabled: false + hostRoot: /sys/fs/cgroup +ipam: + operator: + clusterPoolIPv4PodCIDRList: + - 10.244.0.0/16 +securityContext: + capabilities: + ciliumAgent: + - CHOWN + - KILL + - NET_ADMIN + - NET_RAW + - IPC_LOCK + - SYS_ADMIN + - SYS_RESOURCE + - DAC_OVERRIDE + - FOWNER + - SETGID + - SETUID + cleanCiliumState: + - NET_ADMIN + - SYS_ADMIN + - SYS_RESOURCE + +operator: + replicas: 1 diff --git a/clusters/noble/bootstrap/argocd/kustomization.yaml b/clusters/noble/bootstrap/argocd/kustomization.yaml index 779f128..73c37f6 100644 --- a/clusters/noble/bootstrap/argocd/kustomization.yaml +++ b/clusters/noble/bootstrap/argocd/kustomization.yaml @@ -4,6 +4,7 @@ namespace: argocd resources: - namespace.yaml - https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.7/manifests/install.yaml + # Apply after install.yaml CRDs are Established (see README bootstrap); same file for GitOps retries. - default-appproject.yaml - argocd-server-lb.yaml diff --git a/kubeconfig b/kubeconfig new file mode 100644 index 0000000..5e42be7 --- /dev/null +++ b/kubeconfig @@ -0,0 +1,10 @@ +apiVersion: v1 +clusters: +- cluster: + server: https://192.168.50.230:6443 + name: noble +contexts: null +current-context: "" +kind: Config +preferences: {} +users: null diff --git a/talos/README.md b/talos/README.md index 6817818..2b1f055 100644 --- a/talos/README.md +++ b/talos/README.md @@ -13,10 +13,18 @@ cluster: Edit `talconfig.yaml`: - `endpoint` (Kubernetes API VIP or LB IP) +- **`additionalApiServerCertSans`** / **`additionalMachineCertSans`**: must include the + **same VIP** (and DNS name, if you use one) that clients and `talosctl` use — + otherwise TLS to `https://:6443` fails because the cert only lists node + IPs by default. This repo sets **`192.168.50.230`** (and + **`kube.noble.lab.pcenicni.dev`**) to match kube-vip. - each node `ipAddress` - each node `installDisk` (for example `/dev/sda`, `/dev/nvme0n1`) - `talosVersion` / `kubernetesVersion` if desired +After changing SANs, run **`talhelper genconfig`**, re-**apply-config** to all +**control-plane** nodes (certs are regenerated), then refresh **`talosctl kubeconfig`**. + ## 2) Generate cluster secrets and machine configs From this directory: @@ -88,15 +96,94 @@ kubectl cluster-info Avoid pasting `https://` twice when running `kubectl config set-cluster ... --server=...`. +### `kubectl apply` fails: `localhost:8080` / `openapi` connection refused + +`kubectl` is **not** using a real cluster config; it falls back to the default +`http://localhost:8080` (no `KUBECONFIG`, empty file, or wrong file). + +Fix: + +```bash +cd talos +export KUBECONFIG="$(pwd)/kubeconfig" +kubectl config current-context +kubectl cluster-info +``` + +Then run `kubectl apply` from the **repository root** (parent of `talos/`) in +the same shell. Do **not** use a literal `cd /path/to/...` — that was only a +placeholder. Example (adjust to where you cloned this repo): + +```bash +export KUBECONFIG="${HOME}/Developer/home-server/talos/kubeconfig" +``` + +`kubectl config set-cluster noble ...` only updates the file **`kubectl` is +actually reading** (often `~/.kube/config`). It does nothing if `KUBECONFIG` +points at another path. + ## 6) GitOps-pinned Cilium values The Cilium settings that worked for this Talos cluster are now persisted in: -- `clusters/noble/apps/cilium/application.yaml` +- `clusters/noble/apps/cilium/helm-values.yaml` +- `clusters/noble/apps/cilium/application.yaml` (Helm chart + `valueFiles` from this repo) -That Argo CD `Application` pins chart `1.16.6` and includes the required Helm -values for this environment (API host/port, cgroup settings, IPAM CIDR, and -security capabilities), so future reconciles do not drift back to defaults. +That Argo CD `Application` pins chart `1.16.6` and uses the same values file +for API host/port, cgroup settings, IPAM CIDR, and security capabilities. + +### Cilium before Argo CD (`cni: none`) + +This cluster uses **`cniConfig.name: none`** in `talconfig.yaml` so Talos does +not install a CNI. **Argo CD pods cannot schedule** until some CNI makes nodes +`Ready` (otherwise the `node.kubernetes.io/not-ready` taint blocks scheduling). + +Install Cilium **once** with Helm from your workstation (same chart and values +Argo will manage later), **then** bootstrap Argo CD: + +```bash +helm repo add cilium https://helm.cilium.io/ +helm repo update +helm upgrade --install cilium cilium/cilium \ + --namespace kube-system \ + --version 1.16.6 \ + -f clusters/noble/apps/cilium/helm-values.yaml \ + --wait --timeout 10m +kubectl get nodes +kubectl wait --for=condition=Ready nodes --all --timeout=300s +``` + +If **`helm --install` seems stuck** after “Installing it now”, it is usually still +pulling images (`quay.io/cilium/...`) or waiting for pods to become Ready. In +another terminal run `kubectl get pods -n kube-system -w` and check for +`ImagePullBackOff`, `Pending`, or `CrashLoopBackOff`. To avoid blocking on +Helm’s wait logic, install without `--wait`, confirm Cilium pods, then continue: + +```bash +helm upgrade --install cilium cilium/cilium \ + --namespace kube-system \ + --version 1.16.6 \ + -f clusters/noble/apps/cilium/helm-values.yaml +kubectl get pods -n kube-system -l app.kubernetes.io/part-of=cilium -w +``` + +`helm-values.yaml` sets **`operator.replicas: 1`** so the chart default (two +operators with hard anti-affinity) cannot deadlock `helm --wait` when only one +node can take the operator early in bootstrap. + +If **`helm upgrade` fails** with a server-side apply conflict on +`kube-system/hubble-server-certs` and **`argocd-controller`**, Argo already +synced Cilium and owns that Secret’s TLS fields. The **`cilium` Application** +uses **`ignoreDifferences`** on that Secret plus **`RespectIgnoreDifferences`** +so GitOps and occasional CLI Helm runs do not fight over `.data`. Until that +manifest is applied in the cluster, either **suspend** the `cilium` Application +in Argo, or delete the Secret once (`kubectl delete secret +hubble-server-certs -n kube-system`) and re-run **`helm upgrade --install`** +before Argo reconciles again. After bootstrap, prefer **`kubectl -n argocd get +application cilium -o yaml`** / Argo UI to sync Cilium instead of ad hoc +Helm, unless you suspend the app first. + +If nodes were already `Ready`, you can skip straight to section 7. ## 7) Argo CD app-of-apps bootstrap @@ -111,9 +198,13 @@ Bootstrap once from your workstation: ```bash kubectl apply -k clusters/noble/bootstrap/argocd +kubectl wait --for=condition=Established crd/appprojects.argoproj.io --timeout=120s +kubectl apply -f clusters/noble/bootstrap/argocd/default-appproject.yaml kubectl apply -f clusters/noble/root-application.yaml ``` +If the first command errors on `AppProject` (“no matches for kind `AppProject`”), the CRDs were not ready yet; run the `kubectl wait` and `kubectl apply -f .../default-appproject.yaml` lines, then continue. + After this, Argo CD continuously reconciles all applications under `clusters/noble/apps/`. @@ -300,3 +391,114 @@ talosctl --talosconfig ./clusterconfig/talosconfig version kubectl get nodes -o wide ``` +## 12) Destroy the cluster and rebuild from scratch + +Use this when Kubernetes / etcd / Argo / Longhorn state is corrupted and you want a +**clean** cluster. This **wipes cluster state on the nodes** (etcd, workloads, +Longhorn data on cluster disks). Plan for **downtime** and **backup** anything +you must keep off-cluster first. + +### 12.1 Reset every Talos node (Kubernetes is destroyed) + +From `talos/` with a working **`talosconfig`** that matches the machines (same +`TALOSCONFIG` / `ENDPOINT` guidance as elsewhere in this README): + +```bash +cd talos +export TALOSCONFIG="$(pwd)/clusterconfig/talosconfig" +export ENDPOINT=192.168.50.230 +``` + +Reset **one node at a time**, waiting for each to reboot before the next. Order: +**worker first**, then **non-bootstrap control planes**, then the **bootstrap** +control plane **last** (`noble-cp-1` → `192.168.50.20`). + +```bash +talosctl -e "${ENDPOINT}" -n 192.168.50.10 reset --graceful=false +talosctl -e "${ENDPOINT}" -n 192.168.50.30 reset --graceful=false +talosctl -e "${ENDPOINT}" -n 192.168.50.40 reset --graceful=false +talosctl -e "${ENDPOINT}" -n 192.168.50.20 reset --graceful=false +``` + +If the API VIP is already unreachable, target the **node IP** as endpoint for that +node, for example: +`talosctl -e 192.168.50.10 -n 192.168.50.10 reset --graceful=false`. + +Your workstation **`kubeconfig`** will not work for the old cluster after this; +that is expected until you bootstrap again. + +### 12.2 (Optional) New cluster secrets + +For a fully fresh identity (new cluster CA and `talosconfig`): + +```bash +cd talos +talhelper gensecret > talsecret.sops.yaml +# encrypt / store talsecret as you usually do, then: +talhelper genconfig +``` + +If you **keep** the existing `talsecret.sops.yaml`, still run **`talhelper genconfig`** +so `clusterconfig/` matches what you will apply. + +### 12.3 Apply configs, bootstrap, kubeconfig + +Repeat **§3 Apply Talos configs** and **§4 Bootstrap the cluster** (and **§5 +Validate**) from the top of this README: `apply-config` each node, then +`talosctl bootstrap`, then `talosctl kubeconfig` into `talos/kubeconfig`. + +### 12.4 Redeploy GitOps (Argo CD + apps) + +From your workstation (repo root), with `KUBECONFIG` pointing at the new +`talos/kubeconfig`: + +```bash +# Set REPO to the directory that contains both talos/ and clusters/ (not a literal "path/to") +REPO="${HOME}/Developer/home-server" +export KUBECONFIG="${REPO}/talos/kubeconfig" +cd "${REPO}" +kubectl apply -k clusters/noble/bootstrap/argocd +kubectl apply -f clusters/noble/root-application.yaml +``` + +Resolve **Argo CD admin** login (secret / password reset) as needed; then let +`noble-root` sync `clusters/noble/apps/`. + +## 13) Mid-rebuild issues: etcd, bootstrap, and `apply-config` + +### `tls: certificate required` when using `apply-config --insecure` + +After a node has **joined** the cluster, the Talos API expects **client +certificates** from your `talosconfig`. `--insecure` only applies to **maintenance** +(before join / after a reset). + +**Do one of:** + +- Apply config **with** `talosconfig` (no `--insecure`): + +```bash +cd talos +export TALOSCONFIG="$(pwd)/clusterconfig/talosconfig" +export ENDPOINT=192.168.50.230 +talosctl -e "${ENDPOINT}" apply-config -n 192.168.50.30 -f clusterconfig/noble-noble-cp-2.yaml +``` + +- Or **`talosctl reset`** that node first (see §12.1), then use + `apply-config --insecure` again while it is in maintenance. + +### `bootstrap`: `etcd data directory is not empty` + +The bootstrap node (`192.168.50.20`) already has a **previous etcd** on disk (failed +or partial bootstrap). Kubernetes will not bootstrap again until that state is +**wiped**. + +**Fix:** run **`talosctl reset --graceful=false`** on the **control plane nodes** +(at minimum the bootstrap node; often **all four nodes** is cleaner). See §12.1. +Then re-apply machine configs and run **`talosctl bootstrap` exactly once**. + +### etcd unhealthy / “Preparing” on some control planes + +Usually means **split or partial** cluster state. The reliable fix is the same +**full reset** (§12.1), then a single ordered bring-up: apply all configs → +bootstrap once → `talosctl health`. + diff --git a/talos/kubeconfig b/talos/kubeconfig index 53e2256..ea245be 100644 --- a/talos/kubeconfig +++ b/talos/kubeconfig @@ -21,8 +21,8 @@ preferences: {} users: - name: admin@noble user: - client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJnekNDQVNxZ0F3SUJBZ0lRVzZVMVVxdk84SnJZUkpzYWJFbVJQVEFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSTJNRE15TnpBM01UVTBNbG9YRFRJM01ETXlOekEzTVRVMQpNbG93S1RFWE1CVUdBMVVFQ2hNT2MzbHpkR1Z0T20xaGMzUmxjbk14RGpBTUJnTlZCQU1UQldGa2JXbHVNRmt3CkV3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFYWxMVUdzcXpkdGk5ekNSb1FMc0F3dlA0RjExaC95TzgKQy9neVNZVXRpMW9aLzd4VUdnUElVaUpKWHpLc3VocDhZSU4xYVpEWXZLNSsyN1BLbm1WM3g2TklNRVl3RGdZRApWUjBQQVFIL0JBUURBZ1dnTUJNR0ExVWRKUVFNTUFvR0NDc0dBUVVGQndNQ01COEdBMVVkSXdRWU1CYUFGTCt4CjRpelRpQjlQYVVvdFl1T1V4bXFGTTBYdE1Bb0dDQ3FHU000OUJBTUNBMGNBTUVRQ0lBSUVXbW1UbHlja1piQ0kKNnBDaDRzOWd2aVJCZ2k4NkFwSTFRMVFXTGIzRUFpQjVJMEZXK0V0d2o4bU5NUHVaRk1UUWlIM1o1ZTA4dlNNSQpkajBBdWpRZzZnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUlRU3ZNMFp1a2NVR0RwdndVYTJjRnFoMjFGYWdQRy9kN2Z6bjRDWlZMVzZvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFYWxMVUdzcXpkdGk5ekNSb1FMc0F3dlA0RjExaC95TzhDL2d5U1lVdGkxb1ovN3hVR2dQSQpVaUpKWHpLc3VocDhZSU4xYVpEWXZLNSsyN1BLbm1WM3h3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= + client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJoVENDQVN1Z0F3SUJBZ0lSQUtvRFZDbFc5THVVU2JPWEhWNVJBclF3Q2dZSUtvWkl6ajBFQXdJd0ZURVQKTUJFR0ExVUVDaE1LYTNWaVpYSnVaWFJsY3pBZUZ3MHlOakF6TWpjeU1qSTRNalJhRncweU56QXpNamN5TWpJNApNelJhTUNreEZ6QVZCZ05WQkFvVERuTjVjM1JsYlRwdFlYTjBaWEp6TVE0d0RBWURWUVFERXdWaFpHMXBiakJaCk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQk5CM1VNWjdBSjl6RzB5SDJ6V3A2Sk1QcW1rU3U4amIKVGZyazVvVUF0NkhuL29UbkhNM0RwM3R5M2lieFpTU3dMdkhPd3Y3azl5L3JuL2FiL0dmZ3NCZWpTREJHTUE0RwpBMVVkRHdFQi93UUVBd0lGb0RBVEJnTlZIU1VFRERBS0JnZ3JCZ0VGQlFjREFqQWZCZ05WSFNNRUdEQVdnQlMvCnNlSXMwNGdmVDJsS0xXTGpsTVpxaFRORjdUQUtCZ2dxaGtqT1BRUURBZ05JQURCRkFpQlBzQmVicjUxa3J6WHoKWjIvaWNaWnpSWXNpRVBXSzF3K0xyMm5acE9ya1Z3SWhBS3F1WmVhYW8xTWxNam5ZK291ZjUrbnl0ZFp3TFVFNwpLZEQ3ak5obmpjY1EKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU9uL0tLMXlNM2RiUEhhQ2ZKVUcweWc5NktPNzRiSGRzN3VpSGIzeWFwenRvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFMEhkUXhuc0FuM01iVElmYk5hbm9rdytxYVJLN3lOdE4rdVRtaFFDM29lZitoT2NjemNPbgplM0xlSnZGbEpMQXU4YzdDL3VUM0wrdWY5cHY4WitDd0Z3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= - name: admin@noble-1 user: client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJoRENDQVNxZ0F3SUJBZ0lRUStjVHg3OWxZdlFkYUROTDZLZTlqVEFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSTJNRE15TnpBM01UVXpNVm9YRFRJM01ETXlOekEzTVRVMApNVm93S1RFWE1CVUdBMVVFQ2hNT2MzbHpkR1Z0T20xaGMzUmxjbk14RGpBTUJnTlZCQU1UQldGa2JXbHVNRmt3CkV3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFVzBtcGlCbHA0OEQ3SFU5eVFIS2MwblhCOTJxYzNoNFoKT2pya0xGRksxRnBsOE5xVFdEV2x3NmpsWUFlRWdzL0E1NzB3QzFrazRoZGdiZGJGZ2hZcmJxTklNRVl3RGdZRApWUjBQQVFIL0JBUURBZ1dnTUJNR0ExVWRKUVFNTUFvR0NDc0dBUVVGQndNQ01COEdBMVVkSXdRWU1CYUFGTCt4CjRpelRpQjlQYVVvdFl1T1V4bXFGTTBYdE1Bb0dDQ3FHU000OUJBTUNBMGdBTUVVQ0lRRGdQaDdJUjV0RjhmL3UKRks1N2RpZVplOHoyeEVPWUxYYnZid0pIQXZIMWp3SWdCaW5qOEJHZXVRejZ6QUFjU2Z6aWRTYWlWMlpvZElDUApWZlcrckE3ZzV6MD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= diff --git a/talos/talconfig.yaml b/talos/talconfig.yaml index a944186..4f6d26a 100644 --- a/talos/talconfig.yaml +++ b/talos/talconfig.yaml @@ -4,6 +4,16 @@ talosVersion: v1.12.5 kubernetesVersion: v1.31.1 allowSchedulingOnControlPlanes: true +# kube-vip fronts the Kubernetes API at this IP (see clusters/noble/apps/kube-vip). +# Without these SANs, TLS to https://192.168.50.230:6443 fails (cert does not match). +# Talos API (talosctl -e) also uses endpoint; include VIP in machine cert SANs. +additionalApiServerCertSans: + - 192.168.50.230 + - kube.noble.lab.pcenicni.dev + +additionalMachineCertSans: + - 192.168.50.230 + # Use Cilium installed via GitOps (no bundled Talos CNI). cniConfig: name: none diff --git a/talos/talsecret.sops.yaml b/talos/talsecret.sops.yaml index 3d41539..df376d3 100644 --- a/talos/talsecret.sops.yaml +++ b/talos/talsecret.sops.yaml @@ -1,23 +1,23 @@ cluster: - id: FhV8A1tRzXT32GXHpVevBU7p7HJUb3nCZajSpseHGe4= - secret: vhljddQzn/bTLvVpLG2/GysSF36jWowbZn10cc6aLVA= + id: kT-NVPu4QlAStlRSvgxXul7uf9FBBJ825WWQ4ybQP24= + secret: b2jPTHcPR1GlOBwwdFBu2plsPczRXs17KcuH9RPtNa4= secrets: - bootstraptoken: tr094l.h13snimxwge8clts - secretboxencryptionsecret: mBXrzcwJFcRIKPaoL+2v41eh1F6CJ5xRm437BvAv59M= + bootstraptoken: j2n63x.34f5io55z56drw06 + secretboxencryptionsecret: zP+KwKUwfXAQoetluPzCLhjbBqHhiUgsM/bKmPcUPP0= trustdinfo: - token: 2u1g6w.04nz6h435zz8eo1u + token: wlan0h.3aon1n2fndwbp3z7 certs: etcd: - crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmVENDQVNPZ0F3SUJBZ0lRVTd5ZXhlOHNYc1BDa1V3eHFuenpsVEFLQmdncWhrak9QUVFEQWpBUE1RMHcKQ3dZRFZRUUtFd1JsZEdOa01CNFhEVEkyTURNeU56QTJOVFkwTkZvWERUTTJNRE15TkRBMk5UWTBORm93RHpFTgpNQXNHQTFVRUNoTUVaWFJqWkRCWk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQk9jVUZVWWJFQjF1Ckt4clQ3bFhYakpSSmc5bng5Qk52ZTFJV0wxczBsVjVvbWN6SVo1d3FxRjdJOHJaNzIrUUpDS2R0QXh5OUhSeDcKWU9XcG1vcXduMWFqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjRApBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVd1JRUW1YVy9qV1JDCkxPL2lNV2FlaUNKd3pKRXdDZ1lJS29aSXpqMEVBd0lEU0FBd1JRSWdBeXVXTXZ0N1pyNWs1aDRJbkxlUWIwQkIKb0hZM0xpMEpiOUhTcmdPK2hZa0NJUUNYT2VwSzJ6Z20rbUdBRFFkdXNlaklmR0Z3SHNSRVRRU3Z0R3R4RE5FaQpQdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUtGbGxleS9LNGMvanNXMGQ4R1h0UnFudTFDNVNzVmF3RUd1ZkNHN1d3OG5vQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFNXhRVlJoc1FIVzRyR3RQdVZkZU1sRW1EMmZIMEUyOTdVaFl2V3pTVlhtaVp6TWhubkNxbwpYc2p5dG52YjVBa0lwMjBESEwwZEhIdGc1YW1haXJDZlZnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= + crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmekNDQVNTZ0F3SUJBZ0lSQUpubnFkSVBhVkNKVGZCcGlMdkpMYUF3Q2dZSUtvWkl6ajBFQXdJd0R6RU4KTUFzR0ExVUVDaE1FWlhSalpEQWVGdzB5TmpBek1qY3lNak0xTkRCYUZ3MHpOakF6TWpReU1qTTFOREJhTUE4eApEVEFMQmdOVkJBb1RCR1YwWTJRd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFRbGNRMThnZEhaCndlUTg1cDFXcHBmb1ZMS1BYRXNQRWVlcWczc29IMkFMWWtCSHFGN0I5UlczK3Q3UitlMjFIMGhKWlI2U1Y2WUQKTGlzRUV1d1hNN0tvbzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSApBd0VHQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRklPSGk2Q3pqUWVOCk9lUGxSeXNOTjZ5VFQyVlNNQW9HQ0NxR1NNNDlCQU1DQTBrQU1FWUNJUUNzZ3ZkRUV1SlExSmkxdi94UUQzRXoKS2todTJpQjBoTExMNktPcXpXYUhpZ0loQUtzSGY1YWlhb0FtR2dSM1NoNW5xMVUrN1FlbkRUWFZPcFVFcjRtagpCRFBVCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUpQYlJTTzA5RnhNVFZXeVBhb2xSTXVNT21rQ0duTm1JdDhLRGgvcjV1djNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFSlhFTmZJSFIyY0hrUE9hZFZxYVg2RlN5ajF4TER4SG5xb043S0I5Z0MySkFSNmhld2ZVVgp0L3JlMGZudHRSOUlTV1Vla2xlbUF5NHJCQkxzRnpPeXFBPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= k8s: - crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpRENDQVMrZ0F3SUJBZ0lRQjJqRHdiclpVQXVqU0NpMjVkcEkxVEFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSTJNRE15TnpBMk5UWTBORm9YRFRNMk1ETXlOREEyTlRZMApORm93RlRFVE1CRUdBMVVFQ2hNS2EzVmlaWEp1WlhSbGN6QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VICkEwSUFCTytlK3dhN0V4SW8yN2w4a01yR0ROOTNMbFVtMytGT201Y3FmRkZ2RXdOYTgrT1loM1NPQzFCTWY0S1QKNnVrNTMwZlA1T0VrbFpOTTBCV3N4VkpOQzhxallUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWRCZ05WSFNVRQpGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFCkZnUVV2N0hpTE5PSUgwOXBTaTFpNDVUR2FvVXpSZTB3Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnTmVkdUdsK3AKMzRQdmdGbUJMdmZIWlBzV1hqNmVQa2p0OE8yS0pHUUIvdDRDSUcyNTVIZnYzT09QR0tnYTNMby81L083cjh1bwpyMGhyNDNJR0ltME1FUkZECi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUlKMlNxb0pLQnhLTitOMGpWMW9UYnhsK1pSanlvUDJjNElwYW01OWJJZ25vQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFNzU3N0Jyc1RFaWpidVh5UXlzWU0zM2N1VlNiZjRVNmJseXA4VVc4VEExcno0NWlIZEk0TApVRXgvZ3BQcTZUbmZSOC9rNFNTVmswelFGYXpGVWswTHlnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= + crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVRDZ0F3SUJBZ0lSQUtRUFR2ditFRXZZa1NaWDJpYWszZWt3Q2dZSUtvWkl6ajBFQXdJd0ZURVQKTUJFR0ExVUVDaE1LYTNWaVpYSnVaWFJsY3pBZUZ3MHlOakF6TWpjeU1qTTFOREJhRncwek5qQXpNalF5TWpNMQpOREJhTUJVeEV6QVJCZ05WQkFvVENtdDFZbVZ5Ym1WMFpYTXdXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CCkJ3TkNBQVQzL0lkYXdOeUpBekcyYlRmWXFSdW5mNktPTlVPU3FheVF1czhhQnZwbE9BTWxCV1RiNXp0RzVWYm0KTEhheUhWTjZ2OFZ0U0svRnZzUlphVjh3MERXWG8yRXdYekFPQmdOVkhROEJBZjhFQkFNQ0FvUXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPCkJCWUVGSnYrUkY1WnQ3b3A0VmRsUWZvaWp1UmZpVldJTUFvR0NDcUdTTTQ5QkFNQ0EwY0FNRVFDSUY4MlYzamkKelFPd3hic1JITjh3dXloak9XZVJET1FCa3Z6STgxcEhJY2lJQWlCdGN3VXpIYXZCS2pZRzloSDUwL3E2Y1Vjagpmc0w4T3A1bnhiYkZ0bTlXZFE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUdNTSt6S2VuVFdTeHRhTStySnBxUXk5MEVsWkU4aXU5WFcwUVJ1RFI0RjBvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFOS95SFdzRGNpUU14dG0wMzJLa2JwMytpampWRGtxbXNrTHJQR2diNlpUZ0RKUVZrMitjNwpSdVZXNWl4MnNoMVRlci9GYlVpdnhiN0VXV2xmTU5BMWx3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= k8saggregator: - crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJYekNDQVFhZ0F3SUJBZ0lSQVBuMUdTa1BNUHFISkJ3b0lCM3JzWEF3Q2dZSUtvWkl6ajBFQXdJd0FEQWUKRncweU5qQXpNamN3TmpVMk5EUmFGdzB6TmpBek1qUXdOalUyTkRSYU1BQXdXVEFUQmdjcWhrak9QUUlCQmdncQpoa2pPUFFNQkJ3TkNBQVRCZEp3SEtYMXM2KzcxQ0c3SHFzSWFpQnRBYkd0TlBEVkJoMEt1ZG1OaXpnYjlpT3JVCjFDb2JUaG9WbXB1R2tYUGVzb0gyUXRXK21UVUtKSnk5YWQxMm8yRXdYekFPQmdOVkhROEJBZjhFQkFNQ0FvUXcKSFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4dwpIUVlEVlIwT0JCWUVGRW5lb1JtQ1B3MmVRNGVMSkJkMCtreUFJQ1ZsTUFvR0NDcUdTTTQ5QkFNQ0EwY0FNRVFDCklEY2FMblZ4YWRkYXhqcWcxbEFaMDBDQ201Qm1CZzhiU0ZpTXN0ZzFWNk0vQWlBTkJWeWZoU1JLM3ZSTzV1MTYKTHNydmpuaXd3ZGNlOFo2eVBYZUVZcWs4VXc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU90WGtCUlNUY3ptQzZzSDJES2Z4WmVPb0JIR2xzVlF6M0VHYWhDdnZVUWhvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFd1hTY0J5bDliT3Z1OVFodXg2ckNHb2diUUd4clRUdzFRWWRDcm5aallzNEcvWWpxMU5RcQpHMDRhRlpxYmhwRnozcktCOWtMVnZwazFDaVNjdlduZGRnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= + crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJYekNDQVFXZ0F3SUJBZ0lRTW1jcXNFSXo1TlY4TGlaVGFGZzVhakFLQmdncWhrak9QUVFEQWpBQU1CNFgKRFRJMk1ETXlOekl5TXpVME1Gb1hEVE0yTURNeU5ESXlNelUwTUZvd0FEQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxRwpTTTQ5QXdFSEEwSUFCSjA3MjdwNklmSlVua1VHNVk4dUlDUTVMeWNzZGl0YmU1WWprTFRleXhOTU5uZXVrTUZaCjRwQTQ0azd0WWVBejJGbTQra0p5Nzk0SkM5Vy9YMjZZR0lDallUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWQKQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZApCZ05WSFE0RUZnUVVuYit0Q2h4eENEWFk1VkZqb3NHTVc0dTRqWk13Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUlnCkJLL0t6WlNyWERHZVM5bFZ1UllBMzJHbW1DZmxvbzk1Tkw3Z0pUVTFlTlVDSVFENlhHODl5WEM1RWcyVFlYM1EKdW0vWUdlUzlOUkV1TnRjNGhSaWx5a1RQMXc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUhTNHhwbnNhQ3g5REtETUtEV2hxQktEaWpKMUEwbkJ5akVJazRibEhtV1JvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFblR2YnVub2g4bFNlUlFibGp5NGdKRGt2Snl4MksxdDdsaU9RdE43TEUwdzJkNjZRd1ZuaQprRGppVHUxaDREUFlXYmo2UW5MdjNna0wxYjlmYnBnWWdBPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo= k8sserviceaccount: - key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS2dJQkFBS0NBZ0VBdFdadlNyVmlQd1RBcEo2K0FBOVpwOEVwbHV3SzNqZmYzaXlzMWxna0Q4K0gwWE1SCm1pbTRlQVpBR05SSS8xVERvMVIxY2lTdlA3MFgwTk1SeEVqY21jS1NQYWU2TnhyU3ptbXF2ajM5akpRQ2F2VkoKY3EvcTEreUJ0anVNYkJFTDNHSFlBU1FwUXVXOVRZTDAzU0h1YkpSYXUrcWlCU0YrWDJFZlo3ZGtKTFVXbC9xWgpiZlMzWVZTWFJVbFZxYjJSQ2pzTHZ0V2RXMjBZK1FEZ1dERms1WlhKWnloRzNNeEp6NkdQU1pxZ0NJYkRUNkluCkNZSFRZaGVpQUFGcG5xKzJwNUxaRnRoMU04YzdDRnU0dVY4ZWJ6OG40aTdCUVpYWnFCSExqU2U5Y0xsV05MWTkKZGtpdHNXZk1qbjhnMXgwUWpqSEoxeFJzMmM1ekVpWlVOYnZhZkNDV0FQbXg5MDFsVmNvS3RvSEpQL2VoYUVPaApqMUdld1V0K2hIbUlvSm5lbnQ0RVRGTmVvSEdhZC9NS1dUNWNjWEw2SUUyc2FSUjM2OVcvRU16cTZyWURoUDNyCm5oT0RBdldnVHVGUE9ucjR5RUJ0dHJCVzNCVTZZd3Jhb3FvYzhhVGlGMWJnemNuQmVKc0piRlpVN0hjVmxpc2MKNnFCWWNncHFoUUhUelV6OXduZ3hLNHV4QXlCUnlZRm15akNoUVZGSjd4UWZlYVRWRVovTnc5c1hZL2xSZDh5dQppMU56emxnMGVlWHRiQ01KY2FkT1dPZEZZaDd0QkZXYjZvZC9GbjV6WVBFY0JLdDFIb0laT1JJMzdDN2RrT042Cm1uZjJscEZVNk9idU5LN050azJwak1pRmMzVHVDZ3d4R281WSszb01TSFBzTWhFakNabHQwZ1MvbGJzQ0F3RUEKQVFLQ0FnQWlua0RnOWdxZzBpeGRmam51VXYrZUp4dmp4SG95ZkdGSnlpYlY1UTVFd2lzK1NvSnlkRUhURGdaUApkcnZUbG42YmZmUEg2NzVTSUtrWjNoNEc0b3pPL3pYZmRGSHlVRGtvMFR1WGdNY1JlL0dXTGVkdGJxc1h0L2Z0CktpSWJRWW1NN2xORnJIdi9XMDZzS3pERnZzTDhqN2RkSTJMMkxiVXJTS0t3cld2OElWOEZjL3F4NUVEVzMwamIKSFNxdThSRnI3V2JKYllUUlBObkdNMmVkRFJnZlJGMmlSU3A0MnJlL1d5cTROajBTUTMya2hlS0RTdlpuUXZGVQpwUEJlSzFSbFdIMzdnU1drMHdHdUQ2c0tIVi8yaFF2OGUwWEFXWE9uUW5ZaEl4TmhIczJYMDZ1WkZqZW5vcEtFCkl6akdOTExESURkUHg0TWFjZTY5NlBpckpJV0dWbHNTTDRESWJXekZNdE9lbmE5bFFncDNtZXpEWWN6dk9uT2gKZjF6K05EYi9jKzY0dzh5UGQxSHRJY3ZQaEgxc205RmtRU2lGVFJFK0lvVk1ONDVrT0gwb0NGZ2YwdlN3SEF6Lwo4dnlaUTh2UVpkdEZFNlluOGE1R0xUZ3p4aHBXdzJxV0E3ZEpLVGwxbWo2RDZ5d0tjRjVnaHAvSUgyRXp0VzFuCnJpRzUrVGFsaDk1SWVaSDNTYzRQZHZXTUd5ZnNEaHRGejgwWWpEQjR0ZG1PTkJRcU1kNmdwMFkrVWxySnR2RTEKYk1tU3VPTkJNRngvQmwwSncrelQ0YUpndHNzZzFwSmJpeXU1RlJRd3VQRkF0dWgyQWdCTld4blR4STlVMG9QdApITGREMjA1bktPYXBVRDFkeTZQbUdKRUFWVlhHMXEwUi91K0ZOL3AzejhkeEY5amU0UUtDQVFFQXlrTS9FbGtkCkZmZkNmbzV1amYwZUJZai9WSjlGaVFoK2xYK1FIVFEzM0hLZG5FTmFSYXFiODlsUEJDdmJ5L2tKZ2VpaTRyTysKRDgvb1cvRndpQk1sY3Y1Y1k0Nmo4ZEFvbjFFSm00U0k2VWRhTXl6cjM3SFh6L2o3aWJOWlAyaXNET3o5UTNYegpIUDVabEJZY0U2U0hTWDFOOXFwd21OR1l5dEY4aC9jdHkzNzlnREZrSXZsM00rM2xYMWhkc0ZaSVZuTmlVWFRTCmRIUFBBZjJ3clJ2bHdkbDJ1M0JZNGtZaVlKRXRsR0Y1bnl3eDZXR3B1bUtoaEM3SXF4OGU2TERiem01UkV3N0QKUElMZDlpbERweFpuZzRPSCtIQ0NISzU1bS9WQWFpRm12RFRMSTFHUWVLQVpMZ25QWUZiWFNqODlnK3JZR0p4VQpFL1lMSTR2YWFLY05FUUtDQVFFQTVaZzhyc1hPejdCK3BuNElSTHJSUC9GYy9oRDZkTmY4Qm5DdHc4bkRuYkVJCkdFS3BMTVNNK2xhbklKYWVXcVZmeFErYTlwSkdaejM3ZjNiVENLeGh2d2dEZG5xSHV6a0FtU01ldGM0TG1pVWQKTlRHcTJFWkw3eWtNdDJobHQvTThYZ1k1cHhJL21FS3ZSbWFIRDZsc1pTWjFhM3NVSWp0RzUrM0FEQjhreHhpVApRcmFPVTBjRGNhSWNKNjlZbko3bzVCZEFxQ2xvV0VDUzh1cGdPdzNqZm9vR3QvdFZwLzJyN3BKbmNIN0JVZHd1CjNQdFU4L0RrdTNDUEZoWFUzbDBXTXNUUEV0cnJGS2RzV0xtK21iYTNFdXFKRURvZDlQK1YxQTVZSXFZYmMwY1kKcVNaaXpOSnJKSkp4T3h3aDc3VGVtWGl1dVdVeE5DNWVveGV0NVltbUN3S0NBUUVBdldGM2hjT0FzMWYzZVMzOQpuOTczSkRHZytPZmtZS2xlZExZckJ0MGt6TGxZajc2VW9KUmRUMVlTWVJKN3k2RlRZSnFsSU9VeE9YYnUxbC9iCmdOMkVmQVprRlNleW83REd5RjFGUktNMDJrL2Z5Zmp1cGRYTC8wUGVxWkVQS0lybVJYZ0Vyd3lhWkhSWEJZd3EKSDg0MmlmM1VhUGd2VXpjMCsvcG53cHNTK3UzZGlCRTI5SFJtUTI0bERVQWRBUVhZMTNGVUJuYitzdURZVzhIZwpra1dEdkJ6VXlpNG9XejFWNU5zcU5UdUxlQmtXWnJIMkRMbGJCL3dTRWYraW5qY3lxRGVzbTg1L3lZR3pPRkJzCnN0OE1ieHhSekxIemNjMS91aUpKZk5YbmJxTno3STdyV2JaMXZTQ2NWbFVaWWNDUzVaaVhXM3ZNVWFCWHo2R2MKRDg4U01RS0NBUUVBeHR0YnU5aXlMcXJrbDFuVDJZdWhqMnVES3I4VDNyM3ZtTGhobUpHWnIyeFU0WVpqTnRZcQpjTzA2cGZ3dXZiNDh1OWF2Vmw4TlFZQ3E0eFRNNWRkQWRnLy94OCtLM2pzWjdJbEJvU0FNWm44ODFBVG52NWpyClRnTFU4OG9sUi9VUjFUSTVIeDZzSERtdHpDRWpYQXBYU3lqTFRNTjJoY3VudDF2eUdjMmpzaG56K2pWYUFvRWcKVjN5Y1BEY2dYYzg1VWMxZUFBaVZTdExyTkNDU0pyUDUxWERCTHZzdWpta2xVR1pYMTFUQ0poKzZLMFk0cDJ4LwpBR1lXV0graU50S1RWbmVtRHVPejl0aW4vQlV0STcvZ3d5NkdkcHFQdGRMbE41MFE4em5CenMvR2FVTkpFYlF5CmZxT2tGUmxodjFkOThabFlaRlZrRDVrVitOYWFsSlByVHdLQ0FRRUFnbjVlbkRtZy9tYWQ3cTFDRUs1aklKck0KRDBWQTE4bjFYcnlpU1owS2lacWFMYzhaRTVIVXZtSkpCNUN3aU55VHgwWWtmUWdTM2tEemlaRzdqbjdSVU1aWApaV3A0RHpVdk0wdHpMRGx1bHNreUM1czBtT3ZIWXZ2QUs4YXNKTm10VXJ1TE16cmVLU3h6K0RIeVBDdEtlQTF2CjJJV3ppWHVsNXZiRSt4SU1qVkVZYVNxREVvbmFBQUNMTEYrc0lyZ1lMM25QcmJyT3pWd0NUNHlKMmxqNURlcmcKbUtqbGYzak9weVd4ejdJODB6dHlRQk9ma1B2b0U1dTRDb2hxK05kYmo5Nmdoa1g3ZG82NmJScFY4cWVmbERNUQowL240YkY4Ri9Pcm9LZ1JQMzY0ZitRNGFQSUxQMXhtQXRIS0VVdFlRR09HQkhuc1g3MitnZDhGZFRtaEFSUT09Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== + key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS0FJQkFBS0NBZ0VBc2plaHZiZXo2eEgvbGpDemhLM2dKS1FzeFJhZTNSWkZGMU1vdjA3ZTFyWGt5WFVkCkdWWVpxU0Z2Tm9IQ3VjdmRJd3dVOFhucXVmSGozZXlKS1h2eWoySXR6R1N2OVdHQUdpMktiTmNMWVFESFZGeEEKcEc0ZC80b1pKK1NtNkJoYWlJMVRxWEZCR3RHRDF4N2J5UFYrZkdYNnlZOFdQMGdCSERoSncvWEpmUHBEQU93QgphVjJnVzlvbFNVRTVFQmdvNnlHQlpwYnhQSUFtZEVJemxEQ3FPWW5kb0JDZFRjaTFyMFpHWTZ4Z3FheThxK25sCnZuL3pxNVZrcHdPSitpS1Jac2xlRVo4cFR6eFlhNmNmWDZvMjRpTFVrOTFPelE3VEtFUVhlUlprZkQrUHVlR1MKa1AybDJJaCtUZ21JWGJVV09WdUthRmxqREQ1K3I0cFhFcHNCMzBuUUN2QUhob0tjSHFSeUc4WjZxS1RpYkMvawpybTVJUmwxS1V2QU00OFRZQzk2SjIwTzh3a1JYdkMyOEhUWGdENm15K1pXQk9VTmM3QmJuV3p6aTBKU2RXUDBoCnNrcDNzZ0psQzhvQmttZE9EQnRoUzNKckQ1WFUxeVVoTi84bDI4NHBJclhubUlrdUlkK2laajVtcjFsUmdTS2oKUlkybnduc2hCQUxnU1l3cDFOWk9kZlhucnF2QW05cEJINERPNzNtVit5MzlRWEorTkJHYmJvNGp1VXBQRFNjWApWaURjZUxnZFRIbEVjQ0M4UmJwcGRCQy94cVpySVJRU2EyZzcyOEZRTWQ4dXE3S1B0QXYyS1M0VzBlSEcxcnUxCjc4K2I3TEdEc2hTUEZubXNSU1NOUElXdjZzV1l5bllmSElkcUZ2MCtRZjU2dUdXcGJUYlo2UHp3WHVjQ0F3RUEKQVFLQ0FnQXlTNmYrVWp0WkFvWFduWnowTzF2d0MxTkZOZnFVbTRYWkxOTnBsamttY0VRR3BPSVc5ZWtkQmI0TQpySGRIbHlTc0VPdFNNTjJSSjVadTJhUG1ETUJxUGNOK0ZRWmhvbWdVT3pqL09YdFJIM2FodEwxYmltWTE2WVBxCjhjazI1RFNjcUFIdDVuUUF2Uk5Qb1RwV3p3Mm96dUVGaERlN21UY1MvMEcySjRYN0d1ZlErVW4yc2dFaEd3SDkKMkFYaUtHZFg0R2RVREJJOXlFN1I3YUwvMWZJY2RlK1JqazdPbG0vTDdQSE5qR2JsUzhZZFlFL0J3UHVFTjQrbAo0TVpPVFBZckEzWmtVNzVGU2RzTVdxaHNoNjJnaVVMa0RnZUFzSWZnSzhOU0hZTXpXMzdVN3plOWFwQWsrWFJuCjBxSGxERWVlM1ZwRTA4RXp3ZWxmNGhOcndVbzRBS1Rzb0dtOE1leXZRZWQrQUtDVFo5Yi9WZDJLcEdTSHVCRkEKbzVVTUJaK0RiUFEvdzcvMWJWQVNQRkhkMW9BS1pYaDhST05iNWZtSWxjeml3Mno5NHk5WWF0SE9saTFZbDBIMQoxcTZqQUprZGVLNnF1Y0s5dXJEbWQ4eEV5dFFQRy8vR05IYkJRdjZhaXlTZUVLZ2Z2bnBhMFdDdytDZWZRRlhZClRpUXhNRmVwaXNySTJtQUNrL2ZrTXdGeUJTbmlTcktpWUJ3d3I5NDZZclNUN2VXV0NqZkwzTnUvUDRIUnZ4VVYKSjVQZ1ZXQmhqc1locGhVMG9kYXljcFFJMDdFV2w5Rk9mVzhGYmtDSGNhQUMxSm85U1ZsY0pwUHI2SXo1dFFvawp2MnFnWHMvd0I4Zy80WUNnOXBkN3praytJRUIvbXRsTnNRVTl3c1lTZWR5TXFXR0VoUUtDQVFFQXlROWVSZEZ3Cmp6Wk9CWnpRTUptVzkxM2lPUVkvL3o0WWEzUlk2cmFKbFc0VEdCa0tuVGdmajNKL1g3aVQ0Qy9JOFg0WXhPL0QKaEZJLy9LeFZPdFFueWRqZ3o2SVd0TmxZRW1wb2tKcnB6SXJsK2VvcW0wVld1aFVoWVlIUVc2SE1NcXRWVHNWYwpvZHpKV3grL1VKS0doMHJHWG1RQjJEUkpaVy9OYWdYMDJqZi9MeE1aS3E4eXd6QkdiWk14dFVYN3RxZHAxbGtRCjl3MWNVYTdFRVROVnk1bU5kN1FnTUxoN3c1RFBMNkc3Wk1yci9vUURLOHVaTWFHdG0xMmRIK3EyQnljdmdxYmsKSEFqQ3NBQWM0VW9qMHg1alBKUUU1QnRuVUdwcVVBRGdMcDd6MVFacEpiNmw2VzlwRkFvbTBreVErOWZHbkU4RQppZ2hGTUp0ekZIL3Ywd0tDQVFFQTR1cGNSVCtlNzFuUDVINFZSeURwUVhlN3Z3SHB4OUpnaWpOQnI1djNGalZvCnZMTnpVMzdYTUUrQ2RrejV5RkszMHFOU0hSZ3Q2YWNjbGRiL3huSlRWWUlyTFVSWkVoMDhvbGZRdEZiRUw5TFMKdWZkQUs4WGZOTllEVG9lY1Raekx5cVpuRjZGaUV2MFdQOXNTMzI1b1B3OGJOejhrWEUvOFJiTDU0RHRqUVd5MgpJekJ1emxLdDNKV3NrREdsK254VVlzSGZuR2tWVlBUZEZGbHk5UjEwM0lpcWZtcDBnUEpDay9DRi81ci9aMmxjCmtidTdTYkV1NDEzZHlEQ01KeXNnNldpVnBITDZhb0YzUlUrRXFWck5qVHZhWXRWSk9HN2M3TGxXQjhOaTBqaVIKRDJrTFNHZkZXOU9rZVlIbnRzOGtoK2tROWYwaFEvbEhvM3lVWDVoOEhRS0NBUUJ4MzdCbkhxMy9qcVExN1pERQpWZGo1RlVWUlFzYndTejBOYndJRlBZbERCdXJ0bFJFNzVsT0pyVEdUQnpsSm1nYlhMN0hicUdnMkExZVdSZ3luCm13MUY5djJzMjRLOHZ2Und5YStiWndIUUJVTW5mb2JQRmtCK2VBVkY4bjROeDkrZE93aS82bXdDaU1mS1FucmEKcVlKa0VlZTBBalJCUGF2c05aeEQxa2ZOYURXeGRjR2xPVUVvNTZpYjJ1Z21ZUktsYXNBNDFJMFZQNDN2L1dteQp6RDVsWi95RnRaRWR4djdoenB4cHY5SWd6Z1ZIUzRGNFJvSG5hRWlwWENYbnM4bVExNUxERHI3WFdlYmFROVlYCml5UXJLR1RRSkkxNG5FU3hlUFBwaC9Wd3Nqb3Joc3Y2d3JXNU5vNXUrU2p2cHNuZXVXRVZtbk5ac2tGdHZEMDcKZVJKZEFvSUJBUURLMHZhRXd6ZzU4d282ejJRUGZ1QmZyemsyb3V3bXV1bWx2ZWtCb2FQNnl1U0NmdGdma3FtZgp1Z0gvNGhBR09jR3JXbVprTVIrZzBNbGhPWnJIODVwL1BPbUEvYTJyM2t3N1E4ajkyT3hsWHNrU2htbHFkdVJyCklyd3o3azBNcHBFVjR5VVUzeUI5bnBETHBQSzZtY0krVXk5ZGMyZjV4MWpUcUFWbm8wMjF4Z2tMYlJndC9ZTUEKUHh6T2lrSTBvZnIvaHhGcmloWVNLUWlQVHVETkxYWXVSVTQzenNteUZGamtTVUpNMVd0ak1LOFlhRGdneDJvRQp1dnNwSEJPNlV2ZUpDZjF2ejRIN3Z4c3Y3Y0xEYWJGL2d6ZFJ6aGt6Z3d5ZjM0MkJST2pJeE4wTWJEVTBrK1M1CmpuUmVVM29kVWd2eUc2WVlhaGpZM0RGbmRVeGVJanNWQW9JQkFBZHlwajdUc25mRGZoVHZ2VGdOVTdzdTRkdkQKWVRGdE5zSDliTXMxMTJ0Z3RoQ2Zvb2Nqalk2RXE3OHVjTnZYU0d6MU5BMUJ6UGx2Y3Y3OTdrODE5ZFF4dzhNZwpKUUxuOUtHMHA2aVRCL0lDcHYvanZrMGp4MGQ4eHg2aW9PYS8vZFlsN1RtbEVNOTNsUm5jNDBjeGZFSTNiTXZCCkdCbGxyTlRqNURsUTBxUUtsY04vVzgrcGt6Qm5uQ05TVUMzYUo2c1pydklEczlaZndHMFNLK0FSVlYrV1ZHZm4KR2Y3czZrNkZuVHI3SEtrNjkvSkZjMmdrSmZIbkYxQVk1SHZ4Q1NzT0hwZHZlYmd5ZTZ1cmZBTDdrVHZQVm8vMApyWC9FeTh2WjIzM1A3VUI3c3RGVE9oY3c2RnhQeUUyQlpFV3lWQ0YwK01Hd1hYejFiOE56ekNZalltVT0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K os: - crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQekNCOHFBREFnRUNBaEVBOFJUSlQ3U0NHTVVYbS93ZFFHM3lUakFGQmdNclpYQXdFREVPTUF3R0ExVUUKQ2hNRmRHRnNiM013SGhjTk1qWXdNekkzTURZMU5qUTBXaGNOTXpZd016STBNRFkxTmpRMFdqQVFNUTR3REFZRApWUVFLRXdWMFlXeHZjekFxTUFVR0F5dGxjQU1oQUJxRERGdUN4bnhVVFBMNHoyWk83S291YVpXZkE3cE5zK0UrCml0dk9IVHdxbzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUcKQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRk41NlR5UTlpSENKckI5dApYSzZnM3YvczdEcFVNQVVHQXl0bGNBTkJBQkRyWHYySFkrQjBvUk1kQXJUSnljWmdENnBqSEQyMEhpb0tIdWZ3Ck5vZ292S1c3QXFZV1pvdGEwNzlMb2ZsclZOT1gvdTFUbmx6ajAyenZnV1hqM2drPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== - key: LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJREpyYmNZTmx5dk1JYXBvb1VMY0xaTEZ4QXNSQVQweWFhRS8zMlI1UFNXdwotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K + crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQakNCOGFBREFnRUNBaEF1cG9xdWZ0SnI4MktwMTRQS3Rkc1dNQVVHQXl0bGNEQVFNUTR3REFZRFZRUUsKRXdWMFlXeHZjekFlRncweU5qQXpNamN5TWpNMU5ERmFGdzB6TmpBek1qUXlNak0xTkRGYU1CQXhEakFNQmdOVgpCQW9UQlhSaGJHOXpNQ293QlFZREsyVndBeUVBcnV0QktaRkswamw5V0QwRUQ0OXZWS3pLc3g5OWg3eThhWkIvCmsyamRFbWlqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVWE1RVDR4WkE1WHduU3kveApCeUhmbDBQbXZrY3dCUVlESzJWd0EwRUFybVUrMzJpa2QyUkxlNElWMnhScm8zckNiUFkrYVBKSU9ickhTTnBICjJvcVVuOTdXRG14akhGM2o2ekxVSVpyR2wyMVd1Y2pUOXBxUFZYUkJOWHdkRHc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + key: LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJSFpTWnlGbjdXd093N0l0UmNIT1JnYUphMTBicTJ0TllRdnY3Y2VCb2ZqTwotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K