Update Cilium application configuration to ignore differences for hubble-server-certs Secret, add Helm value files for better management, and enhance Argo CD kustomization with resource ordering and sync options.

clusters/noble/apps/cilium/application.yaml

@@ -7,6 +7,15 @@ metadata:
     argocd.argoproj.io/sync-wave: "0"
 spec:
   project: default
+  # Helm TLS material for Hubble is rotated/generated; Argo SSA and CLI helm
+  # upgrades both touch Secret data and cause apply conflicts unless ignored.
+  ignoreDifferences:
+    - group: ""
+      kind: Secret
+      name: hubble-server-certs
+      namespace: kube-system
+      jqPathExpressions:
+        - .data
   destination:
     server: https://kubernetes.default.svc
     namespace: kube-system
@@ -15,39 +24,16 @@ spec:
       chart: cilium
       targetRevision: 1.16.6
       helm:
-        valuesObject:
+        valueFiles:
-          k8sServiceHost: 192.168.50.20
+          - $values/clusters/noble/apps/cilium/helm-values.yaml
-          k8sServicePort: 6443
+    - repoURL: https://gitea.pcenicni.ca/gsdavidp/home-server.git
-          cgroup:
+      targetRevision: HEAD
-            autoMount:
+      ref: values
-              enabled: false
-            hostRoot: /sys/fs/cgroup
-          ipam:
-            operator:
-              clusterPoolIPv4PodCIDRList:
-                - 10.244.0.0/16
-          securityContext:
-            capabilities:
-              ciliumAgent:
-                - CHOWN
-                - KILL
-                - NET_ADMIN
-                - NET_RAW
-                - IPC_LOCK
-                - SYS_ADMIN
-                - SYS_RESOURCE
-                - DAC_OVERRIDE
-                - FOWNER
-                - SETGID
-                - SETUID
-              cleanCiliumState:
-                - NET_ADMIN
-                - SYS_ADMIN
-                - SYS_RESOURCE
   syncPolicy:
     automated:
       prune: true
       selfHeal: true
     syncOptions:
       - CreateNamespace=true
+      - RespectIgnoreDifferences=true
 

clusters/noble/apps/cilium/helm-values.yaml

@@ -0,0 +1,36 @@
+# Same settings as the Argo CD Application (keep in sync).
+# Used for manual `helm install` before Argo when Talos uses cni: none.
+#
+# operator.replicas: chart default is 2 with required pod anti-affinity. If fewer
+# than two nodes can schedule (e.g. NotReady / taints), `helm --wait` never finishes.
+k8sServiceHost: 192.168.50.20
+k8sServicePort: 6443
+cgroup:
+  autoMount:
+    enabled: false
+  hostRoot: /sys/fs/cgroup
+ipam:
+  operator:
+    clusterPoolIPv4PodCIDRList:
+      - 10.244.0.0/16
+securityContext:
+  capabilities:
+    ciliumAgent:
+      - CHOWN
+      - KILL
+      - NET_ADMIN
+      - NET_RAW
+      - IPC_LOCK
+      - SYS_ADMIN
+      - SYS_RESOURCE
+      - DAC_OVERRIDE
+      - FOWNER
+      - SETGID
+      - SETUID
+    cleanCiliumState:
+      - NET_ADMIN
+      - SYS_ADMIN
+      - SYS_RESOURCE
+
+operator:
+  replicas: 1

clusters/noble/bootstrap/argocd/kustomization.yaml

@@ -4,6 +4,7 @@ namespace: argocd
 resources:
   - namespace.yaml
   - https://raw.githubusercontent.com/argoproj/argo-cd/v2.14.7/manifests/install.yaml
+  # Apply after install.yaml CRDs are Established (see README bootstrap); same file for GitOps retries.
   - default-appproject.yaml
   - argocd-server-lb.yaml
 

kubeconfig

@@ -0,0 +1,10 @@
+apiVersion: v1
+clusters:
+- cluster:
+    server: https://192.168.50.230:6443
+  name: noble
+contexts: null
+current-context: ""
+kind: Config
+preferences: {}
+users: null

talos/README.md

@@ -13,10 +13,18 @@ cluster:
 Edit `talconfig.yaml`:
 
 - `endpoint` (Kubernetes API VIP or LB IP)
+- **`additionalApiServerCertSans`** / **`additionalMachineCertSans`**: must include the
+  **same VIP** (and DNS name, if you use one) that clients and `talosctl` use —
+  otherwise TLS to `https://<VIP>:6443` fails because the cert only lists node
+  IPs by default. This repo sets **`192.168.50.230`** (and
+  **`kube.noble.lab.pcenicni.dev`**) to match kube-vip.
 - each node `ipAddress`
 - each node `installDisk` (for example `/dev/sda`, `/dev/nvme0n1`)
 - `talosVersion` / `kubernetesVersion` if desired
 
+After changing SANs, run **`talhelper genconfig`**, re-**apply-config** to all
+**control-plane** nodes (certs are regenerated), then refresh **`talosctl kubeconfig`**.
+
 ## 2) Generate cluster secrets and machine configs
 
 From this directory:
@@ -88,15 +96,94 @@ kubectl cluster-info
 
 Avoid pasting `https://` twice when running `kubectl config set-cluster ... --server=...`.
 
+### `kubectl apply` fails: `localhost:8080` / `openapi` connection refused
+
+`kubectl` is **not** using a real cluster config; it falls back to the default
+`http://localhost:8080` (no `KUBECONFIG`, empty file, or wrong file).
+
+Fix:
+
+```bash
+cd talos
+export KUBECONFIG="$(pwd)/kubeconfig"
+kubectl config current-context
+kubectl cluster-info
+```
+
+Then run `kubectl apply` from the **repository root** (parent of `talos/`) in
+the same shell. Do **not** use a literal `cd /path/to/...` — that was only a
+placeholder. Example (adjust to where you cloned this repo):
+
+```bash
+export KUBECONFIG="${HOME}/Developer/home-server/talos/kubeconfig"
+```
+
+`kubectl config set-cluster noble ...` only updates the file **`kubectl` is
+actually reading** (often `~/.kube/config`). It does nothing if `KUBECONFIG`
+points at another path.
+
 ## 6) GitOps-pinned Cilium values
 
 The Cilium settings that worked for this Talos cluster are now persisted in:
 
-- `clusters/noble/apps/cilium/application.yaml`
+- `clusters/noble/apps/cilium/helm-values.yaml`
+- `clusters/noble/apps/cilium/application.yaml` (Helm chart + `valueFiles` from this repo)
 
-That Argo CD `Application` pins chart `1.16.6` and includes the required Helm
+That Argo CD `Application` pins chart `1.16.6` and uses the same values file
-values for this environment (API host/port, cgroup settings, IPAM CIDR, and
+for API host/port, cgroup settings, IPAM CIDR, and security capabilities.
-security capabilities), so future reconciles do not drift back to defaults.
+
+### Cilium before Argo CD (`cni: none`)
+
+This cluster uses **`cniConfig.name: none`** in `talconfig.yaml` so Talos does
+not install a CNI. **Argo CD pods cannot schedule** until some CNI makes nodes
+`Ready` (otherwise the `node.kubernetes.io/not-ready` taint blocks scheduling).
+
+Install Cilium **once** with Helm from your workstation (same chart and values
+Argo will manage later), **then** bootstrap Argo CD:
+
+```bash
+helm repo add cilium https://helm.cilium.io/
+helm repo update
+helm upgrade --install cilium cilium/cilium \
+  --namespace kube-system \
+  --version 1.16.6 \
+  -f clusters/noble/apps/cilium/helm-values.yaml \
+  --wait --timeout 10m
+kubectl get nodes
+kubectl wait --for=condition=Ready nodes --all --timeout=300s
+```
+
+If **`helm --install` seems stuck** after “Installing it now”, it is usually still
+pulling images (`quay.io/cilium/...`) or waiting for pods to become Ready. In
+another terminal run `kubectl get pods -n kube-system -w` and check for
+`ImagePullBackOff`, `Pending`, or `CrashLoopBackOff`. To avoid blocking on
+Helm’s wait logic, install without `--wait`, confirm Cilium pods, then continue:
+
+```bash
+helm upgrade --install cilium cilium/cilium \
+  --namespace kube-system \
+  --version 1.16.6 \
+  -f clusters/noble/apps/cilium/helm-values.yaml
+kubectl get pods -n kube-system -l app.kubernetes.io/part-of=cilium -w
+```
+
+`helm-values.yaml` sets **`operator.replicas: 1`** so the chart default (two
+operators with hard anti-affinity) cannot deadlock `helm --wait` when only one
+node can take the operator early in bootstrap.
+
+If **`helm upgrade` fails** with a server-side apply conflict on
+`kube-system/hubble-server-certs` and **`argocd-controller`**, Argo already
+synced Cilium and owns that Secret’s TLS fields. The **`cilium` Application**
+uses **`ignoreDifferences`** on that Secret plus **`RespectIgnoreDifferences`**
+so GitOps and occasional CLI Helm runs do not fight over `.data`. Until that
+manifest is applied in the cluster, either **suspend** the `cilium` Application
+in Argo, or delete the Secret once (`kubectl delete secret
+hubble-server-certs -n kube-system`) and re-run **`helm upgrade --install`**
+before Argo reconciles again. After bootstrap, prefer **`kubectl -n argocd get
+application cilium -o yaml`** / Argo UI to sync Cilium instead of ad hoc
+Helm, unless you suspend the app first.
+
+If nodes were already `Ready`, you can skip straight to section 7.
 
 ## 7) Argo CD app-of-apps bootstrap
 
@@ -111,9 +198,13 @@ Bootstrap once from your workstation:
 
 ```bash
 kubectl apply -k clusters/noble/bootstrap/argocd
+kubectl wait --for=condition=Established crd/appprojects.argoproj.io --timeout=120s
+kubectl apply -f clusters/noble/bootstrap/argocd/default-appproject.yaml
 kubectl apply -f clusters/noble/root-application.yaml
 ```
 
+If the first command errors on `AppProject` (“no matches for kind `AppProject`”), the CRDs were not ready yet; run the `kubectl wait` and `kubectl apply -f .../default-appproject.yaml` lines, then continue.
+
 After this, Argo CD continuously reconciles all applications under
 `clusters/noble/apps/`.
 
@@ -300,3 +391,114 @@ talosctl --talosconfig ./clusterconfig/talosconfig version
 kubectl get nodes -o wide
 ```
 
+## 12) Destroy the cluster and rebuild from scratch
+
+Use this when Kubernetes / etcd / Argo / Longhorn state is corrupted and you want a
+**clean** cluster. This **wipes cluster state on the nodes** (etcd, workloads,
+Longhorn data on cluster disks). Plan for **downtime** and **backup** anything
+you must keep off-cluster first.
+
+### 12.1 Reset every Talos node (Kubernetes is destroyed)
+
+From `talos/` with a working **`talosconfig`** that matches the machines (same
+`TALOSCONFIG` / `ENDPOINT` guidance as elsewhere in this README):
+
+```bash
+cd talos
+export TALOSCONFIG="$(pwd)/clusterconfig/talosconfig"
+export ENDPOINT=192.168.50.230
+```
+
+Reset **one node at a time**, waiting for each to reboot before the next. Order:
+**worker first**, then **non-bootstrap control planes**, then the **bootstrap**
+control plane **last** (`noble-cp-1` → `192.168.50.20`).
+
+```bash
+talosctl -e "${ENDPOINT}" -n 192.168.50.10 reset --graceful=false
+talosctl -e "${ENDPOINT}" -n 192.168.50.30 reset --graceful=false
+talosctl -e "${ENDPOINT}" -n 192.168.50.40 reset --graceful=false
+talosctl -e "${ENDPOINT}" -n 192.168.50.20 reset --graceful=false
+```
+
+If the API VIP is already unreachable, target the **node IP** as endpoint for that
+node, for example:
+`talosctl -e 192.168.50.10 -n 192.168.50.10 reset --graceful=false`.
+
+Your workstation **`kubeconfig`** will not work for the old cluster after this;
+that is expected until you bootstrap again.
+
+### 12.2 (Optional) New cluster secrets
+
+For a fully fresh identity (new cluster CA and `talosconfig`):
+
+```bash
+cd talos
+talhelper gensecret > talsecret.sops.yaml
+# encrypt / store talsecret as you usually do, then:
+talhelper genconfig
+```
+
+If you **keep** the existing `talsecret.sops.yaml`, still run **`talhelper genconfig`**
+so `clusterconfig/` matches what you will apply.
+
+### 12.3 Apply configs, bootstrap, kubeconfig
+
+Repeat **§3 Apply Talos configs** and **§4 Bootstrap the cluster** (and **§5
+Validate**) from the top of this README: `apply-config` each node, then
+`talosctl bootstrap`, then `talosctl kubeconfig` into `talos/kubeconfig`.
+
+### 12.4 Redeploy GitOps (Argo CD + apps)
+
+From your workstation (repo root), with `KUBECONFIG` pointing at the new
+`talos/kubeconfig`:
+
+```bash
+# Set REPO to the directory that contains both talos/ and clusters/ (not a literal "path/to")
+REPO="${HOME}/Developer/home-server"
+export KUBECONFIG="${REPO}/talos/kubeconfig"
+cd "${REPO}"
+kubectl apply -k clusters/noble/bootstrap/argocd
+kubectl apply -f clusters/noble/root-application.yaml
+```
+
+Resolve **Argo CD admin** login (secret / password reset) as needed; then let
+`noble-root` sync `clusters/noble/apps/`.
+
+## 13) Mid-rebuild issues: etcd, bootstrap, and `apply-config`
+
+### `tls: certificate required` when using `apply-config --insecure`
+
+After a node has **joined** the cluster, the Talos API expects **client
+certificates** from your `talosconfig`. `--insecure` only applies to **maintenance**
+(before join / after a reset).
+
+**Do one of:**
+
+- Apply config **with** `talosconfig` (no `--insecure`):
+
+```bash
+cd talos
+export TALOSCONFIG="$(pwd)/clusterconfig/talosconfig"
+export ENDPOINT=192.168.50.230
+talosctl -e "${ENDPOINT}" apply-config -n 192.168.50.30 -f clusterconfig/noble-noble-cp-2.yaml
+```
+
+- Or **`talosctl reset`** that node first (see §12.1), then use
+  `apply-config --insecure` again while it is in maintenance.
+
+### `bootstrap`: `etcd data directory is not empty`
+
+The bootstrap node (`192.168.50.20`) already has a **previous etcd** on disk (failed
+or partial bootstrap). Kubernetes will not bootstrap again until that state is
+**wiped**.
+
+**Fix:** run **`talosctl reset --graceful=false`** on the **control plane nodes**
+(at minimum the bootstrap node; often **all four nodes** is cleaner). See §12.1.
+Then re-apply machine configs and run **`talosctl bootstrap` exactly once**.
+
+### etcd unhealthy / “Preparing” on some control planes
+
+Usually means **split or partial** cluster state. The reliable fix is the same
+**full reset** (§12.1), then a single ordered bring-up: apply all configs →
+bootstrap once → `talosctl health`.
+

talos/kubeconfig

@@ -21,8 +21,8 @@ preferences: {}
 users:
 - name: admin@noble
   user:
-    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJnekNDQVNxZ0F3SUJBZ0lRVzZVMVVxdk84SnJZUkpzYWJFbVJQVEFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSTJNRE15TnpBM01UVTBNbG9YRFRJM01ETXlOekEzTVRVMQpNbG93S1RFWE1CVUdBMVVFQ2hNT2MzbHpkR1Z0T20xaGMzUmxjbk14RGpBTUJnTlZCQU1UQldGa2JXbHVNRmt3CkV3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFYWxMVUdzcXpkdGk5ekNSb1FMc0F3dlA0RjExaC95TzgKQy9neVNZVXRpMW9aLzd4VUdnUElVaUpKWHpLc3VocDhZSU4xYVpEWXZLNSsyN1BLbm1WM3g2TklNRVl3RGdZRApWUjBQQVFIL0JBUURBZ1dnTUJNR0ExVWRKUVFNTUFvR0NDc0dBUVVGQndNQ01COEdBMVVkSXdRWU1CYUFGTCt4CjRpelRpQjlQYVVvdFl1T1V4bXFGTTBYdE1Bb0dDQ3FHU000OUJBTUNBMGNBTUVRQ0lBSUVXbW1UbHlja1piQ0kKNnBDaDRzOWd2aVJCZ2k4NkFwSTFRMVFXTGIzRUFpQjVJMEZXK0V0d2o4bU5NUHVaRk1UUWlIM1o1ZTA4dlNNSQpkajBBdWpRZzZnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJoVENDQVN1Z0F3SUJBZ0lSQUtvRFZDbFc5THVVU2JPWEhWNVJBclF3Q2dZSUtvWkl6ajBFQXdJd0ZURVQKTUJFR0ExVUVDaE1LYTNWaVpYSnVaWFJsY3pBZUZ3MHlOakF6TWpjeU1qSTRNalJhRncweU56QXpNamN5TWpJNApNelJhTUNreEZ6QVZCZ05WQkFvVERuTjVjM1JsYlRwdFlYTjBaWEp6TVE0d0RBWURWUVFERXdWaFpHMXBiakJaCk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQk5CM1VNWjdBSjl6RzB5SDJ6V3A2Sk1QcW1rU3U4amIKVGZyazVvVUF0NkhuL29UbkhNM0RwM3R5M2lieFpTU3dMdkhPd3Y3azl5L3JuL2FiL0dmZ3NCZWpTREJHTUE0RwpBMVVkRHdFQi93UUVBd0lGb0RBVEJnTlZIU1VFRERBS0JnZ3JCZ0VGQlFjREFqQWZCZ05WSFNNRUdEQVdnQlMvCnNlSXMwNGdmVDJsS0xXTGpsTVpxaFRORjdUQUtCZ2dxaGtqT1BRUURBZ05JQURCRkFpQlBzQmVicjUxa3J6WHoKWjIvaWNaWnpSWXNpRVBXSzF3K0xyMm5acE9ya1Z3SWhBS3F1WmVhYW8xTWxNam5ZK291ZjUrbnl0ZFp3TFVFNwpLZEQ3ak5obmpjY1EKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
-    client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUlRU3ZNMFp1a2NVR0RwdndVYTJjRnFoMjFGYWdQRy9kN2Z6bjRDWlZMVzZvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFYWxMVUdzcXpkdGk5ekNSb1FMc0F3dlA0RjExaC95TzhDL2d5U1lVdGkxb1ovN3hVR2dQSQpVaUpKWHpLc3VocDhZSU4xYVpEWXZLNSsyN1BLbm1WM3h3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
+    client-key-data: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU9uL0tLMXlNM2RiUEhhQ2ZKVUcweWc5NktPNzRiSGRzN3VpSGIzeWFwenRvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFMEhkUXhuc0FuM01iVElmYk5hbm9rdytxYVJLN3lOdE4rdVRtaFFDM29lZitoT2NjemNPbgplM0xlSnZGbEpMQXU4YzdDL3VUM0wrdWY5cHY4WitDd0Z3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
 - name: admin@noble-1
   user:
     client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJoRENDQVNxZ0F3SUJBZ0lRUStjVHg3OWxZdlFkYUROTDZLZTlqVEFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSTJNRE15TnpBM01UVXpNVm9YRFRJM01ETXlOekEzTVRVMApNVm93S1RFWE1CVUdBMVVFQ2hNT2MzbHpkR1Z0T20xaGMzUmxjbk14RGpBTUJnTlZCQU1UQldGa2JXbHVNRmt3CkV3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFVzBtcGlCbHA0OEQ3SFU5eVFIS2MwblhCOTJxYzNoNFoKT2pya0xGRksxRnBsOE5xVFdEV2x3NmpsWUFlRWdzL0E1NzB3QzFrazRoZGdiZGJGZ2hZcmJxTklNRVl3RGdZRApWUjBQQVFIL0JBUURBZ1dnTUJNR0ExVWRKUVFNTUFvR0NDc0dBUVVGQndNQ01COEdBMVVkSXdRWU1CYUFGTCt4CjRpelRpQjlQYVVvdFl1T1V4bXFGTTBYdE1Bb0dDQ3FHU000OUJBTUNBMGdBTUVVQ0lRRGdQaDdJUjV0RjhmL3UKRks1N2RpZVplOHoyeEVPWUxYYnZid0pIQXZIMWp3SWdCaW5qOEJHZXVRejZ6QUFjU2Z6aWRTYWlWMlpvZElDUApWZlcrckE3ZzV6MD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=

talos/talconfig.yaml

@@ -4,6 +4,16 @@ talosVersion: v1.12.5
 kubernetesVersion: v1.31.1
 allowSchedulingOnControlPlanes: true
 
+# kube-vip fronts the Kubernetes API at this IP (see clusters/noble/apps/kube-vip).
+# Without these SANs, TLS to https://192.168.50.230:6443 fails (cert does not match).
+# Talos API (talosctl -e) also uses endpoint; include VIP in machine cert SANs.
+additionalApiServerCertSans:
+  - 192.168.50.230
+  - kube.noble.lab.pcenicni.dev
+
+additionalMachineCertSans:
+  - 192.168.50.230
+
 # Use Cilium installed via GitOps (no bundled Talos CNI).
 cniConfig:
   name: none

talos/talsecret.sops.yaml

@@ -1,23 +1,23 @@
 cluster:
-  id: FhV8A1tRzXT32GXHpVevBU7p7HJUb3nCZajSpseHGe4=
+  id: kT-NVPu4QlAStlRSvgxXul7uf9FBBJ825WWQ4ybQP24=
-  secret: vhljddQzn/bTLvVpLG2/GysSF36jWowbZn10cc6aLVA=
+  secret: b2jPTHcPR1GlOBwwdFBu2plsPczRXs17KcuH9RPtNa4=
 secrets:
-  bootstraptoken: tr094l.h13snimxwge8clts
+  bootstraptoken: j2n63x.34f5io55z56drw06
-  secretboxencryptionsecret: mBXrzcwJFcRIKPaoL+2v41eh1F6CJ5xRm437BvAv59M=
+  secretboxencryptionsecret: zP+KwKUwfXAQoetluPzCLhjbBqHhiUgsM/bKmPcUPP0=
 trustdinfo:
-  token: 2u1g6w.04nz6h435zz8eo1u
+  token: wlan0h.3aon1n2fndwbp3z7
 certs:
   etcd:
-    crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmVENDQVNPZ0F3SUJBZ0lRVTd5ZXhlOHNYc1BDa1V3eHFuenpsVEFLQmdncWhrak9QUVFEQWpBUE1RMHcKQ3dZRFZRUUtFd1JsZEdOa01CNFhEVEkyTURNeU56QTJOVFkwTkZvWERUTTJNRE15TkRBMk5UWTBORm93RHpFTgpNQXNHQTFVRUNoTUVaWFJqWkRCWk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQk9jVUZVWWJFQjF1Ckt4clQ3bFhYakpSSmc5bng5Qk52ZTFJV0wxczBsVjVvbWN6SVo1d3FxRjdJOHJaNzIrUUpDS2R0QXh5OUhSeDcKWU9XcG1vcXduMWFqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjRApBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVd1JRUW1YVy9qV1JDCkxPL2lNV2FlaUNKd3pKRXdDZ1lJS29aSXpqMEVBd0lEU0FBd1JRSWdBeXVXTXZ0N1pyNWs1aDRJbkxlUWIwQkIKb0hZM0xpMEpiOUhTcmdPK2hZa0NJUUNYT2VwSzJ6Z20rbUdBRFFkdXNlaklmR0Z3SHNSRVRRU3Z0R3R4RE5FaQpQdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+    crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJmekNDQVNTZ0F3SUJBZ0lSQUpubnFkSVBhVkNKVGZCcGlMdkpMYUF3Q2dZSUtvWkl6ajBFQXdJd0R6RU4KTUFzR0ExVUVDaE1FWlhSalpEQWVGdzB5TmpBek1qY3lNak0xTkRCYUZ3MHpOakF6TWpReU1qTTFOREJhTUE4eApEVEFMQmdOVkJBb1RCR1YwWTJRd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFRbGNRMThnZEhaCndlUTg1cDFXcHBmb1ZMS1BYRXNQRWVlcWczc29IMkFMWWtCSHFGN0I5UlczK3Q3UitlMjFIMGhKWlI2U1Y2WUQKTGlzRUV1d1hNN0tvbzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSApBd0VHQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRklPSGk2Q3pqUWVOCk9lUGxSeXNOTjZ5VFQyVlNNQW9HQ0NxR1NNNDlCQU1DQTBrQU1FWUNJUUNzZ3ZkRUV1SlExSmkxdi94UUQzRXoKS2todTJpQjBoTExMNktPcXpXYUhpZ0loQUtzSGY1YWlhb0FtR2dSM1NoNW5xMVUrN1FlbkRUWFZPcFVFcjRtagpCRFBVCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
-    key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUtGbGxleS9LNGMvanNXMGQ4R1h0UnFudTFDNVNzVmF3RUd1ZkNHN1d3OG5vQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFNXhRVlJoc1FIVzRyR3RQdVZkZU1sRW1EMmZIMEUyOTdVaFl2V3pTVlhtaVp6TWhubkNxbwpYc2p5dG52YjVBa0lwMjBESEwwZEhIdGc1YW1haXJDZlZnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
+    key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUpQYlJTTzA5RnhNVFZXeVBhb2xSTXVNT21rQ0duTm1JdDhLRGgvcjV1djNvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFSlhFTmZJSFIyY0hrUE9hZFZxYVg2RlN5ajF4TER4SG5xb043S0I5Z0MySkFSNmhld2ZVVgp0L3JlMGZudHRSOUlTV1Vla2xlbUF5NHJCQkxzRnpPeXFBPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
   k8s:
-    crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpRENDQVMrZ0F3SUJBZ0lRQjJqRHdiclpVQXVqU0NpMjVkcEkxVEFLQmdncWhrak9QUVFEQWpBVk1STXcKRVFZRFZRUUtFd3ByZFdKbGNtNWxkR1Z6TUI0WERUSTJNRE15TnpBMk5UWTBORm9YRFRNMk1ETXlOREEyTlRZMApORm93RlRFVE1CRUdBMVVFQ2hNS2EzVmlaWEp1WlhSbGN6QlpNQk1HQnlxR1NNNDlBZ0VHQ0NxR1NNNDlBd0VICkEwSUFCTytlK3dhN0V4SW8yN2w4a01yR0ROOTNMbFVtMytGT201Y3FmRkZ2RXdOYTgrT1loM1NPQzFCTWY0S1QKNnVrNTMwZlA1T0VrbFpOTTBCV3N4VkpOQzhxallUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWRCZ05WSFNVRQpGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFCkZnUVV2N0hpTE5PSUgwOXBTaTFpNDVUR2FvVXpSZTB3Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnTmVkdUdsK3AKMzRQdmdGbUJMdmZIWlBzV1hqNmVQa2p0OE8yS0pHUUIvdDRDSUcyNTVIZnYzT09QR0tnYTNMby81L083cjh1bwpyMGhyNDNJR0ltME1FUkZECi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+    crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJpVENDQVRDZ0F3SUJBZ0lSQUtRUFR2ditFRXZZa1NaWDJpYWszZWt3Q2dZSUtvWkl6ajBFQXdJd0ZURVQKTUJFR0ExVUVDaE1LYTNWaVpYSnVaWFJsY3pBZUZ3MHlOakF6TWpjeU1qTTFOREJhRncwek5qQXpNalF5TWpNMQpOREJhTUJVeEV6QVJCZ05WQkFvVENtdDFZbVZ5Ym1WMFpYTXdXVEFUQmdjcWhrak9QUUlCQmdncWhrak9QUU1CCkJ3TkNBQVQzL0lkYXdOeUpBekcyYlRmWXFSdW5mNktPTlVPU3FheVF1czhhQnZwbE9BTWxCV1RiNXp0RzVWYm0KTEhheUhWTjZ2OFZ0U0svRnZzUlphVjh3MERXWG8yRXdYekFPQmdOVkhROEJBZjhFQkFNQ0FvUXdIUVlEVlIwbApCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPCkJCWUVGSnYrUkY1WnQ3b3A0VmRsUWZvaWp1UmZpVldJTUFvR0NDcUdTTTQ5QkFNQ0EwY0FNRVFDSUY4MlYzamkKelFPd3hic1JITjh3dXloak9XZVJET1FCa3Z6STgxcEhJY2lJQWlCdGN3VXpIYXZCS2pZRzloSDUwL3E2Y1Vjagpmc0w4T3A1bnhiYkZ0bTlXZFE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-    key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUlKMlNxb0pLQnhLTitOMGpWMW9UYnhsK1pSanlvUDJjNElwYW01OWJJZ25vQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFNzU3N0Jyc1RFaWpidVh5UXlzWU0zM2N1VlNiZjRVNmJseXA4VVc4VEExcno0NWlIZEk0TApVRXgvZ3BQcTZUbmZSOC9rNFNTVmswelFGYXpGVWswTHlnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
+    key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUdNTSt6S2VuVFdTeHRhTStySnBxUXk5MEVsWkU4aXU5WFcwUVJ1RFI0RjBvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFOS95SFdzRGNpUU14dG0wMzJLa2JwMytpampWRGtxbXNrTHJQR2diNlpUZ0RKUVZrMitjNwpSdVZXNWl4MnNoMVRlci9GYlVpdnhiN0VXV2xmTU5BMWx3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
   k8saggregator:
-    crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJYekNDQVFhZ0F3SUJBZ0lSQVBuMUdTa1BNUHFISkJ3b0lCM3JzWEF3Q2dZSUtvWkl6ajBFQXdJd0FEQWUKRncweU5qQXpNamN3TmpVMk5EUmFGdzB6TmpBek1qUXdOalUyTkRSYU1BQXdXVEFUQmdjcWhrak9QUUlCQmdncQpoa2pPUFFNQkJ3TkNBQVRCZEp3SEtYMXM2KzcxQ0c3SHFzSWFpQnRBYkd0TlBEVkJoMEt1ZG1OaXpnYjlpT3JVCjFDb2JUaG9WbXB1R2tYUGVzb0gyUXRXK21UVUtKSnk5YWQxMm8yRXdYekFPQmdOVkhROEJBZjhFQkFNQ0FvUXcKSFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUZNQU1CQWY4dwpIUVlEVlIwT0JCWUVGRW5lb1JtQ1B3MmVRNGVMSkJkMCtreUFJQ1ZsTUFvR0NDcUdTTTQ5QkFNQ0EwY0FNRVFDCklEY2FMblZ4YWRkYXhqcWcxbEFaMDBDQ201Qm1CZzhiU0ZpTXN0ZzFWNk0vQWlBTkJWeWZoU1JLM3ZSTzV1MTYKTHNydmpuaXd3ZGNlOFo2eVBYZUVZcWs4VXc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+    crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJYekNDQVFXZ0F3SUJBZ0lRTW1jcXNFSXo1TlY4TGlaVGFGZzVhakFLQmdncWhrak9QUVFEQWpBQU1CNFgKRFRJMk1ETXlOekl5TXpVME1Gb1hEVE0yTURNeU5ESXlNelUwTUZvd0FEQlpNQk1HQnlxR1NNNDlBZ0VHQ0NxRwpTTTQ5QXdFSEEwSUFCSjA3MjdwNklmSlVua1VHNVk4dUlDUTVMeWNzZGl0YmU1WWprTFRleXhOTU5uZXVrTUZaCjRwQTQ0azd0WWVBejJGbTQra0p5Nzk0SkM5Vy9YMjZZR0lDallUQmZNQTRHQTFVZER3RUIvd1FFQXdJQ2hEQWQKQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZApCZ05WSFE0RUZnUVVuYit0Q2h4eENEWFk1VkZqb3NHTVc0dTRqWk13Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUlnCkJLL0t6WlNyWERHZVM5bFZ1UllBMzJHbW1DZmxvbzk1Tkw3Z0pUVTFlTlVDSVFENlhHODl5WEM1RWcyVFlYM1EKdW0vWUdlUzlOUkV1TnRjNGhSaWx5a1RQMXc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-    key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSU90WGtCUlNUY3ptQzZzSDJES2Z4WmVPb0JIR2xzVlF6M0VHYWhDdnZVUWhvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFd1hTY0J5bDliT3Z1OVFodXg2ckNHb2diUUd4clRUdzFRWWRDcm5aallzNEcvWWpxMU5RcQpHMDRhRlpxYmhwRnozcktCOWtMVnZwazFDaVNjdlduZGRnPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
+    key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUhTNHhwbnNhQ3g5REtETUtEV2hxQktEaWpKMUEwbkJ5akVJazRibEhtV1JvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFblR2YnVub2g4bFNlUlFibGp5NGdKRGt2Snl4MksxdDdsaU9RdE43TEUwdzJkNjZRd1ZuaQprRGppVHUxaDREUFlXYmo2UW5MdjNna0wxYjlmYnBnWWdBPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
   k8sserviceaccount:
-    key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS2dJQkFBS0NBZ0VBdFdadlNyVmlQd1RBcEo2K0FBOVpwOEVwbHV3SzNqZmYzaXlzMWxna0Q4K0gwWE1SCm1pbTRlQVpBR05SSS8xVERvMVIxY2lTdlA3MFgwTk1SeEVqY21jS1NQYWU2TnhyU3ptbXF2ajM5akpRQ2F2VkoKY3EvcTEreUJ0anVNYkJFTDNHSFlBU1FwUXVXOVRZTDAzU0h1YkpSYXUrcWlCU0YrWDJFZlo3ZGtKTFVXbC9xWgpiZlMzWVZTWFJVbFZxYjJSQ2pzTHZ0V2RXMjBZK1FEZ1dERms1WlhKWnloRzNNeEp6NkdQU1pxZ0NJYkRUNkluCkNZSFRZaGVpQUFGcG5xKzJwNUxaRnRoMU04YzdDRnU0dVY4ZWJ6OG40aTdCUVpYWnFCSExqU2U5Y0xsV05MWTkKZGtpdHNXZk1qbjhnMXgwUWpqSEoxeFJzMmM1ekVpWlVOYnZhZkNDV0FQbXg5MDFsVmNvS3RvSEpQL2VoYUVPaApqMUdld1V0K2hIbUlvSm5lbnQ0RVRGTmVvSEdhZC9NS1dUNWNjWEw2SUUyc2FSUjM2OVcvRU16cTZyWURoUDNyCm5oT0RBdldnVHVGUE9ucjR5RUJ0dHJCVzNCVTZZd3Jhb3FvYzhhVGlGMWJnemNuQmVKc0piRlpVN0hjVmxpc2MKNnFCWWNncHFoUUhUelV6OXduZ3hLNHV4QXlCUnlZRm15akNoUVZGSjd4UWZlYVRWRVovTnc5c1hZL2xSZDh5dQppMU56emxnMGVlWHRiQ01KY2FkT1dPZEZZaDd0QkZXYjZvZC9GbjV6WVBFY0JLdDFIb0laT1JJMzdDN2RrT042Cm1uZjJscEZVNk9idU5LN050azJwak1pRmMzVHVDZ3d4R281WSszb01TSFBzTWhFakNabHQwZ1MvbGJzQ0F3RUEKQVFLQ0FnQWlua0RnOWdxZzBpeGRmam51VXYrZUp4dmp4SG95ZkdGSnlpYlY1UTVFd2lzK1NvSnlkRUhURGdaUApkcnZUbG42YmZmUEg2NzVTSUtrWjNoNEc0b3pPL3pYZmRGSHlVRGtvMFR1WGdNY1JlL0dXTGVkdGJxc1h0L2Z0CktpSWJRWW1NN2xORnJIdi9XMDZzS3pERnZzTDhqN2RkSTJMMkxiVXJTS0t3cld2OElWOEZjL3F4NUVEVzMwamIKSFNxdThSRnI3V2JKYllUUlBObkdNMmVkRFJnZlJGMmlSU3A0MnJlL1d5cTROajBTUTMya2hlS0RTdlpuUXZGVQpwUEJlSzFSbFdIMzdnU1drMHdHdUQ2c0tIVi8yaFF2OGUwWEFXWE9uUW5ZaEl4TmhIczJYMDZ1WkZqZW5vcEtFCkl6akdOTExESURkUHg0TWFjZTY5NlBpckpJV0dWbHNTTDRESWJXekZNdE9lbmE5bFFncDNtZXpEWWN6dk9uT2gKZjF6K05EYi9jKzY0dzh5UGQxSHRJY3ZQaEgxc205RmtRU2lGVFJFK0lvVk1ONDVrT0gwb0NGZ2YwdlN3SEF6Lwo4dnlaUTh2UVpkdEZFNlluOGE1R0xUZ3p4aHBXdzJxV0E3ZEpLVGwxbWo2RDZ5d0tjRjVnaHAvSUgyRXp0VzFuCnJpRzUrVGFsaDk1SWVaSDNTYzRQZHZXTUd5ZnNEaHRGejgwWWpEQjR0ZG1PTkJRcU1kNmdwMFkrVWxySnR2RTEKYk1tU3VPTkJNRngvQmwwSncrelQ0YUpndHNzZzFwSmJpeXU1RlJRd3VQRkF0dWgyQWdCTld4blR4STlVMG9QdApITGREMjA1bktPYXBVRDFkeTZQbUdKRUFWVlhHMXEwUi91K0ZOL3AzejhkeEY5amU0UUtDQVFFQXlrTS9FbGtkCkZmZkNmbzV1amYwZUJZai9WSjlGaVFoK2xYK1FIVFEzM0hLZG5FTmFSYXFiODlsUEJDdmJ5L2tKZ2VpaTRyTysKRDgvb1cvRndpQk1sY3Y1Y1k0Nmo4ZEFvbjFFSm00U0k2VWRhTXl6cjM3SFh6L2o3aWJOWlAyaXNET3o5UTNYegpIUDVabEJZY0U2U0hTWDFOOXFwd21OR1l5dEY4aC9jdHkzNzlnREZrSXZsM00rM2xYMWhkc0ZaSVZuTmlVWFRTCmRIUFBBZjJ3clJ2bHdkbDJ1M0JZNGtZaVlKRXRsR0Y1bnl3eDZXR3B1bUtoaEM3SXF4OGU2TERiem01UkV3N0QKUElMZDlpbERweFpuZzRPSCtIQ0NISzU1bS9WQWFpRm12RFRMSTFHUWVLQVpMZ25QWUZiWFNqODlnK3JZR0p4VQpFL1lMSTR2YWFLY05FUUtDQVFFQTVaZzhyc1hPejdCK3BuNElSTHJSUC9GYy9oRDZkTmY4Qm5DdHc4bkRuYkVJCkdFS3BMTVNNK2xhbklKYWVXcVZmeFErYTlwSkdaejM3ZjNiVENLeGh2d2dEZG5xSHV6a0FtU01ldGM0TG1pVWQKTlRHcTJFWkw3eWtNdDJobHQvTThYZ1k1cHhJL21FS3ZSbWFIRDZsc1pTWjFhM3NVSWp0RzUrM0FEQjhreHhpVApRcmFPVTBjRGNhSWNKNjlZbko3bzVCZEFxQ2xvV0VDUzh1cGdPdzNqZm9vR3QvdFZwLzJyN3BKbmNIN0JVZHd1CjNQdFU4L0RrdTNDUEZoWFUzbDBXTXNUUEV0cnJGS2RzV0xtK21iYTNFdXFKRURvZDlQK1YxQTVZSXFZYmMwY1kKcVNaaXpOSnJKSkp4T3h3aDc3VGVtWGl1dVdVeE5DNWVveGV0NVltbUN3S0NBUUVBdldGM2hjT0FzMWYzZVMzOQpuOTczSkRHZytPZmtZS2xlZExZckJ0MGt6TGxZajc2VW9KUmRUMVlTWVJKN3k2RlRZSnFsSU9VeE9YYnUxbC9iCmdOMkVmQVprRlNleW83REd5RjFGUktNMDJrL2Z5Zmp1cGRYTC8wUGVxWkVQS0lybVJYZ0Vyd3lhWkhSWEJZd3EKSDg0MmlmM1VhUGd2VXpjMCsvcG53cHNTK3UzZGlCRTI5SFJtUTI0bERVQWRBUVhZMTNGVUJuYitzdURZVzhIZwpra1dEdkJ6VXlpNG9XejFWNU5zcU5UdUxlQmtXWnJIMkRMbGJCL3dTRWYraW5qY3lxRGVzbTg1L3lZR3pPRkJzCnN0OE1ieHhSekxIemNjMS91aUpKZk5YbmJxTno3STdyV2JaMXZTQ2NWbFVaWWNDUzVaaVhXM3ZNVWFCWHo2R2MKRDg4U01RS0NBUUVBeHR0YnU5aXlMcXJrbDFuVDJZdWhqMnVES3I4VDNyM3ZtTGhobUpHWnIyeFU0WVpqTnRZcQpjTzA2cGZ3dXZiNDh1OWF2Vmw4TlFZQ3E0eFRNNWRkQWRnLy94OCtLM2pzWjdJbEJvU0FNWm44ODFBVG52NWpyClRnTFU4OG9sUi9VUjFUSTVIeDZzSERtdHpDRWpYQXBYU3lqTFRNTjJoY3VudDF2eUdjMmpzaG56K2pWYUFvRWcKVjN5Y1BEY2dYYzg1VWMxZUFBaVZTdExyTkNDU0pyUDUxWERCTHZzdWpta2xVR1pYMTFUQ0poKzZLMFk0cDJ4LwpBR1lXV0graU50S1RWbmVtRHVPejl0aW4vQlV0STcvZ3d5NkdkcHFQdGRMbE41MFE4em5CenMvR2FVTkpFYlF5CmZxT2tGUmxodjFkOThabFlaRlZrRDVrVitOYWFsSlByVHdLQ0FRRUFnbjVlbkRtZy9tYWQ3cTFDRUs1aklKck0KRDBWQTE4bjFYcnlpU1owS2lacWFMYzhaRTVIVXZtSkpCNUN3aU55VHgwWWtmUWdTM2tEemlaRzdqbjdSVU1aWApaV3A0RHpVdk0wdHpMRGx1bHNreUM1czBtT3ZIWXZ2QUs4YXNKTm10VXJ1TE16cmVLU3h6K0RIeVBDdEtlQTF2CjJJV3ppWHVsNXZiRSt4SU1qVkVZYVNxREVvbmFBQUNMTEYrc0lyZ1lMM25QcmJyT3pWd0NUNHlKMmxqNURlcmcKbUtqbGYzak9weVd4ejdJODB6dHlRQk9ma1B2b0U1dTRDb2hxK05kYmo5Nmdoa1g3ZG82NmJScFY4cWVmbERNUQowL240YkY4Ri9Pcm9LZ1JQMzY0ZitRNGFQSUxQMXhtQXRIS0VVdFlRR09HQkhuc1g3MitnZDhGZFRtaEFSUT09Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
+    key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlKS0FJQkFBS0NBZ0VBc2plaHZiZXo2eEgvbGpDemhLM2dKS1FzeFJhZTNSWkZGMU1vdjA3ZTFyWGt5WFVkCkdWWVpxU0Z2Tm9IQ3VjdmRJd3dVOFhucXVmSGozZXlKS1h2eWoySXR6R1N2OVdHQUdpMktiTmNMWVFESFZGeEEKcEc0ZC80b1pKK1NtNkJoYWlJMVRxWEZCR3RHRDF4N2J5UFYrZkdYNnlZOFdQMGdCSERoSncvWEpmUHBEQU93QgphVjJnVzlvbFNVRTVFQmdvNnlHQlpwYnhQSUFtZEVJemxEQ3FPWW5kb0JDZFRjaTFyMFpHWTZ4Z3FheThxK25sCnZuL3pxNVZrcHdPSitpS1Jac2xlRVo4cFR6eFlhNmNmWDZvMjRpTFVrOTFPelE3VEtFUVhlUlprZkQrUHVlR1MKa1AybDJJaCtUZ21JWGJVV09WdUthRmxqREQ1K3I0cFhFcHNCMzBuUUN2QUhob0tjSHFSeUc4WjZxS1RpYkMvawpybTVJUmwxS1V2QU00OFRZQzk2SjIwTzh3a1JYdkMyOEhUWGdENm15K1pXQk9VTmM3QmJuV3p6aTBKU2RXUDBoCnNrcDNzZ0psQzhvQmttZE9EQnRoUzNKckQ1WFUxeVVoTi84bDI4NHBJclhubUlrdUlkK2laajVtcjFsUmdTS2oKUlkybnduc2hCQUxnU1l3cDFOWk9kZlhucnF2QW05cEJINERPNzNtVit5MzlRWEorTkJHYmJvNGp1VXBQRFNjWApWaURjZUxnZFRIbEVjQ0M4UmJwcGRCQy94cVpySVJRU2EyZzcyOEZRTWQ4dXE3S1B0QXYyS1M0VzBlSEcxcnUxCjc4K2I3TEdEc2hTUEZubXNSU1NOUElXdjZzV1l5bllmSElkcUZ2MCtRZjU2dUdXcGJUYlo2UHp3WHVjQ0F3RUEKQVFLQ0FnQXlTNmYrVWp0WkFvWFduWnowTzF2d0MxTkZOZnFVbTRYWkxOTnBsamttY0VRR3BPSVc5ZWtkQmI0TQpySGRIbHlTc0VPdFNNTjJSSjVadTJhUG1ETUJxUGNOK0ZRWmhvbWdVT3pqL09YdFJIM2FodEwxYmltWTE2WVBxCjhjazI1RFNjcUFIdDVuUUF2Uk5Qb1RwV3p3Mm96dUVGaERlN21UY1MvMEcySjRYN0d1ZlErVW4yc2dFaEd3SDkKMkFYaUtHZFg0R2RVREJJOXlFN1I3YUwvMWZJY2RlK1JqazdPbG0vTDdQSE5qR2JsUzhZZFlFL0J3UHVFTjQrbAo0TVpPVFBZckEzWmtVNzVGU2RzTVdxaHNoNjJnaVVMa0RnZUFzSWZnSzhOU0hZTXpXMzdVN3plOWFwQWsrWFJuCjBxSGxERWVlM1ZwRTA4RXp3ZWxmNGhOcndVbzRBS1Rzb0dtOE1leXZRZWQrQUtDVFo5Yi9WZDJLcEdTSHVCRkEKbzVVTUJaK0RiUFEvdzcvMWJWQVNQRkhkMW9BS1pYaDhST05iNWZtSWxjeml3Mno5NHk5WWF0SE9saTFZbDBIMQoxcTZqQUprZGVLNnF1Y0s5dXJEbWQ4eEV5dFFQRy8vR05IYkJRdjZhaXlTZUVLZ2Z2bnBhMFdDdytDZWZRRlhZClRpUXhNRmVwaXNySTJtQUNrL2ZrTXdGeUJTbmlTcktpWUJ3d3I5NDZZclNUN2VXV0NqZkwzTnUvUDRIUnZ4VVYKSjVQZ1ZXQmhqc1locGhVMG9kYXljcFFJMDdFV2w5Rk9mVzhGYmtDSGNhQUMxSm85U1ZsY0pwUHI2SXo1dFFvawp2MnFnWHMvd0I4Zy80WUNnOXBkN3praytJRUIvbXRsTnNRVTl3c1lTZWR5TXFXR0VoUUtDQVFFQXlROWVSZEZ3Cmp6Wk9CWnpRTUptVzkxM2lPUVkvL3o0WWEzUlk2cmFKbFc0VEdCa0tuVGdmajNKL1g3aVQ0Qy9JOFg0WXhPL0QKaEZJLy9LeFZPdFFueWRqZ3o2SVd0TmxZRW1wb2tKcnB6SXJsK2VvcW0wVld1aFVoWVlIUVc2SE1NcXRWVHNWYwpvZHpKV3grL1VKS0doMHJHWG1RQjJEUkpaVy9OYWdYMDJqZi9MeE1aS3E4eXd6QkdiWk14dFVYN3RxZHAxbGtRCjl3MWNVYTdFRVROVnk1bU5kN1FnTUxoN3c1RFBMNkc3Wk1yci9vUURLOHVaTWFHdG0xMmRIK3EyQnljdmdxYmsKSEFqQ3NBQWM0VW9qMHg1alBKUUU1QnRuVUdwcVVBRGdMcDd6MVFacEpiNmw2VzlwRkFvbTBreVErOWZHbkU4RQppZ2hGTUp0ekZIL3Ywd0tDQVFFQTR1cGNSVCtlNzFuUDVINFZSeURwUVhlN3Z3SHB4OUpnaWpOQnI1djNGalZvCnZMTnpVMzdYTUUrQ2RrejV5RkszMHFOU0hSZ3Q2YWNjbGRiL3huSlRWWUlyTFVSWkVoMDhvbGZRdEZiRUw5TFMKdWZkQUs4WGZOTllEVG9lY1Raekx5cVpuRjZGaUV2MFdQOXNTMzI1b1B3OGJOejhrWEUvOFJiTDU0RHRqUVd5MgpJekJ1emxLdDNKV3NrREdsK254VVlzSGZuR2tWVlBUZEZGbHk5UjEwM0lpcWZtcDBnUEpDay9DRi81ci9aMmxjCmtidTdTYkV1NDEzZHlEQ01KeXNnNldpVnBITDZhb0YzUlUrRXFWck5qVHZhWXRWSk9HN2M3TGxXQjhOaTBqaVIKRDJrTFNHZkZXOU9rZVlIbnRzOGtoK2tROWYwaFEvbEhvM3lVWDVoOEhRS0NBUUJ4MzdCbkhxMy9qcVExN1pERQpWZGo1RlVWUlFzYndTejBOYndJRlBZbERCdXJ0bFJFNzVsT0pyVEdUQnpsSm1nYlhMN0hicUdnMkExZVdSZ3luCm13MUY5djJzMjRLOHZ2Und5YStiWndIUUJVTW5mb2JQRmtCK2VBVkY4bjROeDkrZE93aS82bXdDaU1mS1FucmEKcVlKa0VlZTBBalJCUGF2c05aeEQxa2ZOYURXeGRjR2xPVUVvNTZpYjJ1Z21ZUktsYXNBNDFJMFZQNDN2L1dteQp6RDVsWi95RnRaRWR4djdoenB4cHY5SWd6Z1ZIUzRGNFJvSG5hRWlwWENYbnM4bVExNUxERHI3WFdlYmFROVlYCml5UXJLR1RRSkkxNG5FU3hlUFBwaC9Wd3Nqb3Joc3Y2d3JXNU5vNXUrU2p2cHNuZXVXRVZtbk5ac2tGdHZEMDcKZVJKZEFvSUJBUURLMHZhRXd6ZzU4d282ejJRUGZ1QmZyemsyb3V3bXV1bWx2ZWtCb2FQNnl1U0NmdGdma3FtZgp1Z0gvNGhBR09jR3JXbVprTVIrZzBNbGhPWnJIODVwL1BPbUEvYTJyM2t3N1E4ajkyT3hsWHNrU2htbHFkdVJyCklyd3o3azBNcHBFVjR5VVUzeUI5bnBETHBQSzZtY0krVXk5ZGMyZjV4MWpUcUFWbm8wMjF4Z2tMYlJndC9ZTUEKUHh6T2lrSTBvZnIvaHhGcmloWVNLUWlQVHVETkxYWXVSVTQzenNteUZGamtTVUpNMVd0ak1LOFlhRGdneDJvRQp1dnNwSEJPNlV2ZUpDZjF2ejRIN3Z4c3Y3Y0xEYWJGL2d6ZFJ6aGt6Z3d5ZjM0MkJST2pJeE4wTWJEVTBrK1M1CmpuUmVVM29kVWd2eUc2WVlhaGpZM0RGbmRVeGVJanNWQW9JQkFBZHlwajdUc25mRGZoVHZ2VGdOVTdzdTRkdkQKWVRGdE5zSDliTXMxMTJ0Z3RoQ2Zvb2Nqalk2RXE3OHVjTnZYU0d6MU5BMUJ6UGx2Y3Y3OTdrODE5ZFF4dzhNZwpKUUxuOUtHMHA2aVRCL0lDcHYvanZrMGp4MGQ4eHg2aW9PYS8vZFlsN1RtbEVNOTNsUm5jNDBjeGZFSTNiTXZCCkdCbGxyTlRqNURsUTBxUUtsY04vVzgrcGt6Qm5uQ05TVUMzYUo2c1pydklEczlaZndHMFNLK0FSVlYrV1ZHZm4KR2Y3czZrNkZuVHI3SEtrNjkvSkZjMmdrSmZIbkYxQVk1SHZ4Q1NzT0hwZHZlYmd5ZTZ1cmZBTDdrVHZQVm8vMApyWC9FeTh2WjIzM1A3VUI3c3RGVE9oY3c2RnhQeUUyQlpFV3lWQ0YwK01Hd1hYejFiOE56ekNZalltVT0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K
   os:
-    crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQekNCOHFBREFnRUNBaEVBOFJUSlQ3U0NHTVVYbS93ZFFHM3lUakFGQmdNclpYQXdFREVPTUF3R0ExVUUKQ2hNRmRHRnNiM013SGhjTk1qWXdNekkzTURZMU5qUTBXaGNOTXpZd016STBNRFkxTmpRMFdqQVFNUTR3REFZRApWUVFLRXdWMFlXeHZjekFxTUFVR0F5dGxjQU1oQUJxRERGdUN4bnhVVFBMNHoyWk83S291YVpXZkE3cE5zK0UrCml0dk9IVHdxbzJFd1h6QU9CZ05WSFE4QkFmOEVCQU1DQW9Rd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUcKQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRk41NlR5UTlpSENKckI5dApYSzZnM3YvczdEcFVNQVVHQXl0bGNBTkJBQkRyWHYySFkrQjBvUk1kQXJUSnljWmdENnBqSEQyMEhpb0tIdWZ3Ck5vZ292S1c3QXFZV1pvdGEwNzlMb2ZsclZOT1gvdTFUbmx6ajAyenZnV1hqM2drPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
+    crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQakNCOGFBREFnRUNBaEF1cG9xdWZ0SnI4MktwMTRQS3Rkc1dNQVVHQXl0bGNEQVFNUTR3REFZRFZRUUsKRXdWMFlXeHZjekFlRncweU5qQXpNamN5TWpNMU5ERmFGdzB6TmpBek1qUXlNak0xTkRGYU1CQXhEakFNQmdOVgpCQW9UQlhSaGJHOXpNQ293QlFZREsyVndBeUVBcnV0QktaRkswamw5V0QwRUQ0OXZWS3pLc3g5OWg3eThhWkIvCmsyamRFbWlqWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUkKS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVWE1RVDR4WkE1WHduU3kveApCeUhmbDBQbXZrY3dCUVlESzJWd0EwRUFybVUrMzJpa2QyUkxlNElWMnhScm8zckNiUFkrYVBKSU9ickhTTnBICjJvcVVuOTdXRG14akhGM2o2ekxVSVpyR2wyMVd1Y2pUOXBxUFZYUkJOWHdkRHc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-    key: LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJREpyYmNZTmx5dk1JYXBvb1VMY0xaTEZ4QXNSQVQweWFhRS8zMlI1UFNXdwotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K
+    key: LS0tLS1CRUdJTiBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0KTUM0Q0FRQXdCUVlESzJWd0JDSUVJSFpTWnlGbjdXd093N0l0UmNIT1JnYUphMTBicTJ0TllRdnY3Y2VCb2ZqTwotLS0tLUVORCBFRDI1NTE5IFBSSVZBVEUgS0VZLS0tLS0K