diff --git a/kubernetes/raspi/apps/system-upgrade/kustomization.yaml b/kubernetes/raspi/apps/system-upgrade/kustomization.yaml deleted file mode 100644 index 005f94342..000000000 --- a/kubernetes/raspi/apps/system-upgrade/kustomization.yaml +++ /dev/null @@ -1,10 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - # Pre Flux-Kustomizations - - ./namespace.yaml - - ./notifications.yaml - # Flux-Kustomizations - - ./system-upgrade-controller/ks.yaml diff --git a/kubernetes/raspi/apps/system-upgrade/namespace.yaml b/kubernetes/raspi/apps/system-upgrade/namespace.yaml deleted file mode 100644 index 7889698df..000000000 --- a/kubernetes/raspi/apps/system-upgrade/namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -apiVersion: v1 -kind: Namespace -metadata: - name: system-upgrade - annotations: - kustomize.toolkit.fluxcd.io/prune: disabled - volsync.backube/privileged-movers: "true" diff --git a/kubernetes/raspi/apps/system-upgrade/notifications.yaml b/kubernetes/raspi/apps/system-upgrade/notifications.yaml deleted file mode 100644 index 4dbc6b3a3..000000000 --- a/kubernetes/raspi/apps/system-upgrade/notifications.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.ok8.sh/notification.toolkit.fluxcd.io/provider_v1beta3.json -apiVersion: notification.toolkit.fluxcd.io/v1beta3 -kind: Provider -metadata: - name: alert-manager - namespace: system-upgrade -spec: - type: alertmanager - address: http://alertmanager-operated.observability.svc.cluster.local:9093/api/v2/alerts/ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.ok8.sh/notification.toolkit.fluxcd.io/alert_v1beta3.json -apiVersion: notification.toolkit.fluxcd.io/v1beta3 -kind: Alert -metadata: - name: alert-manager - namespace: system-upgrade -spec: - providerRef: - name: alert-manager - eventSeverity: error - eventSources: - - kind: HelmRelease - name: "*" - exclusionList: - - "error.*lookup github\\.com" - - "error.*lookup raw\\.githubusercontent\\.com" - - "dial.*tcp.*timeout" - - "waiting.*socket" - suspend: false diff --git a/kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/app/helmrelease.yaml b/kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/app/helmrelease.yaml deleted file mode 100644 index 705408358..000000000 --- a/kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/app/helmrelease.yaml +++ /dev/null @@ -1,100 +0,0 @@ ---- -# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: &app system-upgrade-controller -spec: - interval: 30m - chart: - spec: - chart: app-template - version: 3.6.1 - sourceRef: - kind: HelmRepository - name: bjw-s - namespace: flux-system - install: - remediation: - retries: 3 - upgrade: - cleanupOnFail: true - remediation: - strategy: rollback - retries: 3 - values: - controllers: - system-upgrade-controller: - strategy: RollingUpdate - containers: - app: - image: - repository: rancher/system-upgrade-controller - tag: v0.14.2@sha256:3cdbfdd90f814702cefb832fc4bdb09ea93865a4d06c6bafd019d1dc6a9f34c9 - env: - SYSTEM_UPGRADE_CONTROLLER_DEBUG: false - SYSTEM_UPGRADE_CONTROLLER_THREADS: 2 - SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: 900 - SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: 99 - SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: IfNotPresent - SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: registry.k8s.io/kubectl:v1.32.1 - SYSTEM_UPGRADE_JOB_POD_REPLACEMENT_POLICY: Failed - SYSTEM_UPGRADE_JOB_PRIVILEGED: true - SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: 900 - SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: 15m - SYSTEM_UPGRADE_CONTROLLER_NAME: *app - SYSTEM_UPGRADE_CONTROLLER_NAMESPACE: - valueFrom: - fieldRef: - fieldPath: metadata.namespace - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - capabilities: { drop: ["ALL"] } - seccompProfile: - type: RuntimeDefault - pod: - securityContext: - runAsUser: 65534 - runAsGroup: 65534 - runAsNonRoot: true - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: node-role.kubernetes.io/control-plane - operator: Exists - tolerations: - - key: CriticalAddonsOnly - operator: Exists - - key: node-role.kubernetes.io/control-plane - operator: Exists - effect: NoSchedule - - key: node-role.kubernetes.io/master - operator: Exists - effect: NoSchedule - serviceAccount: - create: true - name: system-upgrade - persistence: - tmp: - type: emptyDir - etc-ssl: - type: hostPath - hostPath: /etc/ssl - hostPathType: DirectoryOrCreate - globalMounts: - - readOnly: true - etc-pki: - type: hostPath - hostPath: /etc/pki - hostPathType: DirectoryOrCreate - globalMounts: - - readOnly: true - etc-ca-certificates: - type: hostPath - hostPath: /etc/ca-certificates - hostPathType: DirectoryOrCreate - globalMounts: - - readOnly: true diff --git a/kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml b/kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml deleted file mode 100644 index 10a8a8289..000000000 --- a/kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - helmrelease.yaml - - rbac.yaml diff --git a/kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/app/rbac.yaml b/kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/app/rbac.yaml deleted file mode 100644 index e9f4d789c..000000000 --- a/kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/app/rbac.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: system-upgrade -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - kind: ServiceAccount - name: system-upgrade - namespace: system-upgrade ---- -apiVersion: talos.dev/v1alpha1 -kind: ServiceAccount -metadata: - name: talos -spec: - roles: - - os:admin diff --git a/kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/ks.yaml b/kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/ks.yaml deleted file mode 100644 index a3f3f314c..000000000 --- a/kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/ks.yaml +++ /dev/null @@ -1,53 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.ok8.sh/kustomize.toolkit.fluxcd.io/kustomization_v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app system-upgrade-controller - namespace: flux-system -spec: - targetNamespace: system-upgrade - commonMetadata: - labels: - app.kubernetes.io/name: *app - dependsOn: - - name: node-feature-discovery-rules - path: ./kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/app - prune: true - sourceRef: - kind: GitRepository - name: home-kubernetes - wait: true - interval: 30m - retryInterval: 1m - timeout: 5m ---- -# yaml-language-server: $schema=https://kubernetes-schemas.ok8.sh/kustomize.toolkit.fluxcd.io/kustomization_v1.json -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: &app system-upgrade-controller-plans - namespace: flux-system -spec: - targetNamespace: system-upgrade - commonMetadata: - labels: - app.kubernetes.io/name: *app - dependsOn: - - name: system-upgrade-controller - path: ./kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/plans - prune: true - sourceRef: - kind: GitRepository - name: home-kubernetes - wait: false - interval: 30m - retryInterval: 1m - timeout: 5m - postBuild: - substitute: - TALOS_SCHEMATIC_ID: 784f69a53ad6331e65b32412e46f766d0393b625199d4035cbec6ea771cab34a - # renovate: datasource=docker depName=ghcr.io/siderolabs/installer - TALOS_VERSION: v1.9.2 - # renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet - KUBERNETES_VERSION: v1.32.1 diff --git a/kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/plans/kubernetes.yaml b/kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/plans/kubernetes.yaml deleted file mode 100644 index 5b6abfac8..000000000 --- a/kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/plans/kubernetes.yaml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.ok8.sh/upgrade.cattle.io/plan_v1.json -apiVersion: upgrade.cattle.io/v1 -kind: Plan -metadata: - name: kubernetes -spec: - version: ${KUBERNETES_VERSION} - serviceAccountName: system-upgrade - secrets: - - name: talos - path: /var/run/secrets/talos.dev - ignoreUpdates: true - concurrency: 1 - exclusive: true - nodeSelector: - matchExpressions: - - key: feature.node.kubernetes.io/system-os_release.ID - operator: In - values: ["talos"] - - key: node-role.kubernetes.io/control-plane - operator: Exists - tolerations: - - key: CriticalAddonsOnly - operator: Exists - - key: node-role.kubernetes.io/control-plane - operator: Exists - effect: NoSchedule - prepare: &prepare - image: ghcr.io/siderolabs/talosctl:${TALOS_VERSION} - envs: - - name: NODE_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - args: - - --nodes=$(NODE_IP) - - health - - --server=false - upgrade: - <<: *prepare - args: - - --nodes=$(NODE_IP) - - upgrade-k8s - - --to=$(SYSTEM_UPGRADE_PLAN_LATEST_VERSION) diff --git a/kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/plans/kustomization.yaml b/kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/plans/kustomization.yaml deleted file mode 100644 index 061d8ad0d..000000000 --- a/kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/plans/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# yaml-language-server: $schema=https://json.schemastore.org/kustomization -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: - - ./kubernetes.yaml - - ./talos.yaml diff --git a/kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/plans/talos.yaml b/kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/plans/talos.yaml deleted file mode 100644 index 89b4758ab..000000000 --- a/kubernetes/raspi/apps/system-upgrade/system-upgrade-controller/plans/talos.yaml +++ /dev/null @@ -1,48 +0,0 @@ ---- -# yaml-language-server: $schema=https://kubernetes-schemas.ok8.sh/upgrade.cattle.io/plan_v1.json -apiVersion: upgrade.cattle.io/v1 -kind: Plan -metadata: - name: talos -spec: - version: ${TALOS_VERSION} - serviceAccountName: system-upgrade - secrets: - - name: talos - path: /var/run/secrets/talos.dev - ignoreUpdates: true - concurrency: 1 - exclusive: true - nodeSelector: - matchExpressions: - - key: feature.node.kubernetes.io/system-os_release.ID - operator: In - values: ["talos"] - - key: feature.node.kubernetes.io/system-os_release.VERSION_ID - operator: NotIn - values: ["${TALOS_VERSION}"] - tolerations: - - key: CriticalAddonsOnly - operator: Exists - - key: node-role.kubernetes.io/control-plane - operator: Exists - effect: NoSchedule - prepare: &prepare - image: ghcr.io/siderolabs/talosctl:${TALOS_VERSION} - envs: - - name: NODE_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - args: - - --nodes=$(NODE_IP) - - health - - --server=false - upgrade: - <<: *prepare - args: - - --nodes=$(NODE_IP) - - upgrade - - --image=factory.talos.dev/installer/${TALOS_SCHEMATIC_ID}:$(SYSTEM_UPGRADE_PLAN_LATEST_VERSION) - - --preserve=true - - --wait=false diff --git a/kubernetes/raspi/bootstrap/helmfile.yaml b/kubernetes/raspi/bootstrap/helmfile.yaml index 9be350cc4..a0eeebdbb 100644 --- a/kubernetes/raspi/bootstrap/helmfile.yaml +++ b/kubernetes/raspi/bootstrap/helmfile.yaml @@ -12,8 +12,6 @@ repositories: url: https://coredns.github.io/helm - name: cilium url: https://helm.cilium.io - - name: postfinance - url: https://postfinance.github.io/kubelet-csr-approver releases: - name: cilium @@ -29,13 +27,6 @@ releases: values: ["../apps/kube-system/coredns/app/helm-values.yaml"] needs: ["cilium"] wait: true - - name: kubelet-csr-approver - namespace: kube-system - chart: postfinance/kubelet-csr-approver - version: 1.2.5 - values: ["../apps/kube-system/kubelet-csr-approver/app/helm-values.yaml"] - needs: ["cilium", "coredns"] - wait: true - name: spegel namespace: kube-system chart: oci://ghcr.io/spegel-org/helm-charts/spegel diff --git a/kubernetes/raspi/cluster.env b/kubernetes/raspi/cluster.env new file mode 100644 index 000000000..d1b76ecf7 --- /dev/null +++ b/kubernetes/raspi/cluster.env @@ -0,0 +1,4 @@ +# renovate: datasource=docker depName=ghcr.io/siderolabs/kubelet +KUBERNETES_VERSION=v1.32.1 +# renovate: datasource=docker depName=ghcr.io/siderolabs/installer +TALOS_VERSION=v1.9.2 diff --git a/kubernetes/raspi/talos/172.16.0.5.secret.sops.yaml b/kubernetes/raspi/talos/172.16.0.5.secret.sops.yaml new file mode 100644 index 000000000..be1f6d248 --- /dev/null +++ b/kubernetes/raspi/talos/172.16.0.5.secret.sops.yaml @@ -0,0 +1,171 @@ +version: v1alpha1 +debug: false +persist: true +machine: + type: controlplane + token: ENC[AES256_GCM,data:RSsQM8788xfw2Q5dYB+FP9+7hJS+dm8=,iv:bkCJwnEIfgJFtlr0KVJYwGhvJPVwPL6IRdtH1RYBwW0=,tag:PYhNGbHelilYEmilcLdn1Q==,type:str] + ca: + crt: ENC[AES256_GCM,data:mlkx7CxNXiDhy2d6mkpczlH44V90gtbv9M/6cSFrNn0aedPiV6bVgHIER8BZyUJmk4zzDfNxwOpe5ohx0BrT4ESLQ1RCzAuxfpL7O2EVJuc2AQFP62sraHlFJNdClNNZ8LYB4B/GQ+8EI2dn0C6djRvmnY9b5BHYa7SlIfRHZxcuz5PLaykPTgyiV2Q4A2kzrR/RF50qVw0cax3a08VDK6EMn+QCv79eB5uf7t81d1J1S+RUH3m89cnl2dxXHmWKFnDaGsjYxZMoQM3Bsex3ScTRxC0wDaNlZ8VvbRC+CERV65MYhM3zUnxdf7TY5QGM3A1CritqbwiJAUBFaeOYW3oJ8aHiS0sVu0h6nsqtzyY3FPwHu1sI8E31gA77V+uAgDPQpUjwUCnnKqX9yG0uCs0uRP2E+KYg8rsD7jSImr+3+zdzEQmaMAXoxoSUEQppvowQ/63ts7EEKjoKwFQSHyEfRZbPPBegLCDVn4TOusRZjpqZcH7SC1hYejc7tdvwT1N80FQoL7vIb47FvHLpSTF2woSoRhCRHlEq/aQRoz+1clJZObXwF1i/+GhNkpP41HWhAoVK6F+qIyaUV28Y2V2KgORbi36dxpMtYbweSoZD8HlNvF9YvFcsy7QNtihmkd5zg/Ixq6qv+pkmaKY52d05AyoQvMkrxcMBGmI7Skj4UAMXjBTh620FG2Iju9lpZKMGeWuFzOV5AjF2oSjbtOeZuzRn0wA7oV4qY4ntfcqQF86iWPkxilV8yj8oipcPaMaQ2+obLeGt3Jx2TnCSvDS2kHklOW2Rj0PHokeybmxo8QU/DUXb5NzFVwwCfYG7Ma/FEpyYD08BiAtOiGtpDcOmO3aqSZ8sXYYWk2kcz5yH3ryZ,iv:ao8aWm04O4OLr4JSFL6SW8lMDcAqQEyuKvPaxOmQlBA=,tag:P833/ukIt2pgLzi1SY6+lA==,type:str] + key: ENC[AES256_GCM,data:HiBh0y2D9IE7ti1uSWcZjrIzft3sIAQajdhcGYI3tllAVWzv3PVINOV9rKUkSiFjG0KHV1TCMaDd4zqzRm+RFmY2zsCxdOvWCUGoCb2BKgHX0kdcmVunp/Bt8dDLC7xsVc1c3h1T6fSf6KQ3/IreB3I6D1FG+0m+GWKpekUKz8+Tfbyg/RZvvXE2PtwtzBmlR3rBES5XSYdZZLveud9d5Z3QSL067uj7Cm+c04kaXUO7h0V+,iv:jPFGBbkG25RsYnN1JkS5TDB39pq/CczK6ifnVViobbw=,tag:NUfGfr9H5PTduhuyVddJQg==,type:str] + certSANs: + - 127.0.0.1 + - 172.16.0.4 + kubelet: + image: ghcr.io/siderolabs/kubelet:${KUBERNETES_VERSION} + defaultRuntimeSeccompProfileEnabled: true + disableManifestsDirectory: true + extraMounts: + - destination: /var/openebs/local + source: /var/openebs/local + type: bind + options: + - bind + - rshared + - rw + nodeIP: + validSubnets: + - 172.16.0.0/24 + network: + hostname: aspen + interfaces: + - deviceSelector: + physical: true + dhcp: true + vip: + ip: 172.16.0.4 + install: + diskSelector: + model: USB 3.0 TOSATA + extraKernelArgs: + - mitigations=off + image: factory.talos.dev/installer/${TALOS_SCHEMATIC_ID}:${TALOS_VERSION} + wipe: false + features: + rbac: true + stableHostname: true + apidCheckExtKeyUsage: true + diskQuotaSupport: true + kubePrism: + enabled: true + port: 7445 + hostDNS: + enabled: true + resolveMemberNames: true + kubernetesTalosAPIAccess: + enabled: true + allowedRoles: + - os:admin + allowedKubernetesNamespaces: + - system-upgrade + files: + - content: |- + [plugins."io.containerd.grpc.v1.cri"] + enable_unprivileged_ports = true + enable_unprivileged_icmp = true + [plugins."io.containerd.grpc.v1.cri".containerd] + discard_unpacked_layers = false + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + discard_unpacked_layers = false + permissions: 0 + path: /etc/cri/conf.d/20-customization.part + op: create + - content: |- + [ NFSMount_Global_Options ] + nfsvers=4.2 + hard=True + noatime=True + nodiratime=True + rsize=131072 + wsize=131072 + nconnect=8 + permissions: 420 + path: /etc/nfsmount.conf + op: overwrite + sysctls: + fs.inotify.max_queued_events: "65536" + fs.inotify.max_user_instances: "8192" + fs.inotify.max_user_watches: "524288" +cluster: + allowSchedulingOnControlPlanes: true + id: ENC[AES256_GCM,data:PJFWW9t6jLXDFkUM5VXrV+pyrLW1qOxDt10X8SBPuM83rgoKFbE2BFR+nCs=,iv:3iQphZ/wz1LrrkJNw92KH7yvlVFpjVNfSiTy1XOwEOY=,tag:bI2r0ccD/hRlLaISCCtDwA==,type:str] + secret: ENC[AES256_GCM,data:W4e0AjAoyPcZCIy3cyfTK1frF3/Hfa3mrX6qGQjEgLBMVJLjrZQk8QO/T24=,iv:9Pm0ju8VeAlC+25E2LxUIcJ4aBu5bUPx5dsB5DgFO1k=,tag:VB73sZwy7s2rP23r0Pd5zA==,type:str] + controlPlane: + endpoint: https://172.16.0.4:6443 + clusterName: raspi + network: + dnsDomain: cluster.local + podSubnets: + - 172.28.0.0/16 + serviceSubnets: + - 172.29.0.0/16 + cni: + name: none + coreDNS: + disabled: true + token: ENC[AES256_GCM,data:lbR0CVToUHhr5jyhK+9MjKiWesQ0ehw=,iv:UWuNBgYAfma0GZ2yYtcanQjal2IhhaLQhYvg7a8e9Eg=,tag:CB7kkSJ1jYN8ZueX8BgDCA==,type:str] + secretboxEncryptionSecret: ENC[AES256_GCM,data:oLup/v9N1NUSep/79B5+2Qj3FzWNE6FB9fuO1XAKWCdOMOCrXCcwLDugFUQ=,iv:76gxtd7419n4IpB1Es4jmf8yqfjI5kIDeS4p7+n2Q3I=,tag:CsbO1/cliBwXJRwqSlrlBQ==,type:str] + ca: + crt: ENC[AES256_GCM,data:OBrZ1kwwJqQotZExpFlDa9ZOqOocAL2ShKGhafelJYJa/wFcIseaK9J64C0Xadq0DVNXD4LwZGM/GrGXApvgythR0ZOlNvNCq6S9i0Dd/WEB9BMeddKATgbQCWC7Fa+jSwTkglsyGRLUmBdjn2Y63e/w8UQKc3B4ptgct/HG6UQ31QZ+wGvNhn2/G/UdBcCsIYtQO/9n5MpNOVYFwLLt0mY9QFMk1T86tBqabZZCzYalotlc+MY5ANe2UPFwpJBUVCBX+/FuVum7+V5aRFO2fRymoAh6TRMPm9vKdIETyEs8ci7mLpMuM8T56mEPPo6rW7hz8gwVdJLwVW8HYiCQK7+fotjHF7yfVSo4RcXBF4BudJauBc5z47N7IeLysnDIzqZ1Qtbxt5yWMYN9N07ywvAf6jnv88XYj54inSzcHJPIX1EkXPDmu/R0MxHEpqWmt4fvN9jnW5daQDA9qevihXyRt1WmfBoOGJPd9YBLsodB9jT6ajfPss3/GtsaB4i5B/0nKAMTVjHb6Dfx+81nHnBGdaNBL+Y4GUlCofADwd3bBt3Y8UlWGmxngWc551W6H7QCcTuIJwVfdfpV4wtzZWLZEdT3izNaocoU6vVKDl8uFvxFNJsbnJUS8AohfFOF6ngqzOEwkUYWbC1y8Rdde6cY1jU2EzJ69ruURk/FlPTyj7ZG63Uji/rPn1UEuQDJw9WiLWri3dLlog36+fSbL1pi9vxOLpBTOxPjLtzwWfaVQgbjfFOdBP+K+IuNeIkwLZPYHgdEySvKNUYVN1dyxWT1wECh5Tiy6498v0dtw+NxlLT6HZtQKgoC/tzjhUUVGQOFnTjwryXbaBp/6kdHnTrmxBsrtNHcAC8MhBi15F9tqzZPV/rqYfy7TBt2Csq9XCSVc3UKT47bOyV3tTfWOko+ydr+zAwqBaYse3+7BjrStB1OqkydV2zvrC+DRA3I3U6E9CD/AfJqq6VZq31Rmc9ALLc8BbNqFg9Ur9KObuVdOkn25Z6tonMufZHzVkZjhrExfWwmjuVw0nJb/S5Q3qyiwgulJNwfmedhoA==,iv:v/acHexi1UlDDNCLYg8HfXTuMVZdIbDuJlHbJ2ZI4mE=,tag:R4xSDI3Yua8zFQtr3TZXfA==,type:str] + key: ENC[AES256_GCM,data:zrA4kIt3+kGQXMgg7DyLk0UpH4lQeU+oHtQPj84bvyjJPflfzoOsHKplfthNzH26MbUmKYavFa2ad5V72c9uhXm11GJyd9d+XGmjPxBKs4omfvWqESdIoTu1BeT5godwKm2/h/yVli2Y7RYjH3sjRqhUnu1ned3N0YnhplcyTlFHGN0/WWkaFVQFczxIUTY2hLHG4eAtGkKH0jK1rsKNvefFwuu4zEmyt8cyESbngBiXp9Ms32FqOvZ9tiFoMAwh5gfqmmmU1hDEe6qk7Ddog/Js6vBRdZ9bif8Lfv0CLHRG7GOChC6GmvroCp0Ojel/BIP+VY72wQq8cVgEy1ei7gi5Hfo0H10GYtOs5nAcFKb6gmcwxRVJfln7bGSP89+tK8m74WAz4vBEZREGIq+vpg==,iv:ost8q+FqYBGQuywRybFQ3cR+UVaoz+Kql5wPtXqVXZ8=,tag:pl6HtRGzyFmcIpggPPqE9Q==,type:str] + aggregatorCA: + crt: ENC[AES256_GCM,data:UfvXTV/ZsDmMkqOKafu4Isr2MTGOTcMnOgn17FzU4OlQr//k4kUocRzpu/FDDkEN4LBYymvedmktIhFJJT40QWAAWPcb/0vjx+vdrvUnprpNE59MEugBKWUplvYMxg3nO4F3/D7XxEb3yiZMKX3qr+cATZSSqkp2xAIM+D0p5OG8A3AAW3Uf1YWYl7XcZoQ9OQKoKZGksNY8bR07JvW9d8H8QifxvLxg1zyQDle4e34AfOWQDJrnaAo+PAO+tpKP5ERUTIfnZuQ7KjUGlsSzzhQD7yld+UZg52o2IvanDEMgsphtjUiLv/4KCdjmLGn3V37NzU+t/DMF+4e+p0905bx23CA9mmS6tTMl83K3pkGqinPMJDHbBN2y8d21ySdDAiCzW7r3+wqfDqO7nejk0y9Ts1wO7xhdwCTVQ5nFnp4XnEzmPSYJv23hy0o3k/GzRLazhWPNfJsCO3pT0OFP/dChry3mufzbwxDbvRX7j96nJB4Ca6jT9hVS52+F0DbeQjPOZsdXorAHZhiFDCw6KYx6WkgODr9WdljJs/+Fc1Doxwv6zxqmxYuLwCUrx1I3C/uTuQ8r48YkUaNhHP2Kp55oN4swxTauBVmzCg6gTUGwzoH+iZQl3nJ/WbQeh5bqVDhL8SbAAI6ITn/WniPXBFPFmuP5rfxQTnsy9kBhh5TOef2ecuVE6kz41gNswpV5yIgh69amZ2DHVMYT700bisu8S6BN4jg1LQY5dr8G88Kf+onMPvYj/VXKE2sKmaU94BcRAv9yDQIfdcxa4fiL/gyBHWtGE+pkb5YPDbmuPOibLhOd/NCmBPKRq2l3wDcNMXBR48pWtwSBIOnEk1pD0u96AyEa9SqQvh4ckHf01tOAhpd38hdhYUNdAK9XDt15vPmfIt+vmcAa81Jn/TSPVeLBrtPINdaY1oQOO8aK2UkJYEI4shlzZVJtHwhgnMZ3,iv:GOxd15y0DPm8AD+/doVpjCWY0sNZpuhGujdVWPiU6oQ=,tag:wiQxi2KzD8MvW+oUNkfo6A==,type:str] + key: ENC[AES256_GCM,data:YKb0ifcLtgAVTz40SHWT2HZUKS35SIAfm9tVjY0aRjGhnjqa0UUCeeGGj5rJR+ZBAFT6SUfdKRYYJczaNZrAS/qjREguULN5Lh2EQLHynQWdAlpFIKN8RdX/+uve8XmF0aWeQq9Ys6iyEzEH+v+wrLJyPZ6pUGahKaHxExRwU4ul6zV4J1vP97VXRw5+6ERjgFidrc7yhBwtPDOMto7cy4HoMdlItN8uUHF9aevNIdW9iaN6AgP9Pw/A6Xtvjy/aHhtRZIqycnIZgnK6GVR94o90E9msk67FygwNWyJuwPzvp4ayUOLxI1p2dt1dHOwz3ztO55IK6RIUKAe8g7tecs1R0GudyoH6c1NrjvBCgwj1J2Of0cf99+v3s2ibtboiIc9aYelR7tOtYymt39LAaQ==,iv:vDe8e6gMs7ilqHkTjBg86F0VygBCOXsoH3zz5Me3Nhc=,tag:WCcdtfFN2QNSNERufZME5w==,type:str] + serviceAccount: + key: ENC[AES256_GCM,data:IfXQR1MyZ3uAE5Jz59EKxpFotwdTjdBjmLk9sbpA6RscJI/DdWeGZ1vRVNhKgR72coqRkcisEyLrkllFcDeIFDPlxAAHqV+I1zPJgGWXwgCc/fN7YHcER4bHjPJomg3KqOiZvOTbO3BKict98Trg/uXEHWSYH95lzFuGiPnHHXalkbnkJmqGsF0RCaRJPglXBLOtIZZfMQUr86w9hKPe3T10CmwufOuML3avWd3Zhfz7tRZqFbMbZ3GaXygU08jDmbBMJkOmSmFAikshVk5bDzCKnrGzO3sNiQDBAtMRU0nUE37acvXjhCDgstHafdmoBY/Ssqt5Ekhy5b/77lOUtAk66rX106cuM24NyXBzIAfQ++YbnNLEmSlOo5GlHr4iNHJoLLAcF9zygKWp4MTy225JXBkreeo83MOkz+lFgvpXk58zBG2deQiUiYhpSE3R1oJMqxuDqZx2Xe32q2ZEwlOJrbTnLwoM9PBVI4iO2a8ps3K5LPqNAXv1KYA14eddrmYivwkVZSjjeXHRpTcPOVrk0yaEKh4aZ+ATHU0ZAKQxByp6nieKcbZ5vH2cy70icq2j2WXdjGBKckrYpxFMJfpsV42i7cV7HcH1pIKz0mjLBn0bau5R+5vzSNfiQi8MbxuKy5jXgcX+Sy1tvqteX8FxihXJzhiaE7M3tYRS/0i4fRFAptyiKRFYFgjcAvy+Uf9ACTZGUm77/FZOFh8GgpZFq74JVeMQk28em1SpIn1qXNcoZLG/U9MrtHnWtJX/A6aKS8OG78syOeKT1ZAl4E1Q7q9GULLSvSvZbo0c6CxDP59KcAN/SMd0udnvnyWcdDkjd25sbGGHngA1JZ6LhJPOwUFAr5n+rD6TEGDEUGSoM4Mnabf79VnuvhhVMUtbaG5y3N106/y4J2njSLcVeU0+DGNtJP91b4uuOHmw+MxdQCbtXcM+cOJsky12/299EC9l9A1u2O0zMIy7fN0MwE8iFw2mFRzT21KA3yUj4GGC+Ou05A+eoQamG/sHEWOlhymgv5p54j7yTfVDMnMNRqllUEHenEwCGboFJmOm3h/q0kffODfPdioktUiIw/o/07pgZcKmrcbIdw8mF6N0xVFs8a1Gn5aCua4fXpSWNGpYIsjYs4Uq1zh54hQ9b5RKGfSJzYng7C7sxlN8sBLbuSIGOhXY03bE3r8MW/DyP0yA+zDO0YYMesnbEiXBNwHjfUaUe1cvq3Fu3No6/A2TcXgfAGJqPmeqcUi/LiZyx0d1esOoNBMpDDxSVORWT7TfqzaTwcQ7YcuHwo5bmZHV6OlpEIMDmn13om2rV1n/bhxY2V2yjO5SwtkCMEXWIli0w6l1ykiYFX/5GSYlQUh5XmKSvRclprlCuweORjymFSz140ZivtZXXHU+9oyVLiomZ2DyaJtq11UyGQmhxTsG8EKVawS+lHv+xd1BZ8etH+oWBUbpNDbL4ZFZesKsAbABg6y7pnB+uC74wKI9Q3hnx2dHP1G4TEE4K3u3dZr3A7ycgvLLgKNqKsD3c36Y3ubmtTRahDDpN+VUXUiz9jONYlp1nc/TUzS51CGkcJMeSxBCxWeEM1EgCxqkpQw/IUp7eBluP6fdvIYbCg3roYK1WHhZrSVzKiz80GauLKeOAvTrC4MGHhHuMeVQ911XNSjf+mEEFKFmohxWzfZWDLOOtrnlAHO3s9qDlkjXZaRe7d+koNnAxc7YDcaexfzKlE+aathzAkGW007y4U5p7iz55KtLMF/ZN/KtxS7LdNtOmZQrgOCdt2tgNvCiINEsmZo6jRqadKoyWucStjarr6U5zi9lbFZYc6sw0pxZ9nbuKxlahHeN50FFzctreY6MF0mb7SPfZkTcd06eZkK9HAEOTRjbO0rxsgtA5VVn7PO2X1kpWadZirBFpk0awUGmfF1Y6Ok1aDmFZ7Il1iN/xaa0eaNgZkkrLt8PcbEBx++Mg02EJT5imvENBAwH4NiwAvhAIcKeU7cxea7y0tsvwCZKxrObBUG1Z9siO5OlzMxoeFC2Ll8RebaOtE1QQgPt9W8FROJUwEzYrGMfsoz+YaUQFrf8DjuGG8K2F+V6dUNi+WFlDTg8Dhxzo2tkW494j42HI1CAtQqfetiOlac4lqg6n1hKOt/AcaqIEjtmKewqpl9Gl30R1YWSyqI/jCZogHQhB/vD1MWLsfJ/tR5g2rCB16v67aXUlFbKE/FPAmynjPgui61xa0feKa3twfwUAVEKaWgg+yFV86XgyAf6ljCtBNalpn3PmE37FmK2nL4hgfUFv6uGDiBSw9wrF16/YeoHoG2+dVrtLUnBtjec3uLh69jxBN2lz4UctPxI8dtWXu+axc/JrV+ClC24O2PBkc8tQctrYDZewbNf8mLbYtB8nTywbmuF5iLMiiDYjv+fGoMAlcysek+Z57LE7k4uYfmu5QaNj8srVXwoBLKJDCQYSt+PqRViNar0/jmYun3OTavummjIN9BsNLpRLMWVBt9sbQBtp0xeynkk0G9U6BxE0EDh2JVxD0fhtC6j3aqRgmw6Bfb9SRGlcVT01/H3tdzzw4lL4aHyZBsLcs7viof7ITxnjfIpINRcZMupfpj2YIsotRDpDSGyED2vQhBT7tsihJyw8S9n8tJ9T4pt0ogc/qrwMCrijbiL/YJ5m08Foq2k5erzvJVDssOsuPn9oZb56FY9bosJI7GBGikvZNxZVoKVk3fkBJXw8uom6fck3mjN+Ws1J3ACJeqnqX4bISkA5HRQOMhI/srSIHSgypnIjrahUnAvV50R2lEHyd/1dcCR4KoSjigzANQLI9e/VNJ9pNbF1M6j50g10KG3rAHxmNNeMn+YfLexG9k3NalEos1YwHcK9eFqDrmccY19fDxUv28+AcNsvkyd+GpvcLDJmhp39Lu9VCp212Q+FJ6605tXki8tfotUeXphH7QiZsJSz/7aW3Zq/TahoyAFmZvO9YT6cZWX4NAvBi/XfpeViUcsu29ynHdb2JAaoYL7d4jIIW0I6eWviTy4375VC8Ewg9B8oB69lEEI4NsDe5Fjkejs7KAv6XBybNA/2lygn/7MX7wNJ5v4y9GyFl3O8obRAAW2SJGv/sWYslQiv/5QIk7tqzDnThNVq414mIkERXFu8NsJe+t4qTpqGcrLaJiuHcma2wz33hhX7fxJPK7GridHtVAfN1zM2hZdwxKBP/xfQu248uPhctN68Z0Ebq8LjFgSzcmUR5OBpRZWGza5rzMFY/D91v40Ko0GCUCdTfiQDTBaSCt/HTFk5ZPk6/qkfgn1FcPlAgc8G1gg/5zIes31dejvdkEHErEbFOcX8E6tqz/K1120wNygGPxA2S9eW2P0mzY2ZUT1dGK+s0r9HHnOqllmdT48FwGJ8/YWd+1vn+4JXAlto60nZiBaEmTZKMRuV+QoWFFTVFB6/W52enjzhMJNbW4ZeJooDJ4WCerFG6mzK7NwTHixFB7XnoYAkAFjdLXQoW89Bcnwhjcl336/Xer94DkZMeRVxB8Ytvr2FOAHizvlozWKXYA/c6FurGHbyisQfBr5Y4TJsZwXNlDF3X6RsZ5VTRLtqKUJ1EqdOlv2HkbwdVVQW0K/1UutsJQhLzuoEvoddMsYu8aH8ipV1OdE8WEVjI4nYzMkl/Fwz8zT6hik4TymiwEMogdWOvsxtBD1FzWEM7yH62G9qLX80BBQCGGULgWjuKwhKbGt2sfXuXPFG3gZH2hHQCFMHQWHl+2neUgGsZG0B+m9NgWePKHFt2e1vektyPgtiGsaqAeMIljUlT3EFpq7mK6bUorovDQJoqAeKkmxRZVGDtddFO1aG3DqQP3rkF6NPtv39aSGwQmAoy9vVQ2qkcBWl4I1LMRhLikYs+5SDOznl9OUP6+J7O3mgfYL8O9BdxQJY33ZNzYAgjxrozGP4uFOlqfqMLK/JJrbGY3cLnGSd8x/8a69ZSIciXV9gCZ6XSHr1tblDTyFBqJlvbWgvipdncT8qAbnR9tr866UzbUGwEOsKYV0syStnaxkE6ITKqteWymq/MQaxsLNQWwDgbcjykV3fkqD/sRxA7eD56/wvPJpjk7YUArWXHOZPxik6pcXvhS0emHkVMqPDDbo+WNyoLmv3D7mweEpr+oDEwQtsmdGBOoDXZTwan0ib+uhFog7H4108BmR0vLH1TyNgErJUUWN3HkDFTHZ9Pm3Pa31WKb9qx7PkHKLHy4uAlLJF1ebQF/n7+yiVwF6dOALiziwtVEsS54FO5KgLjzoM7LaalIZwKVMF8B4WbXDxMDMb+vzruzfWafX0SezaiDVyQ8yCjSf1eIS+lv/tZlmuVwjlNjCB8E7kZwAhcXzLSkA82Z3v2COKQV/6VNX+3JW48PT9XwjNL+LViy9OqvRCj4DImbgHFfgV5mldFQXQcgaroIrGMRfvF+A7RWDOlS5oCJViGZECgSkb04uZOmOS78npR7R8xDYFcn6jem2NoPy9pNOcHPfvvH83SHVLeykYTtrWlvvJP52et3HKDXSGN43WJtiTaHllQz/K7heELcryrz3ajaCDMcmhhlRzJ2mMoxrbp2cBuhZdEk+cGCX7yRB+tvLN00q30qpVfVxBLzZurT3iv32hQz1fzNF5g3iXVZQT9I67sS3kacaoBKmwqJms/orJayMZmuQKTMICqEEHrhLoCmx0eURjQD61wButv/67u/zuOsMQIpdXaRhBlldCWYkt+PhpILpG3UE2pldtsG9/OxIxV9MbZDNq7YqrDqtHp8dkArG0QZoKxLHkPQDcWeJRvWCZI26uaMkrFWvMJDRuTY4aB5YlLW9yCTTjmSanJQ4W4ZKlDFBbpc/v3HyjZu9bLh5YzVGH/2siAByJPhnOXbk9iyds2dv4deY5wUTi4D9m7E0ImiHQf6ONEiW0rX3jkniHNAHV+5pzd9x31OhriXd0AFJTBXodalx7lXdceOKq7md3sxPOAn7RsUq8jRCI0zbbtm0v2ya9jaLT48OttIh9zVY4ny8KeDuAkLd+44r/5RAlMUbgZwqpGaLGhgSGM22SzlhAvbT6uMFeSGplPHKkhOqHJPjar6wrNKnMqs+Zh7avOH2PCudLv6lIPk3Ut7G9sWLvHUlSimpaoYog1656kSi3GPKz52W/xTelpFtzufa84bzTtisItQUvP3Rhyv6nf1v0+1u4a28SlggsAf5D3iGsPw9b2yd98yOKIDL3wz7gCBsLeHEyFUxIjRkt3UYG3lGCOQouJtFnZ+S4UTeCazz2KUlSpk+bFCOeTn7KF4VUVNap36xjLHXt6NzLvASdVXW5DYOfLN3YcfQsJY4tpK+5R9QErMTk9cDEXoxxWYkJk9CriDvWSYBN7R1hpHh2CN40ToqoII3Vld069hxiIUgrWOjl5Tyldps3nCR5Tqs4yTMsYyGkYgLMxI9d6EVl39Vrar8pHYl5yntum6M62UvqUdS/F9YWnJyITPXFNsriQc+viGsyWdVtOc5Gwbqiyim9zYmSg8Hj3ji/Oz2iiFhtw1FIs/Df2O49N6h1zsus5OteETePIOYZzcD1+G0R6RtUNja7iPQ+zru88+G5xRfe2K/PD5JhO45+6aTB/YuYBcfH59fjzkLG1aVLjy1uAJnELKoTmNsB/kcqdP7/2xUvKtOu95OF/CGHWquZvMotjJCSb4zVPNn2RU95F9F6vIo32aEb7iH/Z0jxmr9L43x3/X5H13LXtymazNTp9syofZ14xXjiqX8tcc8IVWuSBX0dJfoEEp0JYb7/8NH1mF6q7NcMNt/,iv:tDQgauI39EcshuTHLZYCctf9vIncqZ2brIvAU5WS2zc=,tag:y8HoenJymE0GY+8qNtigOA==,type:str] + apiServer: + image: registry.k8s.io/kube-apiserver:${KUBERNETES_VERSION} + certSANs: + - 127.0.0.1 + - 172.16.0.4 + disablePodSecurityPolicy: true + auditPolicy: + apiVersion: audit.k8s.io/v1 + kind: Policy + rules: + - level: Metadata + controllerManager: + image: registry.k8s.io/kube-controller-manager:${KUBERNETES_VERSION} + extraArgs: + bind-address: 0.0.0.0 + proxy: + image: registry.k8s.io/kube-proxy:${KUBERNETES_VERSION} + scheduler: + image: registry.k8s.io/kube-scheduler:${KUBERNETES_VERSION} + extraArgs: + bind-address: 0.0.0.0 + discovery: + enabled: true + registries: + kubernetes: + disabled: false + service: + disabled: false + etcd: + ca: + crt: ENC[AES256_GCM,data:Ua0eeFEApMpqsbX/0gvy1ixm//wyavWdRSF8uskTk/G1nwBWzQ8v6jeHgRT9UosktaOtEK64hiqTiLRApIRxOhoau7aEjgxR3zIsN03kfG/zaXS85JFe5bh/pwEVOyJ/aoy1hv8+1VCn8v7ozaA0IZ/gYWXMcESgpsVThVq8WPin7yea9CSH4BKlh8ITZck1rcH0Vwig65CgKy94QyZ0DnvZOUEwn0eEkNJExEwYBmw564rLCyPDgc3n836Am4a2gGa9VxNz+Zgt2r5NxwLLTPj2D/6v97ziQb6k+cDjot+VlVRqO5bGJE3Sjimlq1d+xlua1U0nwpAPBnafsQcVsSqtJzX4A+U6JGx4YjTNPbkvoAmnRM2f8apBWGNOEzQwRZKA6PffWI/9cpL09bPBze8k0xpQa46JNM3XLdYAWg9NR0YjhmfG96bgJsYZDuaU70p53Xx4jc2E4Mjhfc4nhok/8J022ByXbsRbwuVEJuwj8KK2GDy4i9r3LnRz+wMF+Z/UwtdbcZ50cfuu49PBO0TyH8KzHjox1Y+JFAkpcsdfOGAtsZlyFGP/X9KHlZvewQ5Z/0n/17qqYxRteN2V/YfU7R4kpLtiCjK3t7k/4YCU3woYx0MW7SrplfDVJzlZ2IiJ3zVykSqDKXL+o3BGq5+pIyI5TsEcG1QHkrK2tsL5l81z2osAj1HN0iIxEbiFCqyx0AYAOA2vifH6Q3SnbhgqQOTYRsO3e3CY8r4C7bhSWe+KReA3KzyFgLNmYGKnhFYRtGyYoLISI4l5m2NhQfHqsWVl7dqRmVsO+Lkf8jWHrUS5aTyu5DOIV1fLgl7bfkTKew3lNiXCt3Lc7GwvfA4zLYIs+IZcgUPGNoPvVbuy/QLVcApQty/It5jScfSh2T3qjgv9O0qgC08icI6xPkTNQ4nLpdvWO+sO276AoXkFYmnUIzDKNKlxv2fiHgZF/C9ZMjvVMx8btn36P9MDxJ3SVHB0Raig3hDkxUN2Z3Ti6aSSnD17RQhxuaZ+3TPsNjG5KA==,iv:o4apOZdz8O1NSDhGSx6O5bf53KugZAuqHw5hgJ2bGlY=,tag:3aztVmv+EbkoW6V8dCM3EQ==,type:str] + key: ENC[AES256_GCM,data:P7p2QGizNcQHhyLBJCmNkqxXh6M1FGi4QsUhAlK4NMlGJQA1bgSxHwIcJPdU8jwybZUiZdxmc4o29VntQ/knG2FHnaXxRQc06VD5XQ0i7LQuVaGUO1PSrl0HKgXKWodglCyxI9MzremxK5LyJJXyPhBH94IN5vw3SMfDR1bDphP9zNZRK+oWRjQc8BLTApfhJ/8EiTtsvuyoQuXtgC5PqQCPwbuefDFJhKfe4eCGk6VUNg6e7exZm8PyqwQg4/u0qBsIbYdJM0sJLOzQXCvIpo9XW/GAOfzaHblSVWjHpbHHnAalMSU2CdkzgQmieCj6TidMn/+ERJH4m/QbFY2CfslYX/d6tC7YznvpPgijSCVrD5uGm67RiPsj6GIfNYfm168q09PF6SGi5KW++VzVdg==,iv:WhQBLEvrXvSxAyKbDkKSx8iQpC35rAuf+LCLix/tE9k=,tag:LMBvIeqLxA70/Aq+8N8EEQ==,type:str] + extraArgs: + listen-metrics-urls: http://0.0.0.0:2381 + advertisedSubnets: + - 172.16.0.0/24 +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age19963x2afvcsek4p5sas5n05thusjvzz7gpfknp20666u69jw44lsu5w4u5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQZlg1dGNaNW04U3pNNWo1 + VVNFQVJSNWNHZjJmeXAxV0Y2bXlMMWVQajIwCjFKdit4cEdFVklFQ0gvTmtYZVFY + VXdWTHJLeDNLMkhOblkyZU9qandYVFkKLS0tIG9VQ3ZvRUtFWXBUNW1HdTNXckFQ + NUtHWVVxNUNVK2dtS3VKSmxqbjA5aU0KUQSmbhkYmGvuQmMO/b3C0CP9zsqp+L3G + cP10fI+YuyosRCIb/OAqMwOTWXmHRAkJwtsyXRNBm339XX4YBqeHmQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-17T04:34:21Z" + mac: ENC[AES256_GCM,data:zaLLAh6ZyJCfMV1L3btozE/Ln+CWjLyBtSkVNxGdRR9i7eDIE6M9gKPsABX7+vm4o9v3H09s80BKIM4HWG+ZxpUCNSKAT5owvP2Elu+9EUka7XrxrVaRbQR7R7x1dcNXm6nY4ucZ0K5/Rs+DMjbNve4Qt/X9Ac4NydD95H2nMA0=,iv:+7hi4WtCqYyJmiuLMw7QhOwIelyEBytvqM2UYDuF1VA=,tag:l3K+AxSPLWHetG4s/rfbzQ==,type:str] + pgp: [] + encrypted_regex: ^(token|crt|key|id|secret|secretboxEncryptionSecret|ca|password)$ + mac_only_encrypted: true + version: 3.9.3 diff --git a/kubernetes/raspi/talos/172.16.0.6.secret.sops.yaml b/kubernetes/raspi/talos/172.16.0.6.secret.sops.yaml new file mode 100644 index 000000000..8e73b03d7 --- /dev/null +++ b/kubernetes/raspi/talos/172.16.0.6.secret.sops.yaml @@ -0,0 +1,175 @@ +version: v1alpha1 +debug: false +persist: true +machine: + type: controlplane + token: ENC[AES256_GCM,data:DjEVlt/8cLHGB/BbQZqvOz1qeN5m4js=,iv:hgSVr7vxYNHn9KLDsbCI4Amm95WDNcBTmcgG3fh5C1s=,tag:VZ3Uexu9l/GLe0srjekijA==,type:str] + ca: + crt: ENC[AES256_GCM,data:5ZboYYnxkphq7OTbJ14g5XUHIU4PBD7ua3hV/frPQm96bL5oi75jfw1TlTFlQUFlXzvgUPkomHt0eHVosWYtzu2hrya9oc1OoLVKbykFWTIjYquSvx6KIXRKrddzfHzTv3XQD1Gmumu1e3ntLeRGcU3RJhH+t4Y0FrbXyXOsUxD3bNdxYxmFI3DXDzJxzvGSQYoh4z5JGtjqLKxhO5+FtRIraZtHMKnDi/ACs750SXNU1C6vftEo1htfpN/al8oNWKAwuTaXyaWsdFYh4SbcMBV0vJcFbdECwApi28Ju71xzoO6j2QGbplCEEdFf6B9gDXY3cojrJ5jRluzVi95To22nXiby7oSRZC5ZeAQYhMI4pvmDkcAn9JM9hMAp6n3hqEWLBgehF64H2Ytd4c5XiiidX3EvkwLFhn1XZr23S4ti4nO9cYqI6vQBtC117nLXq7/S2YKIglLrXj0We7e1zaTrkqABE9gjdNQcLX3O38AKHCY43qPiyXns9tExXrnk2g3gcZlxEasjMA6L7dg7cAauKvXWggJdPAt695tHVCbMr78+alyN95m/lgjaGOIMtxWEVWOaKm+Sen3W5uKucVHEkMQF6fOuArKE+npLkJ5b0yqlypaPYebsoyRS8nR3YKXTcpqMjiWygwYoD2aBw6IZqQ4ySTFPh1EDmBpziQfn6OvWsL/hOI6J90Yhwv2k9nmRYcWRHROfAblfPorWCehdAizJWheDTzBEAc0LgRLtGQpzfA7y1IOmEYrZTzDDQhyG0+tP7OLzDk57ZcxqlL3SbcGi3oGcy42NEMiGebvkjGLFooAtfqTUPLcaJs5BB+9GI7NwOMQ/Z5a/CA7zMjoEsAx6+qKVdHTvqHLPSqrIBAaW,iv:sx6viU6whtWp2qXF/L5jUOVT/TQLikBDgiwhjfbIigw=,tag:nd7OPKXJlariL12qgV7xNA==,type:str] + key: ENC[AES256_GCM,data:JfArvoN/BRdGmp7U50lm5lzceaPCodHUleGUjnnIkXSBGupkfd6X4BBHq4xdOnMl38vG8QD1Yd3scX3O3vEc/ur8nIyHFSd4McvOUvmsLljL1rTLN1SQq1NelCEUgjqtCJuMvMSd8PFlbYJNkWd54/wsY6quNqMBjLV5xgH3sKQiztWAn29T8WDhCa2TwUEw9UH+QKbwlWvqr48kK/sjmaD1Sgn8Rit+Ou7VE4W93GBpLJwS,iv:aZk65XsEWKonxEgzeg9ksq+qWn8H0/Orr0nqb+ObrOM=,tag:GL/Uplk0UdrVSlffM4v7AQ==,type:str] + certSANs: + - 127.0.0.1 + - 172.16.0.4 + kubelet: + image: ghcr.io/siderolabs/kubelet:${KUBERNETES_VERSION} + defaultRuntimeSeccompProfileEnabled: true + disableManifestsDirectory: true + extraArgs: + image-gc-high-threshold: "55" + image-gc-low-threshold: "50" + rotate-server-certificates: "true" + extraMounts: + - destination: /var/openebs/local + source: /var/openebs/local + type: bind + options: + - bind + - rshared + - rw + nodeIP: + validSubnets: + - 172.16.0.0/24 + network: + hostname: phish + interfaces: + - deviceSelector: + physical: true + dhcp: true + vip: + ip: 172.16.0.4 + install: + diskSelector: + model: USB 3.0 TOSATA + extraKernelArgs: + - mitigations=off + image: factory.talos.dev/installer/784f69a53ad6331e65b32412e46f766d0393b625199d4035cbec6ea771cab34a:${TALOS_VERSION} + wipe: false + features: + rbac: true + stableHostname: true + apidCheckExtKeyUsage: true + diskQuotaSupport: true + kubePrism: + enabled: true + port: 7445 + hostDNS: + enabled: true + resolveMemberNames: true + kubernetesTalosAPIAccess: + enabled: true + allowedRoles: + - os:admin + allowedKubernetesNamespaces: + - system-upgrade + files: + - content: |- + [plugins."io.containerd.grpc.v1.cri"] + enable_unprivileged_ports = true + enable_unprivileged_icmp = true + [plugins."io.containerd.grpc.v1.cri".containerd] + discard_unpacked_layers = false + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + discard_unpacked_layers = false + permissions: 0 + path: /etc/cri/conf.d/20-customization.part + op: create + - content: |- + [ NFSMount_Global_Options ] + nfsvers=4.2 + hard=True + noatime=True + nodiratime=True + rsize=131072 + wsize=131072 + nconnect=8 + permissions: 420 + path: /etc/nfsmount.conf + op: overwrite + sysctls: + fs.inotify.max_queued_events: "65536" + fs.inotify.max_user_instances: "8192" + fs.inotify.max_user_watches: "524288" +cluster: + allowSchedulingOnControlPlanes: true + id: ENC[AES256_GCM,data:2MGzeYaoSUVamXM8sxaTiWQHf+I0DaZc4Fc0U6zzA/vMxMJxA6vzm5Bp4yU=,iv:nybpxuNlBswLWqAZbzDyo0SdWCwTTrVBu83R9Ts9Zas=,tag:RssGiQ4jRLNH5rdLTFaMjQ==,type:str] + secret: ENC[AES256_GCM,data:V0h5qCbHbb6g0W3SzBtn9worhgrah50pHxfZ7E19jNrpu96CQmEqncdWcbE=,iv:cng8UttyY5w5l8kIISxV+3L6uuWxmBM51gAiSCGaEKs=,tag:Adq5Aw4vOdyEw3WOv72p6Q==,type:str] + controlPlane: + endpoint: https://172.16.0.4:6443 + clusterName: raspi + network: + dnsDomain: cluster.local + podSubnets: + - 172.28.0.0/16 + serviceSubnets: + - 172.29.0.0/16 + cni: + name: none + coreDNS: + disabled: true + token: ENC[AES256_GCM,data:U2kxRU7+IeL0d6WSTlQRwKVzDDKu9T4=,iv:kKtZAHaU3/99WdIbFwK6pyG/lQo4jAbs2XHkv1o+7e0=,tag:CT188ofvZ/joR/hJ0sKmhQ==,type:str] + secretboxEncryptionSecret: ENC[AES256_GCM,data:DFIBOkYlFaiKwojCmp0KWJNYuaDHEn7tzDmSl5KcC51EJxXbSccrDu5Utqg=,iv:WnfzHdjsc44Q1Hfd7EL1yVryu3Qx8hQ4Ts2yYqpZJAQ=,tag:oYft7JMyIhtLFK9kQJw2kA==,type:str] + ca: + crt: ENC[AES256_GCM,data:FCH2YRond6MuKKKPIG/C0VJ0GAGrpHMp28NgHf4Y03orSCAVoYDjFrRmzLp5DbQ4vsW2oOvT4UMVSzdTCNwdxM7mjbY7aDC1R/hoJE7GwTuPVFCk4ARID3IFHT2LrMnorBk3SweM+Vcx5fMavmyHpaL+DkW/srcY6yOa7ATlYrKvLhMGz5shDD/Hc1q8hyjvE/gf0z9DddpV6p+7hhNKYOUFn64PE06cBP+ad9Tl2I79NmDDX36njT0aqzgCLk6ytU4Fad7e2vPiXGRzr4lY06gQCrRhn/jpvVyZ7DTcdJRJM1EAj6xsKxPhqsDJT1/MXleo1rnYrm9x9iEdrkSwBOiNfX/Tyt1Oqc+7misBpoFQ+wxCWi1HBEcqYtQitclX04T5gxhz2FZ/rckdGcfs3xQPRcrQGLomfF+AdlKbFPRqerAQfT23pXZlO2aZpHVrf0WqV9hc14Lpzi1XOc+UVfbJxxXK+EWGWUS3ym7CES5jomvS3+7jpIPePR3UMw1EnpCfz3NVSRvfU8v27AyI+V1xKid4WBdCdqdz8dqNEoJzviLXmhIbhYvz8mvdL3LCEVf9TDYobdVTRJqr9lUDD7FBOMvq6MFnkGAmaKsvbTs0anKm+3ru90Zu5id3oSNtqvfMS/qX/B3OOMAT7XfBd8KshJnGkfB+tumk392dME/YoSx5RT8fQg5vJQNDjYoIe1ckYw2CcieU5pz0Kl4ftvM1h7AeKe8Qiztu2jciALZC4+Pd2BMKibOAC4Gn4cK8xbQqkTIkp1YcNN/byWE1LdBWUcuZi8zunLCE95hz+QoOx4w4qo23kuEbDktIhIZdYMbSF7wg+u8F2k+eWhwfppCCYa/K7LyKwvRnY5IaJlrpckGEHkXfEp8GA/j/hi7YDOLVbp+CdcgUuaImWDa+m27ylKEh2yN4wc2mUuMQpebW1KYmI8LvYeBffsffwG96akQsHw7Z0ID5aIsBYKqPXfurUzVxtzvc7azybK4b1ciaJZqHamCqoR9YW+ZVjj4QmSvW1fFh1LtA6BI7bHsGXEs50ZTYCp5xAg70/w==,iv:f6qKqzf1QHNi3efM24gGeF0Np9xh8cTUiE8BoeBMPCg=,tag:gYtjAiqHx+yGIuUfowD9jg==,type:str] + key: ENC[AES256_GCM,data:WffFO2mqyMg28YqOXJpicblOzc/gIs2FnrHcFEzBnSczc8G4jQqyHhEHLvr4Sc6B4qUqO7hv/1lYCQYGFaV7X2jH9ciIyBdbbhNbPpz4sgvDIGaRumjjoP6kPbR7RHVh7E6duLjpT08CBGkGHuH4SFXbo5ZejuvEePFb2z+lc0Yo7zXDHufalfDpMYWGvVjZ9OY8OTzuLSAXGqM6hjU002BgPhIBZ/C86/QV3v5eyLL9AXFcbl2MRv88NJQ8eUYhnP9ovdTK4P14b/7GOYEyp7fd4PVTSirVnGfHNKaI6hc/H98U27VhvSSJoBzGJWP1uFBK49motIm+Qzls/2hsPgliOj/Hxr6iHhtD1VpmzP6UWm9cNuwOzYKpGzOQzMcuMQKYZmKczsAdW6VnxCEIzA==,iv:BsMHJtASYaZGrbAWLZYVUDIvn+zhTQ7d2itRdsG9irk=,tag:lsvZjxgvoQpG/PMYy6T4Bw==,type:str] + aggregatorCA: + crt: ENC[AES256_GCM,data:LDvRG2k2AefO+IYsZnRJXU8MzBDqmQGIyOKwBFuxmnxRUHbxaLTxjF3pJ8P8mFKqB4azeDFmnPKRwPVDZaWAFIFpS4iptSXSNCUem7wj3BOVjTm+8VtwOH8EJ5fJuzPZWJrWWJ/Gj/ZbUGkUz0WQnozFqJHoQfW0CYmxOdEmKKlO56tDk4JqJuJs+47L/fhJ927pHg7BswKC+GpbDGskrEfTEE8wdiRKwHrC6m3nNFTqwrJ6PzUywUf+Nz+aEImJAV30lpgTz5HTlZvrWGiFAm+loPfLY4SFa0fHbS0iJQKtuBpQiDQJ/uE1DFJPl3wzo8I6jKDg8genEJ6a0GCDXH3yrngb+5xolNa+TqaioLTFiERxYOFSk8tHXapgz0ibZJ/qeMb2Y1I/T3UROW8jygoral2TlJGGBf06Hd7HowZ2mPbf6PMW+z/1lt7v4k02/+7WfHeEa+UF7nR+V+9Hr5kR412DcLAAHjhwGbhUPtrJqAMOUhBomBIjxCxCKptHC6yKfiK3pTJJQneBFQFcGCtY74G5boBEb1q8TlZrUHRUQe9bGHI5p5Sd6oRZBVuc/9MGc+7WnCuGbYmIxcuPeWXNc3bLjX1K1GkZYVLlrsi5gk3zgmOAmAJsr4D06l1JKZk8RZ15ELg/xZahRhk8sfZLDNN3D4pgCaQDT4zyIi4tQit0OWHQiWbSWA6AI8AsJkaonch91C0Iw80QAeMaKctr8EOKAnAMQIupkf8PpaIFdvaQNzt7IsMg/W8ixsXFQSn8kVYaqS/5tf4YosDD/eiY0irkDiRzka7il2tPvMITMCmSbxoILjZAjoH46JfZ4N7IB2HOQ6Rq+PF925KfjbYrVr1Ph4jJIyuw7CzlsdHyvLaM6J3CzF1W3wZsxx/tmmWz2WfuJAZ/06aUOe8DNbk4XIxanPqQXa1y1qnIYVJBpYd76XcbieVKB1bbDP85,iv:r92n7vEvddghmz4V2qn/A1atPUEb6E6OscwVzR7czQs=,tag:l/fTVcTQ2x0bvsKxRX05mg==,type:str] + key: ENC[AES256_GCM,data:UGSbGfULBrS2RHnGU4Y1J+6T1b7Ek0DENjGSLDrwc+jzi2zka0aP5kvLMkOAxzUmQjw0CUWa7ecfgS3P7DOqhZV+ABrXXSZQVCowuHYOkwjjIo4fYkDDsFmbZhUjH4jLLKgPcqzdj1GQr4UDuCjNuNO4pN4RKCHjB9fVx31goMUHQBiV3Gp/sG1k+BDA6EZdjqOwKLN/fpkhSzPPouwwXbQtUmylbhqksIKNCbjg5O5EdMPsI8AZpYsIbbGx1XuxCEAgYtetMOyIYRHoctneN0pfqXvHDSidAXNJxHriEq96dXG73UAsAh8YNzA2RBVQOWowuLFLzvtUjj0IhXZGBJ8vzDxXWTDsNYsDeI+Y/hpC+9LHpMmm/w9Me1gzQ6CPZDep/el2w2aMVD7ZH8q+cQ==,iv:ki7Vah9SOROyWR3cqubz5kSzA8/eAwsCNFLmwroXhQQ=,tag:HFcNQCzuo4CEv8pQr1K97w==,type:str] + serviceAccount: + key: ENC[AES256_GCM,data:5jiP4pTy0IrXvZh92DISuH7KB4KZnueXg7L0R0C17vhEsUUMJe2jtKPqzg3PI+iVKFtqq7RmBNmfhNciNFWVZRij4CDwuNFbbz/ocWwgpAJthv72p5cSHy/fWmp3jq4NNlF0CPMwwVx6T+5d+fDsD65k1An1sKltCBn9zfPiiMnNC+IpJjcQPKXL/Om/xJT0/0PJdyjitqaPYGMGibYd2BhC4TJWgyKae97XVkIgin4p5q9m6XdMM3rv97uwVX+psEPN84wDyC4CONq9PrdGz/laP8onMh8CjvOL6FNyhHved+JjIp/XTUfVVs8CZSpgWh/Mazg5rOw3lkoGB6fYvzU1H13lIVPCoUQi90I/71Np3W1pltCSUktuKPb6gxjmADpsRKBZL1KBx8Lr6kz+c2WpZskdpDzZUnycZO94vDE3gTY72b/P4Vf8QSsBI+o0814Qqbe7s33b2b3UsErFg17mFaH7e0l28IuB24RTu+GxnTfVTm1mztcB4VFKGb73uyU6ImAtrrrT+md1c4f6HKb2KCwY/63WcZl3oRxIxDhTAO4nTfN15R0y09xCB1wfS3rIKxvU5+gId9TITUrJBggyFGR4jyf6yTfkfDgPgIo2ZIEpaGaU4kX4esUNTdO1NlbGeePljTDZn+Rvy8Q6M5DinKP34l/tuidSRbQyEcasDI0ien9lSV1omhA2a/J4wHI5xGcgF337hhUoYYIawM4QMz0RIiDm57Mt/WStyDCidA175BN8AZDxttLo8b9hXFsdReZLhsvc8UOiqojTQnsR4h5Yo7+evOnmnBvx2cupiPWMgtOgzoD2yyujqnDlQsAAmpBAsKjafT+EB8o1Fpvpf1iTC3IeT6t13Le6NfnG5b/3fpfSUeEkiXiIFsLlQ8+k7Va61fQFErtP0p2BGrqdNVkGtMyGFScyvtb9SwsJZwDZ3uFmjX+F1gB1ThjBHEsOiGgtEVefIe+NzY06mk8S6H8IfFaOh+pGBVgXSLG/L9nw9QxkeIxNVz8BPmWj0zGnEg6zfxiaCFCB4wI/AbuZZgvsS9UoCYVjqYbIL8VO8nxjtCcDRsHaPGOH2mlXQJCPo0y9WH8xHwkzq0ub9SzBq2zrG1d3p0knfItuzgvrITncJHezldbQeCNnnR+WvJuMw5AW+rXYk2j3tL1y9qO/JOOw46VaJRI0W5Mgx2Heblf0XfdsLkD1uqermbFeGeh7pcp9P3LmbP/vRih8zgwDlguK88rNn/b3UBylpEeS8/vFLKGYtJSFJVj5GtkkOW6yl4EnG89345Tiwdt/FrHr5onNOQyttVmqhDogA58OjhuB0omnusGegDqUDSRQJAZtX1c5CIflkK6c7FU3Qo6Uc7YHYvK4XlM1nTWupixov0r+YN78ytqsrysHLXqkC91Ag7wKbvf/QzARIFkbn5/aA33J/0KUWZwq9dVaOwNWlahjGm0FLISgPUouoob1cFqkOcREm7euB924c1I79ADoHAPI0o0TtxqekEJLIYLi6B1dZyHBndW86izhKK2t/8pnuNVml4I7aeD2IkRzGuGmNqw+SGcX1+fss7JykiNsO48Wzr7vV1fhUrgmk+GloKAvn5Tqig56aNjvJvSBR0nO1RYnAQM9AjYbNbWo4ajwLy4imMGul05YWRt8XNrgW9ebt95mKi0zElggqzLNo9ywVMvFVVRFN5vpddnQWz0m8bJ5sJfJM8n/i4joOqtHMpIOkfN+GE3H4szblj2DRTUucRyfGnvKDjH5sJ4If3dCdysqXdUkzi60cWxOEvn/e+f4JQWBq6+5CBou7B/f0e74/bwZzD7omHdOJZdwF+2XEEzFk2ZrJmTDrA9//iRr5oqtnr5L5JO/0cAO7VhVlznr6IBTQH41b00UFG/I87S+Hs7EO5MEDFN8Ag8rUz7RvxkHnqLUPRTUZ3OofEoErNRz5jbLihxHY4qwz7tftKGC0DpEeG3Uopm26U5hRX8MP4xeU9quTRdY771s9XH4k35eV9BK7esCYUZ/Nw6hbQ9uBtSf9Jog8hvixXFyIDYVgjWPCBkxxoOpy6ow5wkBnZC7eUxNh1IKtH1t9TnsrO0K3g4ITz77qMn+k4lMchPYUSJvcZQUiXNH3uI/eaxkIvzfcaQTdOre7MGf+wdv3PVm7K19R3aKGkaKZ659EY5BVE+5ZDGCtKLHhYn6KqVEjWD5eHH/3ICVUgK5pcELADDRajaW5MHacX8iG/5odd0sceHMq/ZvDfRw2Hrhh3vvyHcQ/pIfHBVPDF5krtin9pzXVwl+QLH3jxNwffRKGHscPeYj7ShRxHsxFOr5FMCvyzwCNeRmjOWKh4gk3E1cynZAbGCPQQeKFsuClgVV15XXnL8sP5DKc9U6s0avErGUky7o3FsLEjvgFhgR/zFWh5SADr0UI+Wga9ebH1Ixdai7TpDhBRq4KrFM1SX5vU6WEQlWIwAwd+pnBkcQo324X4rq+OI7sHv1ynr8KNDvh0khdPnxVX/c6eD8Xr5yzUi2qgXBvrdX/cHAHVHFeWHWpxfxpfYI4VYBvZCr7hhow+/tzlofTmAspiPRvdMGbdYfPuo7OyLA2u1ljb1q94VhB9/DYLdnY+cY3ptOXv3FZnelP5KnXziHF/RTUnNHG/kSYQ2M34fnwZbnmWU3GBxheYaT2siGPGZkZiD42PfZNkNP2cCrREh6BRcnVmu0KKGt6uKMCBtYSnH62+rhK8Sxlvj2AJ2GQ9niLg0ZXvLWp+KjAVCB9KH3tCymF0NV23xP72k77KIGq2JUOE3kYWX4X0psmWNWtZzo8UOiaXonfDwECKmI6yZOs22gwkXbTcy/FTpVSFGY+ALZRQIEzVLJX1HLz8M0H9XgkYCdzxX2WsMxgjFsHuYIm4e8U2ySWS6UEkJvdsq9ac+9RlQRGgVtg7/EPmt5DuDaD4iK+gZRzExXmFgpZ1g2bUdH3Kzw+Hw+rl6BWVmXMcjEiE1m3vd7iQagoj3Qp7YHtmQaJkps35Usf+ev0f02t2dYNecFn8FyMNItX8evP40ZfOmo6CirCcQUTbMsC0/8tJVW+2d1uVhzsWz8RiIdR6RTHQ479AVEn19ssICDZTrW3lUnfz1UGUx7sI+1fbPKBG624bADeiRnsaP7DjwzEPniMWkQijf4n00IHJWBAnuSvAamds9u3kB6px1946h423+9SQR0wHtQnXtm2zB16kMyH0i4BExHH5A47ISDwKR2GOzlFb1PQNMBKK2bqEdIFFMa9wPafrfNzfIPAPKE3V3Eiy/yzW39ijSxUYlg6EfO0CxiQsL/UOjxbyBZDvTRCyQStgBjtiavgn7IC0nOZm0gyt4aOdpHvk0M+ALZs76u4nYpmHDQzM5KgKdRwUHo0fKKkKLlOOwOoS92NEc3545BTikyP0S7Topy0Pj1W41NOpVtR8ITDjrERKmT2Cr9y4XFON345QLW78UeS6xHIdTtlMLbxLB0YPWnT+dbmqB01pj0nhbJmFw0aPsCIBCs7nHL0P8tx56zul9DBopE/qiPfOd6caU8Ln+erAq1/sBjDX9eyhtWwR0NisKXyHI17TlquA0q3Gi/0bb/f8lxQsirdQhpG4e1dS/erlTRzg48M9C6Mu/zbYYVXUzL95w1M4bo754LUB7EGBc44zAiOP+NGiCfhQs4U9YAcdoZInPc63gO8LG5xPwBOAQBTEHzuI+pMh6SKBCvdxUk57pEdRTtvBGq8J5NoCtC/7dQJUqlsfjYwUpnnzIayFvdxjBgae3HMsmmw3NIylLb3euKXZwIPvv4FsBlB6oQ8qOZEfiVqAvPU3+yd8zs0+wtGHO5pkJv8jBB4hIR7bpiMllvJ9YldTU+VJeVU+Yt31S0pAZJx0P+1+b12rbeDpNEUfkZJ7Bp0YDtb5WOBGv/g61qxnFzwjk+JwE4ZB0vyw6EXrpq7tU9DYWxp4T1T2WaOecMcIabmF24CvrEcCe3DreEQcRsCc4yFZLY+++Gyn1dbRvbvTn7yoT854PdAlM0TUDjqKsCLcvZ0ZBbi47IPIHx33EZi+dlUyTwSO+58sXpG/eNQw8Zz87y6IrcdE0nXi3q8KSi/yRyBhYP4e1s+Ld42C1h5Ds9/kOvQAr7admOz52NzD4eG0nHeDEoztLmk7Cx2kopkbZGZZIqgBQHXyh3rxoHga4QIOxnFNRo1ACtlpE7k1x/GZy8MtdndMkrzHQ+NGvEbVKOBupT6mj+kRWRJwy77/Pm5cx3A9vkn4Fot28GrLpgaQAggBMGYwKBqeCAzVRz8Cj/LqC5hs+t1knEl7WSk/BgMzdz/rGEBRSPMgN40DHLY+NS1G6Y+22Gw8TrNGkpCt3tlxroBERJX6gEYvBaVobB/w/0zidUKtkHflEPbEd6fujIN8mtb0YAG5EVVlDeZKGzhsn555/1lqRQRP+j7zi1Xqx9O4dH2YrCd6wuWNx+Z0MriNOFPZTu+LvEN6/YuzI9ortDLQ327I+kM2iDfUMHaGuSWri7MR+G+1AeBRN6eLoaVs4nv/XqYJpYmYqSbPsGC+CuSTMfw+MMjEl3mXOoZlJhoICFCQhKvGekuzH5p1v2n9sIK+lQCs/pt8xglpT+HZ7PWWDqZRrdgK8IekxdllB2wBpF9u0wWGggGGAutmkBxjQZHDNOBelBag+AxU4UCKp7BS5Hd9SXRJTqExRXb4aD5LleQ4RNfnWuow0wIQctFeOYSpRijjk2r5RLSUGRQZ7WLoA3mzX+Sj8661mxeBfuQAvR8hFqoOJXb8FUvyxp0JorFZ7Qgxn+H536ChKUtbUg+emmYN2U0Uv+q6eOSKlAyJ9omnaBE4GNTfiI01AodRu8s1A5C2CDHeWIj6nDbcLARJcRwmFozSgLprQxz9iC+WKAwcFzZ/Hl7yDwoqmuNo1ThU7CArmIpleSzM0edp4TrpSuSzc+7IngIBL7hi6oaXzDyjJEBOv3uDH3YCA8Xa3WJyjLBkd8SipGS27NDKanIAWjQvn0peSJ+BQExLIYiH8QdIHiFqQVaOpFLabhveZlfbJqr1sGQ632VpuaIfh9/KjAVJIT503y79Y2bvrsbUV8CzwWVNnybWkwwi7X3lq2nvLj7jbDh/e2K8p3MvE0VZmbPYbPhaVcH/5Wbf2X703eGLzPKjydkSctteXxj1FsDswaw1WJ3KFH3IFji7ODfLDEsC9hZg1Rbu+OocDOQ3bwqW7Yu3Ww4scT0CBqdKatptfL0pxuMv1LO0ptul2KfWkQburhDMd3at7iCjxIOLZ4r3znN1fcy04LsWxjN0MTW775JjP4s+kdYfr7/sfUAygjjlcvlSVXOWCDNna6r3iqOvLN1n5xYFQ6zMgyyMyZL1CCll2/PpdVCpuA3VHy5DtHQd4ldNbVPKJsoeSsNwK0bTx0kRwUOl+gAGpbYVTN9xknC+K5cmb83NoV5RVbrZ4HnM/uwllqen9257M9KvEPn2XAftzOtWAyUd/r9x0Fy5ISB3iDreVn3sARbeEhY7IHFV5l0ov9z/GAPaeRRPo32M0SPrnWx5nNT26U89lu7ORDkRcUGifcc/8LbM2d1NoLroTzg9nYLUyNxc8kPqjyPTklmRplw2Gg5+MlicnGchnxqIvSrmdiFB2nSsGhpS9qF9bu8/X4F9vP6IROJnDABh3/rFNqlk15y4MYKiKSz/1foGMURcvZ1Ty0P7b8oy6JxSDTYjtFN1mVOCIm6npPSpLde0ubnFq46h4irDBXp62+EQeqAGGAn0mUbsW7i7Fjpc4xB0nZtNU+,iv:hOXq26gdJ5JDHkD7JZByvfj18MsgYw/yn+xnq5UWm4k=,tag:eDK08vrsT6BsZuU388CBkA==,type:str] + apiServer: + image: registry.k8s.io/kube-apiserver:${KUBERNETES_VERSION} + certSANs: + - 127.0.0.1 + - 172.16.0.4 + disablePodSecurityPolicy: true + auditPolicy: + apiVersion: audit.k8s.io/v1 + kind: Policy + rules: + - level: Metadata + controllerManager: + image: registry.k8s.io/kube-controller-manager:${KUBERNETES_VERSION} + extraArgs: + bind-address: 0.0.0.0 + proxy: + image: registry.k8s.io/kube-proxy:${KUBERNETES_VERSION} + scheduler: + image: registry.k8s.io/kube-scheduler:${KUBERNETES_VERSION} + extraArgs: + bind-address: 0.0.0.0 + discovery: + enabled: true + registries: + kubernetes: + disabled: false + service: + disabled: false + etcd: + ca: + crt: ENC[AES256_GCM,data:p6d7H6We3f43fzSSn0cpHBv0VO+ruRZno09L9/3QRbbcDFdFp7ucoIw6ke0XlpeQaHULqy04RMMKWV4AYTix89VKyZc5wBa5gDDO1bbDuPQd92rvgOLuguyyd3ttq1NFeg4Q8ufENCHr1DPw9K3ptjVEZyydNjBjNqREhTZVe0eNlt+arIyGcGhaVOcQD7lrET2+52mKC832LKSwQvSHOcQ84YArvXGDhTSXEeW54AfIgOEmW7wN6D7f5r0JwN325rXetxmZxS3BNL1nb/SMFukycV5PdlHNqwnuONAczBtq20CnxmO/CnYGcoauMjaMWvQI17mlvEw/V9JIDMvlREtt8nuITra8YMg+81gOYidym3edm2vQoQDw99+Cv6hsr2coofLsQNQenDHWExFjU2LDU178EH+AFV+J9GqOse1rjG+j0UXWQ4meL9H7KqKKr48rEYhBtOPup1Ce9RzLanBK4INKb/Zi/viBrt9yF7kSVHF/GHdak0dY0XWBLXDXuLRGTAQS5QcQncsyllooxllF5Dju6e59HsNfkD/hz6DAsqrPtNjhmlMKF0NMr2LJl/UbW/Zix9D68bffblSThLEE6H1GTyMIxwR+OqgMB6chBueQPfTAR/xItw+h2C9j+Ak+O8DyMG2a1qDK93nayKm1XMYrVOBCJVBrb7CCQouhBGkMFODIKlykobPcVNQ97LJxY0o/KKJTr80uCwLYaIRDo6hfvWNpZCZigD6Iy5uuMW8GZXwA+hAZt3LO4DWJDGYsey3slImjB8F5+HIvdlLFKiKX8imdGyj0aOswEyr/E41oxVvCCQ6H9Hkj0FXrS3uVRmmSvK9ghAoaZnfZrO8YwjUpC6Zkrh+BxFveqxWg2XEviF9Tq+l1fzkD2GHlXQk4tGJfxq1wM0w3vAQS2JI7YTtLWas6mQydN4Rnzywj4P8SVZYMMJyqdVxQdObpwhCRG9NHfJUgOLluF6ryiXuoDemcKoBT9sIst68hSRnKVr500eSKHPGjgSlb+PPDSzBPLQ==,iv:6jHQhmv4352/YVuw7huwPIhDfcG/xLwlU97V1y467v4=,tag:R9amErT0aCYyeg7WfDJijw==,type:str] + key: ENC[AES256_GCM,data:qmpNUziw7UhDLuDFQB2fHzXO2Oe4xV6LG53V84czccgYvSr0yVg7y8mSJHjDlIoqO7RWTam0yJqsOLQp+AJfjuW/vIflqNSVssFrVMkFV7BM1GCSV/M/0DNe/zcMWeq+g2ObMAr1Z1vO7t3J00CbCjkK2gPBXirlQpD/YEzhu53dkH1s42FFa9kpkttPi4BdZJVr3KhPKEuxMEeWQ/EaZ0RIZPlLEsgl5vWE1v2j73paEL8PZf1mcL9hoiQ9l0ChpdNriQpyrqZwwUljrSrAb/z3B9+DyjIe0flgHrZnYiyjekTBYsOqlcD15meIIMP6jQZlgV3to1KhMEdxvRuceNH5aJKHqB/CF3QKU4/YPtoyPL/S4VuysgNiGvimLla7FdvnVAtDlyhtMqFduVL9aQ==,iv:4FN0C/lDY9oTWXwiR29UAiS23q/uVa2d/9x+ctys1cY=,tag:BBuVwzSwcjb3/yOsrjgjOA==,type:str] + extraArgs: + listen-metrics-urls: http://0.0.0.0:2381 + advertisedSubnets: + - 172.16.0.0/24 +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age19963x2afvcsek4p5sas5n05thusjvzz7gpfknp20666u69jw44lsu5w4u5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHalFvUktTL1Z3TVVYM3ln + cjNuYkZXcnlFTkp2eSszRWU0dzdsTUxWT3k4ClMxWkRnamJkSEtiUzY2NGJ0d1lH + a2YxN0VGbXBwa1FlcjExMEp4L3ArVjAKLS0tIFJ1UzRRQUdTZXdEeURXMGI3bFN2 + c0dsT1l0ODM0Z2dCV0FOTlJmdUFPbjgKnM82TDgKMf29uSjxYIiSXd7ZZn0Sn1Q6 + nK+SUQoH9nNiqidhT0ZeCG3hyDMTTfK9Q0hqOtx3ccZLroEEKJ1oMg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-17T04:34:24Z" + mac: ENC[AES256_GCM,data:18gu7qWcAKiBaSWcGPMMYNpcT+F932N7nNZxfei9UQznmb43nNJoDbr63Vr0ktJJC4jleNfYw/17MPhEivwUBQ/QOv1EXGN7uojh39zrTzcrIzi3jLr5SWIWlMGH7tbg1Pd7nheXeVAeL0W/0zWSntJOqlTYLn8y6JTIi6vcbZQ=,iv:tYzAY4EytrEqoVMHiM5R07lDSaUv87cpVmdJfrTS1FE=,tag:4dRaVseFDakQejYPOLASMg==,type:str] + pgp: [] + encrypted_regex: ^(token|crt|key|id|secret|secretboxEncryptionSecret|ca|password)$ + mac_only_encrypted: true + version: 3.9.3 diff --git a/kubernetes/raspi/talos/172.16.0.7.secret.sops.yaml b/kubernetes/raspi/talos/172.16.0.7.secret.sops.yaml new file mode 100644 index 000000000..b331c78c5 --- /dev/null +++ b/kubernetes/raspi/talos/172.16.0.7.secret.sops.yaml @@ -0,0 +1,176 @@ +version: v1alpha1 +debug: false +persist: true +machine: + type: controlplane + token: ENC[AES256_GCM,data:GcTjCaOKSjCoe0gJNwk2WNqlgHZsANQ=,iv:ZDNcQGS/YPmlsOgsAKoj0Q/hWHSB9laFARld1r5GrD0=,tag:gxmt4jaEFChrd4z753G6qQ==,type:str] + ca: + crt: ENC[AES256_GCM,data:bhx+AJXqkXvsHftkUS1kzUGs+rjmtBMo7n849oxTV2UWs3Pnf/iqVT3anYHR0/8/rra5JdebOqfqJLDtfuYqyJzwnBWbvqOND4AIaWJOQwKxc5n6Yb3zYD0+0nmqV/wSMJ2QV8gZy5FjVvc6cMrIfmuAjqJy16RiW4307Cpue1ILRpn3ZSFzTsnDdFYcMHOHM9oC7kBnpS8wf3AsWYlfk6iFFx2+rLcswV/gFoHTth99eMLmT5BReSR0sjcryzvu7O/rOgju4fra1jtKsHf6n58GstOxUKBOXDNmTiH/Tnf3vxuJiAvQAAnD+T4ESyUDt/10aflZfntaoGjBX9K0jhGlhVTf4Jm/wcp9JYNugwOUoSDtFfVxB0VvHyLiCMWTjcW7QSXTeWRo2K9AnPft8vRcS8mI30rMjdyd79f1W0Oyub2hnpoDiyBMxWv/D+J1VgZCZNoAUfFNwFLNREgx/kTE0pR+pqZhKQQ6rN8CjEUf2cjVuATY/Ep8bg+wOs7hMRbDDYXSCIHy09eLqNokUurVTkff4pEnCk10fGznG3ruYG9lvV6arYzOmetHyVY9Z3yWpdR6jExFXDaEjET0cM9DMMiqBZItiY+OYuu42ZsdWBmaDYzv3o3pn6s33AzmjVVCy5arUtZKbrwKQ/H9jGoTE58VVZxfkcs0vCiw+i5cCD9AOwpcldpxkyutFDlhp6C9ZwDSo8ClvWALJDdZusDXgM6y/xs0e9MLPETjfZiAeSG553Uo4CDqj8TBfZFNkX0CWFxcgeZEpgB2pyouq1R3umt+ZYW7w9U/qCWev/xkam1OHE4Ov8AE6NIFNsJ2Uw2fEqjQLlZOnqwUxKnrEm9l0zOoT7M8lJs7pZLTJlmZxtwu,iv:6JGpuIJ6pxYIxJoGcmD41r4HSf85BEpoZzenPBZ03ZU=,tag:bcljWnIVhlTnFQRjNBDfkw==,type:str] + key: ENC[AES256_GCM,data:VuEQseA5cX4vzPqcbkJ5bBY156x99p3vEzrHK2l9UNDay1Qv8CSSNnDy1ejx88+id4LzuMRKAjOinlZo01cEResvGQ/hAqjdaTyRX4RqoX2NFwUkNn0USGv4+w1SigIsAIpe9KlLlrbA7Td9xpf5HXWubkdL0wNWR88+orIvyqRT3uJYfCo4njKzys1YAajdvsBXPmS+Yl9puyShBvlL499awoRDqbYJtIWxMDDv3UGlujOK,iv:mAUPXRDs6n+t3iOcm8Q1kZU0d4urJkPKZImRVHyy4Ps=,tag:XAToFvtfNWOMR+i8E718cg==,type:str] + certSANs: + - 127.0.0.1 + - 172.16.0.4 + kubelet: + image: ghcr.io/siderolabs/kubelet:{{ ENV.KUBERNETES_VERSION }} + defaultRuntimeSeccompProfileEnabled: true + disableManifestsDirectory: true + extraArgs: + image-gc-high-threshold: "55" + image-gc-low-threshold: "50" + rotate-server-certificates: "true" + extraMounts: + - destination: /var/openebs/local + source: /var/openebs/local + type: bind + options: + - bind + - rshared + - rw + nodeIP: + validSubnets: + - 172.16.0.0/24 + network: + hostname: somnus + interfaces: + - deviceSelector: + physical: true + dhcp: true + vip: + ip: 172.16.0.4 + install: + diskSelector: + model: USB 3.0 TOSATA + extraKernelArgs: + - mitigations=off + image: factory.talos.dev/installer/784f69a53ad6331e65b32412e46f766d0393b625199d4035cbec6ea771cab34a:{{ ENV.TALOS_VERSION }} + wipe: false + features: + rbac: true + stableHostname: true + apidCheckExtKeyUsage: true + diskQuotaSupport: true + kubePrism: + enabled: true + port: 7445 + hostDNS: + enabled: true + resolveMemberNames: true + kubernetesTalosAPIAccess: + enabled: true + allowedRoles: + - os:admin + allowedKubernetesNamespaces: + - actions-runner-system + - flux-system + files: + - content: |- + [plugins."io.containerd.grpc.v1.cri"] + enable_unprivileged_ports = true + enable_unprivileged_icmp = true + [plugins."io.containerd.grpc.v1.cri".containerd] + discard_unpacked_layers = false + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + discard_unpacked_layers = false + permissions: 0 + path: /etc/cri/conf.d/20-customization.part + op: create + - content: |- + [ NFSMount_Global_Options ] + nfsvers=4.2 + hard=True + noatime=True + nodiratime=True + rsize=131072 + wsize=131072 + nconnect=8 + permissions: 420 + path: /etc/nfsmount.conf + op: overwrite + sysctls: + fs.inotify.max_queued_events: "65536" + fs.inotify.max_user_instances: "8192" + fs.inotify.max_user_watches: "524288" +cluster: + allowSchedulingOnControlPlanes: true + id: ENC[AES256_GCM,data:ZZx5Y+J1zr+X8wo1Tf/G1qc0eIRtuDm/NgRkayfyAvuz1InCp+umchZxfuE=,iv:H7r23TzPD8p+DEs0vNa2HbRuSsS7k1T8sm0iNWWJVC4=,tag:k43MOaQZOZeJ95hD9STq1Q==,type:str] + secret: ENC[AES256_GCM,data:8VQfLdX6VSZxxhgQspC/t8ynEvFaU6HmuRcDqis8xqI3CG10fKs2KahYSH4=,iv:OsT4Gv1vs+cdFqXE0SCvssj8SB/XOQho+CcMq5KUU88=,tag:7oK0EdRZdN9K9zQXOCGOkw==,type:str] + controlPlane: + endpoint: https://172.16.0.4:6443 + clusterName: raspi + network: + dnsDomain: cluster.local + podSubnets: + - 172.28.0.0/16 + serviceSubnets: + - 172.29.0.0/16 + cni: + name: none + coreDNS: + disabled: true + token: ENC[AES256_GCM,data:5Q3wyUbzaPtCIxiO5g52DONC8avi5c0=,iv:MLUzJp9mvqYcF/WAgLgtLV4HlrarNoml+98QC8zrj54=,tag:gvz1uWcaPtV9ZerqdLkEqg==,type:str] + secretboxEncryptionSecret: ENC[AES256_GCM,data:Y1JJSwcQAC2ppfiUQ7vfjoTKrfCYt+oS5rJ93tTA9w6kgi2p+8oqSc+FY80=,iv:WImtsQ4R4NUmdpjFkjXvlL7C5tjJVQwSxcQpS1qZN4o=,tag:JK7j6GnO1wXq25CkocYtMg==,type:str] + ca: + crt: ENC[AES256_GCM,data:ZahUrP+KX/m8unuxWKK5sK27eC2VbteqHj5ChzsHw1SFs/Th7tGJsIjjc50A2mhMGdXQwx4ZdLjECf/26/AnlJnJcDMCj2NqXKRZeLksIeTerp694ira8Cga2KkhBZNavU7putAhDbCSe9CVLGLkQsQubuoANjO+sABnnymC+aXWP0k97ZEgfYy3YOaZpeQItT0WkLuX/retw/OMsi+/I4pXySqRFSxPVMdZHHs/7FH25JxDlGz35ugPLNh0IJHwyL1AsDzcGK8SoFvcefJYX5ybU2bGrHWI1ZFD/ALybji06I3ZTZf7TH5EZ9fpJRgWX9MxhTRrJaJC+2Xhy6ZiwI4pP3whYYPzODLVtEnE+whPb9Byj3RzJ4GQjGLjY9A5tz/ciXZSHf8U0XLCKZJYU0EcZHeBGqD0wDnKHzA69vuhA6X+ujReMglD1sHt3QDiDhySOlAl/H+UiRmDAEcW55m101IOA4xtxJ6ilh23Zo2PWDA8d+zToOCdSwNi/WwKQW5kN11yEDlWKzv6+JSJMOC903fDh6Y9AXHbZiH7WlbqFHdFqRHunD/5yBti1tcF6p0Ym1IAnP0jQzVVLKx3kb9zX1SpTXE7Fw2g4Tka2kiyvY3scIOBv8S0+Zog5sbnOOBOCeJ5VLrExBJnBXUBUh7P8/RscDKiIky+mBW/puhaBV9UKnjA8DfhD5dbaghRylosh3iDvnN4/1ezF4go1z702FrXdA2JzipbkMDJVPBUVQyvcCs+8u86sbgH8DLK3UAXQkncJ1pxb83Xqs8424WTUn4XFJ2RkMbhjoZ4+ngEg8zySnDH/kGDfkJjFTzO/MjnB/C+VP12B1DVh9ahhsRVl6XQOsC70Y4Eg7LNPrHTW3VedG9qP3NkW99QYHio/kRpHh0TqmK/8yvhzceaibn938KG+8HCGiRE6TuYZcW82kBkM65kgS4lO+OniopBfrSpjWz4NGcZ5WEelFxflAvHD6Pz46kSAaDaoNaiYQImKLw3GneJ+W0c26K3JkbprQ+qt845Um5tw3T0y529GvvODQsiKkI+LgtNfA==,iv:+zoaG+MR/GHWb1sfS8n3b768N1gduue/LHADXJWWAIk=,tag:eoogBkntPNP+WXIIvUaDgg==,type:str] + key: ENC[AES256_GCM,data:GPY9o7K15sDLJoMeWoxx08saekrX5LZmYkq0vFWj8VrMlDlctDkqFjHQphBoSWWVKhvX+zhb5lzteJ1PSY5xBTC0o3SSjPyd3A2iC80g1cfUKTYNR5wZmnhS56cXcO16Wj7Xh1O2VKElxl7PZkemrGeROGNYMOFDMRGTG80crnLSsTWp8Q5vUFLyFNeWKAjrcnhFIgmiBLyCWm8OWu/kHWaCKLrmA+wanWvpRYEhIVMmRg8HbwA+6AUlQIlP9N50y/LOJkIzery4UGGzqDxzYqNT8ROPl6lSxrYO82/3Dl4hTz9wPVgormkHsXeDJYAZ5cRNgID3dafyST+1dMpVfDfynd796RjlCdJQ0OKD+dzuMqbvIf8s4OUNH6hV7Yk1Uni1VxP2H08Q8esx8klXPQ==,iv:sLbkbCS8hmp7ClAG5o+FLWwaTzeSOfJDdPsYZzCR/X0=,tag:nE1mopKppa/AjRxL4urEgw==,type:str] + aggregatorCA: + crt: ENC[AES256_GCM,data:JAY5g6l1B7Mm90bCeqKui4o8/txaBB7ufY9To4q1JIQTYYuePqxQ5/byJUAz3U9Bi1TGzpNoC4/wNa7maRulBhFywd0fDqcC1L0qnEXL7TCy0aZwJOqMEromVzaw0S5ogzKoo1fCLy96lQckqriGPC/D/fLZSNcCWwvD3Hqsl+azrK9nD/0dxKEejueVfPnZOavyo+8L07L4vvGdK/44rxH0GAD0yjBUzSaTptKLugoejckR4sgoBHpoAMtqnAYuuY6clZBnAt8oWobi4YFLKJ2ILbZYRYsuDDuV5Ltj68hFQ/kBAJ8/UDfAaiDewmHs+anVn3U+mSmiwlK5bRWJK44xqFlhEJA35iKN211NobF2/CRGA73OfDKa1/egtDyjHLRi5da2kfdIGmcCxbJLaSJ34UgzbwjMSZBB5bfz2XdIiXl/EIukEiVWY6HOQP5uCabiGKe053xqrQHSoTqw8W5WIGQpjKHnCEs0TQhTPiqmX/zm4yPxdu60OGKGXyS4B+8sRr1PeM4fcKNmE5HMl2VH2uPnfCer8c4lBBx/KYPjfsKJ7EOtI3+WhvQYceAD7jsET2S2Va7mZZnZus/+o63P45EMTjPfBHddi9htzp+wVln+ODvjBNg4jyyk5VpeRXAgS0q+fvaNPwpn6c3QxWeBQP9bsLMthzCgcWr7nHaYOpkY12byQcR252P9Td+xU50RO5to/1CZR6X0q03qy39snBnwn3X4drZemIDKKv5OaW3dpxl80DqSHnJ5yVtVIkf/xTPyzQn1VmvwzUj7whI1YhZgex3qGgc4SnNHzPutF53btiz/n1tPEU/MV+KifFWYzUFGQsvlScv4ACf/o/fQF/Mm1nDcwY1/CJAgaMz7yePc0O3xfhv6ERAJ/5ljk0X0uYqH38nQHRF418cbwmTeCRstjfMLCmMxgujxQp8XUfWKhFRFAcF8Qokf+LJp,iv:i3IAvBrRV/oyPxWRoeSRYfQx+EsP+trwT3ofM+kW0mM=,tag:qQ+LKxN81e0Is8yxc/NhRA==,type:str] + key: ENC[AES256_GCM,data:iAkLBTfLoNShdUB1XtE32N/8Nokd9O/7ZfbS31ZCi3Va4aYYPYcXJJvxPT9f3aooBa09Mehp+uwci8QO2ElPtmgs/wfQfXYLP9JSS/l1Uanclv1hZr7nhdaqAdP2S0GB+2CE2C/Nief5NmG/U7w1WKOU1zevhReG0KKhTB9SLAQ5pLj+dFcKPCl/IzeyZu/cJL3nin0wNj6BLEjCD8joXoHXrHTwHtrYSzNI33OziKn7gYeeVIinrWFuaCLrvdunoB8ThwlqR+JTlUSuqjn57i3gDu8uCelrzHDds0aT3ak8aQf0JasB9rJfJhXy0LEpZ2qxNn44tWHNsRBUvDsflBXpPCUmU0HcqAudzpkSA3bWqZdv+SlYdyC7XOmF1LAshCz+iYf7d3EfjaGMrRVUAw==,iv:Udw73OKypv3bA8sBudwOAZBP0cZ54Qp9YHeKkghmbO0=,tag:AMMseP74JELXfifaKG36UA==,type:str] + serviceAccount: + key: ENC[AES256_GCM,data:ZhY2ziXD1AEpQYhSLISlq3q70MjREes/nHp37X+VSAUROSs5LmhrGLnZdwVGWK9/VCkADFJp1wIdYF0Mlhx003xI8cNDWCBgKDmstmPSYSoENgDeUIIT1Qfbxr5/5Coj1VCMFQ2kBa76ZNTaeBW/E2kUuFskxrCpusICyC/WpuUhjhTeNV1vMea/q2+VwcwDF/erRk5auPGuijIIjTrOfvKQI3MzsdcfDXAxAJ/kufFW8DMGYW7BxnOxZn8Y1ttG5iGCn+Wa39g8kK7gC4zMx+M+GZlKnmap9hMuizpVRPeOpBR9o0F3t1K4YsfoXg4I5gnllTeMN2teXo9PwTRLk2vLiBTxHF2aDeh+su2U9Jiu8SPoqXKnCwvU85o5/OP8SeSa1ncn8M0iLlE3aBxzPYqJB/UBEU07P8q1/hRglDCyZYpn+MfNAbF4TBoj3jqUW6gs2SkVrUtOTZij5w6VreVVRnrxoktWxMyKasSmYs8aOUrcXBMzTLT1AOtLHykPxT6ii/9nf1jqv03Vfyjge10ECQy+7gcGlbkFHa52r0WpB1x0QJCnAe4MZTolEIZPyU4LlP5iGMzEdvnMDT57775akosG6p9XZgQrV5NsnSMRRnjTNU9kKXseMKUVNixk6qLWD/cVsSozILHtO9S42PXwhpPc5l0kMbucRirEiY/ML/gigj6BTTFmJnhDgxSE4gCc4/wMKVefzjQkJij5Ts6cA6A9gApTFUa/h+EnU9KeUn4UvF89e7uPcor0lyHAZJkkBe3CTj+o0tcRVr36U+g41BlHsH4dxPtVMq+CZpCmKMgHzLKMsKnAgmBRl/uRvindif5hQ3lkHUsgR5qWYFaYY1nLVeVOJ7R7E28OBkEO4mNxEg1/kpUf2gHByvj19gomDUSZKB67ZJ3bDxtgMmUvadb8feWYRHCGwshca2nXBOgTjB7RKHfQSP14J0htRPif4ZZBA6MN+KWL5Op/N1/3FHP4rbtrNOB/hUNo+Imk8lAmK8jb7e9WXwk4QcT97zhmJluqBbtniMA8QkMafTJzq2FZuP2Ml5UE3rSxBSCr9aPhT0VN1fsNljKJd5DPt6lqXDFwiGNN+brx3S1VRqE1gRgi7l6GSHMih2MUf4IEH1abNsIMLRVRTEeio4CkPJlON7Q8Zy3v63Iu6s7R2Y3O+jRvFr5f1Obf6hOwcbhJ1z4tC/Ax6VZjTjPXhsgavXSyjomspvOt7KKkCdcBP6NOgAb37cSvv523IqDxjbVQcCz/nEFY7WrbuhZ03J60YhcFfPLhV0Qptm93PmLlIavmBfUbA0vvDxMrAyjxHhT6qeZnzKYCjFWgQMj51ET+LVOG9QelAj30Xfod7D6m/8mt+G+R2/Ew5FO2ByZKK83JB6JJI7EZHD6C/1uKpZvT460eNya/Lyy+tBpJ37kq4pfzfiHlwbupJ77FONS9KVYI/IjvO885pKrr+o9ybVhA/bmAEN+ZGX/FJNV45FMERFey2qk3E6ErBDclgdnbvuziW/NLS/bt3DOz5Y3ZWDnaFmmXQYGm72RZSvtORJQGWnh49qg8QEOZRu8mPd1mSxIXgKqwhFDnq9IcA8UASeaz3Ra2zJrAAPVO9mpKbPD2+YjFrYLw1VwWuBW4wBmOilBOaFgOroVq+5OITHd6oKpEuGz26U5/0g/ZaNPhKJ8Lkvv0jFbOx0L7Y02aYwkWO0y+bPEOi9EWqVvS1k0vzX3dwqqFjdEx9NkBl3iFSAbrAwQSC1fdDftARqZoUskbg/rfZ8rgSiRQRjKQbcsEK9s4KZFQZPcLLc53kPLGJUMOyRdvtExZqR98xjkAho8dQJ5lpJMfSE3hARZ/cMHTTg4RDM6HuDPsUsiycbSFAWtpxvH0eS5jREXe4MJiGq9ofbYeUqcefHTyhic9007ps9KDiH917KZmIz6KFQyjKGXFhhYSugAFJxYIX+dcEMRkE3gRjzREB9FiHJrO4CQkzK/KNAUTdAHCe9bZtqRF0XgtTWEUuc40QCpkNUxXU2uum9yKF6FQlUB3N+IjRNkSki9xMu/mMJ6oaj4s/nnxl+X4LoS9izJi5ZwZaurfDgTjEWueWUKM4KhxPmKF0CwcFlWHhTpZ1rc8jr3DbC3tUQMgTCxD7iE7BWrI7i8+o1n6XEuzh0shys8+K4+rr3XtiRkSWGqa8h9DkUnvs5g7+J0FNEjvSe1ZcLtHrXNB7dNau0dAkU8mqTAE88aV/F07ytVnd4RL+LzOp9Gs9Md+l9g9fsBH/sUZXyDj/oOt84+vPg6Ko95p66TW2RaG1SJCClivrlqBolVRzusbU78bBUBN846nGNFgwYuTCUj9vVTGKVO+vJJosV3gt29cd8kfETMrSsmLXmje/ZXSZDiQx43PCs0X6oZll6n3FZo2QI75++02kuYty4+LRYC4FxBRnZJr+ccmUGRsvEV0eAh5Kd6NTRpz2Vhj5csBjAN8dDo82i0et/wjIxzjYyWFerX6gYwYocpT5MEVMY3bphMV2P0U7qxx97O85NP81YBi57raPZhqytYCMpbpE1i8039yR+IaxmkOYNm2G3ICubBqej2D15Vt0w3m7kTokfJfEVprnHhj5NTW5xdrk7rmwP1bj+OnrH818Vr7BG1RLWCzECyMrP1OE86e6YqhAuvlT1sz1ZNOpJOEGzl6e6EatoaKOcRR6XM1KWUHNq/GY7/oceEhHnuQdVnqQTdL/Oe0aL9uAXOyNy2zlH9SKJwuB7lgmTm1QFt9F54rcUgVKh7xHpDg5zG+R1fEKI+7Pr4Pr8o3hAvnbcu4VAcpdBDzBvQzPekTktkUETT36WuL+F5GV16LBe81KKEIDNvSdhAiJFH0uXrGsxOP9rHz0CeMOyv0HK3DZCY4QPu0nrB0BQhaneD3n9fCDAjOxlrkOoRGOrVMtAjVcvSVRM22Khfu5Z2PSufw8+jDrgxhFYEQpinDNJaQ0qkGoQZFmXirl1/6J+PL+vcD58nCNE7SqGv3T7kwDyEZGyY/7vA633BQcl22y6590pWo3raQ8yN82ai5Wrt7bwDHNNP39IGi4YnXuGP8Ng97zGcrieOyrQzF1N0+Et2K+fXAGj0Ir2dqRZu4CR0GDTLu9lsf3F+S5r4S3ybgOYsfhgQ1B+3nVCq91Siw9EFRiNNlLOf65BpXyziC0K2fkWRAdWqiVp6D6ZMEE44BiLDHG7CKk0GuYrlpXptQBmLlQlaVc+pZztZ93k1DooeKvaAWzphUpqbm+r1f4uXrWzpIDner4rgXlpruXvWhBI9PKf8yzECnER7Z+GRtUFx6xfJJEp7n7/c6XyQvQ+q1IIPY9PmlIbN8pWZ+t/LDK3qz7jXEBoIPOn0EUXKG+wv3oBUJIjesn6zaOHmHTFfllYlJAj1g4hLD+0joMC2oYAQis2/iXiD17QtpzCP7Bbb/12mKjbnqW8RagJvdXq1F5803tfJANBeKNpMD7xitOX4eIpzoAxK83slfFzv3o8mHKLgSe0QFSz8QZ0eaD+y2XVHKuONYx8bE/d4X5hW0oIF57OMCvDm1oE9EU3xa/55kqPBA6n9t90cBEWYRlktUxhPeE0i4wQtyImeNC+EGHSaxJvfS2VOzswmc4T/YPpd2LGEbl5VAu7OPYKSqzh9lsUPkr1K3bv6LBVpnFqXexcBJGPLd7MBRUqrE26rXlLwWFAb7zKQcbT+XzqqIqIL4itv0Rbfhx96/PzhQsI98RqFEYCr7UfFI8mr4WvRywSBZPW5t5uYm723Yisfpx2qj9nU1JPqN5iiUa19//Hq0+BhiBKkSc/ZxpG5v1J7pPizD8KSRtudjxOYVHOXcXgRlsWgsk/MTyk+d8pvUb/WpIyhIZnqjiA98x8n8Mtm1kTysJG+kX69E5cqLaeJ2chQ2gsO/NgwprUerAwbx8x73R9EFNHceuQcMrJ4uWlm1JAsUS3UwdAN4uX58OtpMm1v6tPmxGum4xUDqN3T0K4M+dECNnoD8td/Jvg+H6KruF2HNFRlCA+3i5Npnn+QhtOFbBvAbTIiKjsWEzBd1atChcC+d8PYPQ10NySVLytW0NOEUPb3PP4hszC+Vx6ZN61dHYoDThJr3mX8WK7iId4Lbm1/eOZsM6YglAtmgqAs0BamUynBxRaENXbNaU/ZqgFoqc4f/84X3V3TOV9EzzHqmEWezdWMMBoeUIHzqF+DeNkgOmJUBEU9p3dc2JG+NOzEIy9hD9JQHNoEs87peLADDfRZ09Y15hfNpFltA9SWcCYR+mvK3Ve4TG72hP0NLe9X9JQ7uuY5kb7QQsbBeVe5mods3gW1cNbNvabegeNdxljYNHrEWYgYbuyNrivfTEwj4ujNZjRD1z/9ESTJHceX5db7HV/GumiHafeppmO4v1jRL5tWD2l/uDJjnmi3n81skKCHjfXfP86JM2JHJIWz2Brr9gN9Ofal8uoDKsbtTRn7JwF6NsxRv3+VDJ5V/WyOu9Rp8tw3jl+4/NC+AQUhKhLN/EHpAYmIfaWuA6p6vnr9JkSjP11VdXbE/3owv3FGDTxTnrU4ofzQXCusAfFm6FJ5hD21aEDZoNGwo1UUSye9phu0WrGvrfdnA/HSSWiUBj+KeFo7zGB6EqUCLD8/iDCpD81HJRTuoeai4IIM2opk3U6xXsVS34dKJFhojmzUDNCJIeCtoBqKAhnS7rL/6Fi2Kgpd6pHzdiTdyTFEBhaqM9dnZXtbZZPLUfquk0v8r81OOHgLem/dSEEOY+EQp8aoKj/o1YxW50ro7CUIOWjIcQWmVft6FRr8QYUpQ9dTAy8hlDgSDPSCh2lATNGXEAQ6fP07Gqn1osjhYiyVOuJ6PbOkySMDkPhj/V+0b4DGuFhk6E7sepE5xGGWmMJflFcUB7RHUQZAZs+5wmwwuOZB9TJ68Z3bOILCRf5ZxqeA5PjR9DqBM/0MHHEhJQxu/v00RZI9qNI0PTbrjVchp1yhRiCurJQDSgLdN/n/cVmeL6NhO/36mqFBudVvMvZJo6SJQap6I/6MHVr/HxEOk3omEK/qQm0QWZAkB6orep29S9DPD+KGj9mG5YNo1IqslLeYQylDvHUjwK2qwkwLU/bAH2tGtuN32OrgektpHGrHQmuLKkdotYXXImvmtR9mhYkgU07GbDYKg4gjci9xrQShUoJoyMDaopPQVOlHpF4bcatrDSFZO6YcGoDPrAcOX32EQp0ySSaqlo+EyO7MweUXEAcuYh33dfK0uPZ0CeMeTkzWgJYfWTkoGhf1Vc3muMPV7OcKmVE+Bpffo230AuF0Yy0QPgIXHEvhI7MzZy7LqxAVLWbpshOB6xl08+elWDrQyJSbEezNoVP60+Rxhs/RVJ0k3HXI/+2aoDvVXrqVBfmznIqStbWVgoPbGTpxN0OkodiNx2AvrZdnVdWgrLDW9T7X7nPjmTMEsbW4e0Ud68u2cg3AH713Ttlf457q1QezasloXgmSb2MsZoXiZKmhrIVl7V9kB2g4FUJzWX37N7sB6PrNVyXmekLjCvR16L4UCPLhh8EngBUBz0haHMDun6ROKN8VWMkv+m5CzaPg9IaRS5SCXcLlzlJM9+aKHcmjC2R6Q07fT6pttU9pETeMq+qeCzGYUM2F3DG491l9c8hPG40U7AXaK/ZPmEbJWsct/FFwRy6yCSISUXWmOizYhXGoeCB7LTMHr28xSf0eCrCI8QP9SexfqfxjGLo+cqtwVp6xglEZcP7+59gSnDTBP4tZKiaa41cJUH712CHijvOtNGCwoGjVaYnjiPZR3,iv:qa0+iwKdCBklZTzK8X8SG7BlF9bAT3gc58hiGM2Bsg8=,tag:TfLhwO7RJia0fR6NqyLbzg==,type:str] + apiServer: + image: registry.k8s.io/kube-apiserver:{{ ENV.KUBERNETES_VERSION }} + certSANs: + - 127.0.0.1 + - 172.16.0.4 + disablePodSecurityPolicy: true + auditPolicy: + apiVersion: audit.k8s.io/v1 + kind: Policy + rules: + - level: Metadata + controllerManager: + image: registry.k8s.io/kube-controller-manager:{{ ENV.KUBERNETES_VERSION }} + extraArgs: + bind-address: 0.0.0.0 + proxy: + image: registry.k8s.io/kube-proxy:{{ ENV.KUBERNETES_VERSION }} + scheduler: + image: registry.k8s.io/kube-scheduler:{{ ENV.KUBERNETES_VERSION }} + extraArgs: + bind-address: 0.0.0.0 + discovery: + enabled: true + registries: + kubernetes: + disabled: false + service: + disabled: false + etcd: + ca: + crt: ENC[AES256_GCM,data:GQGDrGlN/PnP9mrlbtuFJmeGEoHUzPVxyL+PO9gmsqtrDMVKtxURrDGibhuGZcMdHAtwkR2trqUG2KcESykr7epiQgZ7U2K5px66zyhMHjxsZSkY0wKaRHkl4hF3bNTFxw6VeFdmO3iYDsdDS21M3/uNfVCvY2YYk/LOuGigGZsIBvg+d0ck1O4MvftyD42PYoYTxiJ4ISd4DHIZXcVA9M5NJTaAtY8LDen5/sAfzE7i/hBiq5y3CsrrGoFgZ1t/3fvZ1iIvsAobFy+g6GutRCERZxsE+ferl3qVLJjYG+uOFWMB2nnaA9KhCv7/LhV8p4kU5nd3LbkY+bX/R/nJClZlcPgrqXmKq4xE4TqtXrVqnYsUn9yRtGIEUzhZyYvw+tARLZH4zRqjUhW9eszliNtAbfzHO8tfOAKa2KtSAhuFz5SPcTjtektiq0CJgw97yP14T66mwI7gwt/RPFFm4b/aBBxgIxccS3e1wjhuvbTUuo5oVF5nZEXb8T3f0SkUyXG92zlK+SUE4TYLnoP5lXyTiZSKJFEEdb30YQx1Lm1SADxiZ1c1TvdvB8YMb60zZKGrW/juuEHTUwppdRsvbnt6d7svybaoeeFDdFkarUq3KoHr9q2LFLfrUtHPxrsiFxipUjkKpIbBM9hWu17wdsvbfbYbUSsoWcszcc+mmdjCmUODBj9xLZtgnpqXYlcV4bTvoL1zs5EZcCOIaSrFKJg+Q4uPZeBMMtIYXfFcRmctZawJql7PF2J2Zy3U0dPw00h/m2hpbS5gXtsWSoiLteKRHbiVfk8llQlyg5TZZcEu+6Ca1HXBqbTNzwPZx1ZCZHYPsgg9uB2E0rSkp7R1sQZb4gT+0WZpSAkZf9fiXW+y9IrvHeB8ujvJj/jZOkssdpCSTelqvFQ3YTKP8jG9V8PuxiAAWz2gVA6TAKpHXAeASVTF9yz+RlVxVbeZNdcUymXiNDq79lY2+qwYaz/xBrOuFuLMot3VkZpzW0mHDP2cS21gC1j6WQmYSpRh0qC+sY+xbw==,iv:1Wf8DAigdmHN3y3G7apot7aeCtVTQo4/PcXq1UWCtcU=,tag:/l1LE6aHJiqbKnDzejbvQQ==,type:str] + key: ENC[AES256_GCM,data:IVNRqGq3qVwKv1LqpeQZo7iD6BZS1I0YeLUcl2rVoWoN2/Yr8H/TyQQqClOKDYaawV1OidMVQX9EJd4AJ/BOV1ZoF2jFEvDKXrN1r82X2Lj9I7L0iDtQu802SNHsyr6QKr8sfpyH20mewOuiKPdf8rjt48E4SbakZ/2/QT4yvCUCk3cMBJCAD1V65GZ5NLfs6/4wK7YKSiXJtJaw6lKARtbeQiopebcK4f3F69tq0Nlw86X9agjy+Ag74IsTyN9hJL1fDUmw7mAVmHX768SKrVx4pNBEjdGLoLcQUnl9GbQzxJQN75vSp49plAcstQQF4hyYWWns+ypwae8yu06xP7dMZt1qcvWU6ISpdSv9hBMopLBcerwgjrijRgzQG2Gt+9RAs8OBYEZ8uKN7eWVUHQ==,iv:Tzi/qqzW2O2Q0AzgoYE81Lc1QcCxmsJjqyonig3uGPo=,tag:NmDv0+ENtiNcT0fXXT8ItQ==,type:str] + extraArgs: + listen-metrics-urls: http://0.0.0.0:2381 + advertisedSubnets: + - 172.16.0.0/24 +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age19963x2afvcsek4p5sas5n05thusjvzz7gpfknp20666u69jw44lsu5w4u5 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0UFpoMzd5a0gxVng5VzQ4 + ZmRQVU00OUlQdGNsbGU4dkozWnJ4a3J1MWtVCmExbzdiSkwxTXJ4RGwrYjVlSVRl + UjZlZEg0cU82TzlJMWNoM2VadlAvNmsKLS0tIHRXRzZwRW5XdUdxYXFaTFUwRE96 + ZGxIOUt1VUNERkFJVlVBMnd4eDZUMWMKYobpvYHcM0GCEShG2i2Y3Lfsi5Q/Avfv + EquwbHBgbL0tw25lRehpNsrrnCWmtuXuG2qNrTImqfpnjxFdBIhLMQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-01-17T04:34:26Z" + mac: ENC[AES256_GCM,data:ZdB5oCVw8qv92DlRe/a34Z6fojyVxz1LWZLuFLTRz/El+qq3sLP5Py78ruGoHkiHwxTiEIqfrk4RnTAtJHNRTBrvSXK3/wsw584hjbyMXfwek2pVbtBcIbJio0n6g0Kcc0DyV+ghO7UA3u1FmOyqaOHVg6elIoNThu5Vs1/QL2o=,iv:ac0HxqTN9l9XJkRKBFPWUBEeotS8/J2jFOIo9EjKAAw=,tag:jrntYJhzsCj9QU8zmONgXQ==,type:str] + pgp: [] + encrypted_regex: ^(token|crt|key|id|secret|secretboxEncryptionSecret|ca|password)$ + mac_only_encrypted: true + version: 3.9.3 diff --git a/kubernetes/raspi/talos/aspen.secret.sops.yaml b/kubernetes/raspi/talos/aspen.secret.sops.yaml deleted file mode 100644 index d26e411d3..000000000 --- a/kubernetes/raspi/talos/aspen.secret.sops.yaml +++ /dev/null @@ -1,174 +0,0 @@ -version: v1alpha1 -debug: false -persist: true -machine: - type: controlplane - token: ENC[AES256_GCM,data:dbsUUBFU5RlYl9xWOzWrSOd9K5KPCp0=,iv:MIl6qOSfYVb7311vZF+/7qiZc7J0+tkUgYg/T4WxGz8=,tag:BI8YgZprj8ZL682JtpnRXQ==,type:str] - ca: - crt: ENC[AES256_GCM,data:+/6f7qD4OxBK0iR+Pil3b0/0Jji0zf/Fp6CtaDscMivB8vsEzvSEUE9e2u4TEhjTy/YbyaokYJVj+MZ+B4vn3nM4mooxRgoJ/dLyApFAISbfCmEKQO39OrwEhLLEnYrWfhMthdmosp2sHExAA9Jy/Rb9zCUkgLE/k3zuyyVquoQDwQeSIdKApwaT+5oaGhLUDTne3OIhbNitCQyAYa66E5F83d598bIz9lzEd3Vts5WIUKQfqQVncrWNY/7yVWrymOhnF1v+Scsqdz3HwbQ8wYN/bRaFIBnkQxSmtKk/MKYq92PKD2owcuSR9ilWWu+j9mzxEocSolHt++5PAxXO0EUljWY9A3B1dHkcoiqlLluMzd4PZ7TUH18P+TplbvZEF8IaE/gyjrmuA/SUtx3O7wmlbys8Zy2xvmfOW92TLJt1AX/I49Qbuh2XL8g7Gg1Ni+6AfdfyRYEPXk+GCHDwM1LN3Pxf3ro5GdFtz9/3ISIF2MEPdpNjPuzX/1BRjxGadc5/NsULCBR6yY+LShv2x27kcu9DlaSnXeoFgv09bDN48oJSWDpP7CYgzk1nrM/cL3flNnjjBn1LPU5htOYn3i20ID0L2AXvxJPN3pFJTID5XbMk1Sib+fa1PWNLI+AM+obgU3GmTr2fP7jtq1hB/mLgegghHyk1ZhsEgqB8vTlETnlq6+BNjwJO3jfk4mDrmlQUlTyg9neoj8oXdqbmzZBy07dk3S1aUlXf/e7dWWQPs0b3SHwDoTQ/7rG05aYqaWNRnri4dKLBpgJbebCFlfhGlWD4KmZFeGd1+azquPfJLTySlv8q6nA+9coWMFFnule6CVE5ZWy2qR4l4UO0Jbz9xyWQF2lg+h6gFHVUOpCK38cL,iv:gmU/cUux70CfozkAtEpPn0xw5TLdjslOrj1qeGsK9FY=,tag:b8Ye7goO46+DeejSErnvAA==,type:str] - key: ENC[AES256_GCM,data:HcMgCW8JMu+ioQFnRXzdeLzC8rttoVDsdSm/Q6yw0NbOaGQqPQFOT+dX2JEsnRYfTLyRPhsqTYMNLUH0k4Ji/OZr3AzQNWfe3xD6NFszJSg4BwaLfI+2zjRl8GNgLOplK6L4YDzf96gZ0aVEWkShZHvdSEz3IWcrTT8679h1fj3NyPY/1fKdZVAq+ApMf9Q/KhReAo0aHaLwxQ0WpZuwfBHoyTOXIHMylndXvdY+XuqvdrN6,iv:bdoyvAHuSK9qWZQCJP1Rdok/jTzMCZ9xAREOIRUQ/V4=,tag:pKQD03OhlnPEm61cuPPmpw==,type:str] - certSANs: - - 127.0.0.1 - - 172.16.0.4 - kubelet: - image: ghcr.io/siderolabs/kubelet:${KUBERNETES_VERSION} - defaultRuntimeSeccompProfileEnabled: true - disableManifestsDirectory: true - extraArgs: - image-gc-high-threshold: "55" - image-gc-low-threshold: "50" - rotate-server-certificates: "true" - extraMounts: - - destination: /var/openebs/local - source: /var/openebs/local - type: bind - options: - - bind - - rshared - - rw - nodeIP: - validSubnets: - - 172.16.0.0/24 - network: - hostname: aspen - interfaces: - - deviceSelector: - physical: true - dhcp: true - vip: - ip: 172.16.0.4 - install: - diskSelector: - model: USB 3.0 TOSATA - extraKernelArgs: - - mitigations=off - image: factory.talos.dev/installer/${TALOS_SCHEMATIC_ID}:${TALOS_VERSION} - wipe: false - features: - rbac: true - stableHostname: true - apidCheckExtKeyUsage: true - diskQuotaSupport: true - kubePrism: - enabled: true - port: 7445 - hostDNS: - enabled: true - resolveMemberNames: true - kubernetesTalosAPIAccess: - enabled: true - allowedRoles: - - os:admin - allowedKubernetesNamespaces: - - system-upgrade - files: - - content: |- - [plugins."io.containerd.grpc.v1.cri"] - enable_unprivileged_ports = true - enable_unprivileged_icmp = true - [plugins."io.containerd.grpc.v1.cri".containerd] - discard_unpacked_layers = false - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] - discard_unpacked_layers = false - permissions: 0 - path: /etc/cri/conf.d/20-customization.part - op: create - - content: |- - [ NFSMount_Global_Options ] - nfsvers=4.2 - hard=True - noatime=True - nodiratime=True - rsize=131072 - wsize=131072 - nconnect=8 - permissions: 420 - path: /etc/nfsmount.conf - op: overwrite - sysctls: - fs.inotify.max_queued_events: "65536" - fs.inotify.max_user_instances: "8192" - fs.inotify.max_user_watches: "524288" -cluster: - allowSchedulingOnControlPlanes: true - id: ENC[AES256_GCM,data:o6rpvewBBZM/ui+Yydami6hciG0MUPqn9hkvUvbozaT2wvofJ4ZLNx1xKzY=,iv:NsxTzHAcdXwdVdxQhEiIWWF4Khl08jdpmFiGmsMA/8k=,tag:nTtwChjWOq0GIlxep/cDJQ==,type:str] - secret: ENC[AES256_GCM,data:AleXbinPPsnKd0UTQClCk9VP00lB3OFznElFC62w8wqT7P7+oKDswoy8OKk=,iv:LRENWl3Xc6G70cLgugH6fqHdshLX3oGEt6Tbv2LCkbc=,tag:mHWPz9UTL4b5satBX6om8w==,type:str] - controlPlane: - endpoint: https://172.16.0.4:6443 - clusterName: raspi - network: - dnsDomain: cluster.local - podSubnets: - - 172.28.0.0/16 - serviceSubnets: - - 172.29.0.0/16 - cni: - name: none - coreDNS: - disabled: true - token: ENC[AES256_GCM,data:Er/RDYGNtiuG27ZQELVB40+qP5WpzxM=,iv:o02PT5coywsOfdKzS2WHbSHX33mpnSgN5lRnr7E/5eY=,tag:OND1bF3gjjzOkwjfw/jLfg==,type:str] - secretboxEncryptionSecret: ENC[AES256_GCM,data:S/cQdyQKzL/cKUayE7XuZhEqbb+fIDW2z21AWIEqRJj5uQtcAdQdlBOWO24=,iv:gtnv4MVcEqAaKnTFPhk0eD5FIwao7eXT5CQNtrq3e54=,tag:GqCLBjPDwAPxuiBAKnV1CA==,type:str] - ca: - crt: ENC[AES256_GCM,data:0IwmmvN/nCN1a9SX/8KhAyz26J2nTIN1VZOyY1kOC76MqshZj5BqRchO2884UA9ga3CSgrjJwjIzaFKtz0AcTkvEB7/LRFxxZqTpPrhADCiQmlrW8ojX7m385FckOqVJ+dWI3RVYdtPcx0LXvJ9BfvaGxVPQGb4RChBwh8p9ECVx72b/glWq76gPdsyD7vg9aOvPrDXLU1pnpzVsIThdbQVbPnx5Blt4ywOJFslTfk/ZSoJLaZLUY2WCOqZ5SOyLkwr5QyKU1ICUdsVO6Tb9zlDJIMZgcUu3IqKoP+yDOcSZrTu9232ajfYNaKhgGF9RTKCEJREX8kqZiDWm9qv2zM48H2gv0pgqmicclW4SnyqjBU4wIktQmN/d2F8jVVr1y/Bg/UvE3R3jtBhPiaLMd23NwLlqhs+gfaZMW88Dy49ZVbrvpCsdFCujBtbVsd525tg9SaQY5IJ4fzVpLti1s+h9YZ7AaQSwSJh02yM2geHRvq+MnDrGYe5fpFwsgHApLHybhVNcOR1bzYi/NIrjkdDfhH/2LYH0ZTKwL3R0WXuVTSC1QXde6muIHgB3i0RjRKWv0H6YpkKXCL184MwYG3GO+FOuqR6znEFWrjeZTlVuPG7twh/6FNJlX96BQ1nb1eJWEK9FVve+P2pzYVRctGgzm5Jc9W2m/lQ4zyFrMj74w2HghMpOycSbMONYVLKwurQzU3uKrzxOguBJt9yNtV+afEnwFB4oKNTFFalHOZxG1QvmfDPE/wIsOJsErefaoANgRvV2O8ZnMpcCKisM4IfOd/GizPh8mfbfocGXFupvHsvBxUHhI64Aw3NpqMdc1yJ8okqv+nvNK/sAaf6qwHlnXjhWdI9T1Ik9EfAfLaekb6cV3SSziQSkAi7INgCy9wEABXQopONRc12exzrHn64xbaFGyDokaEFajRMOu31YIYJQT6YSROdko/afA1xWRgtWEv+xlNPDQgV4v5wiRGMhihTfYLPYJ4cH6oj6UhFfdxWNSPvCbE99qw7ASkaC5enBuyBN6ID8Kk+su5ltc6u1+/spCmefV7ImGQ==,iv:Biy8fNkL3AEZuahxuO2tNU8yayxvV2gkRXBLLhqqs+4=,tag:mU6vGYkfey6lwZAPNtHTVg==,type:str] - key: ENC[AES256_GCM,data:2YEB+Cbv73M8RqaM3coKzovnCYcMks2WryRvVlVyIeXUJ6fFNW95esCXmsi5+sZxVUpg4YgivmVa/Dm2xyRyuKWvzyrmFKvrsQYTFLstjXblm6Ns548hZ+kop6WKqqmM2g6yPtrWFZIcv4oJk1r0UG7aPzv1AJN40RaDh4rwX51InJ8x3TLibqrCvsFLkzpOKoXAFTtkCI2AFQ/o2059ElX2JRy8ZGx1qEyWSSFuQoN9oIZ17XLFZnudaOUaLgTNEnasNwFpFNbIla4zLQg3kk0Ogdz2xzbxixoA6GXAI2LRbas5aRzrQS39N3WNniKOtXT21Eq/aR+EnuljwneXIXOu3hP7j7BX40Mt1UtaevwYavw8Cg+ZOq8srLOb4ZDDmK051XFvNtHrmZ5NajcX+g==,iv:wQRitcoiSTOcBmToCIwNhId1fxbnScifWml2+GQ8nkg=,tag:KnLYsBn9LjID0MRchQ+ZHg==,type:str] - aggregatorCA: - crt: ENC[AES256_GCM,data:mFDra9byNFF/2na8eCS5lRQd+KORf6YkPEWXhJ9fCasmcF9wY/ozeI9cqPUwUVx6zvzG6+jmtoFaYW20L/ek/MaqOwaE4JOPLoDACMzrwg9dxLV+PhUOpGfNq8wpiuInb6s5PQJ4k/fl/ykicGNXgFqFlPnZTT8uAHtk3s3NPGzrn5427KFvt/iiElSZCDTy40Oa1NCbO63lwhyWVKAhAzmB78jgJVoMhvl87miZ20/wfCNxOUsGBHZDgQQTE4kAiLp47hWXrYGHOVMlQJRyIPlKbIk0iW+C0olnsd68/g55nuxWWm6Kbr7xzhSRdzHV8FLewIkm27oOdUhF7DmKnUCRC/hlAztH0FIUWat+IKQW8m04bBp4tEYdfBd+NMFJRdBK7tWrpIAlA1yphiz8Zx3hm5BXb3gomZOOG/AbYFGo3naM+tXI1clhyxdCoELgaz6nlimhN/lJgXfyX/rWVhhZ3yvL/MSFPC6o5o+paPNRytdr6hTEYesICsr76+6VJBLj0DbsYB12C/5/0etAVi3V/A5hAMp3bfkofeh6+qb1bL9iosYd7yBddiJDkrX5x8yP1B9X3+biI4Bvydky4OdbwENfP3S9svG8GYdjnL0UIu9Q+ML8pjlKadepyFiRqG46Q5WB/2GjpIhG2wKfcS7Cw2B+5e3dvGajOOyOiyd86Lt5lpGTXbRLKNdPa4FoFr+3nIAC1LLzw//SSB8b75Ht/oLzg2ftS4oL0HlagLJTC8yYKe/Q6GDSGIj20bndOEgYhOh1vV8CBYyn7xeqcUC04KTs5V94D1hsLvZqbn5fsdBEWctqPcPf+zpdBLHATpwQzFpgeq3Zex3jo1Loz12feEZg2xM/YXa1nV3HbYDKssEfaK+eV8gANd4rc5cV8rd7iCOVRBLX0iiQY0BHMkYip5o/jIhwx/lxUU/z6jP4dk/fZMmj0atuZq/V7IMS,iv:Na5c3jtM4549l26E64uDLA9pzZIoYZB2rLKyN6Uco6A=,tag:izq4zs0Of7fnW5lEtMDIWg==,type:str] - key: ENC[AES256_GCM,data:fpoOtaAPrV/S5tSvuSEebeIvQMdDdsu/VHW6d3QDYvL2g44OID8W4HheRyzF5MkEf+/BDBCu2wkRc1hT/6PhOsKDBEmICzSU2vW6U6dFcthd5LJnp7Cc8LPaqpkABW0UpPP0vdTmkSJeXIKYiQtujr6sr/rPZypLnz7Eod0Bc79eshTwKWZ+52AIDldEajtbzSD5EjYIl76u0M1gl2N7pfdKgsa9Y/DdmHQBv0hP6tdcMi39CdqVuvvgqM4q8sbuECdG5uNh5KUL+njwqmjsgDreufQZbQaOZIA2UiYD0gL24EpMkQuH+LOn5/WO3eyMkCOWFLL6yQzuLBnYTsnVC+cxCrmwyfZprjInSp2DSHGBkEieV1L6DcMw8Ni+2WvEJF/GZljYemjYdadCVFY6YA==,iv:hdPxw0BkagMm0h07tTIZm4P6RVPVIowVRjHKbKMnnyk=,tag:Kwtq1YnaojktJ2JD+m0Dhg==,type:str] - serviceAccount: - key: ENC[AES256_GCM,data:ujhI9S8q5wivszBxsJGdrUb+yojZZibil9syyl4vR4MZijeLJSCfWbwW4dlQQs1dNhc7RyzADlebSczbcDltd/6k7MG6+ASEXVNBthlIIHBkTNcuIH3PQVbhsjh7ssOaUdZqs+7A3Z8S6tCXF5YuLoNccNedaihYlHvjqPT5tyqXGE9jQH8UPdUWiLzWlXPObIGgTtkmTv/9vyAl7pKHX5LGvW+GE1et2G16dHe8TbtRa3x11d+CDYo9LXh29k1C0rUe1ivPWOFGq+InBW7FIVa7KbO9yEvosmDjFpiPk/E+bqpy7rTPd6nK+wb92W41eRB0hOKcrT7fPRJSQu6RpX3mHtza5DVQDd5XQAQyOfIZL4KGgWrzMe1tYj2LVdgCLhw8YfEh/CSZGvFMUFddkK4QUkTMPxYg96cTcIEvc18SmWG+UqRWrr1KTaa+L+afE4H/UynUX+RGTLhEvVlTZhMEg7j/vTzn5G3NGHDG9tTVDzBiaOd9dEktpn4nJuQ7PGHyLEKwRSKxKKogpCkdGYvoI76J13dX8YmJ4IwjOoD7+sHNnac6i3Q9W6cKo99ZZSnl1gIT9pZairkrN41L9UUQB3oQqTQ81dzLmWCmLzhdvL+84lBKceyhYP6UR2KT4GiGRqtKtyxJTtGKHVa2mDRrHqGDjJvFc8+bzxxuhEgynX92NWgMY60BQyh3xh9vXsa7etFaP0I7tgN6HVGDP3pe2XKs9u3Ipl76yk2wHisBneYrwp2U83LboFpW7Oiu6QvnkZ5JojwuzuwTfcUdvJYsf0dGhpXuIB+sBmDWBe5McOQgc9mm6If6sNbc8YGBCCEkeC5RX176ohB3Uf1fBkwA4Xul50Gp33XqXgvPmHJvH+1XbeQ197eoBTuFl48UCnpcsRdFfe5cOXaid//tqiIA2Un2KJBN6vribdisHF3C9SEXd7LN5qN2D4HnJl+CluSpUhnP9X0anX1DT+jt9T92fCccyTGwmURrMHYt/Gt5ymeUwS64gjOJrOgSQRMSRQZ81WecvqM8ord5cANYHv6FYXp6R31qa8IaRzCQ7cNMokwyA6Mu+0X/gwA4PlkTAT70jUsALVP/nxj3Iybo21uJAaosyEYJmZYIdnMqcLRfTlvAAqGW+JaMI/M501hMtyTNrGyiOvNK+KryBDLZese59GXq8Ugh6nZDHOW9/5U455TTcOU3zcNlS9MzzweFlOBXAZbT7m5+BLDbd35Ga1rVhrRQd7TnA7Y+VK50Lsz3wcti0bqfEtWtC7DeK1SEGRfPsPXoWNtSQl2txEIVV+oarzPHKWYWvv4Dv5gSxz5KHadTus+tI9+5/Ib9fc/bRGgOJllqpfG4rtfpfKsdjURojguAgW6RZbA8H4nZgL4jk3OxDotSwAzkRXPpHwfpsjTjoSLEm5Q6nIUlvEeWuTDpOgTyWkVazqfby2oRDMudFb3ixGqMBFJ6ahYnphALQQeWS4cilTSnSVb9qtFqGryikccPod4j9SMXmbHjuqa1SW84B99gEA82zjUBJoxF7fgkK9Ppg6+rEMp1uVfrW25WRW7D0SKhVk4sF6yX08eRsujkiUN4CDTQV/bq1FL2etezE8BlnQ2B+aI6xS/GJLBWh4t6AXqYHlrsaa+BjKLJ9rg8FK+j6s+aoDz2GaEXJ5IANFHjFc/WIjw4oiPkBUaftsfp+vGhpVeQgD2evT0+4hT3E1nhW7Q2NdceZqojE5u5NxB/4Ljnmuywk2y0KM2UU9WJhV5HZ3D4sb81S5K0aF92rfieOFM4A0S0XbSF8B2bSefFUZe39oZ2KWFQup5FmW8k3F3w9mL2wk65CoBnZBoUae55YrvbjiAcNC3GYW8Ac2cTMSJJRq8wPwanw4JMFW11X/UbUM+d/ncZJjPq6CTdcx4Du2YEFY0MUqYsv6sA2byNCwgO1d+iT3/dLhdoyKsS49l1eFv0XTkxu/RuYYzNKHcFOEjpsVzsTljDk0GGBOaqskkASvsHCAXeqhtc4MWWK4VyUV+QE8RjKVk0GT04CVpP52lUurZUQlO9DkphnD4tv+KtQQFs8MJ1Eb+WnPLhhTDaWB1LOCAXEVhHm4RWlnH8iDWWzut/EXNEyY9rxg07fXyVD/hrEOJ4l0EjORtE6SNDg+UeByQ4UQWrc122oD8wwhU+CF8FWISGxKqSMtxTtlQRX2lIegBJI/mAImnqXpqo3wqqyQQjHYd9MZJ4Y/8xNE7zMmiJJBkN87S7jX5iiK/cD+h03CjpQGPdqXwfzEB3g3O7GAKd+VgDfkN6Bte3gy0wwBVQFp2wglC9v3KDnLD5zjOwwi4ZT7BfGSbPw0JnAqshZ5LeolVbLaXenToSU1WTgxNK7yiJkFWAYa0hfEE/F49IcktUr/nS0CX2rNXFFiT8jqKgznE2GLgdbshWyJWoqBRU4WJyhGoq248VYyRRTZ997UUcChaBpOciHLmKTyIuLRHSePy8cShvifKzLA3Ij74MlhfEml+OLuJGW2UPudDiPLzTafkp7wsErsQNkaU52MmkgLrGoxtSIboevNszxLAahLWsfYWtcMF7i1MZlXvSL1/9mxkP2j4dmsRWTTxBqWJOPYV7tedUAPpQ19cIvnd1asLEyfgdHwPi3woKtIPSI+7bh12jU72PED/0RJfK8dfzc0lLFmaUeyWoNv3qT21O+xstEoLoJLStvBqsl+FfECapOWUUZCF/a3Q/kG5zoSAcW3H6bwml+9rIYLOD9utT+0GJNl9FTyimnQPFMfUPCKm+BDf9ZMe2ZDivNe494oj9BlAeSJeVEPB9HXtjNoGiW4M/26ZniUXe8bMwRnmRnEIVQ43MAn+yWqpbtF3uAOgKxtSppUFi1Hltb/KiWIKJVdimdyQeVBnGv6O+VKB5mwO4r5yk0Ca3TyTrlP4ZY+lXFTigG8WsGbWLJ1HLbJlVvEnT1AL0nPmdFHXVauWFaYCbFCk1bYYDB9pQD7LyAkz54TQLEX05p4pbwc43a22B3WGAhfDsbYoyQFAOiygjIXmXwyMG/3glXqFZI9+4mD7Lwab2K1BHQ8d7eVVEEMC075HE9vPo0YFgM+gRiCvIHDh93pkYmJfs4d0xIKzmBGEuLEuOpebojjJtHMsvMwrrF0pffLhEy1GbMajg9fKFe2i9vb8zt2+VnbIPyoPK7ztr0etiZ4LvVBkD3twXLtACLw5F0UXm/jH1WNOurfugVRDh8AE7bYKt3JCTgBQh5lRQw8WH17yWvU6MMDgLNeQb3GOm3wfj6yCkhZdK0vtzcZdeEu0xWanJdbmQ3xLdoPmAvjcmzNxOid91JLMmZJIU7Zd3enzMzxldSy/9N7ndWR/QEOSSW2nJ0VNwPzj0z/Px5A4LSEd7CpI+spfq+GmYM6MUt1p7RONuhSVK5jQPOY9sKVDy3CJwMMbiIc91+B415pkwE472jUoBkv0Nnmdx/rbc4JO+Qb5NP9YNjiK6sbSYG8qW6AJRPTxWTOPUUvQriRwtkD3GnszrVWmVhbnN/zKB3TtssxBbJlYhP/TuoKH5Pc1DdNHkDGeJbwNPlQAtcvwzOJLixopDOtzfjSq2UleZPHcqXMqilw57Xhls6FgP7FVauTlq1mP3py1tthKcwXmA/WjMsvkNEV6+4AHzWu5jE3JzODduYCQH+4FJy3t/lxwMKY1/9fOL7gdjUFoBeI+y37DCmfgq2cnT2maHvOadj+XdEFxVEstSAKW5ndxXSDn8CVRPIGILrEtIM3AapAJAXd5BFQiuH+3oSRIzR6oVfQW7wpRljqG7/Nbg4nYsITHzYNo6zjI+/HI91qZuacvM+DpKIMYiiJwfoj3ObpIwBccfE1xfrloKlNMc0V3fcl4J0sR2UsmKPqd6yryX098pA/xiBaAlotIuLxegfv7XKN8K2md8NF/LY69X5fwsyFCROiAtC0Y3k906AH6VqMr6NJoaCp7HiVc31+AG3mmNmLIZzuwRtTpdbgwFeTOLRaabSKzzg6SgWqFpUpNQDP6QkSwnVXhYkSocuZPxtYiJ9/82MUfd8vQsCC6WqepgBvJk5OwnIzknfyHSqewj/BOQTln6Nuwk/qUGKr8sZtLBsAzQgzlUe78cdA95z7egdFwDp7xI6LMFtURjsmYOf0dFpQyK09Wa4iARoPp+8RAzRZzOtRF9EGFJdCnEdwqmhZd0IiSMMDH5xKwTkYpk6XrxguxZGGgxPReKZUie9512JOJJDXDfH05iSrkMgmsKotI3rCkanOKSFYb1gKu5L007B3+D7W3igJQj2db0/tKS8Ebcz8kRJ9G9jZJHKvT0A4laHUdVYI7MFAjIHZMgBiYujL82IX0/j7aUTmnscFAo3t+V4m9njOoY3JSBTVA8Xi0XVUZomPIPTJeMIO+/hVDhTJSfFFYlNd7CSLE+Ml25+cfgeBZXettCrX0m9MKI3qJ7m+n/29qOzXPfPmZsl59U/EEXhe5Xbcut9ZKzvjTfdRGtLAPqKmF2WmeSS4uOyTdGGYn91eDGS3oF/HgxSkIRi2Dvl8n6+VcwthF8LOxQEbkt2mvpRpPCeW66t2PSqfjvBiiJjffs9F+ePlSQeKWOHGFEe2zZb9f/4ZxA70qC73WaoNMFO871piLp/hejQa7sB6k6xtXaAVmXa6Z49m0jq7eRkhpFgZuvpxcDVrHnN/j1fZjKq54kCOA+R2WUa7lWOpBrde+djLIqDlztrG1t3ywBFEH186Dv6FQgRAOpUm/OzUb1NohX6nOSSOEH7m50QkEM63LIAFne0Yz2AX1xmfQ0HmYKSUYWdwuMPgYm2oe6/axyyFuT2/ohVVQ4H37jS8W6UBRndPiwXxSy3BNJ9y1OLPJ+8QfoZW2xRhbQrDyrxG1QOIpP/dTsD1v39QrWizVAqbUGRHGRpL1L/f/T1G+sFPznKpzkVQdopd0VKrjkH3bpDlN3CEofUfoPd/X1qYygMS31gLvsDoHKuowPDgC9noXXp0AKVByUKdzBELizLgAVBNgsZcF3t8n3EBaI7w4D1qeeQcBjJA8hmgFM1PRxB5/ONDoJc4CJoQOo43HCYIU6PHME24N7JJ36HZrjQ6GYuI25t4kh0bY7264677YZ4uc5/k4MwIHIqyDzPhp18419m8r/WtTVI23xFpF+HyRpl1wu1KuUzfR1If3PHoGBpEBc+4JDXuy+b+DVH2CA4pT7bhGpg2Xh1HQOQ4yrlx3OBZN9SWwKh3f8Rrn8b7EYnCBmHRd50iAoDDt4bzM3m6oUFYd1PaF+I6kh2vAV+5PdgnvVPY6zAiM5gv2uIaVDyJmaLXzh9sLuj1Q5oLgt/dLPtxRp1sxANQ7yyqeucwSBiYzo97IVtyNkxhSBFOejEMJYlL5Wu1CtHDXWKElFJ2Cf64n/4JpQoGfJT/HlmSpvYUzWeIh3nNYBVq8TgTKCbfFv2YS38f+KIpf1eian+4EJyHfS/NBkeLQHkPU5ia0ENVGrbwHlG+uhhYHXWVQsNVHcS1Sgl/Mi5Mj9L0UB7toK9tfAYlTXNDW4xk2sQTL9jA+Im0OzURWSWQV6+afBJW2/kayIkkxX6iiM1HTz7g5yZhIKV+HaftI0+erf23yH4jt9pfJikvIWgl+NLvJ8qkoUZ0W4ot51T4gISVB+R15IEtQzcvBKEh6BpTBIBlDKYSPWH2HE173VeHZBAmc7kP1C6GOre8nQqJCBqtgjW2QDCb8y0hmfcQ0q/1QgCDrRzPT66HJRTIwxAQT26UzmLoqXIFRA6r7dFpKgI+G3WVnvXHRqzBPu,iv:X2HFhJVfrJipVp3Ch4Hy4/YPVq4spUg5o3jgU3z5boo=,tag:FoImym6JinWWfQHaX1F33A==,type:str] - apiServer: - image: registry.k8s.io/kube-apiserver:${KUBERNETES_VERSION} - certSANs: - - 127.0.0.1 - - 172.16.0.4 - disablePodSecurityPolicy: true - auditPolicy: - apiVersion: audit.k8s.io/v1 - kind: Policy - rules: - - level: Metadata - controllerManager: - image: registry.k8s.io/kube-controller-manager:${KUBERNETES_VERSION} - extraArgs: - bind-address: 0.0.0.0 - proxy: - image: registry.k8s.io/kube-proxy:${KUBERNETES_VERSION} - scheduler: - image: registry.k8s.io/kube-scheduler:${KUBERNETES_VERSION} - extraArgs: - bind-address: 0.0.0.0 - discovery: - enabled: true - registries: - kubernetes: - disabled: false - service: - disabled: false - etcd: - ca: - crt: ENC[AES256_GCM,data:m3cmYfDqLbgRlq9fuP+AJ4N7KOC3d8lZmQLTnVfqc80NXAwl1kTKlK2q57LjyjuQTRab1Er78QNf/JLFjS3Q8VWvUr+Ssh+HQ1kD9rvHp/RB2Rx8CbrQPXghGs1O2FWHqgXGndiTIkao0GskbbYlxno55VYpkQStCPC/FcG9+OrytI3GmsciaTFwWD9OQPqkoCEPj1vb5xn9M/tvFmSg8KylkxhmxzYi4M+yuVa3TKcizTKA31upf02ap41isKsZqb5p6yzgbxoNQEMLTksRjq/lSEiHm00s1OVnCfveGsis0eyBby6q0eBl25omS6MXgkzRpl3cZyws7FVCrVMLmB1j/hP0s10rLFUE2x52WlIApwVMobfNwas3jl910XK5VJVAYlqu6JokMWa6kL/thD397JkcgRGzkOVSZky1qaRG8YVqjlkng//vDjRigIXt8Vd5l/3ZY7jLc+bSRT+qG6JkcGUlWjEyVtyvf8v8MGD3Bdn535yRJ7m0gBBGjo/Yfze6vCFi7HNs/LL8aQvsHc5J23y4rR36ANYADQP6g0RXAELPDXxrui37zhHEBNLfvG1iEtmZlTfxfUrlwC9vW7jbD67ARcXLiCh3wIgYygBbrWQttlhjzcU8qGNqWWEzgiKe3G9f3Qw+TUBWU1T1df4pxAGeKx/Mu6RrGIb+FLcBq8NwWJGMghOcdmKuKGqX3AtZBvAS+FJnaasJTMYS90xm6A3hsAfBcFlVPriBGkLfSmr5R/bF+br8SMYHeUgQDdEU7Is3d4g7QoxXqEVxqpiP8mlzAGLZtumCE74MRCzaFAEfWIvXdyCLVT8vNK75Y36jXuRtDvjt6mx/BTsGEIoPd3cadEHei3ySjVA6C6N87eXG4Js+PU4YaNvadPq+MA/kd0hWrDyc6IU2kKm7+5d4hAm8lRI8nz/3gliLP4R4FCpJREwPamO0C4p41GfD32hxNV0a/oTrSCrRpdIY/iwcr6kpmSMop9nIiFo1ui29zHyCKZodR+PPRUhSbzB/qemssQ==,iv:Oh9rOhyDMTyuOkQYBO9B3grXdvFW/l3v+vlp1fpzsMw=,tag:u17up9JgOpjT7YWSXY6oqg==,type:str] - key: ENC[AES256_GCM,data:O2TpM3yG49955f3TdnFSaR8V8HiigUDcFOXtpAjj2z20/1x77Tv1mLAnjwuu0F1lsAYwS7TYeyewzX424tU3npq3jtlWor6ZSJLQYdi0fnuWx7Ba6kPPH2neBJXs0dsMCGx7MlS5pyAe7T53G/fekpzgxJVAAVVvX4QbaTFSqem+hlmSVMnMlxjCKFLgpk9VRWQtycTkZkLqECdljAckAOBS+94KmVUslx9Sw0qM4ubPUuFWwcTQjY/lrwXFzh3D6HZjNuBrR6iBcSrc/1/SIiGFpCdXzWGu/EKv55k4izeDzqzAkGWKuQ8wdTP10pnOd+2+eXNGmUAc9YLGNgfk2Iwe4ic+Cqs1DXsPRiis/dcN0MlWEArLLfT1GghwRXUYaXdls+ZCXDSXRV03Pj0fcA==,iv:Xa1rHyH985pG+ZDRQNRu0QGjFFj9PzGs8+oZ/Q33Glw=,tag:t2+/6NJYwXpxvUKBE/vfjA==,type:str] - extraArgs: - listen-metrics-urls: http://0.0.0.0:2381 - advertisedSubnets: - - 172.16.0.0/24 -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age19963x2afvcsek4p5sas5n05thusjvzz7gpfknp20666u69jw44lsu5w4u5 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkSzNGdzNWem9EbTkzYmxE - d1UrT01XQXdRUmpqZDZXeUZ2eFdMcE9pRmg4Cjd5WUhpYW40YWpBYkNOU00raVVH - c2tzSTJzeWdjRFJGcHRQU1VCMkxDancKLS0tIENhanFtNDdMRklPK2kyNEpTNUtH - MG1uNVdyU0JINTVSQ3VkM1h2ZXVyWDAKRQXEnnX/xI++50s0ZyoorVNRKyDAmvY+ - 4fydtcPs/o4RAEP2E3M+bputSd5kB0kNFvnwE4OZscVzCxcyvlp1bw== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-15T22:57:55Z" - mac: ENC[AES256_GCM,data:DdMPx5abM1iZ+sBzl4kcv/JF/6vR55xlID5cGBB9TlbYQycUfYrlf7S4896UwypXK/7vVztcIZbP/6GYmTR3oKZQkLt/hZwI5obo+8euwPKyFDCmhJPEQDpK63hcz4biG9puf/mRKwLGBu02MVOnQJZzQG8ostSZBwDbSOS8X2Y=,iv:c3PgGokNkOuOMVUYppmcHcPy+xv7vOt2/71ndxKhKv0=,tag:dNdlBdlVds0Df02UYgd4Ow==,type:str] - pgp: [] - encrypted_regex: ^(token|crt|key|id|secret|secretboxEncryptionSecret|ca)$ - version: 3.9.0 diff --git a/kubernetes/raspi/talos/phish.secret.sops.yaml b/kubernetes/raspi/talos/phish.secret.sops.yaml deleted file mode 100644 index 79a4ff951..000000000 --- a/kubernetes/raspi/talos/phish.secret.sops.yaml +++ /dev/null @@ -1,174 +0,0 @@ -version: v1alpha1 -debug: false -persist: true -machine: - type: controlplane - token: ENC[AES256_GCM,data:JwlZJNbzenRxhF8vLSfxda0r/ltfEGI=,iv:xNV1omZg4ZgzEpGM/yrG4t6fB1JQf2EwWr+q3CMLZ9c=,tag:D2m5NydArDAhDG+sq3i+Jw==,type:str] - ca: - crt: ENC[AES256_GCM,data:qOA71vKAHHFPoz/9WvgR00uBFMZtjkCpe9y9aX/Ld5aso+FUXgtXUu974YfRKRvG1Tt2jw9Z7Bunaqw6g95Y14aaLcF2lu147zWHohE4jiRm8ESKFplUFl6bAAd65SjpvZJFR0gYnYAIRIAqjW0lb5Irxnzecw+TGSfwrS9tCfHHWp4K0fgfTdeGU65x/lgJpePwxJqWgkg61JqcOfCHzGS81DOUZQ/GldxIkLIxHDc6motcGyfBjfQ6hVC7maPl5MTjSrkV3qzkgJO3E+13ACct+N1DvoQK+cf31ep7/A21c2eGh5+LEORdH/ywke41ph7XCNi0MbqyagFwXE1p17Q+7DLi8ydeN0I214vKQGtTD/rke/FT7fLF9t/vqtiGZRsKixCh9424i7sQIB2l9g5rZ3t8fc019l/4+lsgFMi0lLee03T28VUoqLkWxzcBzYKtrs/jAgKkb+F0XaXdHyzJKXhB05NajP92al6mK4a+njy1bsWZio5ltxfl2od310cS1aeSsO5jqNu4HY9XWZSIFhmF5iV1AI3pxJPmYKHqX4+l99zA5oIcb/lQ1S3bxCwYQWn6DDilNc2xYtDybydp/rE60vXnzONcBL5qYWCtlqloPt35SNNVsVFLXbv8id+ED7fMJxzK2zlI66lgCfCOyTq342UkmzoTmMx3Zomo3evGKSl+tMw0kaACLgbL35cUoFkZpKciMXOlhuIkwbLCpZTvml3paZlrK4qpr3oKgf2R8zJwHvbI8DetgDQIQDa4xZcdFdSKKm9Pcep4D2LCAXIw9zz4cZSAEVS8heCgUIIrZqvs1ywYLW+GHoIVmxSNAGT4/5XA3qlY/OOvQ+VfbsXCFZFUSDzI0euEuBMHSQ/g,iv:QjLcanDH11CDPM01GzYAZURCIcGUi3QLt97fO0w03To=,tag:K+yVge4u5Ran3ePIRmLOPQ==,type:str] - key: ENC[AES256_GCM,data:2I0yQAaIDDePU5NJgEOnMRO4rOOLEKfaDxyk6IGttLa42VEUcBBwylzTwQ3OuDoGiBlm9zzVib1eSSlHusiWW/iAf5pZoEIMrkA1yee1YE22G7tNl8aleIOaI9AhyAnB/5A30iv+eJJuGVHk+IHnt1PV7xuwUeBNEC4/IbgqYpHyUWYTJYhoFGAvzD056scRD1GP3fyX68AkhWqJgd2uLP+3ixJ+r4gIl/xQAG/sye1+sK6w,iv:3jLH++2SYQGZseHC0eJPVUIotVL5fV8DMQ7u+fhGiSg=,tag:lnPc+EXJSJZau8GW5RDkHg==,type:str] - certSANs: - - 127.0.0.1 - - 172.16.0.4 - kubelet: - image: ghcr.io/siderolabs/kubelet:${KUBERNETES_VERSION} - defaultRuntimeSeccompProfileEnabled: true - disableManifestsDirectory: true - extraArgs: - image-gc-high-threshold: "55" - image-gc-low-threshold: "50" - rotate-server-certificates: "true" - extraMounts: - - destination: /var/openebs/local - source: /var/openebs/local - type: bind - options: - - bind - - rshared - - rw - nodeIP: - validSubnets: - - 172.16.0.0/24 - network: - hostname: phish - interfaces: - - deviceSelector: - physical: true - dhcp: true - vip: - ip: 172.16.0.4 - install: - diskSelector: - model: USB 3.0 TOSATA - extraKernelArgs: - - mitigations=off - image: factory.talos.dev/installer/${TALOS_SCHEMATIC_ID}:${TALOS_VERSION} - wipe: false - features: - rbac: true - stableHostname: true - apidCheckExtKeyUsage: true - diskQuotaSupport: true - kubePrism: - enabled: true - port: 7445 - hostDNS: - enabled: true - resolveMemberNames: true - kubernetesTalosAPIAccess: - enabled: true - allowedRoles: - - os:admin - allowedKubernetesNamespaces: - - system-upgrade - files: - - content: |- - [plugins."io.containerd.grpc.v1.cri"] - enable_unprivileged_ports = true - enable_unprivileged_icmp = true - [plugins."io.containerd.grpc.v1.cri".containerd] - discard_unpacked_layers = false - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] - discard_unpacked_layers = false - permissions: 0 - path: /etc/cri/conf.d/20-customization.part - op: create - - content: |- - [ NFSMount_Global_Options ] - nfsvers=4.2 - hard=True - noatime=True - nodiratime=True - rsize=131072 - wsize=131072 - nconnect=8 - permissions: 420 - path: /etc/nfsmount.conf - op: overwrite - sysctls: - fs.inotify.max_queued_events: "65536" - fs.inotify.max_user_instances: "8192" - fs.inotify.max_user_watches: "524288" -cluster: - allowSchedulingOnControlPlanes: true - id: ENC[AES256_GCM,data:jWbIVNbAygaJA3w4o7HYM5vaFA2kDYlHiGkJehhqpugI0F+14EpaiZSCdBI=,iv:vi26eCX6ohPJysrj+6G3G1Yk0Z60NASewav/8IUyeKs=,tag:eHi2VehxCfyMY2pQ9NKU0w==,type:str] - secret: ENC[AES256_GCM,data:lEHKxwTqzIlrZ4Xd46pB0ZT4Y9NBwBhaBp6ifiSPK9X5WovKXy+Jrd6LO8c=,iv:5EpBadcaHPngETpvBxH61gR4k+s7NgYR7qqfVTRTd6E=,tag:ElqLafaL1UwBIe4UI9XWYQ==,type:str] - controlPlane: - endpoint: https://172.16.0.4:6443 - clusterName: raspi - network: - dnsDomain: cluster.local - podSubnets: - - 172.28.0.0/16 - serviceSubnets: - - 172.29.0.0/16 - cni: - name: none - coreDNS: - disabled: true - token: ENC[AES256_GCM,data:W3MMdawqeUNj4tqBLs0MQEKVcN5DqFQ=,iv:5XNKe/+KrYKMJAouTDvp2zODYn1cvJdjHeoEZO/oWg4=,tag:CHNGiTVYks02dye90OJ4og==,type:str] - secretboxEncryptionSecret: ENC[AES256_GCM,data:uRdLSUl0MilpLtIiMNrFkRd+Ddc87FwT6bv7+b4cPuVnBynuFyfWgXtME3M=,iv:zBj64tnNLd9sH/1SxXR04387rCItEFkp5C3WOlhPXZU=,tag:F1QB3upaaQJokDqNJtxBkQ==,type:str] - ca: - crt: ENC[AES256_GCM,data:ttcIarichPzpkr5sPSnnIKDUdpUhLKGDZH6GigDeKd7rJL/gmEwSvAvQAGXGbGWVZ9Q+sZh/JTbFYVvZ7jTFQ4o0EQ8hb/4f+1fxfZUneHR1ZAGAXjncx56s9CVA7hFXJh6H9cxsHkq6kP13Yn7+xi0fiIc1FbzF8eMLjcOR3C8XkGiZqyflr2NCxkjX9g0qY4sTHXKgI2YF3JgaZ6khMCm2GNCCqX37WL0Ln2Aw80Q2aunwcSyoIb0KRrj9EMyYFDVoIn8s3VBKZeQtS1EmL5UaqzO2kS+gVwuCnPkd6BCuY2jBXn/M5ZpHEEt5bjIQOD49QDIEEo2yQK//Khoq6uoMix2oxYAlEQG1aF27P3U1ecyg6EBZ0+ITiZrSeju//yDx+GynUD44HoVhHnsr3OFcqNjMyhF0/S0tpclD0tBIWNpjjyF18IVSx5wqPRfHNZlui0MP2W0L2VogbiWPbk8UvxW0EH+/NN223lcyvttVHpl8MYXTy7kHEk0M3uhUuopnT76hEQfcSZWGUCKnEEby24QyNIr5IDMh3LMi50ujhfGAr8iMtVcO2x0qUASEXm5FW2PF/dACcWgA8h5YQH8tQylJimxpqr7I09OFO/OJbalqi18gPwpyezK8LY1qW8LREoiDz8tQyNE3Seh5qNE7H56IEEpVlS0y55Z0xQAKHVMwdaMrqiNiQiaZoUeWPcZqPLJz2rgOODfuJwIAa3IA1qSgv2RB5+M8xA6qumj7J/DjzYOoovUIzgOCxldWWouluHOXrnrnrQZDa8XDpQWrp1fZOfa2PgGbfMZogJCj4fHhDjwE4aW27QFKNUkAnykmIH6W4G1DRyYifauOiKK7lYNKfapeN7RNBlgS9HzduKKTqIFAwncfEtFYgclpre/MpsIZ3CYD9LT1Bnbvry+Ca8VyjgzVy4S3rMocIrqtUoIdvRCHH2sQf84LHjVTdGO+NqWqtx9wHAf1TkGcWrHVB0YDKAVRi62o8rxlSUZ+VugoAZaeM24CFxLOKIrIy92n8pjDfMajsMyfPBbP3jMtVR2Qxp+nnz4l6w==,iv:wUbx4Zr8BWvcxcVVcGyy/KjJyfP6wnhlgi3M/tAw7ik=,tag:M3rkDsyLfG8kw982ah+Rhw==,type:str] - key: ENC[AES256_GCM,data:D3W6NUx44GUUPQUbhXOLX6hE3a5/SxM/ipHPi3ggIrflwNouG8N+ClUX2qmMMrztiaW7Q8rl6J8EzwAJCKEucA9Hx70UP2IZpyfhoNUpH4qOanQMDaK5D+c9jYAZFbRBnVWqFzMlMrU6vcXbs/LoVYHFC09C/5GHnwVzn7/+Iymnfe+5YJwcYwIObNbKf79FgJCxXHB9gdUIB9Yrl2jQC8EQO+SDnaaSGkDz4o/EvCs0uwycrXEuzmCjtKQeX1gCeS1RIIpmaHHohN8gy9sYuxCd1mKF7TA32LfIWL8YzLWL3b4d+LRaj58+Ed2kEozGEUGdYz1YyHqBd3wYtqbHJG1PPSDcXme4MKHKmvKK5c49exl2Wdlp02r4T2sWZsfN4gjP5Wr5UeF/GDkx8YeXaw==,iv:ZrfUsPIcY0XKeHm3SG1/k0R1AWY8dZd80BAkekg6VGE=,tag:dXAl+CGMhX/EfVRg/klTrA==,type:str] - aggregatorCA: - crt: ENC[AES256_GCM,data:zddBaZz6DPSccbwDSSPGQ5Cg6Q5zdTl8+WozRzT0yLgdY02SPHOTipfTDDAajfQTCbmfAqRlmiWpBvzxGOpT64sdSM9kt6NTUVKBI+OBD/GZj6Gs7yJqaMH8E1AMeij8QcfEHVcHRO+qreSH22Xrggc0zBUnISmn2olV3drPwT/ZWtDkh0CL2eqRajw/9CX2/BEiGjq6m48Tyvycqdwm7piAAXJgjUwzO8a+LhUGqPp8LLoiA5agdj+CvIuNa3zTZLJlZbGGlS01jAVdhiHFl7aKEApNIpSjcRXl7Kb55Tbuebk4KeoKpCfLYeGMXYGGY3vcUxhRp2vIGFv8Skt0X9HkKorrm9ROmUlncGFK4sSJLZRxwwLLhqW/aCy81nPhy6vdm1UM8Obs5rJ6JGQM0zxXe2t4zvMZWztf2JYieW2et7IFaSJkWBgHiPOYpN86YTiizPbuZCwVw+WvYEiOM1TTlFC9Cz9CPt41oNevd7tdajUQb/rAzqe6RKLLUGlZ27B9JimbgQ5GpcY+LOIn+xbnZYrMeR6U1lJvZzLF1NEAdUKVZthDs2M1QCNDn6q8eUo4EKrKnGNZYALc441w428yxykSdFbPw5YzyWR/V+dItr7m9IJn8LdTAVNR7IjoDe1tPRYT9Rdto4RDM4xC7Qryq2SGBFoLoREXZpCZ8i3UuBdFV1Ii8L+5uwYbJMvRJxK+Q3lrml54/s8wVaSEJbbVmm02RjLUqgnVw7iFXBcF7mSt/PvNRFfo3ZTzEuMhdjSjyOXsfn2FFKeuALA81/wxP2p8hZGOOes5EBSdLdnmugAnHYe5ctJ5H2aKfABnsUT83k+EI5dp4N7at69Jjp5V58Tb33CbV7yNVZm8DvfR0NUbGFhZAK+ENMn6t8bgc48XMX3fz5DNBIqY7KZPudYrr4lQiuZAdpf2AX+Dtnc0oA+3RacrN+XdHSnooE04,iv:2RbREoLxTK3IKCoskKm6yDE5zzFIMkmnBuKQCWFEzjk=,tag:a2GwxdxPsrHIbvwtfstZrA==,type:str] - key: ENC[AES256_GCM,data:s4cCj07WwtTnijml8vZ+J3nYMW7XI9IeoyFCcM7urRSQA3rqGHLt77ye0+TuJi4NtBv7bylvIy5wqsXdaLGG19ypqcdX8z+hEcbARz7pZcSGYPr5KwhwVBzzmIZabMu0XBXLt9XT1HHYXTiKW4hNZ6V/vBMl6YtakrGYveTPKep5YEBLom7vrquRdB7PQK8Q8RrLn8JN6yvASvk9y7CoqdtxVRquBcz56KTqXfkR9UFaOM/pV49MKGERMtQN6bAhmaGtQnAU/FVqYNTLIewn2OKMLsdqB/V4m0do0w9rEgU8ewEDTqmZojm5YGjA4Zhfu/zEGxNw4ddrOqUxtwvy5UPbws1Rrrkmcmm8ZA+10vT2hMEWelXQmanUD0Pcece1CSsIN0cjMpdPo92KF47EKQ==,iv:kIN2n8czN3myaU1W7gLb6V3WKstmZuDFoQsK81TOEWg=,tag:0Bl3HjSBaVhXflsbKVa6EQ==,type:str] - serviceAccount: - key: ENC[AES256_GCM,data:8KULdyjZMiUiYvqREJUFar/aJw9BzB2bO3p+MFHeAl3wSd/AYGLEdLEcMDt41QqbdFSe3J+2oatC123x9p7VR4HuLLI6g464al5ixrq6lvEYa9XrtQtyZ/Ul2W65yNGGzHO5mC+Tf9K63omkALbd9we4wzJhsQshsVO3RTrqVkx/opUrfawgYkXmvUWtva8q4o4TlRqEuCUuHJDZhOBCv3ZmI99rHN5w/uvokx6/y2m0su0Q42fEjl76NOC1KYtraCE394b+zV78fh1yfxd3XTDT3kFlGSXVVZ03R424UkjmBCN+BW/cGkMsyyrJGNuXwUmbWDJUYKpYzFFTKxaURyBp08D/EK1FhkZWeGBZN6rsMK3//rQCNRwPVItx6vI+gR99S8iRwzWRRqUxUcn8pZkZGE/R8Pok+5fVHLk5yCFhojQ09tjmiPF8okp3uPx3tEHR0V4HmUrT5xHeAggWCqBcdtKdj9xLX0bfEC2b0DM5Qi6qWoJ4McWn87+EWv2QNvC69iz0CgWH2yz0iO3j6OBsDcBtFMP7/DlG+NW5KL0RZ/g5lGKGjJc4x1IlDWy3CGFYNQrdZDX5oCubCMitLWsAAwzGUxqnpQFiquLermAnr7jHajpKa+yrjX8Hm3FKlq+hBtwY54fTF8stbiyi/w0WWXx4HQ6EFwq6P8TDoSm5LcwYWlwi4X4v+5gPB6Ix/xLt+8DNqpYrVN/R2ZKgCkCndgl84E3k+c1nH6LL3Bf0rDi4c0Pv8CFjtZg0PoMeHGKVQnlje8i0KYB8xpUo/VkUrNUI660oluK/vbRYXjIuhqxaX2kSOk7Mldv3/vvk3kRR3ZStFV9ooa+fccxnovkl0NwqA2VziUERQ34lrTqZXfgKFRmeDM0PhsLhUjlWL9glRwGgMw2IG3BN4rWCj0RlLb35EMC7lfjzMWdVjJWP1gqKGmlmPFC/sdmgRxtb+yUpnwu5swOsTpiSSVZaIklCRr2YrNleIbAV5tt51J3UfTa3xhX1v1/mZElkBQtU2bP+8XrBLQLJGdueF8cyY0WqumHmXKkZZTUc+NSQs71xkp1+eQ4+TNRGh8toyZQU6rZNFPKsji9ZJV6ETdsk37FJDFl7iE4XSqGflxZ3n+JC1Z39XIYSX3Fi/Seo9fafZKvfO/yJkJR59G9G4hfXnqFxCxED6Sl44ngcD7eXONxX0Lxh4XWSZu6MTTr1JvFAxnmSvt54G1+KXAJEXSo1a7mBFcyiRtaBtF8sf0r5tM5KuB2JiQM5Vq2mT3mMJfkW241ZoVRrUuWRb8a3GKBb+lDgrZzJz5XeTfgyYn7CGTxQof3c1BYByXMDn6lnavsRjr8MN76s2E/10JOCpzFPwSSi47Lmj4WzJfddKwt84dfZfcINXBPi7MKqTBLGbK0anc9z+1cL742Hgm522Bjm6nNt5X3Mmk1ELhsmoFDQ9g++qSCEkpno8odis2R14id8dqJYrfcMXKwae9ywwBTwjqI17P8tpv6mZ+/LYyGltDQQ42KfRtJfCJ9/86/MJ1awgTHxYLgpDrLO1cRGsM4bGVyCbUA3is9ymqqgzFyhyaTtXrYc+NrfqmbrvmbgqY6SSdKfILcTOG8R6Wu+dB5NkTiWXf0IfbRcauTSFn73PbVop755359PM556AfE+5rjNzzikd+Gh0Lnt945MbUJT9nR+56P8hHcUIA4j+fOFTzOhofuTE8fW/KCPcptcGyjpRQklVuLAYgcz6jOptxwvIJfSH1JQW6wGmBa7G5RMFM00DnAPgFnCyVgMpxd6Vq/uB8IdlOsRL+GdI9yahpBEUo9G1p4QE98U1IzcF31YoRtrUSzEQmGg9hqrilj+/LjbVGUA0AJ3+jlN3qaNxtJPHJ01I67xqUH661gSRlCNMXuWMazjP9T1qAVq18fVTLYA0Wl/YjA5Wb5o0QaUjJT8QnKsWHBSwverGs1FbBDGFmg9EsWKFrKHf96OxYpOGuKo/XN1L3ZwPJz2t0fHlu4WjG2G89DMbAE9WM7x+rkZ6zWXVouMYSHpMb+gxNjtErUzGz7ogkDJfM6jLL6ataDo8D+P4F0WtysVQAqFtgJyr+Kj8TTtjehSVC+52XCJzjTkrSa6XHHaWFM6Ec8Ais4sggqj/39DNaBEoUldT1yT1c0p7VdnsOlownj6+6k9TP2SkCfugU9w+hvayVFh9kzjw0+tROQkCyaBRGpBtANTEfWCoY/mK6gVHMvU44A6/cr7nhJH3Qe7kAjg7deYDiv9QfVPBTLRvcP/bxFxKz47kL0IeULyE+Y7oaUw5TwWoo9IJxGOnOYm87LpmoSFBHVulR6vAIUVDFUmT1tPSr0IYWH3n9dBznAsPVzDBbgYEWGMrOAGOxsNmiTqGC9q2SkuouNoor6qWpafKPm3JCaPiDvGlZf9Kkk09ZXZnK3P4fVp58StqP46kcz9OZn2zPBAEV+IQ0zqMfn9jtVsxo5NIiPblQFaw7q1vO2RZi+vAClVvE0hPm/gn+L7Aoow3ZqwouHupNBaTc2HAAH4ipN5P2cxthUe6k5ZPpaI1iGA4ItCCmIuI0FhZZ2YgXeSLExCdRbFjEsDUIfkadydgZh0nve0C/OE8Ll3SsOMXprwbKzINlu7lGE4HHgC3mCxPmGcLF9+GO88La4ha8qxJ63R0voj3eCFJRXI6ZVZbhUIRWTWwh5z0dP9QUYNhwU648IlapPzyPGSEryp3IUSgqxgYeoRB6jDi+Uu8C/sYlatEedwIOll8BlFVwsDJyK6zborXZcUkOh33eWqK0ZS2J6CwVbznKQC0Ukd5ob7EosIXqtQjEkmmNYi0sdWAJMNHaZEtofnKyMu3CKMmISM5GTM/0ISHGlCx63C92mkiaheQATxAgSQGRtE8/Nb0aRPGUL3QuZyjePQplqy8I5mAhX/F2B0KdCzaI5KUCfvIjnAayUduGBhoUTdD3ozWfCRwZoyiHOctQe6IGJ0KoC+P3HgKQuh8UPA3byYu9VOIgsJiM6liu89/0X2/gI9wo0eDs9svqV0j1o/PDczPTiGDNqOWgLT5s3CQIlWxq5c7AKLryXjpOxa+rWUBUZhW0DOmabvYsvYRDaTY0++72WtT7uhUlbRvXY7cwlfkblQHhiFfvnGzn6zwOoMaTui6fZoscmw6tp9bzKyKessVc701jiPk+ROdrDR/jC6hVNDosqpCiMg+samUPFFnsod/vfTIs0eKX0Dy5d6NRFiOF80Qy3a0Qi/nVeqgjANkFVCeGhhMeO0Ui4t2D+M0YFlA9v/IMpiSkTP47LAMLodbxhcg9oUYjIOMGGSr8RPRcN0zjwDk+lTL+HAcf+pJeTSoVE5R0oQk5Xezke9Q3NKozDPpx2IHhnDIy3aWzKCcyy0CggjOxyis3UcCJ6/csPQLlxnEk+p1MXuHqOudi8dL92W+rl/oNwFyiANvRwdZzVKmIi/jSYXyr+XqM/bnRA8P8+solXOegMqPGjW6qs6Np2GfbUKDO3K06M18/PKtMT5kgNBaO6u6qbcxHOQTpkqWzeBlaThaz8TqufcjBJqTS0zUNm9mxXXcorlavc1YS8YQfFxhUarBhFvVA2OIMOOeKfDsft6zQmgKkbUHq0nIElK3cCueA0/NHREaOu3EfIzf4EXl4pdTXRjkhqqm4bK+46J1+EEzsc5FTiXuGs/7AYQXlXhh8n/0p5Rh8WC7cRv0jjPYvO7bBTUzVL2P4cFJvwFgyKYumrd+DT+2UVSMfIjnFAurDTptU1+Tzb8BMnEluxrUroUklrT/w0ocI3R+RL1i3RF6IWlvGHlp1G5D3AofIVaJqI79A9iDJOrdjadl4O7GU4t+L3dqXQlT+XRMQTOboBjDBWOPwmPH3cK1SIhYGFp1auT7iNu6eDQZZuJf1J4OBMS+MPhrC1qRRAtogC0YB27m0+Qy3T9QqGRwdmdeYMwci7eZuWYTue8yH/1IYpI5hby2PJVjBPJHTRT1xViANLXd3eFHhN1Iu9YR0NycusUw8i0TSP5mImJ+xuaqixCk6C7FDLSUBIQY7o7M25U2Ukns3umM+4L1JbGz1dK+ni9TKm7nNDxhCv2ccOWqFwl/s3R8QZKUI8n+S2iYeOTf0s1t68nMAIxvdtmvx0fDr989/Me0Koml/jeoD3QsXzHYi2j/DR4D4PvhcS88qs1+zvg3tYxGVpEtmDjNUMQJU6nCEGxAvo9FVPU1wwU171SZ4dW/792fOl8qW89jgNKvCsnA54utVBTVhHBzEhNRfHVw49E2ZCFAAWE/3ZQW/dEPClOcrXjsCNE6/O7bE4uPDuKm73z5eZCYsR7UUEPkXLh2MSeRbghvAIcOroXkJz+hmA9FVfOQbFGZ5/aTt4j1rFKyTlRS/zEgE+VMyhrR+XTTuXrcjRLu8QLXV9WeVghbNEbZDf6cHOi9h62YDS4XtPq/lUj8qKCEaeuRffBO7zhew/nVP/m2VANTonkkBB1g9Teh1izfkpwYxjtCbULFNv5WfTskQYOtjFAjLPxFDWrIiQcdqaibWSu03/3cwftqdwFU+TPNPm6aivSjafdc8Tugad1GhTeTfeDKF94H5U4aWLZdvNMH4EYxCeRSA1VFT8TbmGWvSxTOmg5ZWoZwaVTudlIrPQobqll9qf3bTkMuYAgQIg3b/qgUqg0ugFflRPZrQSWuLG9pRxIIEVxI5szwf9uHpx4Tscc+k/BKU2KgRY7WrEGag9Jig5y6Mua5QsFXgzxucJ4Gl3KqOr7gxhXCvVb9zTbbMhrsDdnDAYBFz9DRaTBISGUGEAkelopdwW1q7FoJllv48WMw2LVtJ5n4g3F2TFDZTag5Gtb8lVQy1rXKzzTdKfSv70F+8RgP+SDcAmurTHwsL5mqmsY0/3q//kRHLkqbxO9BplcKD4ENgFuBqyIiYCynia/6OP9JVOtIRoeGalMGG+X2n3Bf9sdcU1OkmFyoUwFGQ/mOnTFNhpkpb+/qKYhSs1y58boo99ymIAarQpQ6NmmaIW9e3vXjaOLEX+73NT62U2Uh03VmpEFTSY1BDh1we+kYZpS4P6yz8JWWO6kBeP/k1rTgE9pUDVRMD4Iht4tzBt0khsHt8vMVDnkgHN4+3mKLbmct84u+Ya0O1mRv4/uvpa9TUpVNN3SLjjq+Rd5WAUnZhxnNBjLHRKOrQAjeF7t2p0TrJWSpbsjjucGxQ6bVOZo+TfX9lBwrWOBU5Rm3rciiMBiUgOUlP6Mfo4AClUvRZApS36o/+bmsk5p3odNNOKMZwRjJ2lj81NDed3KuC90pqvVhXQj63EO7XmPQkORXdALukK5TP2z3oNu0KbHir9Vc8AhwOYSUXl46icntOWmYEvG+AShapYyllF3zfb4JaL2sGe/9sY56/oQtZd5dDW33f/50BtlCipxY8+X3ke4UX/JMQ/aL+l3lhK5os2p4j0hzqyNZjIx+cttkptECZRXUDVov3wxU38yqDrp3gKaZbeZuq9wfWSlQiVB+5uyMieA69bR99yVCghRX7C9wh/8MTRlm3QWtoACe1xdgnWO4G0OpdjvAnW9ZJlT3evA/2v1IsOOmwxLS0ejXnrBo2JndmLM40nbayK0sVEVn1QalH+rlwazvL8Er7cANVY1PsvGFkzblUphPOqF86g87WeD7hNHBR9rfpQicPEsQxScgOveZaPCIN3+fCDr+b8cBoc9JYMrPehtaoyKrFHL6E7Fb7figKzB+j6lNSg88Ttbcv57vZSnbw7IpBlQNVskFYRU6npkJEyUTaJ0UIzZc+8N,iv:KGQFSHjfjtx7EqQwcBy/AN2v86Q6m0oZTBl3GNQqDpg=,tag:mWlIWyVJ0HaoFEfn+4QQog==,type:str] - apiServer: - image: registry.k8s.io/kube-apiserver:${KUBERNETES_VERSION} - certSANs: - - 127.0.0.1 - - 172.16.0.4 - disablePodSecurityPolicy: true - auditPolicy: - apiVersion: audit.k8s.io/v1 - kind: Policy - rules: - - level: Metadata - controllerManager: - image: registry.k8s.io/kube-controller-manager:${KUBERNETES_VERSION} - extraArgs: - bind-address: 0.0.0.0 - proxy: - image: registry.k8s.io/kube-proxy:${KUBERNETES_VERSION} - scheduler: - image: registry.k8s.io/kube-scheduler:${KUBERNETES_VERSION} - extraArgs: - bind-address: 0.0.0.0 - discovery: - enabled: true - registries: - kubernetes: - disabled: false - service: - disabled: false - etcd: - ca: - crt: ENC[AES256_GCM,data:DbzpNGtMEJj/ss2pQoADxnK6Kp2SKDf+jjIupZcgbVkq0oNr2KBm3xf2IUSS51owvAvmDcB7kU5c5gpc1+JsVvgWIOh8bel3NGVo0fgTHdr8akIDIz8aHXqEOWHVY1OdBwnNRoouXYwcTqyY1UkP+IyoKqJXr5heHe3Qas9HxKGjvtVxqCp4av1zD0GHAhU5XNHNyEug+kjdq8cwhyZ7fgO1lTZF2RT5zjLh2gIICRF3y1Bet5frxQNNr0mr/xG6e/l6mfYvr1xa+vCuEoSzT1gZFOojva4FEyp/71QtrSkQswwsoqJFxw7mlEuEqYB7leY59eYtEMck2RWujZ9MkJDB04KkvXO79x/gfwzLULlwtFrcOV6gW1PHTvOLL8swOI2/qHOSShrH6MvD5YlCgBoJWjG2jGjmdaTAYAS0uOyhW1TOuH657qk+X9MmmOVQxBCNEiLyTZE0MjytQ9pFS2CxZba1P5TKcwHot5AUvDYQSzkadljG6gPrCS9eVdMr85BeYBbXkQsSZrkLFwlHTZisfQLiF7BncH/b0bvZrv9VWwl4nrNKQoZo3vjcRNBXFPTBdniQfFTssa3lx6dp6S6JBepOflL8UvmkEV/mkuucEHaqM2yCVRUJA/x2b5re/a5O3kNGN/81l/OX7r7H1aVd50tp9XGRF69qUkZdnXlFgzgKzr8w3YKc0tDACgJKnsaKUgO0+gozHjdj5FL8dx32wtyw0Gt9qYFh87AmB/sQXnF5UoxCedJH0hdwLdX8wNyY0Crb8BrRKIs4uy6y5ScRls3M+IgaAeZZJVfOrQep1d4L80jn8lF3vFBogAZMdziZUgwUJZBeXrX6+1o+24VYYl7+6sRkPK4Hee16EDko6fAdYnqtFW3VsW5IYfJ6kPWWGPjwfoPeivqbmUMiQ3LB+Unlt+n+7EeNMgd9pXrgXisfbLGCbkB1zGnwhrXff1ZGMFuC0dWgqRvxMgpVcyx8yty7krfuir8Rrh8ZFhEkEdeLuJBzmO0TOHp5CjLaJEZQmQ==,iv:SbVJiEsOsKgRVvTlr3RFQ7hhx0Avdq1uZBjGqZ4bBxg=,tag:dr1L3cHa74IYJz85OARMDw==,type:str] - key: ENC[AES256_GCM,data:Kzuu/TvH+tpJRarhFa7wHOaxxTfzeyQRl8dRXl9DWTwWU6QTmePH48gJx5jQ2frt8SsTbR9oaKAfhDh5SUikU9fKHQgQuzEtCQLGQhVzMpKPVq9x7aje2SlTEYu9shClSa2tFXSNfseh7FJSVYKvRRddbkcCUoz18Orzqb2NbIWI6PzFRii3aek37vX0GzexhlrYetYKktTHLNd/Z7mgdSOIKKI2E93S//po9uXKssMkPSQxefbqLoyfbWiLx3IYfRfPh76t/MwnqvqlosUTXy6XEHMshd4/d2e8sGhD6g+4sT/8cBqGE3t2i9dFseMGOUdbe1Jv+L8tAeZeVU+HHGPh8jpukjZhHlWDthLBsf9JrSOhL481krsCh8jtjR4dRR7kKS8QSGhUnBJE1/+Htw==,iv:mapQTrW45/DjuZK4If1bMCsBbyOFchCb4Mlq2eL0trc=,tag:xdUwER7xx8clLhqyZJUsPA==,type:str] - extraArgs: - listen-metrics-urls: http://0.0.0.0:2381 - advertisedSubnets: - - 172.16.0.0/24 -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age19963x2afvcsek4p5sas5n05thusjvzz7gpfknp20666u69jw44lsu5w4u5 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRU9XKy8wclhlU3VGNG1w - RzJpc0llNjlFbDViZXJRUGhxT1dGNHQrdm5FClFQN0dEUXFoWFpROVdzTjUyU25p - WGFmSFZLeUJLTWtrMjg5WUNWdFBrTHMKLS0tIHd0VUoyN2w3WWhLcDVyeWV6dXVE - TWRNUW4wR0FPZmFsQ1RWQlJpWTZzWncKB3TNSrEA1HcnUekpdMjHF6dSd5l223iF - k9ujQLz7PnNe+jY09Q0Ea6vEUKoO+4r7a2m8QMq1J3jtRfuXU41gag== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-15T22:58:07Z" - mac: ENC[AES256_GCM,data:6HUo+9T7L79tIGrp+6JgDh6bdxm1nVTKI0h0cJ5VN+mV6Suz3uMWHcCNLvxUj5shwbqvpgkUKThpMjR/nitrRhRUMn5N2JI7DFPYLtwmGGV6Jv7y0UUHFs0L3A2REFaPnSLmAAyV2Jzv6xUZ9EUtq0mdtdn8LivV1kCxfLizitI=,iv:Y6F5DgXooYlfm5mlhoEPy3kiAhRYPwv6YCtjnG8o0jg=,tag:VkBOVC1sYacovh6EoeKewg==,type:str] - pgp: [] - encrypted_regex: ^(token|crt|key|id|secret|secretboxEncryptionSecret|ca)$ - version: 3.9.0 diff --git a/kubernetes/raspi/talos/somnus.secret.sops.yaml b/kubernetes/raspi/talos/somnus.secret.sops.yaml deleted file mode 100644 index 6eb260cd4..000000000 --- a/kubernetes/raspi/talos/somnus.secret.sops.yaml +++ /dev/null @@ -1,174 +0,0 @@ -version: v1alpha1 -debug: false -persist: true -machine: - type: controlplane - token: ENC[AES256_GCM,data:4/jFZmVndLcxQegyINhC4QJUYQ9Ztx8=,iv:+lk3NbZY23nvMV9aR/mXv9GUCOuuIjb5+W6YIyBZ2MM=,tag:64Q6C3PboCHtlfBr4AaJWQ==,type:str] - ca: - crt: ENC[AES256_GCM,data:sSAp1xc0qohgr7Ttos7bnuaJcvHuSZLrXNm51Vz38C7EpxaYdOEWBbJLZqisfGFRC3YsSwfhdyKhCK8GU9G3WbunSu4TRVOAlFJxrWhLlMCi9rMnrQqACC81r/kdmV6qg2WSOGNiqgwhUVoyNmx4CNheakBLxBwO+Bf4yu+1kx/VYFmkSLROAETxfcUr5y7m+f3Qqp3cnAiSBqDabIC2gaCYpP30BbhCzFzn7A6xGHbFRvg1nSaCcELABpV0nrBp8LMIrZvh5XDrQoT+ilp1Ta4jmfb5ppURNm1yCPqUDnTOxBXyyF0kpBCs91olxU/QRmgSBB4t0SLt4bfscvBVTXp8rkyYlB3lZvGjzq+R07uMgTQtfWhM39R9p+Knf2k3iHxK9A7pd13jQv/lml3ta+KbdyQZgiE9woAG9irgvdkW/B77p04P08ILxOJcisuDb2EeWohmt5j5vPbgThbvWr5x1zzlsChZwD+HaW2/07z7YC4a7M33X8Bz78YXDNVPhfAF2sXnDSnW2M/gIdQFbJvAjwttuohdImNoa/X7Y5cf+o4J1J6YMTgedOer43gNKBUddmdGuHwQ/ZXpomekggGbrsGLXQGbYUNEySogBCWPeI7XijZVOuJjOnPp6ZRVEepfZEfwgLe1fI/pZJfhl3aCuQJN+34e+60AVkB9J8PPKrVpUk33B2P/77hTiQYIsrNIgWuuSA+/X3kihTVLybJ2vjnlkKVN1CkpcuvlItqzYSsB+JD0f4TAZIY4ayahWQ7Bq04XCMvDIQ7z2MBfJ3XUOTAPhM6TnrPQeM4VgVsbdIhNHV3mJ8w9es1MKmdcixqocDAhu1+c+AiW64H07Z8MCjyUxwKsv70QBmJ2glcYIktH,iv:oywKKoENEo2+ycHY0HkkNSiFnbuBymF5JXtNCVQWUYU=,tag:AqpfROvG2HnXqSq6oZO5lw==,type:str] - key: ENC[AES256_GCM,data:EOPkUCmt3nIzFBrNwzOLB1kCFoRPg5XpSSNvm0EDTgOF8/3bbgfB3XdjrdTjhVvzWd1TQBVjJPH0NaXfg+wR+YTUjm0DkMmk0/0ohszeMAI/+5DaH7tfFoPXgSx6NyCyusXFbt3S+D63gF60IqmNzyqc1S6fpZOnWhq6H4HSFcklBU9ZaZ3Ph3OV1FbIDNeHIkhdDAQyaRIJFEisyNF9oxPntYzZTY/oUBEkpBcFOT4P2g2R,iv:bGLvSDinBX1L3jaaNS+lxuUZgfVwbsaWixVc0/eH17w=,tag:d7bqcSFWBBaZ0bSC7A8Ntg==,type:str] - certSANs: - - 127.0.0.1 - - 172.16.0.4 - kubelet: - image: ghcr.io/siderolabs/kubelet:${KUBERNETES_VERSION} - defaultRuntimeSeccompProfileEnabled: true - disableManifestsDirectory: true - extraArgs: - image-gc-high-threshold: "55" - image-gc-low-threshold: "50" - rotate-server-certificates: "true" - extraMounts: - - destination: /var/openebs/local - source: /var/openebs/local - type: bind - options: - - bind - - rshared - - rw - nodeIP: - validSubnets: - - 172.16.0.0/24 - network: - hostname: somnus - interfaces: - - deviceSelector: - physical: true - dhcp: true - vip: - ip: 172.16.0.4 - install: - diskSelector: - model: USB 3.0 TOSATA - extraKernelArgs: - - mitigations=off - image: factory.talos.dev/installer/${TALOS_SCHEMATIC_ID}:${TALOS_VERSION} - wipe: false - features: - rbac: true - stableHostname: true - apidCheckExtKeyUsage: true - diskQuotaSupport: true - kubePrism: - enabled: true - port: 7445 - hostDNS: - enabled: true - resolveMemberNames: true - kubernetesTalosAPIAccess: - enabled: true - allowedRoles: - - os:admin - allowedKubernetesNamespaces: - - system-upgrade - files: - - content: |- - [plugins."io.containerd.grpc.v1.cri"] - enable_unprivileged_ports = true - enable_unprivileged_icmp = true - [plugins."io.containerd.grpc.v1.cri".containerd] - discard_unpacked_layers = false - [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] - discard_unpacked_layers = false - permissions: 0 - path: /etc/cri/conf.d/20-customization.part - op: create - - content: |- - [ NFSMount_Global_Options ] - nfsvers=4.2 - hard=True - noatime=True - nodiratime=True - rsize=131072 - wsize=131072 - nconnect=8 - permissions: 420 - path: /etc/nfsmount.conf - op: overwrite - sysctls: - fs.inotify.max_queued_events: "65536" - fs.inotify.max_user_instances: "8192" - fs.inotify.max_user_watches: "524288" -cluster: - allowSchedulingOnControlPlanes: true - id: ENC[AES256_GCM,data:3mxghKgVIu2ZYCKhlHzX7IOzf8TiikSMwPPRCljFp8AMqpoNOHkAaAenMtY=,iv:h6NMxXqtq4STETV+Xoe6d/f/PCsbWrp7P951YOCVL1o=,tag:Xt3Byufc/sRt/tNLrGS9hQ==,type:str] - secret: ENC[AES256_GCM,data:n78/Bee2cKFw9LjxDsrPGjrAvpBwBYpPr1V7e2lMliJI32+WNXgSxWIcJmY=,iv:8WEZ6HWhSkjxqn/QbTuW6SmQBdT/d5ux2XnRW8xKFr4=,tag:/rpwWCOffXdqOKSazuoxaw==,type:str] - controlPlane: - endpoint: https://172.16.0.4:6443 - clusterName: raspi - network: - dnsDomain: cluster.local - podSubnets: - - 172.28.0.0/16 - serviceSubnets: - - 172.29.0.0/16 - cni: - name: none - coreDNS: - disabled: true - token: ENC[AES256_GCM,data:CWLk0KQrQpNFoEzUnkcIzQEBD9OyaNc=,iv:V8mc4PVgtSKRe7Bun+Sw3w0zCqTP0P0btHI0QTzZB6A=,tag:cDP/OLzoevXQ1JVOcfT8tQ==,type:str] - secretboxEncryptionSecret: ENC[AES256_GCM,data:EG9jPdLH//eAG9Qlhok8DvH0/K71TmQO8zSZP4VAyA1YcdllfS6ej/125Cw=,iv:bvgKuWcutxXK35GXEJ08ZvFF5S9jaVBDUTxDSCQU+mo=,tag:owxr0MoAy8PuWEoDfM30wg==,type:str] - ca: - crt: ENC[AES256_GCM,data:BmdCUlyY2+Qdeqii5SLtlk9jOeshFb1kyjhqFfQKVsU5mnU4PK7kSNcveQcJ3sWwQ0iXaS5ys6j1NRYEq2OgJNgqVOXe2cxxKpLZTjwjKltElTRU6+pVTAojsQZZAkITopQOTaCYRXk1lQcCIoNGGPD3vWUh1CXOkJ/WEE7+VX/ZSdc7IzCfeddlk+cvpC6RffBwQWEadGtqmZhoWdLHffmJUl1e6To2cTeEynRVhIl3toXOKzF4bUQtIwi/A/VITGxw2hHu630m/NYsaH5GCwwvFMbWgqBegdTxhpZ3aAKPWVHxiyqTS7rwBHo6AFo6uqAqgR4jg2x8Rjjxjh59w8B4pf1T/fDQ0PR3NV+137aMIMnQ85G1I95KxXjRzXZsYpbld/SMN39n8tYFqvNfe6jOuAJExz7/0VkJlBdVbOH7xpE8DsEhBPIF4oBQQGLNOvmFQKIhbY7CTCb++vf9T/EIu1qdCLeydX/b2eLwEIVfmCvu3EP5PgGOUau+aWxyrRyZ9yfi0T5AdUcBsrZqNz/liXBkIy1xUNf01Jhf0ooxg+2QBmjRGWEGCWq7n2MiMLFfo6AsVPiiZxDR/zouTRMb8pRGMTYqltPo1bDSgRwen24BWYV1FjcifZGKIm7B5ZgFoib772gjIk6S2cAkCsUzXovbgyS4o+QX9E3TGBf6sgqTN8pqbQ2cO4itH2S06CtALU2XakTI8/lpak8i4Jxeb5J348rcM56vjpnnwKN+qLPQc+XWmMz0+r6YTO98sVEIa6XZJj9P0K3p9UnxJRAdF6AGP0QjTXdBzKHmDmLq4vel6D26PSAdLIY0z0GSLS+FzQ7RAR7YiTRUW/P1U/BjxtXSASF2jqaUpqdNZ3O1dCpLP6pXIrtS7+m0WBSTa5ypEtwDq4X29UjWd5HcQh2lhhAy/vigZJTRMi9k1PgLN/jZmbWgcCLeKZDL9tME/phlv4PF+xfvawCkb/Z3IstSbR2ff63acmzms2+RGsfksV49UHPySrwjKPiO8JFxwXZPe67RU6PBWEyNfzD/3hbLDGAa91KfBOVWcA==,iv:kXTe/v/FNpTynK9SyDY4bCyNtXcUczURYVfa7ttWnE8=,tag:Rh3KUHP1Jodhxxox3BHGuA==,type:str] - key: ENC[AES256_GCM,data:BGG/Hxp9KwDQF0tojRxbVL204OPyau4pTs5ZtZ9v8HoRxR+saF6GHDrJYt5A7u5KRRys2ka0yIpjrpvJn9xH1NKReu6dUneD4I7uk/vMrSN3eCw4K0SUn9lacp2AfX0cQoB0pehFJL05tiTkTCQ+vT3Tyq3MvsgSOGjsF5gqk9f/x2q7IZMn5eddBy6m7iGx/v//zy2BCh35pID44F0M3ABqIKGOisZ0hmKQrHK7dEt3yeM2HOWw1T/JDcozuPOJZjGaMtKBWKdKk+1++lNAE/7GVUY5OTg1Hl9XSndF91R3Rki6mkYG27d5utpuJlPXv0nTvxgVpLT2gChKKv/zlsWXFENd5+JETl1mcWlqIzWG8fWKz5mTVvW3ynyh3iAQLGHGvj9tcsbq4JLHvHb7ZA==,iv:7EY5OrVOSnnysC07jKAeiyzQpWxHU5tt/HYWiWqf+hQ=,tag:tGXdaWb6OPGkoKmKm8NhrQ==,type:str] - aggregatorCA: - crt: ENC[AES256_GCM,data:9REwxKbTset+t7FweJdgljYH4/70OpxrYBXCBq8KrrKEx0Hcpzyan3G7lGYw9aHWNWZh9KqS2mM6jzT6+2c3dAZw/B+vWtBlB6in28vSxXQjWSJXHsNXSKheMxj20NfZrUz90n6IDaS/9H79cwRJRfRIp9qDg6FSgXnfZ+5B0oQWEjbIVchmMRhvnCBuJVZ1hz6yb1vFue9Uv/ygjeFW48qCWa68txVtF9cdkGKlsJynI6/1OYhQLeYF+w1VG8UiT38lwkDKNGRzwRyL+89o+jS0m6FCIKFiD5LFyhoLVN9m2ClOhsJYCIieOza1sRYRaNPDFdk4qB1tUnp4GMm+wkz0/1xNC6yiksa/a51YDkRGgYyQmn6jI2U6KKjpH/D+iz+RZS/dEcF7BcpmBeij2B2EC6nj7vg+bj275Gum+0HaemJ5bY48XaxMv6JGqDSVeIkBLAeQAub7WCgaA7knK6VdGozqKOeYczz0XuFP2ZJqhtDCxKu8WAKNkgcDXmsBC1wVvGskOQfHt61p/yvrj4ss6H5TsUnW14VEccdT/BzPY0ViqGqTgzLmy0XfCNFv5uF1HRmVpZE+owiKd25H/7WUbkKxDKoQa+OndEkUk5urweeIUxPzBc7sEudcGx9FUkWXHBSq3wiFPfKAE1oJ8WJ1dcHhn+oQTqKiPtnyzuDetlk7ct9cY21fdqmr3S5i4Hkjpmxkk7Ewjssi5mhaNCosrl9VY/baWtGK00bRbbWuo+KQd9XiD05dWCmg47DG8Z12FZTbWWvyJiwo2K/lMb7b5Ik/21MxWKFHehcCyigxoHRgjPuotz0IFF1lPh7O2eb4+nqf3XoxxzFVId6GBevkSdR33jgT/RkzGbKoBESEtjGhdm27D5+3ivv9xY6EXXBkMp0GeuNMoW8C8X+5iFS6o/8VRYNWNBT4kg+bGoJWFtTw1qhBgKoWkkoZPoFR,iv:8ZCg6rOSCA0yWsalVttr7rWM79Eacf0CJpWCxUCZd88=,tag:aFSiDkQ05L/vY3iRxq+nLA==,type:str] - key: ENC[AES256_GCM,data:IP1XGXWTKceQaGoU5JKYBmSLm6TLTQM6LBQDWMUGuVVG8q5rE4V1wsQJ5f5umURqLHEiM31W/XrTo+JmJI3ph7qiLFdxsFFHL1OAh0oB2uNHEKW37rpdSu+eAwc4ebcbiDy421dxDmxX2is0KxJNVO5+xyAQ0FODU6fDmmuEnL1bQcO30INOku6XvtWgmJLbVrAR5TCPBE1I5sp5mFhLVdlyOq7hGB4eHXQeOHVLomzc48g38EClQ7lkoOZfj6Zfk0u7pDUcmtqRLkSBKPgDKA4y2a2jmnneKE/PL8jIfglI5FVMIrcB75p3qBzN+6Bl6SGjQGi5Vp39tVC3dz1WAAzCnoMyodSGomeyPoe+njwylKE6vRuMSr9IjpV/GL4NXTgQu/vWAHZmQ+UTA/F4Qw==,iv:YdTUBAGSeuGa4MJ2Xp9g7XfwuTPX10P19ct23iceRm4=,tag:3koOna1iW1GVBz4I6kiayA==,type:str] - serviceAccount: - key: ENC[AES256_GCM,data:EuaNQ6V4IPeXzd7wUjsawDHZ/SHtWMP8d1bf2AiRquZ1kZiN3D+PlpbqcmpepWQ0at30KAhg7+01bDsQyB4Vo+c7FnKfYWKsyYxnCMpQFgGcSwN2fHoYV1fFdkjacikuqMWA8qjGdCtvu/8i5CgXmSUqqdl2vFYZxco0BAR/vX8+VdssvcGyHQfbHMdHEyT6Y1Ao3FfGwNKFb35Br9txE+PjEMpiYujbwr+GAjfK54ZELgnKAfdvQiS5FKzCSMlR+HvTgYknwD/vGcWFR39EwG8Hqik+VMlfR6Ew2q9uGYuKoZ2eYVYv0flXebxGNssoDcYbItbn8ELv851tDNiKyaMUdwZW5yoLexgOuE2hYTSk2c5yD5DNypC5xHUIGR+ZutzzIvyVulh7pyeH2qG8TMQ7qoGLiHUHmp3TMLVeKoRv8fw5vXydJbACvjouEcHwm4C7GQRL3Km86wPF/ipybpkDwhsBxPsUBcJ+lc/QK0XQp/OvkksimoTb3gPPQf1D5l9BMMkPFZ15C4OM7g6hIy6BUKubeaOWARZM8kQ/eRkL+d+E/di0B3XLrQdIB2WZXiL5v76V7GpNF1O0Qy4KeprFlHL+v0NkhWjclltBherjwKqEtFUhSSY6XGK4EhwqhCFnwuFSrA+qXEPlWHbcoV8itiowyE8V/kesrh5RAoircXpnrKWK2wMXNlDmpWS038zQdxegs/gzHrFVKYWsep5jpxMwYzol9EzKjJthL1D7vwo81CbvNwb0tBldapT/xpWFAjhi5nFjRE9TBF+WuCKU0dqbVfi5rIfpoJMHRE6Vez0yj54JN36lV2YVHXqUMRYdsJd6qMxU52v0qUgWfDqK1kXCPvkNoGpmATjdYgO974avkN24G1jpdd1MFTc9OnAuSfy6jVAjLwM7taFPaSFUf4X+2ZlbpdxqAX/4uPoJDkg/n+Qn+Eq83O40HgwlhW91wC+LPxBaDDzISJWCjxeTC7L7kvJhLeKj22Tce2g3uOkWOr7jA8Yoy60NM++hSmoADbDL+LGkcswJ88oUh+ikIcWikQrIuluaIp3Ot2yW746SFFiT3lISCgg1et5YCRHvQmbi6AX0ClGzeiMD01VCDHoNnzNqUNViZs3C5FywDtYDbR8BUD5HXUXbpeU8DdQ59mIr0E5yx4Z+dkV8k60x+PNyNOAJXO8hMh/gh/DDnW92p6U1XstJzY8AxNkviG17EsAKcztvJHui+IPbXecDWWrf59ImYpJV6X94hdI/NDdUVqxu3+w7B2RvKmt8ACeriHrZ8M29xbhHZrU+Www/IuVI9F0yLNSoic3OtMsSd55hPKoKD/WE4aXvtv88MLxfYtZdl67hWEDdLn+ZV2fm28hGLw0qPhKhATYXkprnvoRhQofdJkUXIjqzjDlRzrg2RA7hpC6UgYr/9ym8WUwWEWz4yla1LznyZd4vFfQ4JpiPT6GOC3Ah+gGeaO/5XFmBnV1Pjin9RKvtXr5x5wBPs3StGOHMNb0eBhPbEq2W5xJ+hn6AuWEI3UN+4QSL2UV0a/r6Ph5bkZN0c2LrpFOUyZeg9ADm6Bw6H6JWhddGTQugF6PF+ktPsBR8SvHp7VdbNwepupHfDpjOYKF0E1Lw/ohRDMPxvQ7e1OTDVnRO1UetakFoCjDIfZip9olkYqoVycvgCB/d3cYiknhX9VEQ9KPT/wMlmE8jmM3AhhDDVLMjlndTajNeaD9P7f+i6dKBQ7rB1favwtcR8iJfZTUL5EadaPQzbLJNYvvlJdWm+589VJRq2cjYHcXDELNDSa9ufkkzPhph5YaJ2TwLdtSVDBkY6wRrPntx2dBP/pReWKFTf1DIUGd/oSUjmyYIPmNBTuFN5uul93ZL/zbcxTTcu4Dz7pgzsjTylgdcaw+/kXkOTdkbpytEtxdreiBRLEfDEbnC0gHlTM6VZSErp24Tvp/iaIB0SMUE3wxTSTFBTxdFyiYMjdDaDQM0ERsNAP0u0sK3dQAI2iPytvyccU9Q0JoKHMoxqkjOQfNCcWDj0TxdmHnFlpnmNavrSf2tzYZsOgaJxGQW0sfrQAD/B8QsIdjiw2LLuoEh11w3U2TD3v7EzoloZnlbpFms25v+gw+zeidvKw/LB2H+Hoo/f7tbQmauMFWNVWDOCAxil5TNLezH8ZLXRUfvdGB6HgOBUCvn1i0ntE6J3vAtgOjGFgTxkrFPGmgVuwmORYGKQdObxH81QiwVDGPV0+YHjXJLy9AxWN20SUmMNGCc9vZQ3QKVyBMsGX328OUBkTiTduJbQEpZyBXr9rqOFwcGkCIra3zIRgC3dIX9oJsUPrpdzHbhXN1uH4SA4p5/y18OAMU/srtjrSkbzwVl/q9SG0/DNd+mPYKDeanG+n9rE4xG8xvDRTyVSdXfGuv5i4h14grmSc6Lm1UhXT2cD5DzD/aneVptx1gOGClMdF91vNM4kBf4rCTqvHQs303x2CL70z4zJLEFrzN/e6yw63yWH5KqURKNExvxPDnrMNdYLLilOAZlzMFaqRYLPJ/vimHyulO2uqH89sc1cUnm4wlMPXe/v2k+1NiJvtgbk2rKnNKUV8GlBMNCLJPenxnpRk3wlCDaOHtByy9w17ys+dx1IrnGdqAz6v5RRDgHeC/0uIU1fLokBZ2tdwquPZlU8sdKbjrj2ESlHYGTKco63o/A/VDwid/Lf+tvs3s5qPBRb5tx6VerxHPC5lmQnp8+Xxu363lxHyy+mvasCxOvq6aJmtae+CU3lfRPoczeLxINNPsfvKoOD2d4h0iQc0tCwdJmRF3MOFyzIb4jz3B0JULi1Ze3+ud1bx5G7WYBU5o9FGM7wZyTbhvLUj7EicAyN+Mz7m0EoKRWR4TgYnfJ3HAawQbDl3bF3K1sqNV+Hfme7WrPAEpxFvGcELyAi+LK431oX5mxGRMoaDNLYoyMLN4hHdpW4pZ4kgML+51gUEXLqK6z7ByE7sb2o+VvxZZq8GYXe7+xc3kiDeY3zp8Sih68ibRvwJLiBJ3XnK9AqS4qnqn0pNHhCw828TByq9dkofnPGvKpTrERY+Y+Addf7yoWn10tzVTXObYpEmc+Jli57L8hp+52Q1IaT4KAC89ItwuNdDSt2V5VhB4J9y9/gCpJ3/O9eVjyhWkeGc8wnm9BsH9VB+OaW7eu8iy0E92gP2U0BRu+Tha5KjENO9Hi3tIjDxciSnIM1tcPXMYBaWr+/osmv5StGbO0Sl3fJyAkwnmxkG6kHYNwmZKuarF1TfpLgi/2MLtJYZZbYjZ+bryq2yMsSCv+Lo+H+yW9gF4X9CbeSnSO/X6Wm2lzC4IDxYpUiGTG5OEJcekP/wL1YOLLOYO5KQWlDCEIH7wa1VxDygQ6+m6aNtAntIblpbPVjDVgDz8ga4Zn7yr0rPZ+zUiRKWnt8sn+8qEFLo11xncgHwXkj1JwPjjCziaN4X64iDvnBCRrT2Y9OgKge93il6ys5hTHBG9cLqT3v5dglFQEIzmFW4hze0UXqUsPZHXo587Noomr2EqSeAuYXS6OzNFjFIPXnn9WayjXqwoQxB4Qn+0zt6BvV4BwKonclcAgPHDYOig96RqbMkOGj1uuIrNnKwGZl/14VZypHnLhEvE2Rym9KpIGExRE3/H7iWLk2GLrtYNTvver8VWIB0DEIV1bdC4SfiGBDGT6sfZ+vPFRGXNDrjCRe+6AzIfpkweY1AKLdVVDt2QUE4VW9U9bfCfgKNGxL4gB9AHUQp6uLI5OUslU9WpALgaSP8ctwgpXmhet9266kQSGa1X3WfbOwEVTDmInDuCAMypZv6kl/bF9xpG3L8t4KSjJxAL8vnVBW71JptGZW/11ibZPkTPxfTT9DDwxqBvfbZKgJ2KSa0UHjYiN5CU7unQ11hGIDSQv/99dPLIf71tCNi+XQnjl+qfesv3sJtwRL76T3so+CwtMSGU1halcP2UNUUWjKdtg5p5YWn74kfU5gBp1VcwVpFWOGDVoMOWgoNa4hTJrmx2eGuBSn0TLCIpOUkuhcqlJkmDanaxITTpsBhPGXzQUdyQiD28Zl0dKt+5gbx3VKHgGqFBkMSmnoiHbuIyfU6aPfwKKCO1Cjnb/gZk0xKMUGJKzMgmWbkxvkJRHuXQ9kGhmMAdJau9WqDr67LGrclc45PUtNpVCvfMObu702yO6QwHgazhSjREbOtC9vMiwbWtFFCJDWZOgHBZPo+gWrEIYc0PijeQk7NzES8Lj/ewlfGGFFfs7LaXj1zuXyyuDgZ76j9kXxiLOewXLeCvLAt8nb/tuYedCKQuY7YVhAdSjDeBegTjno5JgZBjZJbdvGznCNZvsQjvcirRT8Eo+vNHqHyCMHYpLqYwi8VoAb1qIzwgPm0g1D9tdTyzCVz1NLFQKfVR8bedPSQRZgQHw/7Cw+3Dy7z94Mo/uWPUMLYAYpy28jtJ9kKyb9QKQ0s+ABo2m38DIQeAq1VJyYzXout02oMvxXrt/DHZ/VokTec3pgc2bFZTRqYvRIDuxVsG8B3WlTnbdkoqoJFxHc8edvTK3ee8VsfVFYj3hevlGTdIDepF0OH3A1yg79IpmtRTleT2awf8ejGPbWhW0BkKdwQY9F/z448NnAqp9jN7G4X+tZf5TjXqUfVc3kecZ9q4Lqi9Xy7KGP5YOYr/aIIDyBxf0jCTdk5knuu6cqZZ+DNN6X2mKjZKT+OwZjmzno26rzlnJZwPN41ViULkpKygpW18nTXYEtSKY/PweW/SmpoJr63qrwPDtDIJw9j8hcuLGZ0WEl78UnN0MSqybM0Xhi0/ozqUXD4IhQm9P0UFUcknkenVbYqDqDscrwY/MGlFS7evWHzzq0zHdyGo0Y3iPDNdrBkrt7+MZ8Z0edeiGs3GqGzgLhpJ+++lTwob6tWcU8xgzl43bY/mPdd0jS8yJie2IK1BaoWBCIwhnIR66tb7ne5diZ5YR+9i6khilcwkTryzcgeetHN8h0bwJLUWP6aNKFd+KBoa3QyJiSkYnll7fpmNDggLAhGyRNX2OKL2aPkm9QAxSG8sEzqJjBEiRw3enAskm3MHXma3krILwKRB0MCgeRTrapzpW65LUyTn5Ivf5r1zi1WtP+RNIQmGnCQ+hoJM+grBWkDecZgTSod7bC8QiY7FoCjErD9qlvTo2UanpZqcRNwvUDswhkuekvIl4IGgEpilLVf2u/HVrXsPRlsKI3ZuXplqgr5hNgLkSN8B/vDj4PaZAv8SGhM95G16jXPx4N4Nwd+iQacafTjUduT+J574/LeXlT+5s34cg33fFK94YBu09K1UqMHZsV4NvHfsfFsFgX+Isk956aM06eUgXB63Smm5xrpY/C/olxtPOOTls3FW69DzCQN80SkQthOuhf66mev2h2Ak3NUiuDznky9+HRjGyaG5mNjbwfqirr8hrm6kYT8PyYskZOwsb5y1iOZm2iQVMd6m39sYrO4EhXVfe2hy6zgFDVrjbU8VNKYii18vqzNmqVJ3DyKiJ6e/RqBwusq4EuOLbj0zx0if+zsEngRracGhXOjJESPtrqhQULQFgDV0apzEznd/HnCdoFhnejEAnO5JT/8WFOlwZ0Ya80+bLV6YUGXpzSe5Xqenip+JBfuqC9TMFjqzqOH+/ISIoPwrfh/fWcAqBoMMjOtrFbtTHzDLPYG9hSi6REAE1kID6+8Amb87jIDCTODKZQiDtdOHn6HGesv6ew6MX4G5z/uu04ippETxrJn4Aa5KBlR+U3qutg1ySgU2ykKIDmyRCTv2xUYink6rH/9VK,iv:I3wSwaUrIpKR4o78/9hE1SrjtGiKEVeg14zqJu4w5DM=,tag:d98yr3Ig62tfnE/jsQRUAQ==,type:str] - apiServer: - image: registry.k8s.io/kube-apiserver:${KUBERNETES_VERSION} - certSANs: - - 127.0.0.1 - - 172.16.0.4 - disablePodSecurityPolicy: true - auditPolicy: - apiVersion: audit.k8s.io/v1 - kind: Policy - rules: - - level: Metadata - controllerManager: - image: registry.k8s.io/kube-controller-manager:${KUBERNETES_VERSION} - extraArgs: - bind-address: 0.0.0.0 - proxy: - image: registry.k8s.io/kube-proxy:${KUBERNETES_VERSION} - scheduler: - image: registry.k8s.io/kube-scheduler:${KUBERNETES_VERSION} - extraArgs: - bind-address: 0.0.0.0 - discovery: - enabled: true - registries: - kubernetes: - disabled: false - service: - disabled: false - etcd: - ca: - crt: ENC[AES256_GCM,data:GoWy+cfbiLEbULoCkFAFCgqw0G2l2o5gaLTlDa0CPDJV31qjjb+uWb2Z9rTTiQ+cKRH4ORpy3/Oj3tEyQProYj0Xn/+OGeG25IDNMdxXsZDlqFV898ZAUdI5ViipydDI9OjLVbug1JVQQsB7Pxs3N7/0OPPE2cAvVZmy8FwpCtbIrKw3L4mtrV6Pt6LL8GLrpF3D0KHVjuOqOU4eWzIEag9vz4O4oF/IpuT5xi/lm7QbttuCkohlzXRf4o6zJ+V+G+NMblWag/F0kn9Itr9U1BOKnawhjCit65QRQZ/PlC60IjRbdS8y3EUUVoQDQSh9zpTttFt/raMFklKzVsAs1jPXlDWJTUbYSk7Y6XRDdYPs1BnOnplgM9HDo6gD6WHA1qIUKxqZ95fT5fL+80UMBiOUeRVJWWyc/8b3rZNeLdFxRAefuWwmdzinffujVi2CETLN2VlEfoOMCQChQCOP2AQ586sn8/fhLg7FUfWJwJD1wFbwMM3doPZ+ARPvvJVKpd78Ct/mTOLxAopVvHEburX5cwZmn2Rv2uvu7ZaapXdWklS9I4l2geIrrKFGB2WVOVtYO/VjsrL+PQ9zbr57y3FIxIbuuSBPGyhd8TQyHxCKWMv6+ffPPgyrRYkF8KZ6iDHdIN/StPFF6CIiQm4mSF/rr9ESLSdd8SovN4b6V2mYMMVCMISU8210SzKt0VBR1Mw6qEA2HG8AdLdG8p9TAejnY/kTjqMyU10A3DB/rti8cNGhTd47fXtbXhl+PpKL94Vcq3o2XCqZyWRJp8SiAOv8StOvDubCoMEOHbSBuHVH+0sLWpH/RUCuGqm62eDslcK9SI/iQvNmVubnib5v7iE/DFw4WcMURahf8lifwXqLKM7PGB4VmRhDNL+meUlu1BCregm5b2tLMteMy0YaajAx7jzjhzfV78EBAqcnjZ8r/htboigEv6LxewghvCISVPX4kto5uOMmPzjzOL5+i4iDzDd5iScISAbdv3YSmetLJmSXYr2g815dCxFb1AfSoN9X6g==,iv:lEc7a2D1gMDxMxfIrb08snPcxKDBotQ6iupbC+o24iM=,tag:1nsz+bhKoBBfsSyXN4H3Ag==,type:str] - key: ENC[AES256_GCM,data:4BDRjbMOWnldAtQ7Bh0YwLdXq+yd3TW5uUUh+YojKKT1zpP3lAH2zO3DegB7VSqkxGTVGRfGCpVGwwXirqs8ggCeHdtAfqFO5wQrD+dS0k41C/SxaYyt7m7o8z2icot6hIOJ2qJyBhFC/Z59KGxiCPOiynFa6/mPWNv893zVONUhj/ocJ+O4mTvzvqq0nhCbiwzkiQsP15iGN6c1PsaBsT2eS+Nbrvo1fVmhjHbKR1HECV+8sYsHhf4Ew4J5T+f3MH36cJfLzeUPa3gaKsNV+FgDaX5cP0qyto23fO/ok0J24idODPchkd126/8OyJS/4KAAYVNYAwTujwUkHRzbFzDLsdI81HpFO4usUypCjx1VcGN4QvngNWiuV4Uc+2buKWRAh/v1v//AMxt+AS2TxA==,iv:G5Nl8m5P5+w67jN0FczWePK432ORgh9y8AurH3iO9R4=,tag:sfqSUr45H7MkVaanx2x0iQ==,type:str] - extraArgs: - listen-metrics-urls: http://0.0.0.0:2381 - advertisedSubnets: - - 172.16.0.0/24 -sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] - age: - - recipient: age19963x2afvcsek4p5sas5n05thusjvzz7gpfknp20666u69jw44lsu5w4u5 - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0Z1REbUNLZTFwaGdsOFNN - NUxlRmZDRnFFSVYvM2FkWXBycTdkaUZjWlcwCkxnV091T3BtR3JKaUZQNU9kdk9Q - ZEZEbUZZUm9vdEVISFhkY1FuSloyWjQKLS0tIExkbnNLYm94bVVYYlZ2WkdWVWZK - c25UTlRGRFlTUis1MFNvV253MU5rdUUKbATDQTgMoV+wgBbRchrF8AJxY0Lmnrc1 - jWuFRSo25US1txAC1i4++SAmc80YTKW+y3OhCp6fYYD21guGpJIH2w== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-15T22:58:13Z" - mac: ENC[AES256_GCM,data:7lejUcNMgkIgRayDkMhjadF7j0rRIMioR2w3o/htR8kt6wHXtOpZPIL8iRWTJoOuMb9L0+owk2BPem3IqIEbr+9CIb0BIAgBeiUoMBJink6rAfhZKBYk36YccnhS04kTaLvhK7ffiOzhZ9M9J9QliYrlJIJG3Fzlp/jfyfIvfPE=,iv:+LEhsooLJ/hkX1QZYmAGy4AyE7X5PWvmSk/XUjc57AQ=,tag:mXu5XvueOS1JLfqsFQdceQ==,type:str] - pgp: [] - encrypted_regex: ^(token|crt|key|id|secret|secretboxEncryptionSecret|ca)$ - version: 3.9.0