From e5b60760b5179a761c577c249d5fa90cf718843f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 29 Feb 2024 21:39:21 +0000 Subject: [PATCH 1/4] feat(helm): update chart ingress-nginx to 4.10.0 --- .../apps/network/ingress-nginx/external/helmrelease.yaml.j2 | 2 +- .../apps/network/ingress-nginx/internal/helmrelease.yaml.j2 | 2 +- kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml | 2 +- kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bootstrap/templates/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml.j2 index 7fbdb805..597ccbb8 100644 --- a/bootstrap/templates/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml.j2 +++ b/bootstrap/templates/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml.j2 @@ -8,7 +8,7 @@ spec: chart: spec: chart: ingress-nginx - version: 4.9.1 + version: 4.10.0 sourceRef: kind: HelmRepository name: ingress-nginx diff --git a/bootstrap/templates/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml.j2 index 21d86390..97134fb5 100644 --- a/bootstrap/templates/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml.j2 +++ b/bootstrap/templates/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml.j2 @@ -9,7 +9,7 @@ spec: chart: spec: chart: ingress-nginx - version: 4.9.1 + version: 4.10.0 sourceRef: kind: HelmRepository name: ingress-nginx diff --git a/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml b/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml index 19c0a83b..b4e54e78 100644 --- a/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml +++ b/kubernetes/apps/network/ingress-nginx/external/helmrelease.yaml @@ -8,7 +8,7 @@ spec: chart: spec: chart: ingress-nginx - version: 4.9.1 + version: 4.10.0 sourceRef: kind: HelmRepository name: ingress-nginx diff --git a/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml b/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml index 5d2ca6b2..67a11692 100644 --- a/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml +++ b/kubernetes/apps/network/ingress-nginx/internal/helmrelease.yaml @@ -9,7 +9,7 @@ spec: chart: spec: chart: ingress-nginx - version: 4.9.1 + version: 4.10.0 sourceRef: kind: HelmRepository name: ingress-nginx From 9d105c90d645613fb3bbc36b039be08c5c9a1507 Mon Sep 17 00:00:00 2001 From: Willian Paixao Date: Fri, 1 Mar 2024 11:36:01 +0100 Subject: [PATCH 2/4] chore: rotate keys --- .../cert-manager/issuers/secret.sops.yaml | 16 +++++++------- .../webhooks/app/github/secret.sops.yaml | 16 +++++++------- .../network/cloudflared/app/secret.sops.yaml | 18 +++++++-------- .../network/external-dns/app/secret.sops.yaml | 16 +++++++------- .../flux/github-deploy-key.sops.yaml | 18 +++++++-------- .../flux/vars/cluster-secrets.sops.yaml | 22 +++++++++---------- 6 files changed, 53 insertions(+), 53 deletions(-) diff --git a/kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml b/kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml index b696e06c..b6ecfbf5 100644 --- a/kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml +++ b/kubernetes/apps/cert-manager/cert-manager/issuers/secret.sops.yaml @@ -3,7 +3,7 @@ kind: Secret metadata: name: cert-manager-secret stringData: - api-token: ENC[AES256_GCM,data:qN8nDIs+1m/g5K0UDtknm67e0TfUYSqOTQt+dZyfiTPhDHsm0O1sNA==,iv:H/VPozoaBMhXJGbbE8cS47/NPNXNPtgStRPti/Y4ld0=,tag:0TX7N9tHXiXkYm4iiIzVfQ==,type:str] + api-token: ENC[AES256_GCM,data:PqepM6SunL7LziIiLMzJ/1SyS1oMK6qs5I51f7NGOVT0DRQrWyvQxw==,iv:93wdr7JMwoeIN5tpX/BhkQ1GYdCiY2o9BdDNBUX1tP4=,tag:XnIMCJaOnwTbn0ufE4sr8A==,type:str] sops: kms: [] gcp_kms: [] @@ -13,14 +13,14 @@ sops: - recipient: age17ary36xtm566uptguuhsj7xmuqzyz06ce54tcf6p3mge2thphqfs3gln40 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0UGhUZkJHVkpuVkQyTUFU - VWNCZjhTa0cydlcvZVdQS0tpblVZbG1ST1VZClgvd2gwb0Qxc3VmbkhWdHFrLzFy - d2greU9XeU8zN3U4dlpqZ1JUcEx3RW8KLS0tIDY5SUFvMXRSczZqdGJhd1g3RUVL - MXZDdU5ZYUR1eGNPd2dhY0VpRnRvUlUKwM1pk0Cfs47Dqn2xMW6dK+afJMkkVOVN - hnVJiw/U0sKXiRidHmGJ0OhNbB6n2ndYq01fOOhnKiUxfJ6lv06+cw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvOVdSYW1hUTU1cEVXUERG + SkRVWi9tRGRMR1BXZENqcllzRGcrb01kRUJZCkhyMVdPa0laY2pBVVcxYVFmbC9z + VHBxaUZtWEhJd3FuL0VTR0cwL3RUSUkKLS0tIFNWYkpMN1cvejZ2SHc2blVOQW9V + RVZ1Z3pKLy9SNjI3ckhQQzVJOHBpMzAKj8J0qrtDUNgBRs3FcJYk91C7iJ8s5eqW + A86wED/9ZocprCIDM9HKMQ9vY+/taixJehop1w51qXbjc5qEr0AAIg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-29T21:59:07Z" - mac: ENC[AES256_GCM,data:M08/V/Cvlmbu7v/Fp5VEyoZRMMgytbZV6EYSC3l+J6QBiSJk7r2PkJ8OjpvdS+ccj+WHbwrQqg4QnlDK6j3UBhfR4kEcQIKvtfdSYTmYvCDSQUI2P1S206v9H2/rcAtoCNG7h982qQcDXArDKZTLikO0C7xfnsA2jNqditUUBEU=,iv:Q6LGDvMTBtfMdyBPMzY/HYRYVPXmcMPECpyho7YpUp0=,tag:tr7U5sHnelQvOwuLN9x5SA==,type:str] + lastmodified: "2024-03-01T09:52:16Z" + mac: ENC[AES256_GCM,data:WdiIaqjW6yCrOICrlAuxAh86I0N1TJ9hoAVrRbxi01lrtkdmBmQ3+qKaCA6/1Vg6hDj+54eNsG3UtXGw8qjOWeMMUA4z/bUZ4j5oDkbBrliN3fIBaLJA6VIllRWzDaCI16fSEc0cAfk41fbCqb1eTV7HtiCskufdiUSrBHpP11c=,iv:F8xyL1KI5t/PJzG0304Nh1vCLoX/u4g6XUp7KDljTWY=,tag:JtkC4cEvU+5yQAKelqGmNg==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.7.3 diff --git a/kubernetes/apps/flux-system/webhooks/app/github/secret.sops.yaml b/kubernetes/apps/flux-system/webhooks/app/github/secret.sops.yaml index e147b20b..c386d42b 100644 --- a/kubernetes/apps/flux-system/webhooks/app/github/secret.sops.yaml +++ b/kubernetes/apps/flux-system/webhooks/app/github/secret.sops.yaml @@ -3,7 +3,7 @@ kind: Secret metadata: name: github-webhook-token-secret stringData: - token: ENC[AES256_GCM,data:1M2GTBNIAve7Bh0iLEbgqwYWA+WcVRTc02GiW+BNLWY=,iv:jbOn8qJ7/v2+zIdNyDbGoNDjvb+QSQcq0Y6o2kbIAQ0=,tag:sHEvUNERXmzqjxGK2X+B2A==,type:str] + token: ENC[AES256_GCM,data:sQLD3jawanGUfwUKzjUbS8zhE/lipfCJWZxubciTBQA=,iv:BGhSqrHUgBkfFoqvOpGpwpCg1VW41OIajPgMicl2N9U=,tag:7ARaePyeO2GO77QYqS5m6w==,type:str] sops: kms: [] gcp_kms: [] @@ -13,14 +13,14 @@ sops: - recipient: age17ary36xtm566uptguuhsj7xmuqzyz06ce54tcf6p3mge2thphqfs3gln40 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxMWZMb2p2YVRpOThyMHQ5 - ZkEvanI1czh2Q0xsalV4a1VDeS9seFFrTlRJCm1XSmcxWXlBcjdvVFV2QUlSRTBI - eXVLMmpvcjZibWZNTWZ0YXpxTk5CTk0KLS0tIEZPWXYzNEluSGtWZTl4WVcrK0dj - ZktYQ1NQT1R3dXJGSEs4a1Q3VHZsZXMKQocWf17wJPBf7CgI0QlfN7P9WgOi9CcB - TtwaGv4TFvRfMJ1YcuiZy4snikqUmlDORcMsqiZAZdWAN0W5Yeh+bg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDRE1MV29HMld0SjFYYyti + clhqR3VGWHNvSzVpeU5ZTVJZYUVmL00wY3lrCjJwdFZNNDc5UFdhOGhIWVVZNTVo + ZFlkb29SZVpsZmVWTmhHanFaTjh4TTgKLS0tIGFXL1FHNWFuK2U3b2NrVDV3b2Fp + MGdWeEhscUF1eENzK1lzYTBodHJoYnMK7zI1OxIzw4pksqo+TlhbMf//2M7ciw10 + 801xOdfQ6FzyqplZlR2o9F+hiDUyuWmb5SuPCBZEQEe0krvxhoU8sw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-29T21:59:07Z" - mac: ENC[AES256_GCM,data:Vr348Ie49Jzb2YyJpvkjrFDboUjukR582Wcn/NR48oJEQWv9Vs2a0w3+Ek5Umi63KN8MRn0JQI7vjeDmr/++odfJYd3caZbSjxcuMiyDiM3GlhwX8k6ogkmyATP8Emf4Pb8B774Hf2BOVP2JBmgp/22ep4nUfl1+FPpZZWGisgM=,iv:c60cx1SU0Ly7QpMcZ+Mr9Q/dExkVG5nxzqFqc7DMEas=,tag:N42+yl7j1fm9PQQjTji3Ug==,type:str] + lastmodified: "2024-03-01T09:52:16Z" + mac: ENC[AES256_GCM,data:WQ5UUZhprKDNm6/ilOfBbeqo6vnpaZB3a7abvRPBZQC0tZXaiM4RBy9HKgBfFAI9eSGFNeb/dRZiSDpST/+AVwiJiRCXUC7nxUIWzcHoWwFJUyIBGVOgod0QhFD1YHgju57jyZ3tT477TiBJDKxgw/Zp5WQYqViNW091mlGVlVs=,iv:z8WvYwi/t9dFmA/QAvlTqUGeI2f9dD9XxOkcJuWETJ0=,tag:PD0lwdOmv3OXDMOAZUHLQg==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.7.3 diff --git a/kubernetes/apps/network/cloudflared/app/secret.sops.yaml b/kubernetes/apps/network/cloudflared/app/secret.sops.yaml index d121e8c1..1b91830a 100644 --- a/kubernetes/apps/network/cloudflared/app/secret.sops.yaml +++ b/kubernetes/apps/network/cloudflared/app/secret.sops.yaml @@ -3,8 +3,8 @@ kind: Secret metadata: name: cloudflared-secret stringData: - TUNNEL_ID: ENC[AES256_GCM,data:wQKMWZra5W7/RyBnVrBPpg5YVTygoFUaanK/KkL9Gp1VXkM7,iv:5ZBK/LN6guDMoEGT+n1fsWH4Sqt7u1UCSqAFhwV6Zp0=,tag:BC5wCikHXbWXAU66hb5LuQ==,type:str] - credentials.json: ENC[AES256_GCM,data:RN1ZJdUio2GA8gQseph+y/cm3t7QdQS//xBIasiJAeHYlL5Epx6+13GqbUoUAbCtxMJrvy51qRsWfKKL5aNmtL+cHvZQd5YmWIlGfHaO4Rt0KhJVNgAEhJ+SQKEZtCZe2s+kyxxz6P8cH7gKOpt5ncJCsa95viSK3hoCf1GgesjZh/JbZgmpL62ntE8cVnSVFbigKnOFWWXeRrfERRXKV52o47ATHtx0y/CX3SK8Aw==,iv:7n+4lgS4L6m97gnAE1yuwx7LM9U5SrEmOr0/q1iC4TY=,tag:RQEoIucLaTnMDkLI8wEVqg==,type:str] + TUNNEL_ID: ENC[AES256_GCM,data:ALZCiOJNWf25pV57NmfZkeYuSt0lmuUTLG7zYnfhzhR2CsYM,iv:63iALFWhqCC9WR9FKi5WKSIK8dcfvbjo/foepJcBRPA=,tag:EzaPa/RJzqm82cOerXJXgQ==,type:str] + credentials.json: ENC[AES256_GCM,data:1Bawo/5RIid9weAL9Vbdh7xiKdvEGlo3i4b0Bxbn4xEWzxCKZSamoTrJml7lTQCu6ao4jLoUmn/TIn1997Z8Aypy10vvzwwLPGMrDnzHKk+WB3G5eO0lkVEylW7Fef6zTT7bWSRvIcMZJU089up2lygQ5NXDiAOlNJW2SaABfkeDgGLM85t+ZywLTllMnSSinMHZZz/LlKdog+OZDCWGU+twBPJ5FQHOTktiFyaFWQ==,iv:OCo+mvn+3bjct4kCFYkUm6Sxisuqp2uHKlEJ4S4eZG8=,tag:XYYBackJAdfwnGYqlG423w==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age17ary36xtm566uptguuhsj7xmuqzyz06ce54tcf6p3mge2thphqfs3gln40 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHYXhnYlBFbE1ScFJXaWcz - ZkZwNXBtYkowd0tqeWhZVjUvRG5ienNHK2tNClZldFRrRUE1UmpkdHJtTFhaNmNT - Um5HeHE0dFZEUDRHVytFRWFzcXNDbWMKLS0tIGZzYm51ZUFSSHhQVTYzd0c4RlN6 - d1JKYzVPMU81VThabThBTlZMc1pGUUkKkGEoYhIhWBSUD9E1FZSbYnGQ9/g18In3 - MHHTSbb3I2oOMjw8xwQvJg/FGSdjsGEdJJmyAMRMekTdVVeMPP83nQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQNjc1b2RRYTk1aU1ScDd3 + cnVyTWkzZk9RVVhRWTVPTEdKQ09kWWxJbFZjCjdiSFBycFU3QlJVZ3ZrMjh5MHph + VkhSb1RNV2lGc1F6RFZDWjlTSk5EQ0kKLS0tIHZYb2RwNlpDSlJlOWdvOWIyM0FI + K1ByQWZjQWI0VHhESUVhR09ReDlYU1kK9GGM6MoBtOZN5JB31gGrQLbk/RVAWNiO + kb4tW/tAvM0Sn9gy3EQVgqyhulvA68LpmKqN5k+qDutBc4Lk8JfPYA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-29T21:59:07Z" - mac: ENC[AES256_GCM,data:RF9+oEQjJEyH3fxAih+jC3/BzYBcErPFjOZ9P2ZlqhsZWgsOoo6yxo4fDEbwAr1Zkg+Q5gO0MBCVyAjHkryA7zWbnS5TtP/ymNyNj1/n3xvq4GWOgUi48RXtJ3vCXzxCka7KVkU089sOvdY56wnulrkHQRix3e0fPHo3k0Bkuyk=,iv:dt5HGbk4jmCjwy8XwSCw8+POphT3wXWSxysnt+fu614=,tag:2obwCNK2svzFtOtOPgoFWQ==,type:str] + lastmodified: "2024-03-01T09:52:16Z" + mac: ENC[AES256_GCM,data:hWp8ol6Ez2OcLK58yeDOBitoI+tXYYzO0QSILPKD9LDFzucAqRkziH0ig+i8GXg2oLhrN8Bq72MoV3QZEAQQ7otuxs3g4FFAEAp1fM7hrEYB2ZddwMnp8e55O/XBT8UWHKppBysH64ZUz8SJq5Fp6BEneq+mF+FMNiT921c5dNA=,iv:v0Zi0ahHFLjeY3pHJQNCPqm9IafmwhjTa5e4PpZuYkQ=,tag:Vu1xuWHc9L1r3NkOQXaACA==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.7.3 diff --git a/kubernetes/apps/network/external-dns/app/secret.sops.yaml b/kubernetes/apps/network/external-dns/app/secret.sops.yaml index 092cd9b4..d195dfd8 100644 --- a/kubernetes/apps/network/external-dns/app/secret.sops.yaml +++ b/kubernetes/apps/network/external-dns/app/secret.sops.yaml @@ -3,7 +3,7 @@ kind: Secret metadata: name: external-dns-secret stringData: - api-token: ENC[AES256_GCM,data:xnEiy72DxHYYgFUFBdljkzQAhyFCWQUJvsCEgq54MbP7fr/v+CXxhw==,iv:h0fPl1mLsNyicIWizpgvwKFA7JoiohwdFmBkBrQVBNo=,tag:RJHoxCv+0FnR4Rk63cm/MQ==,type:str] + api-token: ENC[AES256_GCM,data:Sy1STMtf44Q08ee+mZJppSZzdPkKcOPngZy2+2elKWkGIKgfPLzTMQ==,iv:nVzztD6YQ63LAjpeZNRKaJi9P+GDRPXiv8dQ448myjQ=,tag:mbC6V7+lOxOLdivd3pV0CA==,type:str] sops: kms: [] gcp_kms: [] @@ -13,14 +13,14 @@ sops: - recipient: age17ary36xtm566uptguuhsj7xmuqzyz06ce54tcf6p3mge2thphqfs3gln40 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUXhZODlBUEZLd1o1ZC9h - YkVHQXA0VHlvS2RsdnA3dFJ4UjUyWDVvY1JjCmZXcEVFM0o4b1FWd2JVZkZuWm1h - M1Z3NGJGRmdIRmJZVFlGYWJHN09JekEKLS0tIElCVUVzSUxlM2VydXdjWi82K1pp - ODd0Vi9xUzhpWUdDRmFVZkRZSUxEUDQKCsiHX0MBrRijFbZVU/f0YP9AGF+FW824 - zs6aYFgkIhWwmWN0A8qLOPMdX8ENZAfc0CfSFNHdASmvhSEJ8nSzcA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCSVdGMXpWcGVBUXd6NERK + SGwwSXJxY0pDMjJ2dlpLQmx3WkcwYUg3dzFJClNDSW56M0dOdnZRQUxHSk1NVjhF + ZVUxQnE1TVA5UkhQajl6dDV2NElBL00KLS0tIDA4ZkVTQ05ZZCsyOHVlRjNEWXlK + eFExVXp6T2hIRFlCVmU1bFQ5UW5TM1kKyUbN5ubUgxsWovp1kFrDl5WWjWjdoUni + 6CwZvn2JiXbgXsIjwBtPIkNLipB03jjxM40ae3CKjSO1qOFxJWbkrg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-29T21:59:07Z" - mac: ENC[AES256_GCM,data:lCUZa+r4lQW9UNgdvpJFpyWmfwrOpPUtCzuescgFEwQevF24jWtXfMa4hZbup6RISrITYHaFprmtK/9Dz7EUiOuCWL/t32MFz4U6sQe7pg8LgxLWAqAZIau4B6kp1nkdWotXyY9YA8KFmtQJonudTdBEvYFqhWGZg4FknO22YYw=,iv:Ly7mNb2p4UJoHkk7+L24oGN3PzGjvd83gfG2YkvjNYA=,tag:HLOdwKENurQpYS5/W0PI7A==,type:str] + lastmodified: "2024-03-01T09:52:16Z" + mac: ENC[AES256_GCM,data:1oFa7tUiLgVmfD3IH0E8BBwEz/8Cg6KffWUFDYCIzIgV3fZvd9HYrppXxSiDTHg2c2LtmmcFgAf8p0FIclQxZ55At0WeCgJ6Une3QoW/fL95eAVhCcC5JXlvEtK2ViuIDgSc2mNuZmy9h9ye8+DbYcJPTFreCFndYCiB1Tlz1t0=,iv:5BwdOdvSjXNb1yUYegkoWra9qcf1r2nFpuOMPaI0+YE=,tag:FVfcKCQfaT5erUppQN7U7A==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.7.3 diff --git a/kubernetes/bootstrap/flux/github-deploy-key.sops.yaml b/kubernetes/bootstrap/flux/github-deploy-key.sops.yaml index a4c97f56..df702e18 100644 --- a/kubernetes/bootstrap/flux/github-deploy-key.sops.yaml +++ b/kubernetes/bootstrap/flux/github-deploy-key.sops.yaml @@ -4,8 +4,8 @@ metadata: name: github-deploy-key namespace: flux-system stringData: - identity: ENC[AES256_GCM,data:o001az/PxiedKi+7ftUkDWpJSAtNZS5jlSwhZFYPHyQrRo7xD10sSmn0MVbq5wfcY5wldEF0HrfbgEkkKVExnZmuw3X4ZVpVfBSj8TcTsO5P9jE8/ZDIt8YmjAu7TooZf8CU1ohaSk/b93/9LI9paRAf4OgzHEiGO09dvniIVipwIOYUN2VhDdQXxOQjj7HzTx76bMw7sDOyfMAdVGPagDW84V9JSg7UZ3sW0DWuBGdFjOi7ehzl4Aj4M0nyFZBn0TdiLVpqs20TxQhNWhLEwrz4j9NBbBHQfhSlE+ss/jer5H0ZeDY9GjXYOsFdfq+OX5lScQfsjizZqkdy+yutZ1d1Ruo8uTvYG72IQ08C37/CeXek6KzTaYu/TrtYmi7WPld+ZLhUjJ1iRyRTBOrl/A6fnQClohsKNkbwWa8TxMOhpPHj3ClIhMfzVj9brEv4C/eKbzbpM6NLq4DTsAibbYpFQtfemtccOybrshHpYeR42Y8H2wPuz54M7AsuuvP0HSKwHHA3xmoGOazEO04VlkM7xV2OQelYhqI2,iv:bLG0x8FavZr5jOW+FP0pllgnFJTn2EmblUGjKZ50yJ0=,tag:EjFn/9wBpmhe0c2inv+ezA==,type:str] - known_hosts: ENC[AES256_GCM,data:J6qByCuCK39q+k1Nhl8DuQWAE2jSCEfjh5TIoOA5TLvL8xMCFlV9h5Mx85jf74HB9GTEuwCIQoEgLjt9j5OsrfuKEMEj0yL1yy2Cdyx6fGz4ESnLunx7TWCcwfSzsi7G01SrSxlZpvYGFAcrz8QxJQaDG7ZkA+eL2BdeOK5w69K8MpV6elINiQjbIjH0pSdqMwRM0lDI3BIGUQ0O9oKQ8GHxNhyXnpxvDUX1nwiMXFBE2RAaYOTmAht1Hoifh7opLdUo66PvhYmhBTR9kuR5i8crti088m70HzVIzLgG9BiesqELcwjy3GpyckedIKjQOXbiUkTZugAl+j1F03kTTIRATIDAAAdtIgea3mGOj9KgC6WIN7SwwAsowC8+XYdivkD9JQk1n70/wGzXNPhU1zUesTMiqtgXDXsuAtePSguISfkxATOZAtAvXNi2Ezedw4nqpSElUrwX1S3J9u5S7ODao9/rfD9ZtnGl0JT5DYnbNdDCYYV7vdMv5+VumbXkhcjSFXWwO1yro/XLvzrQluza97xRQKv9pvGzA+Hvi+4PTb8rxfgZ1UlFBnwEDWB79ziC38Cym6czRVgHwOMef4lNsmopAvk0f/C9VCGQsQQ2av1mcwftk1Nd4dAUr17gwYtM8N9oruafjfoZ/s+V1DDsklN8AXmlsAASpj8rhlZlnj2ExtFN6HxRQUN08RifLTyoistNNSJXYz5MIbeR3x1YRboQRGEgR9pmhf7uUGfYLrdXd9dC1XpT13aIdZR5gwni8L7E7F1+XpZVymTIDbGmk6gI8aJ0URFyLc+k9BvCE/1Q5wgALQKhUyXprku7g5HSnbhCB8zXReAfb36jqLgRZQp4xhL/01LsDBAzD6EtZ+yrYJsxrsrs6lHpK9UWYlhzkqcdYwdzOSKzEjtJXmJMa/pbc2PhOIH/lteP/i15fxZalJLZKdIO1WFSd5i1usPxz5AEYeO3vm0yQp7YiP1xRUoQ6G4qbKv3IDZ3fIqXImqw8KxVi1e/y926I/oGdUE7IFQ7WREmkrtinw2vv4EkoELsXSYsQRYlU45/2nWUNuffF5Li42SXhK0TnWpuvfErtIcHth0N9eVn,iv:ZCFXMeKPLVRCrYghan/xLhpWyvj+rmmVw13wdSOw+zM=,tag:xiLgnue/gpZmEfumTduMWQ==,type:str] + identity: ENC[AES256_GCM,data:qzK9OvrW0x9SXBcomSaBNvffbbVGymssok7jCxizcVnSmemgW3xZsx+Ql93TPcXVAlMGTsNgC9mCZCqCF63d6KFhG4A5r2qGl6NxFHpU9gQ4tkiHi6a9mpZsGzutlRrAqMErw4K8Hus2touHXhHqQD3ixf4LXP3RLhjWL0cSLbS9MQqsXox+CCSF6y1OEZeuHDGir9i8m3KQ2JCLYjcREoQp7kz6ToEd6glv7g6hu6qMz3vcLyy5mGg9ZQz2qPgd0aQ+Q728GdpyxxbpiMtLsfXZoTvwulUC1ZiWn4XAbMEoL9ygJZod+pCaotVyJTdMM2lm/IKK/OJbnqg+pplDyISmsxBMNI6NGuUS1FF8MxqhCprNOaIJyhHohEMt3fhh8HA0F5WdPaiJ8oR5DlWAj60u0kIR0Y2LU8OFFNYOuO+65d+5XUQlpPz+c1Ju1hkAkjxbCB5hd2ZK6nPqlgRCHJZMCgg7rsB3Wkis1aRUvy0/9/5Uq0brElMG0p7fmS/Kt15tS7gXgV1CoY4yrSMtsrNfvbbhesZNOEBN,iv:s6XBoBSfzT7oZwLmdyVgc7vs5ZohYSRcALVpyyosVms=,tag:t3FpMeKpreabZq6M71oG6Q==,type:str] + known_hosts: ENC[AES256_GCM,data:a8lF79fztyxGAKgkhaXNOqj+b5uVzVlM/WVZvYPyxI/IeHFn18C1g1K+ybxlvlj+AI4ZNXwzSJo8VpTapEUdf6bM0jzCiqLdo2qrMJVvPYPVHBMtnNp7LT1TinB15bLdL9U/v06jOM0+09Ey0ouTGKZbYIMHjGnUSfpMj+3aqQyy/kR0iTftiSHW/a/+19VudBv/uDfJy4yjfrc5sRgT0/hpDNOcP3SSR3VAjTyRRVCIp4X2UVPPBGVdTjYNRUASbQNIgsAj3r97nsySAJmkSROaF5ccptR+zLgR7j5HCp367TJ3buvC9hr8bB7Jab68gCmHeILmnthhTgTW8FAnrmSJONihr+htxqjSVin1QKPArER+xFMFGopxyIB0Je4ddh+oFi0Lzo7GcjXBy4Z4zknl+bu+1OeSe/Rk82GOIkLTIfZM9PFBEUridEgdRJnKWk7zK086kfq0w3YkynKLxIbuHMFQ0jHujkrja54nLZUjHp1o4ostC+dUZnYFhnxxlNUjyoXBtRoOKPiQjUNnTga5o/DQJ/Q6/4l78gIAr73yAz8/SZc6kFI9BHcT9MERLy94L4E4GF4J8GCVJ372ZJyRz/beooUg7Rk0dGY9rJtEA6Ia9SoHevQ40VZBmeEfZARXe0uvmRYlBn1PrAhSHRXAYn104Lifqeo/HT1HBP3b0gSw2+S6/pNTpGixhFNFYTFJrRzLHS2f2tGqVXC4xNhq3h+pAtNO9JIyd5z2TC2iXFAal5cS66HEAADyKILClEfp9GgFxb8BV5MYVY25bCXxifIl3W47DDyFMHe4N3bdu+7NFVNjLdsNMwcmyUDaBk75MER0mChOhx1mQHk/NlGJQ349ip1+VQ3CX5qISf5ndQ1H4M4b1HLTJa1FYPr6TnZfwItMY5wvOJE1J0pqbiVmqadLjznWgYq8aKTlTeZWVde2V0/SaPfzC13cXYAUapD/9asHsfAm2G2RmHGjDuaEPDvsEOH0jUo9BYRMphEOjPM9rGZsFjgIL8DgZGbJKHScVKxqkoq0r01tnk6YV11xWPHRjn90bG8XZplviaH8W5BZgyqSF0wbWoTXHALKA7+O7nFKaMVZcmBG,iv:aw97O6YN0rG4wuD7hjEPUC3MO38CDP0ZzCHQriPEvCI=,tag:viFSjQJfM5jtnDqEMF5zNw==,type:str] sops: kms: [] gcp_kms: [] @@ -15,14 +15,14 @@ sops: - recipient: age17ary36xtm566uptguuhsj7xmuqzyz06ce54tcf6p3mge2thphqfs3gln40 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoWWtHMmxZc3VGMDYyRS9n - WUlZV2hmVzNwbndMd0RPUHA3cWNVTlpCUDM4Cll4cU5BWWx5dk1VSDhHQkF4eWVl - QkZqeVh5cUNmTFhoL1JRdXhnZU4rdk0KLS0tIE5XYXZtdVlWM2U5YVh0QWt4b29w - TUtXMjAxU2hwbGNpd25yTXk2dHpWK28KO4tk93kIpBwZmFID/bfcyBHl5e5h4ksj - tY3WXCinf3e9Gl+oD6EImuDAr4MmoabvaIqWqvbltVGvkZX9SPyZuw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2eVkzcTNjNFQ0U1FlNkxI + T29vV0lyN0pxY2xsOStZb2xSdTgwNWdFdlY0CkRlR1JOb1hsRUhaTENYcExGK1ND + NExRb1p4dkVlc0hxT2h2bzNaYWVTNkkKLS0tIEJIeHZKanIxOXljTENTcWdVUGdl + Q01ubmRqV1dRUDA5cHptaW56VGhwSVEKJJAwWA9Fnxqqql9PaqP5wDQ1cCPZn1S0 + 3r4llAQH+CP37Z+rs3O+LT6n1wEtr0bnVJkK2KWxpiyILZpP1uxUtQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-29T21:59:07Z" - mac: ENC[AES256_GCM,data:AuHTDass1WM4rM5Pnr5lAFuNIxWPqNhVOa0DyxF3OTowCCpUgOiQyNQCwukkz4cr4WXv+JRMWq0huwxCY/Ggw3sLCMA9depxgW3XrayiVnjuLHwvR5sj+uP/xLWm1mE6xIx4rYqZEQ1TSDsQ+XjUG9gmu+WxiPU8Zn5/i7K4bC8=,iv:45bKEESSSBqUPLtsrXVXyilI/jx6Sx/e9Is0VC4yvHo=,tag:MLGZva3rbe9cfyu9n02thg==,type:str] + lastmodified: "2024-03-01T09:52:16Z" + mac: ENC[AES256_GCM,data:z8IV8b0Qo5VySDSX5EnXoUzzNgQC1sLVzaCupf8PUl92jsJqVSTW3SoTiFiAlx4F/eEgDDkeHteh/65G46mo6abtzfUXW7uW/xvTcNl9Gmryv5xs1OKhxBUrNavYBHmnC7XOgHn3RGUUK9wIipm6VtOIKt7lNRs67/V0gTz7XvY=,iv:7wKN7/tGoVhM/xEtuo2+VlE2M7nPrzKsZ+AbSIhbHLc=,tag:+rPOIB8Fs6N9blg/yEmbng==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.7.3 diff --git a/kubernetes/flux/vars/cluster-secrets.sops.yaml b/kubernetes/flux/vars/cluster-secrets.sops.yaml index 3cea4c25..2ba37e0f 100644 --- a/kubernetes/flux/vars/cluster-secrets.sops.yaml +++ b/kubernetes/flux/vars/cluster-secrets.sops.yaml @@ -4,10 +4,10 @@ metadata: name: cluster-secrets namespace: flux-system stringData: - SECRET_EXAMPLE: ENC[AES256_GCM,data:SODFzxK9yd6dZgGX/tF2K5n0bevXV8/D+9+RjzZw5H5uhyt6ekUzhKURbUDQVmX1WLV3ZJT8TD3w7xArXG1Ro1jSkQVxOH4uFUgrozYlCWc8vKlHCBkUAiDtwgDbwA==,iv:DOUCgXs2aa6CdC7LaPGR08bX4DR8yjPFQ+KrBmq8OYM=,tag:4gsuYaMF35L2KDm3q4cxdg==,type:str] - SECRET_DOMAIN: ENC[AES256_GCM,data:6Yk7R2V6FXiPF8qr,iv:bxuQezJ/xps+XvYi3EsTBShM2XQDZFoP3b3hf2aAxy0=,tag:xErnu28hK/VXS8LzUUhrcA==,type:str] - SECRET_ACME_EMAIL: ENC[AES256_GCM,data:uj7a29j+NMXHyFajLNxE,iv:J9tpgMqXJNk3i8BY+B0K8JO6ldmTUZ40F9qR9VfQ76Y=,tag:YARpJMlGnlejWEqXOQZSwg==,type:str] - SECRET_CLOUDFLARE_TUNNEL_ID: ENC[AES256_GCM,data:2i7ZG3QgJ00CEkQmTRpW+i+1xbUtmLbywrr4t2UFjHmbDxA5,iv:CZ7F7Q+OpITxzoSBUguAf7LSY2YVJPXrh1fDglsa+oE=,tag:bx/bwoA4LKfXKA4brGcFTQ==,type:str] + SECRET_EXAMPLE: ENC[AES256_GCM,data:AjgQuBqGwBvfXRBxmYWnWwFRKMG2iTwTNV2Q9DEr+xWIe+x68BGLHSFzUXjKuzxYxSwz9FLRGuPvfo1dH3Kkb/XodG5moj37O6nnMNcTwnJpb9MRkzca3hbaoc/3ug==,iv:uCRiFhD59xmgpzQSChTIDzl4oOxvoIBvQIqtfktFgV0=,tag:tKQONZzOifUw81xSbM4Zxw==,type:str] + SECRET_DOMAIN: ENC[AES256_GCM,data:WX8lAtj2zAfNqRhg,iv:+XkuXDUKEw41dp60wpC51CAy2//iD7bCZCMh0em5BEY=,tag:2KeNzULM6lQP6zIfd6O4vg==,type:str] + SECRET_ACME_EMAIL: ENC[AES256_GCM,data:JpnRoJkdjLoJteYrB0c4,iv:iGK9t0/8jfo9/8u+svCfet5Ern9GJiiEUYHH2JqU+V8=,tag:h8TSA5L9yDGoiIZpn/+nPA==,type:str] + SECRET_CLOUDFLARE_TUNNEL_ID: ENC[AES256_GCM,data:19NFcUvNftaGkDozipvK/lpcJSdiJhc58idcbA6IJt1m9c6X,iv:AwuGDHI85fZMGAdwB4j+V9HeT5DcuajPv485laa2e+M=,tag:0ui2sAFaprAI3ywDPjhnNg==,type:str] sops: kms: [] gcp_kms: [] @@ -17,14 +17,14 @@ sops: - recipient: age17ary36xtm566uptguuhsj7xmuqzyz06ce54tcf6p3mge2thphqfs3gln40 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOQUlVb1NaMkZoK0w5YlNQ - UkcxMTE5djBjR3JGcHVqZXUvR2JqbUlTcmd3CnUwbXBGeThGWW1RbWNjWjg4cmZI - TFdVRnpGNUl2YXFiYUswdUg2K3JvTWcKLS0tIFpkY3E2RmI1bjVrckJMRVk4alJC - ZjBwV2U3RVl3RExZaG5JRDNnZHNhREkKPq2QJqDYo8UMzylzNNSzK4dduYMa6ClV - wtSSELE4ub01m+qqYDUNTM6k7BGNscnhxPCdJVuJNPdwfEL+3jGz0Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHUWZsdUxhRlAvaWU5T0tD + QXFIdTlJUFRTcEVNakJycVB5Rmc3OUNmaEhVCmtRazFCVUZsVWNQTWxuQjdjK2V0 + QjFqaStUTUVMZjhMWnVWYVcxOGU5cHMKLS0tIGUwVlFLMGxVdTNpWGhleGtDd20z + c0RXYlRUc01hQ3FPTmVJdVorTy9CZXcKHMJ9U4Q18oEoO+laqatMzwlAJdGagot6 + QhpltbJCydCiiXSx4itNQjxAD/uK92Hrb4AvU9e2U4IGkOvcrKzWeg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-29T21:59:07Z" - mac: ENC[AES256_GCM,data:+w3oGaDBzIQh3U6mrsEF32L9iTZpHfkTYe9ES7UKhCOrmsOh8ABEyWhqKRAaQ4BsHr9L22Yt0W0nznxOBM/RC723EfNWU3uNBqHC93jlVmpOyTQqywZkpVnTKo4hfPfGPQi/52ZUpomAPzGkKaFdjtyv42iA+7O+3Gjzmex63Hs=,iv:uRnRkINy0/eniYKs9R87qN0gOfNTl4bnBzit7tZu5A8=,tag:S5wxjRdXPL6WVsPR6sfxvQ==,type:str] + lastmodified: "2024-03-01T09:52:16Z" + mac: ENC[AES256_GCM,data:hISsV7wFfYR0sGL8gNrhXL48khls9y2rv6mUqKlkS638c+sU76F7RNmA0kLOQXdNYdwB0xmXF1ta1YOZUDsyLdM4QlhCpoM3anPEvA2xwY1TCQRqDMp5gthjcLJEWLwYVwzm11pqng0wW1ITnzJL42nM5J19iPmQyXBeKtPNoCM=,iv:sanZcbzQnmnQ7PZS+tBVaNMJYmBPJAiAcRiB4S0TGHc=,tag:x6VYyUhEUTgI4U7xhXAzcA==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.7.3 From 8d68ad18c88aaad7be1389139fdf3b0b7f050c36 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 13:26:09 +0000 Subject: [PATCH 3/4] fix(container): update image docker.io/rancher/system-upgrade-controller to v0.13.4 --- .../system-upgrade-controller/app/helmrelease.yaml.j2 | 2 +- .../system-upgrade-controller/app/helmrelease.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/bootstrap/templates/kubernetes/apps/system-upgrade/system-upgrade-controller/app/helmrelease.yaml.j2 b/bootstrap/templates/kubernetes/apps/system-upgrade/system-upgrade-controller/app/helmrelease.yaml.j2 index dbf59f8b..6670f7a6 100644 --- a/bootstrap/templates/kubernetes/apps/system-upgrade/system-upgrade-controller/app/helmrelease.yaml.j2 +++ b/bootstrap/templates/kubernetes/apps/system-upgrade/system-upgrade-controller/app/helmrelease.yaml.j2 @@ -30,7 +30,7 @@ spec: main: image: repository: docker.io/rancher/system-upgrade-controller - tag: v0.13.2 + tag: v0.13.4 env: SYSTEM_UPGRADE_CONTROLLER_DEBUG: false SYSTEM_UPGRADE_CONTROLLER_THREADS: 2 diff --git a/kubernetes/apps/system-upgrade/system-upgrade-controller/app/helmrelease.yaml b/kubernetes/apps/system-upgrade/system-upgrade-controller/app/helmrelease.yaml index dbf59f8b..6670f7a6 100644 --- a/kubernetes/apps/system-upgrade/system-upgrade-controller/app/helmrelease.yaml +++ b/kubernetes/apps/system-upgrade/system-upgrade-controller/app/helmrelease.yaml @@ -30,7 +30,7 @@ spec: main: image: repository: docker.io/rancher/system-upgrade-controller - tag: v0.13.2 + tag: v0.13.4 env: SYSTEM_UPGRADE_CONTROLLER_DEBUG: false SYSTEM_UPGRADE_CONTROLLER_THREADS: 2 From 524b5776c0e14410d19af9df001ebc19c077ce58 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 1 Mar 2024 13:26:13 +0000 Subject: [PATCH 4/4] fix(github-release): update rancher/system-upgrade-controller to v0.13.4 --- .../system-upgrade-controller/app/kustomization.yaml.j2 | 2 +- .../system-upgrade-controller/app/kustomization.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/bootstrap/templates/kubernetes/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml.j2 b/bootstrap/templates/kubernetes/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml.j2 index 74d66703..49f35511 100644 --- a/bootstrap/templates/kubernetes/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml.j2 +++ b/bootstrap/templates/kubernetes/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml.j2 @@ -3,6 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: # renovate: datasource=github-releases depName=rancher/system-upgrade-controller - - https://github.com/rancher/system-upgrade-controller/releases/download/v0.13.2/crd.yaml + - https://github.com/rancher/system-upgrade-controller/releases/download/v0.13.4/crd.yaml - helmrelease.yaml - rbac.yaml diff --git a/kubernetes/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml b/kubernetes/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml index 74d66703..49f35511 100644 --- a/kubernetes/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml +++ b/kubernetes/apps/system-upgrade/system-upgrade-controller/app/kustomization.yaml @@ -3,6 +3,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: # renovate: datasource=github-releases depName=rancher/system-upgrade-controller - - https://github.com/rancher/system-upgrade-controller/releases/download/v0.13.2/crd.yaml + - https://github.com/rancher/system-upgrade-controller/releases/download/v0.13.4/crd.yaml - helmrelease.yaml - rbac.yaml