Skip to content

Commit

Permalink
second draft for certificate management with cert-manager
Browse files Browse the repository at this point in the history
Fixes: aquarist-labs/s3gw-tools#193
Signed-off-by: Giuseppe Baccini <giuseppe.baccini@suse.com>
  • Loading branch information
Giuseppe Baccini committed Nov 29, 2022
1 parent 5107606 commit 4148a41
Show file tree
Hide file tree
Showing 7 changed files with 243 additions and 76 deletions.
117 changes: 84 additions & 33 deletions charts/s3gw/questions.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,90 @@
---
questions:
# General settings

- variable: useCertManager
label: Use cert-manager
default: "true"
description: "Use cert-manager to provision TLS certificates"
type: boolean
group: "General"

- variable: tls.publicDomain.crt
show_if: "useCertManager=false"
description: "S3 TLS's certificate (Public Domain)"
label: "S3 TLS's certificate (Public Domain)"
type: string
group: "General"

- variable: tls.publicDomain.key
show_if: "useCertManager=false"
description: "S3 TLS's key (Public Domain)"
label: "S3 TLS's key (Public Domain)"
type: string
group: "General"

- variable: tls.privateDomain.crt
show_if: "useCertManager=false"
description: "S3 TLS's certificate (Private Domain)"
label: "S3 TLS's certificate (Private Domain)"
type: string
group: "General"

- variable: tls.privateDomain.key
show_if: "useCertManager=false"
description: "S3 TLS's key (Private Domain)"
label: "S3 TLS's key (Private Domain)"
type: string
group: "General"

- variable: tls.ui.publicDomain.crt
show_if: "useCertManager=false"
description: "UI TLS's certificate (Public Domain)"
label: "UI TLS's certificate (Public Domain)"
type: string
group: "General"

- variable: tls.ui.publicDomain.key
show_if: "useCertManager=false"
description: "UI TLS's key (Public Domain)"
label: "UI TLS's key"
type: string
group: "General"

- variable: useCustomTlsIssuer
show_if: "useCertManager=true"
label: Use your own TLS issuer
default: "false"
description: "Use your own TLS issuer"
type: boolean
group: "General"
show_subquestion_if: true
subquestions:
- variable: customTlsIssuer
label: Custom TLS issuer
description: "Name of the custom TLS issuer to use"
type: string
required: false

- variable: tlsIssuer
show_if: "useCertManager=true&&useCustomTlsIssuer=false"
label: TLS issuer
description: "Name of the predefined TLS issuer to use"
type: enum
required: false
group: "General"
options:
- "s3gw-ca"
- "s3gw-letsencrypt"

- variable: email
show_if: "useCertManager=true&&tlsIssuer=s3gw-letsencrypt"
label: email address to use with s3gw-letsencrypt
description: "email address to use with s3gw-letsencrypt"
type: string
required: false
group: "General"

- variable: serviceName
default: s3gw
description: "S3 Service Name"
Expand Down Expand Up @@ -75,39 +159,6 @@ questions:
type: string
group: "General"

# TLS settings
- variable: tls.crt
show_if: ingress.enabled=true
description: |
TLS Certificate for the Gateway (base64 encoded, CN must match serviceName + publicDomain)
label: "TLS Cert"
required: false
type: string
group: "TLS"

- variable: tls.key
show_if: ingress.enabled=true
description: "TLS Key for the Gateway (base64 encoded)"
label: "TLS Key"
required: false
type: string
group: "TLS"

- variable: ui.tls.crt
show_if: ui.enabled=true && ingress.enabled=true
description: |
TLS Certificate for the UI (base64 encoded, CN must match ui.serviceName + ui.publicDomain)
label: "TLS Cert"
type: string
group: "TLS"

- variable: ui.tls.key
show_if: ui.enabled=true && ingress.enabled=true
description: "TLS Key for the UI (base64 encoded)"
label: "TLS Key"
type: string
group: "TLS"

# Storage
- variable: storageSize
description: "Storage Size"
Expand Down
26 changes: 26 additions & 0 deletions charts/s3gw/templates/certificate.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
{{- if .Values.useCertManager }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: s3gw-cluster-ip
namespace: {{ .Release.Namespace }}
spec:
subject:
countries:
- DE
localities:
- Nuremberg
organizationalUnits:
- Aquarist Labs
organizations:
- SUSE
provinces:
- Bavaria
commonName: '*.{{ .Values.serviceName }}.{{ .Release.Namespace }}.{{ .Values.privateDomain }}'
dnsNames:
- '{{ .Values.serviceName }}.{{ .Release.Namespace }}.{{ .Values.privateDomain }}'
issuerRef:
kind: Issuer
name: s3gw-ca
secretName: s3gw-cluster-ip-cert
{{- end }}
30 changes: 0 additions & 30 deletions charts/s3gw/templates/ingress-secret.yaml

This file was deleted.

8 changes: 5 additions & 3 deletions charts/s3gw/templates/ingress-traefik.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{{ if .Values.ingress.enabled }}
{{- if .Values.ingress.enabled }}
---
# Ingress
apiVersion: networking.k8s.io/v1
Expand All @@ -12,12 +12,13 @@ metadata:
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.middlewares:
'{{ .Release.Namespace }}-cors-header@kubernetescrd'
cert-manager.io/cluster-issuer: {{ default .Values.tlsIssuer .Values.customTlsIssuer | quote }}
spec:
tls:
- hosts:
- '{{ .Values.serviceName }}.{{ .Values.publicDomain }}'
- '*.{{ .Values.serviceName }}.{{ .Values.publicDomain }}'
secretName: 'certificates-{{ .Values.serviceName }}.{{ .Values.publicDomain }}'
secretName: s3gw-ingress-cert
rules:
- host: '{{ .Values.serviceName }}.{{ .Values.publicDomain }}'
http:
Expand Down Expand Up @@ -87,11 +88,12 @@ metadata:
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.middlewares:
'{{ .Release.Namespace }}-cors-header@kubernetescrd'
cert-manager.io/cluster-issuer: {{ default .Values.tlsIssuer .Values.customTlsIssuer | quote }}
spec:
tls:
- hosts:
- '{{ .Values.ui.serviceName }}.{{ .Values.ui.publicDomain }}'
secretName: 'certificates-{{ .Values.ui.serviceName }}.{{ .Values.ui.publicDomain }}'
secretName: s3gw-ui-ingress-cert
rules:
- host: '{{ .Values.ui.serviceName }}.{{ .Values.ui.publicDomain }}'
http:
Expand Down
58 changes: 58 additions & 0 deletions charts/s3gw/templates/tls-issuer.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
{{- if .Values.useCertManager }}
---
# Self-signed issuer
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: s3gw-self-signed-issuer
namespace: {{ .Release.Namespace }}
spec:
selfSigned: {}
---
# Private s3gw-ca issuer
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: s3gw-ca
namespace: {{ .Release.Namespace }}
spec:
ca:
secretName: s3gw-ca-root
---
# Issue a root certificate
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: s3gw-ca
namespace: {{ .Release.Namespace }}
spec:
commonName: s3gw-ca
isCA: true
issuerRef:
kind: ClusterIssuer
name: s3gw-self-signed-issuer
privateKey:
algorithm: ECDSA
size: 256
secretName: s3gw-ca-root
{{- end }}
# Let's encrypt production issuer
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: s3gw-letsencrypt
spec:
acme:
email: {{ .Values.email }}
preferredChain: ""
privateKeySecretRef:
name: s3gw-letsencrypt
server: https://acme-v02.api.letsencrypt.org/directory
solvers:
- http01:
ingress:
ingressTemplate:
metadata:
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
46 changes: 46 additions & 0 deletions charts/s3gw/templates/tls-secret.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
{{- if not .Values.useCertManager }}
---
apiVersion: v1
kind: Secret
metadata:
name: s3gw-ingress-cert
namespace: {{ .Release.Namespace }}
labels:
{{ include "s3gw.labels" . | indent 4 }}
type: kubernetes.io/tls
data:
tls.crt: |
{{ .Values.tls.publicDomain.crt }}
tls.key: |
{{ .Values.tls.publicDomain.key }}
---
apiVersion: v1
kind: Secret
metadata:
name: s3gw-cluster-ip-cert
namespace: {{ .Release.Namespace }}
labels:
{{ include "s3gw.labels" . | indent 4 }}
type: kubernetes.io/tls
data:
tls.crt: |
{{ .Values.tls.privateDomain.crt }}
tls.key: |
{{ .Values.tls.privateDomain.key }}
{{- if .Values.ui.enabled }}
---
apiVersion: v1
kind: Secret
metadata:
name: s3gw-ui-ingress-cert
namespace: {{ .Release.Namespace }}
labels:
{{ include "s3gw.labels" . | indent 4 }}
type: kubernetes.io/tls
data:
tls.crt: |
{{ .Values.tls.ui.publicDomain.crt }}
tls.key: |
{{ .Values.tls.ui.publicDomain.key }}
{{- end }}
{{- end }}
34 changes: 24 additions & 10 deletions charts/s3gw/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,30 @@ ingress:
# 'enabled' will deploy an ingress resource to the cluster if set to `true`.
enabled: true

# Use cert-manager
useCertManager: true
# The name of the predefined TLS issuer to use (s3gw-ca, s3gw-letsencrypt).
tlsIssuer: "s3gw-ca"

# The email address you are planning to use for getting notifications
# about your certificates. Fill this if you are using s3gw-letsencrypt issuer.
email: "mail@mailservice.org"

# When not using cert-manager you have to manually specify
# TLS certificate/key pairs for all the services.
# Specify values in Base64 encoded in one line.
tls:
publicDomain:
crt: ""
key: ""
privateDomain:
crt: ""
key: ""
ui:
publicDomain:
crt: ""
key: ""

# S3 user interface
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Note, the UI will not be able to access the RGW AdminOps API when
Expand All @@ -22,11 +46,6 @@ ui:
# 'publicDomain' is the public domain of the UI Service used by the Ingress.
publicDomain: "fe.127.0.0.1.omg.howdoi.website"

# UI service ingress TLS certificate and key Base64 encoded in one line.
tls:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoVENDQW0wQ0ZHdGZRakVmZ21RYlZVZWZpN0I4U1loNGg0ckpNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1IOHgKQ3pBSkJnTlZCQVlUQWxWVE1RMHdDd1lEVlFRSURBUlZkR0ZvTVE0d0RBWURWUVFIREFWUWNtOTJiekVOTUFzRwpBMVVFQ2d3RVUxVlRSVEVXTUJRR0ExVUVDd3dOUVhGMVlYSnBjM1FnVEdGaWN6RXFNQ2dHQTFVRUF3d2hLaTVtClpTNHhNamN1TUM0d0xqRXViMjFuTG1odmQyUnZhUzUzWldKemFYUmxNQjRYRFRJeU1URXlNakUzTURBeE5sb1gKRFRJek1URXlNakUzTURBeE5sb3dmekVMTUFrR0ExVUVCaE1DVlZNeERUQUxCZ05WQkFnTUJGVjBZV2d4RGpBTQpCZ05WQkFjTUJWQnliM1p2TVEwd0N3WURWUVFLREFSVFZWTkZNUll3RkFZRFZRUUxEQTFCY1hWaGNtbHpkQ0JNCllXSnpNU293S0FZRFZRUUREQ0VxTG1abExqRXlOeTR3TGpBdU1TNXZiV2N1YUc5M1pHOXBMbmRsWW5OcGRHVXcKZ2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRFVHaXVtcFVPazVqaVlIdVAxV3ArNgpzYk14d2Joa0thR25xTFZ6d2t5QW9NSU8vTjl4N0c0aldTbytBNUJHSkxmQW5IcjBkdmJ0M1hMZGdYbjJkMFFmCnllak1pb1BzdlFJQVhxU09wN3VVcDRGNUJ0eldRTVp2ZGw2NHdrQjZzLzVqUDN2Mnp0dzU2UUlPaUMzMjE1K1UKaFZzckJkWDBHQ0tJUDlCeU0wcmpNZGFjVWxJNysvWWhaeW81bm50OGRMY2V6WktHSjlBMWgvVHFEMDg5K2FucAo2dVhTbXpEUkZpWVgrbVQ3d1ZZNXZzam9VQXEzN3o4TU52bjJiOTU0aEh1ejB3OEt3anJrTmtzZWVtK2pidXhzCitrUzlzV21LYlRFTkZubUhYenBHZDJ4bnNFSUNNV3JBRWpTTjBrd09mT3laQmlNU2puekdSNnBmN04wV0ZBVlIKQWdNQkFBRXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBTEN3bDZiR2lHeUkxUzdFcmhSMkx1bFV2VTVXMW8vcgpYT29sTDFxVkdoaWluQjdzQVlpb0k2MWtzMzJ4Q2sxTjhQSHNnWWgrR2x6OXNjSEN5RnVzdUcxTFFmdU1EVE15CjBON0l6NlFaeXVDc3RYcDBldWsrVjg1c3hzMGFRREJHZVg0RklZYWdpeFRwdUlId3B0YVVpODN1M3cvM280UDkKQzVqdng0eHZqeldlZGNnUklDVlBFQmw4dVhuL2FLR0xzVlNRK3pKRUdFaTkyam5pNE1iZVNZZnZCM2lmTlpZbAp6WWNxWVpMc2FSNDFkd2NsK2ZXN0twS2ZRUHB0SVNtcjlEd3VBc3cvVWpPTHpxY0J5Z015N3VSWTlzTXRERFJ5CllSSXFlbWY2RjJyZG9iV3dkRmFYU1VBc2FZR1JJQzlLL1ptM2k3K1lzVEdIZ3AvRHR0R0tWY2s9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBMUJvcnBxVkRwT1k0bUI3ajlWcWZ1ckd6TWNHNFpDbWhwNmkxYzhKTWdLRENEdnpmCmNleHVJMWtxUGdPUVJpUzN3Sng2OUhiMjdkMXkzWUY1OW5kRUg4bm96SXFEN0wwQ0FGNmtqcWU3bEtlQmVRYmMKMWtER2IzWmV1TUpBZXJQK1l6OTc5czdjT2VrQ0RvZ3Q5dGVmbElWYkt3WFY5QmdpaUQvUWNqTks0ekhXbkZKUwpPL3YySVdjcU9aNTdmSFMzSHMyU2hpZlFOWWYwNmc5UFBmbXA2ZXJsMHBzdzBSWW1GL3BrKzhGV09iN0k2RkFLCnQrOC9ERGI1OW0vZWVJUjdzOU1QQ3NJNjVEWkxIbnB2bzI3c2JQcEV2YkZwaW0weERSWjVoMTg2Um5kc1o3QkMKQWpGcXdCSTBqZEpNRG56c21RWWpFbzU4eGtlcVgremRGaFFGVVFJREFRQUJBb0lCQVFDazNUYkMwTURVb3pLbwpZNUp6ZXg2ZklsTVVRT3pQeG1CbURzZ0VFNm9kYlZlS0NOcXlGY0hDYmlOY2txNkpKeTlCWXlCYmQwRVd3VVB3Cmt4eTNEQnVDemhITE0zdTUvMnhYMXpqM3ZiOGJuRndTTTloaUhYVmczRlJpTG5PcUxOQjJXcmxEcmFVV3lsd1QKNlp3NHUzL0tGU0k1UGM4QmJlVWhuT0NzYzl3bzNYL1R4YkFPd01Nb2JLbGxuOUk0NFJtRXpVeEpxRXpnUUh1bwozb0VPVzRxTWdVN0FQL3dZY0F1em04NThPMTNRZ2NYeGN4SkxzV25jNnJrVFhhYnlCVDl4aU5Xc1IvZGp5K215Ck1icGlMa3Y1TGlBUzJVOENTTjVRU0RwWnZqSk9jMkFka2tqcmNDZzhvNXpBUDFSY2NPc1J2dEZhdXVMTlZRZHAKbTVmRlNxWUJBb0dCQVAyWndNYnk1VFpyclBhT0NqRTFDY25NRTBnWUlVb0owc1lkbzgrSjFBa1lHK3o5clQ4dQpWYUh6TkY5dHprSXhKNXFSMS9vaFdxN05WRnhYY3VVZExVT1NOU3A4aVkremF6QUkvOVZWQzdEaHFVL093VW5KClk5eHhTbWsxOHVrTzNNSm8vK2RVdlFqU05YQk5oWXhBMnZYUjBMdkpHV2U1cXJMd0d0V2lzNCtoQW9HQkFOWWIKNTNSYmVRYkYvdHdyMG1lMjRVSTJpOHBCc3NTTElqaEdVaHhjb3VXNUR4cnFtR3RtUzZUdnJyTEFHK2VRY2VGTQpCQndJUXdpREt1NTZ5Vkk2WGpFMUZzRE4ydVZnU1lDeWlBQ3Q5U28vMURIQzNQVXlIOGFyZVVXU2xjTDhCanhCClNLUmh2SGdFVTZhcXp1VUFxTTVZWmd5T0kzb01rWnI0aXNHMVhsZXhBb0dBZXc5ekpwZVRkcmNGZFpjemh2RlAKMEtiQTdJa1pEazU2QXowNjBtajFoWHczZ09jUWZNcEZMNU5PNU1mcUFPRE5jUW80bmQ0MW5RRnlZR1RuRWhyNApiZ095M08wVjY2K0s0Z0piOHUrVC9yOWlZNkhXMWJGdVRmaUR2VTQ2azdGc21zSk0rN3A1Q0tESTRiZ2NpQlNvCnJBU21uNWxVUktzcUZDN0ROc3YvQ2tFQ2dZRUF5VFgrQk01MTVWU3ExeFJqcms0aVVReGJ3SjZQTnIrZVVBNWQKMmdPQW5xeVVNbkptL1A5c2RUcytEUVFXOVQ0OGwwTE4xZDQ1eU1VajBtd1h5Q3ZNR3loT0VyRWlWazl2by8ragphaWdRN3p4KzJLak01NnpNU2ZNWmk3VmZBcGUvOEY1VnV3MlNoYU5qVFl6VjFFWVRYWitiZjQ4UWJnRmowS1JrCkdmaXRDWEVDZ1lFQXk5bWR6Wk9lK0xjbzh5SHZSTkRhUk0yUHZxd010MWZmUWF3eDJYelB5K1dJcHVnTXVVRDcKQ0orbmM4TlVPR2tETVlMRDEvUlpuYTNCaDJYZ045TnJvMVhjSkVwTEgxaEtwWGVOWXkwMHZNZVVrRGFCMHpGLwpUZDJjTE9CRHo4VFRKSURud3RwQTdDVE5Gdk1YTzZKWkFCc2l4S2RueHJ2TkZZT3ROa2dmWDhzPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=

# --- Developer Options ---
# imageName: "aquarist-labs/s3gw-ui"
# imageTag: "v0.0.0"
Expand All @@ -44,11 +63,6 @@ publicDomain: "be.127.0.0.1.omg.howdoi.website"
# 'privateDomain' is the private domain of S3GW used inside the Kubernetes cluster
privateDomain: "svc.cluster.local"

# S3 service ingress TLS certificate and key Base64 encoded in one line.
tls:
crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURoVENDQW0wQ0ZIM3NKM2NEZ1N3MVJuSUl4R0FkVjVTYWwrNy9NQTBHQ1NxR1NJYjNEUUVCQ3dVQU1IOHgKQ3pBSkJnTlZCQVlUQWxWVE1RMHdDd1lEVlFRSURBUlZkR0ZvTVE0d0RBWURWUVFIREFWUWNtOTJiekVOTUFzRwpBMVVFQ2d3RVUxVlRSVEVXTUJRR0ExVUVDd3dOUVhGMVlYSnBjM1FnVEdGaWN6RXFNQ2dHQTFVRUF3d2hLaTVpClpTNHhNamN1TUM0d0xqRXViMjFuTG1odmQyUnZhUzUzWldKemFYUmxNQjRYRFRJeU1URXlNakUzTURBeE5sb1gKRFRJek1URXlNakUzTURBeE5sb3dmekVMTUFrR0ExVUVCaE1DVlZNeERUQUxCZ05WQkFnTUJGVjBZV2d4RGpBTQpCZ05WQkFjTUJWQnliM1p2TVEwd0N3WURWUVFLREFSVFZWTkZNUll3RkFZRFZRUUxEQTFCY1hWaGNtbHpkQ0JNCllXSnpNU293S0FZRFZRUUREQ0VxTG1KbExqRXlOeTR3TGpBdU1TNXZiV2N1YUc5M1pHOXBMbmRsWW5OcGRHVXcKZ2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRG9GZkhzQ3BCemZJL0NqSUh6N2RmOApoeWR1Y0hxVjZLbDhkWndFUVdOTEE2TDNQejdyZFA5L0Z0ZndWMlRUR05rcG9ON3BOOStoSUZJbXFtNjU1czJHCnV1WHhPZlJ5SlhieGdSMHZaVGpGaTNjVDZEbG8zUW5QbzBvWWtiQnhhMXE1cmZuakxESy9ZNUZiQmZKclIyVkcKbUNhZHJBam9WMmRpWWhvVzNBcXNsb1FqMEJ4OTBXdXlESVVuR1hFRitxUThCQ2haVkZFSDlrdWZDMVFwTE5UeAovTUFjbGZpUUZIc1FFc3IzN3cyWkx4U2NZS1NPTmJBYTc2TkRDWEJrbUtQOUpZSHR6U2g5SjFteTBZOGU0akQ3ClVlWWpybmdXelQzZmNQVWpoUVJXaUxjZkFtQ2t1UThxcURESU11akkxeW1hMFlWN3lGcmh4dWkrSXZkMzFzSHAKQWdNQkFBRXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBTXM2ZS96VjhTN0RpVkg0a1dKeVRyNXdvOE0yMU5BcQp3cDhacjFnMHVrUzZ6TkVaeTVxcEF5UUlCVDhpaDE2RHY5QlhhS1NZb0Qwc3AvNmV1MXM4WGxEUjVSL1NmSmNlCklpdkdHR0xEaVdBTDBXcEI1bDROeXVreGJRNHNoYkdzdHlkUnNsTXNhQVRHNDkra2tEYXN0Tjh4UExlVi8veXAKNFdaU2w5eHk0UUlLcjcxbDNRUmE1Z2pXU1NNamNhK1NCQzhuaW5jdUxPcTVYVXAwLys1VXpvZ2ZvMm5EZG0vQQpVdC85bnR0VnVLbDIwVi9EdWlzOXQ4WXVuM2ZvdE5DTjZBRCtFdnJ4NUR5bm13N2hwWER0SFpzRGYwNjJZU3BkCmtGM0dJckFNTVBZTFR5cjZWZmI1NGVNZ1Fya0pxUVI2VDFNaitWMUxtRVZqRFBvbmdFOU5nR1U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBNkJYeDdBcVFjM3lQd295QjgrM1gvSWNuYm5CNmxlaXBmSFdjQkVGalN3T2k5ejgrCjYzVC9meGJYOEZkazB4alpLYURlNlRmZm9TQlNKcXB1dWViTmhycmw4VG4wY2lWMjhZRWRMMlU0eFl0M0UrZzUKYU4wSno2TktHSkd3Y1d0YXVhMzU0eXd5djJPUld3WHlhMGRsUnBnbW5hd0k2RmRuWW1JYUZ0d0tySmFFSTlBYwpmZEZyc2d5Rkp4bHhCZnFrUEFRb1dWUlJCL1pMbnd0VUtTelU4ZnpBSEpYNGtCUjdFQkxLOSs4Tm1TOFVuR0NrCmpqV3dHdStqUXdsd1pKaWovU1dCN2Mwb2ZTZFpzdEdQSHVJdysxSG1JNjU0RnMwOTMzRDFJNFVFVm9pM0h3SmcKcExrUEtxZ3d5RExveU5jcG10R0ZlOGhhNGNib3ZpTDNkOWJCNlFJREFRQUJBb0lCQVFETkMxNWlpVzdYNld2bAptVmZTMkFhajRCQ3hYUVNnM3g2bWpBM2NJSjBHRUY5eGk5b2VFbzhNakhVWnJVeXh5RmxNa3dsK0NOUTF1YVY2CjdjYkh6YWMxYW5odTZDSVVtdzc4RFhOb2hVaGtGM1NNRFBaenRCM1A2ZGN6Mzd1QWFUV05xS3lHeld6RWRNWmUKSWVIc2IvYUZLVFdzeGVwVXc2dmVXd2ZydkZwZDRTcHFjZVR5SWRqdEZKanNHRllwamlqaDF6eVVGUmhEYmVjKwpFTXZHNkxWSjNkd1hKbTRpRlFuOFl4WkdVWm5GRzB3dUYwUGNrT1JwdDZ5TitoRXRkejkzTW5DVnQxQmRmdFVDCnYxMzZ0dEZNck56WlNFdEcxU2dsWXBVSHFPTk8ya0R3VTd0R0xZMm13ZnJxYmg5TWlnK1dxdVRuQklpeHBMVUIKZXkwN2FpaFJBb0dCQVBsZXRxb2ZVcjlQaUZpVldpbk9UR3htaE9PekQ2OWJPK2xLZ0p3Tm13Y2VIUWh0aHVIMgpKTm1xcFFTTU5HTW1yeFM4bDBDL0k5THBXb09DKzhTTjlWcXlXUzN6SkIwa1hxMmFNcE9ZbzZBMVdHY3l4YjVsCnlTajV0cVpoM2FzM0FrMFMvNjFwcWZrRkJaSGxwM1VneW03Z2lyWDdiZ2JHVi80MU9TejlWdzROQW9HQkFPNUIKbHZaaXd5ZSt0VEJtU2VkYjRZeEVyemwrTjNSVTRUV1hRVnRJY0loVnUzK0N1bkREY0R2UmhweDZhdHNXZE15SwphdUFHODhKY3YyZHl2VFlGUi9XYmhmMXEzclhPMkpZNjV3VkhDdEJOS0FZVEFYM0JWbTNldWI2S1JibWYzRjJ6Ck1SUExES29VU1p0MDR2RkVxU3hzY1BLa2YvSlM4MFFlZ2l0VWE2aE5Bb0dCQU50Zi9TWVFSRVZVL0VlaHJCNFgKQkpoZ1lBdklYTVlSWnRWRzIzbHRacktPUlZCQ3VtUlNtL3g0Nkk3bG9MaVJNWGoycDhFbjVhWUg3NzYrSGlxKwpEOWhvQ1pnb3k5NXZQbk5Pc2F1eW5rKzBYajc3Sllib0dGMVp3TnNDUVhYOEFLUTVVSUFIOHFYRlN5OGNiNExWCkJBRWl2Q1I0T2tUdmZEMkFLUHB4TElLSkFvR0FlOHRRcVF4LzRqTFE2aWo3MVY2RVB1R2hPZm8remc4Y1JVQW0KRVV2K1RKaGZKODNCR2I0eW5xSXJrenA0TXdYa0FqTVpmUFdmeWlsdXVrMS95b1hMOGUyeEhROWVVSkQ5TUhIQwpmNWQrSXVVMEdwUGRmbjNxYm9QL2R1VlpmUzEyenFqQW8wd3BkR1crS1N2K2p1WGlFTmIzaU51NEx5eXlnWDVvCm5DTHRIVEVDZ1lBcXFwZW5UNThnN1J3ZUNucXM1ZU5EemVJeDdkNTlzWFovM0k2VmRrR1dNMmk5NU84QXRreTIKMHBicGNQTlpDbVZyS3RJVE04VUk1VTNSMnpqbW1CSy9ZazNjd3N5U0xNdUFaVkdOWkxmRlVlWXQzM1RLZFhtYwpHeFBYckdEUXg4dWM0Njc0blZ2SnA5RjdkUjA5eHlpVkQ1cjVMS3ZaYk1wZUNjOVE1S01nZkE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=

# Backing storage.
# Name the storage class to use. If create is true, an opinionated storage class
# will be created. This assumes the Longhorn storage driver is installed.
Expand Down

0 comments on commit 4148a41

Please sign in to comment.