diff --git a/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/certmanager/certmanager.yaml b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/certmanager/certmanager.yaml new file mode 100644 index 0000000..87e4ba0 --- /dev/null +++ b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/certmanager/certmanager.yaml @@ -0,0 +1,61 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:overlay", "overlay") +#@ load("@ytt:base64", "base64") +#@ load("@ytt:yaml", "yaml") + +#@ if data.values.certmanager.enabled: +apiVersion: v1 +kind: Namespace +metadata: + name: certmanager-install +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kapp-sa + namespace: certmanager-install +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: certmanager-kapp-role-binding + namespace: certmanager-install +subjects: +- kind: ServiceAccount + name: kapp-sa + namespace: certmanager-install +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +#@ if data.values.certmanager.package_repo.install: +--- +apiVersion: packaging.carvel.dev/v1alpha1 +kind: PackageRepository +metadata: + name: tds-pack + namespace: certmanager-install + annotations: + kapp.k14s.io/change-group: "pkgr" +spec: + fetch: + imgpkgBundle: + image: #@ data.values.certmanager.package_repo.repo + ":" + data.values.certmanager.package_repo.version +#@ end +#@ if data.values.certmanager.package.install: +--- +apiVersion: packaging.carvel.dev/v1alpha1 +kind: PackageInstall +metadata: + name: cert-manager + namespace: certmanager-install + annotations: + kapp.k14s.io/change-group: "pkg-cert" +spec: + packageRef: + refName: cert-manager.tanzu.vmware.com + versionSelection: + constraints: ">0.0.0" + serviceAccountName: kapp-sa +#@ end +#@ end diff --git a/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/hacks/add-limit-to-clickhouse.yaml b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/hacks/add-limit-to-clickhouse.yaml new file mode 100644 index 0000000..8d15c21 --- /dev/null +++ b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/hacks/add-limit-to-clickhouse.yaml @@ -0,0 +1,34 @@ +#@ load("@ytt:data", "data") +--- +apiVersion: v1 +kind: Secret +metadata: + name: add-limit-to-clickhouse + namespace: #@ data.values.tp.namespace +stringData: + add-limit-to-clickhouse.yaml: | + #@ load("@ytt:overlay", "overlay") + #@ load("@ytt:base64", "base64") + #@ load("@ytt:yaml", "yaml") + + #@overlay/match-child-defaults missing_ok=True + --- + #@ def reduce_size(): + #@overlay/match missing_ok=True + resources: + requests: + cpu: 0.5 + memory: 1Gi + #@overlay/match missing_ok=True + limits: + #@overlay/match missing_ok=True + cpu: 1 + #@overlay/match missing_ok=True + memory: 2Gi + #@ end + + #@overlay/match by=overlay.subset({"kind":"Secret", "metadata": {"name": "clickhouse-values"}}) + --- + data: + #@overlay/replace via=lambda orig, _: yaml.encode(overlay.apply(yaml.decode(base64.decode(orig)),reduce_size())) + values.yaml: \ No newline at end of file diff --git a/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/hacks/make-tmc-xmall.yaml b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/hacks/make-tmc-xmall.yaml new file mode 100644 index 0000000..7876580 --- /dev/null +++ b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/hacks/make-tmc-xmall.yaml @@ -0,0 +1,23 @@ +#@ load("@ytt:data", "data") +--- +apiVersion: v1 +kind: Secret +metadata: + name: make-tmc-xsmall + namespace: #@ data.values.tp.namespace +stringData: + make-tmc-xsmall.yaml: | + #@ load("@ytt:overlay", "overlay") + #@ load("@ytt:base64", "base64") + #@ load("@ytt:yaml", "yaml") + + #@ def xsmall(): + #@overlay/match missing_ok=True + size: xsmall + #@ end + + #@overlay/match by=overlay.subset({"kind":"Secret", "metadata": {"name": "tmc-values"}}) + --- + data: + #@overlay/replace via=lambda orig, _: base64.encode(yaml.encode(overlay.apply(yaml.decode(base64.decode(orig)),xsmall()))) + values.yaml: \ No newline at end of file diff --git a/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/hacks/reduce-kafka-replica.yaml b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/hacks/reduce-kafka-replica.yaml new file mode 100644 index 0000000..1a494af --- /dev/null +++ b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/hacks/reduce-kafka-replica.yaml @@ -0,0 +1,25 @@ +#@ load("@ytt:data", "data") +--- +apiVersion: v1 +kind: Secret +metadata: + name: reduce-kafka-replica + namespace: #@ data.values.tp.namespace +stringData: + reduce-kafka-replica.yaml: | + #@ load("@ytt:overlay", "overlay") + #@ load("@ytt:base64", "base64") + #@ load("@ytt:yaml", "yaml") + + #@ def reduce_replica(): + #@overlay/match missing_ok=True + replicas: 1 + replicationFactor: 1 + insyncReplicas: 1 + #@ end + + #@overlay/match by=overlay.subset({"kind":"Secret", "metadata": {"name": "ops-kafka-values"}}) + --- + data: + #@overlay/replace via=lambda orig, _: base64.encode(yaml.encode(overlay.apply(yaml.decode(base64.decode(orig)),reduce_replica()))) + values.yaml: \ No newline at end of file diff --git a/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/hacks/reduce-redis-replica.yaml b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/hacks/reduce-redis-replica.yaml new file mode 100644 index 0000000..847d829 --- /dev/null +++ b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/hacks/reduce-redis-replica.yaml @@ -0,0 +1,29 @@ +#@ load("@ytt:data", "data") +--- +apiVersion: v1 +kind: Secret +metadata: + name: reduce-redis-replica + namespace: #@ data.values.tp.namespace +stringData: + reduce-redis-replica.yaml: | + #@ load("@ytt:overlay", "overlay") + #@ load("@ytt:base64", "base64") + #@ load("@ytt:yaml", "yaml") + + #@overlay/match-child-defaults missing_ok=True + --- + #@ def reduce_replica(): + #@overlay/match missing_ok=True + architecture: standalone + #@overlay/match missing_ok=True + replica: + #@overlay/match missing_ok=True + replicaCount: 1 + #@ end + + #@overlay/match by=overlay.subset({"kind":"Secret", "metadata": {"name": "redis-values"}}) + --- + data: + #@overlay/replace via=lambda orig, _: base64.encode(yaml.encode(overlay.apply(yaml.decode(base64.decode(orig)),reduce_replica()))) + values.yaml: \ No newline at end of file diff --git a/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/openldap/openldap.yaml b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/openldap/openldap.yaml new file mode 100644 index 0000000..40d6134 --- /dev/null +++ b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/openldap/openldap.yaml @@ -0,0 +1,165 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:base64", "base64") + +#@ port = 636 if data.values.openldap.ssl else 389 +#@ containerPort = port + 1000 +#@ if data.values.openldap.enabled: +--- +apiVersion: v1 +kind: Namespace +metadata: + name: openldap + labels: + pod-security.kubernetes.io/enforce: privileged +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: openldap + name: openldap + namespace: openldap +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: openldap + template: + metadata: + labels: + app.kubernetes.io/name: openldap + spec: + volumes: + - name: openldap-ldif + secret: + secretName: openldap-ldif + #@ if data.values.openldap.ssl: + - name: certifcate + secret: + secretName: openldap-cert + #@ end + containers: + - env: + - name: LDAP_ROOT + value: #@ data.values.openldap.rootdn + - name: LDAP_ADMIN_USERNAME + value: admin + - name: LDAP_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + key: adminpassword + name: openldap + #@ if data.values.openldap.ssl: + - name: LDAP_ENABLE_TLS + value: "yes" + - name: LDAP_TLS_CERT_FILE + value: /tls/tls.crt + - name: LDAP_TLS_KEY_FILE + value: /tls/tls.key + - name: LDAP_TLS_CA_FILE + value: /tls/ca.crt + #@ end + image: index.docker.io/bitnami/openldap@sha256:8e3f28db7a8c05d7db99ec688b8ca1044f0deaf8f98ea5b1f71c42276e3c1583 + imagePullPolicy: Always + name: openldap + ports: + - containerPort: #@ containerPort + name: tcp-ldap + resources: + requests: + cpu: 100m + memory: 64Mi + volumeMounts: + - mountPath: "/ldifs" + name: openldap-ldif + readOnly: true + #@ if data.values.openldap.ssl: + - mountPath: "/tls" + name: certifcate + readOnly: true + #@ end +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: openldap + name: openldap + namespace: openldap +spec: + ports: + - name: tcp-ldap + port: #@ port + targetPort: tcp-ldap + selector: + app.kubernetes.io/name: openldap + type: ClusterIP +--- +apiVersion: v1 +data: + adminpassword: #@ base64.encode(data.values.openldap.adminpassword) +kind: Secret +metadata: + name: openldap + namespace: openldap +--- +apiVersion: v1 +data: + custom.ldif: #@ base64.encode(data.values.openldap.ldif) +kind: Secret +metadata: + creationTimestamp: null + name: openldap-ldif + namespace: openldap + +#@ if data.values.openldap.ssl: +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: openldap-root-issuer + namespace: openldap +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: openldap-rootca + namespace: openldap +spec: + isCA: true + commonName: openldap-rootca + secretName: openldap-rootca + issuerRef: + name: openldap-root-issuer + kind: Issuer + group: cert-manager.io +--- +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: openldap-ca-issuer + namespace: openldap +spec: + ca: + secretName: openldap-rootca +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: openldap-cert + namespace: openldap +spec: + secretName: openldap-cert + isCA: false + usages: + - server auth + - client auth + dnsNames: + - #@ "openldap.openldap.svc.cluster.local" + - "openldap" + issuerRef: + name: openldap-ca-issuer +#@ end +#@ end diff --git a/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/pkgr/tp-install.yaml b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/pkgr/tp-install.yaml new file mode 100644 index 0000000..829ebe1 --- /dev/null +++ b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/pkgr/tp-install.yaml @@ -0,0 +1,104 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:overlay", "overlay") +#@ load("@ytt:base64", "base64") +#@ load("@ytt:yaml", "yaml") + +#@ def dockerhub_config_fragment(): +username: #@ data.values.imageRegistry.username +password: #@ data.values.imageRegistry.password +#@ end + +#@ docker_config = { data.values.imageRegistry.host : dockerhub_config_fragment()} + +#@ def dockerhub_config(): +auths: #@ docker_config +#@ end +--- +apiVersion: v1 +kind: Namespace +metadata: + name: #@ data.values.tp.namespace + labels: + pod-security.kubernetes.io/enforce: privileged +--- +apiVersion: v1 +kind: Secret +metadata: + name: registrysecret + namespace: #@ data.values.tp.namespace +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: #@ base64.encode("{}".format(yaml.decode(yaml.encode(dockerhub_config())))) +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kapp-sa + namespace: #@ data.values.tp.namespace +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: tmc-kapp-role-binding + namespace: #@ data.values.tp.namespace +subjects: +- kind: ServiceAccount + name: kapp-sa + namespace: #@ data.values.tp.namespace +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +--- +apiVersion: packaging.carvel.dev/v1alpha1 +kind: PackageRepository +metadata: + name: tanzu.vmware.com + namespace: #@ data.values.tp.namespace + annotations: + kapp.k14s.io/change-group: "pkgr" +spec: + fetch: + imgpkgBundle: + image: #@ data.values.tp.imageRegistry.server + "/" + data.values.tp.imageRegistry.repo + ":" + data.values.tp.version + secretRef: + name: registrysecret +--- +apiVersion: packaging.carvel.dev/v1alpha1 +kind: PackageRepository +metadata: + name: tmc-sm-repo + namespace: #@ data.values.tp.namespace + annotations: + kapp.k14s.io/change-group: "pkgr" +spec: + fetch: + imgpkgBundle: + image: #@ data.values.tp.imageRegistry.server + "/" + data.values.tp.imageRegistry.repo + "@sha256:" + data.values.tp.tmc_repo_sha + secretRef: + name: registrysecret +--- +apiVersion: packaging.carvel.dev/v1alpha1 +kind: PackageInstall +metadata: + name: sm + namespace: #@ data.values.tp.namespace + annotations: + ext.packaging.carvel.dev/ytt-paths-from-secret-name.0: add-limit-to-clickhouse + ext.packaging.carvel.dev/ytt-paths-from-secret-name.1: make-tmc-xsmall + ext.packaging.carvel.dev/ytt-paths-from-secret-name.2: reduce-kafka-replica + ext.packaging.carvel.dev/ytt-paths-from-secret-name.3: reduce-redis-replica + ext.packaging.carvel.dev/fetch-0-secret-name: registrysecret + kapp.k14s.io/change-rule: "upsert after upserting pkgr" +spec: + serviceAccountName: kapp-sa + packageRef: + refName: sm.tanzu.vmware.com + versionSelection: + constraints: ">0.0.0" + values: + - secretRef: + name: tp-values + - secretRef: + name: tp-values-generated-secrets + diff --git a/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/secretgen/certificate.yaml b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/secretgen/certificate.yaml new file mode 100644 index 0000000..3f20ffc --- /dev/null +++ b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/secretgen/certificate.yaml @@ -0,0 +1,34 @@ +#@ load("@ytt:data", "data") +#@ if data.values.tp.ingress.self_signed_cert: +--- +apiVersion: secretgen.k14s.io/v1alpha1 +kind: Certificate +metadata: + name: root-ca-cert + namespace: #@ data.values.tp.namespace +spec: + isCA: true +--- +apiVersion: secretgen.k14s.io/v1alpha1 +kind: Certificate +metadata: + name: inter-ca-cert + namespace: #@ data.values.tp.namespace +spec: + caRef: + name: root-ca-cert + alternativeNames: + - localhost + - #@ data.values.tp.ingress.host +#@ else: +--- +apiVersion: v1 +kind: Secret +metadata: + name: inter-ca-cert + namespace: #@ data.values.tp.namespace +type: Opaque +stringData: + crt.pem: #@ data.values.tp.ingress.tls.certificate + key.pem: #@ data.values.tp.ingress.tls.privateKey +#@ end \ No newline at end of file diff --git a/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/secretgen/password.yml b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/secretgen/password.yml new file mode 100644 index 0000000..3f83a4a --- /dev/null +++ b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/secretgen/password.yml @@ -0,0 +1,175 @@ +#@ load("@ytt:data", "data") +--- +apiVersion: secretgen.k14s.io/v1alpha1 +kind: Password +metadata: + name: tp-pass + namespace: #@ data.values.tp.namespace +spec: + length: 20 + digits: 5 + uppercaseLetters: 5 + lowercaseLetters: 10 + secretTemplate: + type: Opaque + stringData: + pass: $(value) +--- +apiVersion: secretgen.k14s.io/v1alpha1 +kind: Password +metadata: + name: redis-pass + namespace: #@ data.values.tp.namespace +spec: + length: 20 + digits: 5 + uppercaseLetters: 5 + lowercaseLetters: 10 + secretTemplate: + type: Opaque + stringData: + pass: $(value) +--- +apiVersion: secretgen.k14s.io/v1alpha1 +kind: Password +metadata: + name: clickhouse-pass + namespace: #@ data.values.tp.namespace +spec: + length: 20 + digits: 5 + uppercaseLetters: 5 + lowercaseLetters: 10 + secretTemplate: + type: Opaque + stringData: + pass: $(value) +--- +apiVersion: secretgen.k14s.io/v1alpha1 +kind: Password +metadata: + name: postgres-pass + namespace: #@ data.values.tp.namespace +spec: + length: 20 + digits: 5 + uppercaseLetters: 5 + lowercaseLetters: 10 + secretTemplate: + type: Opaque + stringData: + pass: $(value) +--- +apiVersion: secretgen.k14s.io/v1alpha1 +kind: Password +metadata: + name: seaweed-access-key + namespace: #@ data.values.tp.namespace +spec: + length: 20 + digits: 5 + uppercaseLetters: 5 + lowercaseLetters: 10 + secretTemplate: + type: Opaque + stringData: + pass: $(value) +--- +apiVersion: secretgen.k14s.io/v1alpha1 +kind: Password +metadata: + name: seaweed-readonly-access-key + namespace: #@ data.values.tp.namespace +spec: + length: 20 + digits: 5 + uppercaseLetters: 5 + lowercaseLetters: 10 + secretTemplate: + type: Opaque + stringData: + pass: $(value) +--- +apiVersion: secretgen.k14s.io/v1alpha1 +kind: Password +metadata: + name: seaweed-secret-key + namespace: #@ data.values.tp.namespace +spec: + length: 40 + digits: 10 + uppercaseLetters: 10 + lowercaseLetters: 20 + secretTemplate: + type: Opaque + stringData: + pass: $(value) +--- +apiVersion: secretgen.k14s.io/v1alpha1 +kind: Password +metadata: + name: seaweed-readonly-secret-key + namespace: #@ data.values.tp.namespace +spec: + length: 40 + digits: 10 + uppercaseLetters: 10 + lowercaseLetters: 20 + secretTemplate: + type: Opaque + stringData: + pass: $(value) +--- +apiVersion: secretgen.k14s.io/v1alpha1 +kind: Password +metadata: + name: organization-id + namespace: #@ data.values.tp.namespace +spec: + length: 36 + secretTemplate: + type: Opaque + stringData: + pass: $(value) +--- +apiVersion: secretgen.k14s.io/v1alpha1 +kind: Password +metadata: + name: encryption-key + namespace: #@ data.values.tp.namespace +spec: + length: 44 + secretTemplate: + type: Opaque + stringData: + pass: $(value) +--- +apiVersion: secretgen.k14s.io/v1alpha1 +kind: Password +metadata: + name: tp-app-pass + namespace: #@ data.values.tp.namespace +spec: + length: 20 + digits: 5 + uppercaseLetters: 5 + lowercaseLetters: 10 + secretTemplate: + type: Opaque + stringData: + pass: $(value) +--- +apiVersion: secretgen.k14s.io/v1alpha1 +kind: Password +metadata: + name: ensemble-user-service-pass + namespace: #@ data.values.tp.namespace +spec: + length: 20 + digits: 5 + uppercaseLetters: 5 + lowercaseLetters: 10 + secretTemplate: + type: Opaque + stringData: + pass: $(value) \ No newline at end of file diff --git a/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/secretgen/rsa.yaml b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/secretgen/rsa.yaml new file mode 100644 index 0000000..a676683 --- /dev/null +++ b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/secretgen/rsa.yaml @@ -0,0 +1,14 @@ +#@ load("@ytt:data", "data") +--- +apiVersion: secretgen.k14s.io/v1alpha1 +kind: RSAKey +metadata: + name: rsa-key + namespace: #@ data.values.tp.namespace +--- +--- +apiVersion: secretgen.k14s.io/v1alpha1 +kind: RSAKey +metadata: + name: jwt-key + namespace: #@ data.values.tp.namespace \ No newline at end of file diff --git a/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/values-template/secret-template.yaml b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/values-template/secret-template.yaml new file mode 100644 index 0000000..ae34654 --- /dev/null +++ b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/values-template/secret-template.yaml @@ -0,0 +1,132 @@ +#@ load("@ytt:data", "data") +--- +apiVersion: secretgen.carvel.dev/v1alpha1 +kind: SecretTemplate +metadata: + name: tp-values-generated-secrets + namespace: #@ data.values.tp.namespace +spec: + inputResources: + - name: tp-pass + ref: + apiVersion: v1 + kind: Secret + name: tp-pass + - name: redis-pass + ref: + apiVersion: v1 + kind: Secret + name: redis-pass + - name: clickhouse-pass + ref: + apiVersion: v1 + kind: Secret + name: clickhouse-pass + - name: postgres-pass + ref: + apiVersion: v1 + kind: Secret + name: postgres-pass + - name: seaweed-access-key + ref: + apiVersion: v1 + kind: Secret + name: seaweed-access-key + - name: seaweed-readonly-access-key + ref: + apiVersion: v1 + kind: Secret + name: seaweed-readonly-access-key + - name: seaweed-secret-key + ref: + apiVersion: v1 + kind: Secret + name: seaweed-secret-key + - name: seaweed-readonly-secret-key + ref: + apiVersion: v1 + kind: Secret + name: seaweed-readonly-secret-key + - name: organization-id + ref: + apiVersion: v1 + kind: Secret + name: organization-id + - name: encryption-key + ref: + apiVersion: v1 + kind: Secret + name: encryption-key + - name: inter-ca-cert + ref: + apiVersion: v1 + kind: Secret + name: inter-ca-cert + - name: rsa-key + ref: + apiVersion: v1 + kind: Secret + name: rsa-key + - name: jwt-key + ref: + apiVersion: v1 + kind: Secret + name: jwt-key + template: + stringData: + secret-values.yaml: | + #@ load("@ytt:base64", "base64") + #@data/values + --- + ingress: + tls: + certificate: #@ base64.decode("$(.inter-ca-cert.data.crt\.pem)") + privateKey: #@ base64.decode("$(.inter-ca-cert.data.key\.pem)") + postgresql: + password: #@ base64.decode("$(.postgres-pass.data.pass)") + clickhouse: + password: #@ base64.decode("$(.clickhouse-pass.data.pass)") + redis: + password: #@ base64.decode("$(.redis-pass.data.pass)") + seaweedfsS3: + accessKey: #@ base64.decode("$(.seaweed-access-key.data.pass)") + secretKey: #@ base64.decode("$(.seaweed-secret-key.data.pass)") + readOnlyAccessKey: #@ base64.decode("$(.seaweed-readonly-access-key.data.pass)") + readOnlySecretKey: #@ base64.decode("$(.seaweed-readonly-secret-key.data.pass)") + login: + defaultUsers: + admin: + password: #@ base64.decode("$(.tp-pass.data.pass)") + organization: + id: #@ base64.decode("$(.organization-id.data.pass)") + cas: + encryptionKey: #@ base64.decode("$(.encryption-key.data.pass)") + rsa: + privateKey: #@ base64.decode("$(.rsa-key.data.key\.pem)") + publicKey: #@ base64.decode("$(.rsa-key.data.pub\.pem)") + uaa: + oauthClients: + tp_app: + secret: #@ base64.decode("$(.tp-app-pass.data.pass)") + tp_cli_app: + secret: tanzu_intentionally_not_a_secret + ensemble_user_service: + secret: tanzu_intentionally_not_a_secret + tpsmClients: + tp_app: + secret: #@ base64.decode("$(.tp-app-pass.data.pass)") + tp_cli_app: + secret: tanzu_intentionally_not_a_secret + ensemble_user_service: + secret: #@ base64.decode("$(.ensemble-user-service-pass.data.pass)") + jwt: + keys: + tp: + key: #@ base64.decode("$(.jwt-key.data.key\.pem)") +--- +apiVersion: v1 +kind: Secret +metadata: + name: tp-values-generated-secrets + annotations: + kapp.k14s.io/exists: "" \ No newline at end of file diff --git a/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/values-template/tp-values.yaml b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/values-template/tp-values.yaml new file mode 100644 index 0000000..ad76ffb --- /dev/null +++ b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/values-template/tp-values.yaml @@ -0,0 +1,122 @@ +#@ load("@ytt:data", "data") +#@ load("@ytt:yaml", "yaml") +--- +#@ def tp_values(): +flavor: #@ data.values.tp.flavor +profile: #@ data.values.tp.profile +version: #@ data.values.tp.version +ingress: + host: #@ data.values.tp.ingress.host +deployment: + airGapped: false +trivy: + dbRepository: "" + allowInsecureConnections: false +postgresql: + storageClass: #@ data.values.tp.storage_class +clickhouse: + storageClass: #@ data.values.tp.storage_class +redis: + storageClass: #@ data.values.tp.storage_class + password: "" +opensearch: + storageClass: #@ data.values.tp.storage_class +seaweedfsS3: + storageClass: #@ data.values.tp.storage_class +prometheus: + storageClass: #@ data.values.tp.storage_class + tmcStorageClass: #@ data.values.tp.storage_class +kafka: + storageClass: #@ data.values.tp.storage_class +zookeeper: + storageClass: #@ data.values.tp.storage_class +imageRegistry: #@ data.values.tp.imageRegistry +login: + timeout: 60 + #@ if data.values.tp.ldap_enabled: + #@ admin_dn = "cn=admin," + data.values.openldap.rootdn + #@ user_dn = "ou=" + data.values.openldap.group + "," + data.values.openldap.rootdn + ldap: + url: 'ldap://openldap.openldap:1389/' + credentials: + userDN: #@ admin_dn + password: #@ data.values.openldap.adminpassword + users: + baseDN: #@ user_dn + searchFilter: '(objectClass=posixAccount)' + mailAttribute: mail + groups: + baseDN: #@ user_dn + searchFilter: '(objectClass=groupOfNames)' + groupNameAttribute: cn + searchDepth: 10 + #@ end + oauthProviders: #@ data.values.tp.oauthProviders +organization: + name: #@ data.values.tp.organization.name +internal: + #@ var=[] + #@ if data.values.tp.salt_disabled: + #@ for component in [ "raas", "idem-helm", "guardrails-helm" ]: + #@ var.append(component) + #@ end + #@ end + #@ if data.values.tp.salt_disabled: + #@ for component in [ "vcf-ingestion-service" ]: + #@ var.append(component) + #@ end + #@ end + excludedComponents: #@ var +cas: + encryptionKeyVersion: 1 +namespace: tanzusm +uaa: + oauthClients: + tp_app: + grantTypes: password,authorization_code,client_credentials,refresh_token + authorities: scim.write,scim.read,roles,ensemble:admin,ensemble:viewer + scope: openid,ensemble:admin,ensemble:viewer,roles + autoapprove: openid,ensemble:admin,ensemble:viewer,roles + tileEnabled: "true" + launchUrl: #@ "https://" + data.values.tp.ingress.host + "/hub" + launchIcon: iVBORw0KGgoAAAANSUhEUgAAACQAAAAkCAYAAADhAJiYAAAABmJLR0QA/wD/AP+gvaeTAAAFTklEQVRYw71YfUxbVRS/c2NzfLSoi2xOTdRlfiszxo8FDfEfAy1gzOrEPkpblibyEfQfZ/xYXvBjvPcAEVpoYZHE0cfkn7nMLOqciwbaMvcHS+zClGwm+1A0GmXTuSVQf/fe1/Z17QYtrTc5aXvuvef87jm/c+4FQjIdkcgy4g1WEW/g05jOGxxjOjr3v43R0eWkP2gFkO/hPILvB3WAwkznDU5ivpatzdnwHc2DExvxhqY0IONJ0YhFLRjSgJ3C+lbSFVidxYiEV3IgwWnNCU/LggcIlWHdfm3PDA4gkqHDxZkD+fhYATudN3gmBqR/4pmkdTblISJII0zo9yvHQGCzBmweMgtgHyLa69JJjREb34L8xo2E9hLvxKNJ6+qUx4kg74PMQ36G/KJ938fmkoCNl8LeJ5A5yN+QHjIYunVhQJ4ja7H4a8ge4gs8mByR9jJSJ++H4wgHIW0nLjGftPSsgt4F3WltbgzAklM7MLERtj/CQQOkd+yWa9XxspYKGL3aoEAE+RBzZpVP4bOV2MXrk9ZZxJWYsxFB+ZEDU8Y5sNStgPtMMddc1XtPs8k90VrdXaIHyYwJ8hHt1NMsCuXiigUj7fLlcWDSCW3vMfbbEm8F8HkHfE5S38mATL0NmIw0Vns2cINIgyCHtVNOAoiFiOJ1aRcHBc+AyVMasDCzjdFY5SmjPltMbmcKQJ5dzWb3TEwhKOXMQJ3cdLVwpzVoZASpTTtgeTRdAHSxxeweTAHIfRxI49eAVXkTm+eIpd2YtZ5m69yoRekNnd8xSDhh3SvPfVAM5VyTyb09HiHpM5b3rA5EWpB/ZVUaJbXJ3Q7f868+23VjbFmT2V3Jc9nzVJzM8u+opv6sX0G8d/0RpUGL2VNFfTdX9FboAb0D5WVXlS+fNz3pXi20tqwDssqvM9u1HayyaGRodlBUbXH+mN2HaMnrunADB7RzQ9YBvdTxtNbLnDoehZG6rzj5wX5wZ7a50tOt488ubJrJyavB0rUati9BBnUtZwCgzou0RaD0NrEcmnu36vJ8HLI3Z08Z3mhjlYWA1LMeWOkpJU2V7ib2o8ZzGw/pzhtYudfJr+UQUDe7iC28shCUu1hQTJ5Gim4YP87qGqKJ5ZjeXbkaVnmr1nQrdWk7B0C7aYVNgVB9OvTvQS6zXOdq2LrWc0DSu7p+1EexEJHezonod7CUCVJ1DlO2Tau0HXp1EhauxQUqSAewYZZYO+7LfnQ6N8H2PwBzMHrzW0bJcips3u4vLnWqhhNOv0GM9wpG7Gl2Q2f1Lnv/Jtg8yd5TtR1romr49zhUw59OtYjz1qEaB6GYd4wYtyS+leULrNVn8uxIedvLX7DoCPIjMTB+gw2+I/YRw1D81XaArIIyBDlfrxbeH+/Y0vP8nay8vXTeKDKzVae8GFXZhw1PwOe/kADFkPjA252/DhNnafrsQ8XFVxiaQ5jNmV8XSg0DY5WlqGqbWlDiUItO21XDOedIfuq3NXL4JEBdgnweI5me5PTSTTsy0t3Y+5eexC4fybOrxm/g52KD3/DYNfc7/MaXtZy2LZnkFrFQewb/pCcxIuOlPvDpWJQdRGqAktzuN1riJ21/mJHcKgfw6VuU8LUX2N44mHoGxm9UFn0wGlJs+paSvGFP4QM6Pr2Adn80LaF7kkn8pXiYrEgr9fbRgrVoB2ew+YcEkmc4ovZAhZMutWhNRkYcI0WbKclReZ1LBqQahmFrNqGtZDKcfqMr1kH7x2/Gn9eWtGQwVMIPZ9zi8BfVZPce8gYU7T8hixdfyJu7f1r1B9aTvu/uTEt8Y7en4+I/ob4UT3VBKqAAAAAASUVORK5CYII= + accessTokenValidity: "1800" + tp_cli_app: + grantTypes: password,authorization_code,client_credentials,refresh_token + authorities: roles,ensemble:admin,ensemble:viewer + scope: openid,ensemble:admin,ensemble:viewer,roles + autoapprove: openid,ensemble:admin,ensemble:viewer,roles + pkceEnabled: "true" + redirectUri: http://127.0.0.1:*/** + ensemble_user_service: + secret: sZ_T10QqaFvQHS_1JZvx + grantTypes: password,authorization_code,client_credentials,refresh_token + authorities: openid,roles,scim.write,scim.read + scope: openid,roles,scim.write,scim.read + tpsmClients: + tp_app: + clientId: tp_app + tp_cli_app: + clientId: tp_cli_app + ensemble_user_service: + clientId: ensemble_user_service + jwt: + activeKeyId: tp + keys: + tp: + alg: RS256 + serviceName: uaa + servicePort: "8080" + branding: + companyName: Broadcom + productLogo: iVBORw0KGgoAAAANSUhEUgAAA0gAAAF3CAYAAACfVGuKAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAEMVSURBVHgB7d3fkxvXleD5cxNVlCzbcnHf9mUN6g9oFfmy27OxTZARG9GxPbEqkSJNUWqzyJfxzNjDKsqy2i9mUREb7pZsVqntGfc8LAm6LVJNilRxYmZiIjZWBHs3xv0yIvUPqKB5H7PkcEtkVSHvnJOZADITPwqoAopA1fcTkVVAIpFIJBKJe/Lee64IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPTBCYD+XH0wJWuPz4sPV+V7/+t7mcf+7W/P6N+ihHJN/vkfVwUAAABjJRAAvbHA6N/+9qI8/mpFvCzotL9lmTA8ED0m/oH8zW+vyq9+WxQAAACMjQkB0F29xujxV3Pi3JROmz/HlhOZ1TraWQ2Uyho0XaJGCQAAYPRRgwR0YrU/v/rPZXny+FFUKxQHPTHvVyWYeNj6pKAaPZZlgdIKNUoAAACjjz5IQN6v/r+SSEGDGnem5bEo+HHvybPPLsnZg6vtnx8FQRYUxf2RWlGjBAAAMKIIkIA6C4zcxEW9VWp5rJfAqGV9UaCk6xRbZ7HNEgRKAAAAI4YACRh0YNT2NX472yVQqojf0EDpf6sIAAAAnioCJOxd3QIjkaq4YEH+2f98TQaJQAkAAGCkESBh7+keGFXE+ffkn/2TZRmm7oGSBmeiwdkfDzY4AwAAwKYIkLB3/Jv/PCOBOy+dAqO4P1BFejW7MCUb3zgjPpyLZ2iN0/s/7C+oIVACAAAYKQRI2P1+9f9rEFLo0qxtK4HRcxpoOQ2M/FTmMa9BzdYCpXoyh1KbRwmUAAAAdggBEnan+uCuoZ/LjF/UNNjAKM9HQU1ZJmrXpPzjqvTKAiXx7VOMEygBAAAMHQESdpenERh5DYTEu/bjJm05UCrqkxcIlABgd5g5cWK6EDxz2Ptwv90PxT8Uv1FdvnXroQAYKQRI2H1+9duFpLlaWv9jDnUPjFYlDK9pILYkHySBz6mfFqUQdApq4kBqsnZpMIGSf0++90/mBACGZObUqWL6/vIHH1QFfdP9WCrU3EU9j5c6LFLV35mF2zff56IXMCIIkLA7NZIf+LtaubPUX2Ckgc5G4UzHwMiCkz98tSTLC+3HRRpmoCTykm7XvL6fsuywmZOvzgTeTckICJ1fXb55Y7iZBoEhOXbi9KwMiH0XJNCpVlsddE3E8ZOnVyTVd9OF4ZEPP/ygIujZ8e+cPq/n/KUeF6/W1r48uLy8vPUx9wAMBAESUGeB0XrHwGbzwChvGIHSU3T8xKv3ulwB3WnV2zevHxBgDGng4WVYvK9IULhbe7JxtzDpqrWC91rzI1tBgLQ9x4+/OiMF91HPT/D+vdu3btAyABgBEwLsda+/W9K/F2XDl9pcMug/MKqLm97NaqC0IBPBrAZEZzTAKDYed/rYRmFWXntn24HS3Mzi1NLyPFcdgb3OLmL4sFTYFyxGwZLI28dPnK7U1kO/vLy1QGm3saaDQajn5IQTv3L75o2BNm/TWkJb8WJuto/6pG74f+e05i90UnTOHdYF9SKar9bWv1oQACOBAAlj7/v/xy+WRIJHv/yP//JSX0+sB0biS20e3XpglBcHSgsaKJWHESh9/5/+6/Mba6HVpnDlEUCTBkuFMKr1Lev09szMqRWCpEjRSaqfqpeK/h10/59ZyQ0toYHYhQ//7ka+uV35xInT79mjt2laB4wMAiSMP+detCDnB3/2y6lf/Ifvz2+6fLfAyPuqrm9J/vDltW0HRnn1QMmm0+/MivMX2wZKr/9VRQO+S/KbNyvdVme1RhsbE1d1m2d0PRUZMu/krvOyIlvl5Gxujcu60keyBd45ChLYRbb6XfDF6K+4KedkOpnZWg+u5xatUSrV1sKjJ06cWLl165ZguDQYOpP5KLTmqE1wFLl16zpZ7IARQ4CEsfb9P/2F/SvZH68xw/f/6S/u/vLf/6DSsuDr77pkuZ+0CYysP8BDa/8t77+1M1mErv+oLHZVNw6UfpIESsmvqV3x1W2MA6W39XZFfvOjlj4LGhxNa6FqJrlbmistTi1VhtfM7s7NG712NG7r+MnTmQDJhf69Dz+8URFgjxvUd+GVV06Vas69FOgkce1FOlgqapD0ifjaUa1JekBN0pA5N525WwvJUAeMkUCA8VZK32kbHM3+1P5+rIHGx7ngSIMOf0+kdlQDkEM7FhylWaD0/lsvSCjnNEBbibepLgqUdJvlEzn105anTkxsZK46bnxjYloA7FmWQOGjWzfmb9+8/oL34Tmdla/xnQrdpJ1TSHAyfJmMnxsbj6klAsYIARLGmi9krtJVOixW7BwYvaXTjzs9b+d0DZSipjPF/FOSpAyNH11fcwRIACJ3bn1QrgXhUb2Zz6I2VZh0V46dfFWwc0jdDYwXAiSMNef84cYd7z9tu9BGMJ1apjpSgVFeOlCSVD+byUKp7fLe32/cdlISAEjYwK5am3RMTxTlzANxun6SugBABwRIGFv/YmbReuuX6vcDcffaL5keu0eDqFEMjPLiPkrNJhk+bFs7FIpvLOOcHP7en/5KACCttvaMJa/JNLdz4i6+8sopAQC0IkkDxpkFDY123mvhevsaJImy3NVvV2RshPebwV1wWGYXRMoL2SXCWiUoNK5z2L4o6lQVdDUzMyPy7LPias4FzirinAWYDd5HtZOWHcyHQShbHWiz0+s2PH5sTW/aL3vqVGP70n3t69umx4SvrdVku53tW7ZpiDbbj/3sn60Y9vpH1fJyeVWDoXM+CNIXkex8UZLOTZOHZubECSkEz9gJzEXnZpc7vnVeKFHmTC9rX23rM7Lv0UCW63CsdPz+hINZf79se4LJ53THed2rO3Ney7x+7n1u+p3X5YMwsM/c1c9zNb/ulztkWuxl/fV9YCu0M2V6H9hOiI6tLQygHH3W+75mK23Zt9tZL0YTARLG11phul5u9N5X/+Y/zVdblnndkhuk+h+5YIw6yoYVkUJ9rI56MJhpx27v+ft/9svV5DGZDNZLEo95ghz7cSs88w3drTVXW//K9pftU8v29W2JA8t0p2rbp1WdLOi+f/zk6Yr91t6++b5s0/7c6zyS3Gd67OTp6Ke3JrVSavum22zb3WjbTpyubnMQ0Klku3bCZmni89vSsn+2Kb/+1eQ1dj1L4HD8xKuVpHldRONvLfHtTIDUDPgDLQCv2fFszaP14lX03SumFl1Npui7Z9unx/jqNo7xloQUhXW3XwrN+xpK6HHhN0tc0elYzH+ne96OnG0di7Z/C7p/k3Obfa62bw/LJuc1C5fCNT/IQYQz77Pd2FtRALPvufR5rn4s1M9zL0u6BUWX9Wvgv6LHdma94dqX9pnYPvgTyV1Ileb7v2vv37kJ/+Hf/Vq6ya23lGzv4W7rHdDvBZ4iAiSMrcClm865DrVHuX45m4wtNFImnn0oG+vN+xtftxN9pWU55yv1dN96YWtakFEvmPm44HBGp5cK+54rRZf76onVcyPHxPfdtP6bKYRRDV1Vp0v6w3ettrb1YMTt+9piELoz9ft+33M2uPGC3T5x4rTo9XS74mlB8Xl93ak2I9o0tk2fPVPYF9iHXtYZb2tgtXLn5nXpl/7wz7kwNWjm8FRlk0JiflvS+2cQWt7r5HNl/XtW9ohQz5NB6pzonDssQ1S/KOG1piiUsCRxwH+m4CandGby/cse5MnxLcl2nhctmDaP8Vf1GL8h/dDvkWXtK2ZnZpfRl5zW5T7rth4/+ZwdJ+X8/Px3ust2dF2/TH6ton+PSJ8agVF8IfAn0blNoiaULct2OK8t6/TXWz1/5OXfZ02iQcyr9fvHv3Naak+iQOO81M9z8dY1njPhC1Nd1p/7PEPbZ5WoZunx42i9hX1f13X7qexaE84Vo2MrdOeT7Zo/dvK1u3duvu/bvV7b9bY5L7dZ7yUN7K/V1r/0e6GWejeiDxLG0pz1P4qaziV8h6ugPp362rdfZlSVs1nqOvVD8t7dr9/WH8CX5kqLgtjx41GmLvuBXtQft890Hy5KJrDuWVH39FX9bz/+B06cOCGDdDzOKHbQ1u/iQYx7uSIdiwcBte1a0B9kJ0AHQZg9B7o22TEHzAqWczp9YgVbvah1vq9juy4+xj+RqDB7WhBL9oUFCB9HgUP/57aiBlJzjfPHydNOa3xkWDQ4svPTnJ2L+z7PdZE0uzugweEnfa636P2GZXm83O7cmZyXj2xlvcnvxRWd9kdN8zB2CJAwrupNpCJ+o0PfIhemrpD6TrVMo+x+82bLALcRrRtppvoWV5TemnvsFXal9LMOBTOfTNasZUUjzXuNKZ5XfzytmBTUDg4qSLKaIzUbOpe/0p3dvnjqtF0S/4DLFb0aSpCEtmqTPt9EbKjnCitY2kUJvXDT7uJO/TjOfPe8lwfS/hif0sL8Zf2/sNeDJCtwHz/xqn3PF7oERs3925y8dD9/RBeAkgtLA5UER1f0lRc3PRf370AhLNh5udhlnen3n+HEWxCfOXcmQddsmxrIntdrgX0w+Zw9f6eaMGOAaGKHsbTxWGuGms0kVv/N//MvW9srn/6/9E9Qapy3gsI9GTdOa5Aa+SWCw9GAsR/8OLOIDY6b7oeUDBhbEUit9kylUFhr7JuE14JYRQJ3Nwjl/q1b19u2ddcfyGJQk5JzwU8k2zQsGmwz8OtHtaDyYADNJ7TmyF1N/b42tq/2JLy7vPxBtct2FSXdikR/kPXv6rGTr8733BTJh1XpmAFyi5yz2rBsIch72pnsMXpEX0sK3qlZshp6f63g/V0bPLXT+EBaSJ/Rc/xLejCdkdQxbuuzlbzyyqmFet+TbvS1lgNx38pt2YFsUOGr4rt/B4Loe9LK2XdVr8S1PpBruunlqnThnfuv0oOkNsIK3HectB3a4VG3/asXZKZrYq0Rgn+VBK7pCyrxBaCaP6e1Jx/d7rM5YydJQGvB0WxqduNYsPNwrfZVZUtjRRWCbxXCaCD4qcZ69TPRi4W/Dte/XM6vU4+bkg/smMoeV/Vzpz4+nxxXB+Lzcmp7t7Be28eFya/d0XPykTsD2p/YGQRIGE9B5ofhYYelpjNXqoJ/vC/jZr1WkYlGJNgtS53tg1J0K5Qd63g96ix7l/44v5cU0h7p/7+WMKxYh/VNn/tBFJiUbXrl5OkFny3oWZB0Rz8gCwT6/1FPeO91Pe5Oas6KC/25btuX2a5XXp3TH2W7qp4qQPo53dbPtSC11EvwZgOKyoASezSauoRWy9a8oGq1Andu3ZgXPFWFdTeV63+z5WO3F+HavqXCvrV/JXbu0sKlBhNv9/LdM7dv37CDd/nYiVP38xcpku+znc83Dew/anPc6XFaKoSpAMlL9fat6+dkCzp9f46fPJ0JkLa6/jb2R7USrbVy0fltY+3LpW6BRnJByKZyXKgPrBlY5gKQFOyc5M9qLXn5Vodscn1ayAVHWvvi5zUAuybbFIayoEFIMb63+fkzeaySHFd27mzU7iQ1SXePnThdcVHQVdf7enWfXmvZp1Ew7ud6PSdjNNDEDuMp3bk4PVhqxmT6B+ShlBeGWhgYig9+XO1xwNhm80GX6puFqJCmBYdLtbUvX/jw5vWFXgtoafY8W0dudtE6/W+nfXngnHVaL8b3fLm29tWhfrbvww9vLAVeDkmueYeNcSNPp6nlgbhJSroJjV8J18NjgqcuDHJNsbx/KENkFyi00Pm2C8Ojt2/dOLqV754FILUgPCq5pldWCH3lO9+VvcRqYgr7nrvS2mTRr9TWwkN2nuqnFsY+j9s3r7+QnNtyTcScdWY9uN3+MxPPyoFsLaKd5758YRDBkWnuC9sHvudjzI4rPXfacZXJHKg1ebats9I8L/e1XlsuOV4z632K52RsEQESxk40QGw67XHQobbEpfrs+PBzGVc+vNu4Hcrhtstk98H0v/jf/7UgZoW0fgsO7dg69N9H6XkuzsS0nR+9YrIia85ydivbaFeE9ermhdzsKQveZAdFhbcwuiJbTM8PvDuWbyaInadXxTUgj7LINYRxWuKh+vDmjaWtBEZpVmuqQVa+BqYokn0/u1lSO7sgcfrqBqudtQsr2/mORReA4nNIOkhKasm313/Gh1FtSsQCsa2e5zZ5lSiI6XcfJOfOtzMztbbHObe4nfVGtfw1nz9e9Zz8tVnB2CBAwjjKjGsw8YeN1qugs4u5mhT3kYyt1NhN1rTQBozNmZjYqKTuZhJYYHBqa/vsRy/94z418czzh2Vb9Ef4yZfban5jNUlRv6UU5/3hncqelHTqXpBc4c0KRJ36eGHn1DucSy54LYxRv7AoyMod4z5cn9tDGcJyNTHGame/PDqIgMPOIW0utBQL+7525ZVXtpXZrhj99X4pucg0DJe2GiBG586WZuuNGvAtrzdqItpyTpaXyGg3PgiQMHbc+mSpccfLw6XKfLsfh2yQ4N04ZrCLuVQA6FsGNI0sLc+v2mC5jadMtM94h+2x2qh8ungfbmz3F+/SIAo4GhBlmwDGndCH3qQjKXy/3FJ4G26BCD1KCmQHnGstXG+3ZmenPa1j/GlLxjq6kpv9KK7dGFxtTHyhRZayc6Mx9kqyLXoRaP2rSzIUvrrd5nqWTGQ463XZ5++R43W3IEDC2HHON67Ye9chQcPG43QNyqpc/9H4XsX+zY8rmX5I4dfb11j4VErwgH5Iw+K9u5uZ4aS0jauCq4Nqi7+x8awd45nC0sQzz22zdqu7euFbCkGu8DbMAhF6lQSv+4NaYE2lirmHx+7zSQK67DE+8exeqC0vtaby9vPDaLpaW99nx0VmH1u/nG3WIl0afLO6hOswxEcfwiAsD2W96/taa2gnJ4uCsUCAhLHyvZlFa3Od/kGstF8yKDVvD7cj8g5pvoewdqTdAt41azYCCUvf+9NfCQYvLISV3KyibPWqoA8Hllkxqt3KdboPvT8gw7W/XVKGQV/ZRn8scE1SKx+wjGctnfq9vzeowHznZWtww8Dt6gApqj0KbRy3NL8yrM/PziNao/JeZmYcnJVkS7ZfE9N17X774xsmmUFXB77eqMVBtvlekE0ehRFGmm+MGxv5u1i/49c6NZ0LDqf6mw6sEPr0RCfrUny7fe1QGNYqQSG+5pEMGGtTVdBWdHU9dJZEIOos41yg8UpoAZANoCSyvi7tUrLaj+nxk6dzYys9a7f7Dgi8CwYavOvb+Tx71csNrTmHFcCdeOvMXMy8YujPkZRh59nxrDVF0aFcW//SPvfzhbBwXlx+UE6r3fODSjm9JVHN476vRd89F+j3zofR6Tp03rJ6iDx+LJ3SIYfefR645n3vW2rGdpti0swtbai1f0l69kwCmjAISrKV4SMGUBPTTRAO7AJo5pweOLciA2Hb54qCsUOAhLEysTGRaTrXeYDY9BXToCJjLxqMMLmKqFdMT78jcv1HmSX+5j/NV9MDxk4G6yUZ0Pg2u0VyNdbZdbya1IrSTPjxbYl/IL+QOKiMrvwdO3F61VmhzRV8LXwiy80xQTI/phMTeysYjYNLS8oQDYrYYEkZxq1fy6g4fuJV1+9zvCUPjp7l6sdzSac/Kez7+kxcq+fzz9hSVq5BiAK4MAng1qIAriTxd+hbyX/LNLqaTA+Pn3xNa0RDy7QnvqBhUBI06fvNXIhoHQR2d9GgtyS5I0M/w6Fe9LOaj5dPnL6mgWi65soSDCz0O46Pbnp/T3harA+vc8XG/Vr4hQyAHr9f0FRrPBEgYbyE0vix8L5jzdB0psnPxD8O9Cr9UzGxryIb6/V79QQUre/Lmtn5+Gqjl93d9KQfcWAUuJqEJb1rA1eW9H58jNQLH1oYs8Kmztd5Ou2btGPM9nFV4lrI+1pz9LClzLnHJP1ajrQkZXBy9cO/IynDVujV+UXn/VaaJE7Vp+h4bhSk2x2kTyc4Sn33inrXAuozhX3PFaMHbXvte5fcLtgfrQaVfc/ZnChQkjgVufX7e6hB5Ope+/rp+53OxEfeV3biM9SamYoUmk37XPNiUl/H6Ua4/rkAY4gACeMlnbrbdxr/aF8pVUAYzwFi88rzq/Ln71Sl3pwkHuOpJUDy3t13jVTL7vBcaVGWKvOyV1lTnmDf110otZLevaIFtWL8SG/FrLjvhgaaPpwpuEmbVZW4mcnQmq6NARsMtjUpw5OvLgi2JCp8ur4rkFIVC12PZ68nhvcsacZO9ws7fvJVrdmK+sFd1mNmpr9n60Uu50qB1TRZHxwLmjQ40EBStrKvxlUg/sX0J70TY1eZ2qR/WAhz+zlOMNDfBcf1wvj//mJPouYPY+P7f/oL+1eq33eFDm2PXdjM3OX7PJmPsjDdrKJ9PyTnUvvEZceL2muSDGs2yOHlOJFA274KfpMpr6j7dVb26H49dvI112ZfPiIpw8ixY/eR1eoFXg7dvnVjfqc/nyRJxGwhLHwiufGxUtvYz3cvThbQks1tl0s3+4ru7kxT3iRxQQYJBrCXUIOEcVJK3/nlv/9BpWWJ2Z/qFSu94t9salKR3SJwFS02xH0+6gPGlhcyi0xMbDzcWJ9s9I/Z+EbUZ6sie9P+KIOX+HY/6o90Xy5rKezvC3pFdH09bBQeJyeDKe/DqdAFFgwV9VD6I4mblxSTRfbO5euU4985bU0OL0s+0KxtnFtevlkVbMegWo5Vo5r1QD6tPfny2tMKWm3gYB8NHOwutnlrPhpAM3B3ZcN/Xqs1L+rUv3taEz7lC86alv2RJWFIZeHbk9+9DO928jOtiuz6JBhAWwRIGBvJD2ZdpcNiUaG2+aQxHiA2b71WkYlCfLs5YGzmx9IGjP3+n/3SChylaLGa25MB0rETp602zTKs5YOjR3oM/fXG2pdL/RYeZ06dKgY1KTnnDidZpfZMLdIJ3Z+hyJwGm3Pp+VFShts3lwXb44J5V9vY8rlqY8MKso9XR6EWL+qjti4zLX3U4pwS5dqT8O0e+9A0jiutDZ6y8Y5qzr0UuOi7VxTshL3clBh7HAESxob+4L4k9cuRvkPzuo0gk+VurAeIzfvgx1V5/d3VRgKK2nNWUCi3LGf7JirESzSIqf5dkr1nNp9hzcZ+qa1/dWyrhcikyUnZpuMnT5dkjxQeogJvTQ7qN28x84CTj0jKMBgWHO2i7H9FKbjF3LxHLgyPbfU9Jt/Zik3HTp7+ok3wtXe0pG0fjhMnTthFkcxrBT6sCrBH0AcJY8TScPp5nY5OfLlxqf0yqfbplhXqtXd3T5OMP9f3ks505cO27cF/+R9/EO2jeF+538keYwV657IFKO/lwe1bN+gnszUHQid3srMsKUNIUga0mNhoreEJvBwl/ftWZS8G7uC4Ty2/LxuuxvkTewY1SBgbv/wPPzi76ULxWAbxbevcan0mXvureXn/LRlrr/9M//jLueaD1U6LJ/2zKrI3lSRXQAvXw2OCvkUd7WsaHLl2SRkYDBZZUa2Dc+mxc6JmmLduXd89Nfk7LD8wrjXxtQQ0/Y5H1K+aTE7nry4u37rF54g9gxok7C7vv7WkkUO5cd9FfSbmo4FVx9VstO1zGvyl+n+ES/F7RZ6r5dIJOylTmO+fJWVQC6kO8gk/v1P70/udaU6EgUknMzGr1t9PsGUFH2YiodR4REMT18JHQ0k0+V2U8AjoAQESxtbs1Q6/ERP7bOCfB437zlnmrYNRhrtxE2/zQQ2Imm36vV+RPzy+JGgrHjekaWxGch8hyWCw5/N9Paw24PbNG9dkhwTiviUD5D2dzocpDCeKmRneP6RZ6/ZsbDxrtTaZfRjse24uGcZgWIotfThdm/6uwC5GgISxMvvrb8rZ97/pzl5/3ukJe//s1WdbF7JBVTdqx/SM/qgxL+5DcUDGzwFZT/X/sOCoFh6V5dbBby1gtP1i07nr33Sz178pe5GXIFsIroVfyAAlwcOuLWgn7++AeLeQecD7ex/eHHZSBp85rr3WXg2qIDgzM9sSPGOwfOBy34vOzYC3/Bp7LMhdXi6vhl4yFyX0QoU1YxzKfrDvfxAGZ/Lza2vpcfiA3Y8ACePGSks2UOXv3L7wM/1/oG1NkmV8k41mvxPrQ7FRuDNWSRssKcN64eNM/w8XnovfW1ayDywAtKQMtl8sqBrqJcY9rCS7O4PdgXgw2HTzNr9SW/fnZMhcLTsIppNGOvtBmNpzg4zuMpa+P3BRNtM9Jd/MTk1ZLZL1+RqCAy7KAppCM2XsQQRIGC+F0JIw2FVgKzRNuWf2WbC0v+2yv/lxRQt26aZo1nbbkjbIyHs96neUTcpg7yV6T21obZp7JrR9Yful6MW9JG59T3aodS6bijYM3LQMiCUtCGrBouxS9v40OMoPBut3KilDrfZMJTdrauKZ5w/LNkVXxSfXuGAwZC5srQF85ZVTMghJzeas7MExkKIMgFqDm56XNH89ODMzmP1rOnz/pfYkpEk39hwCJIyV8mv/+NCH8nZqVjHYV7t87sbz7Z/wm7cWxi5pQ5yUYaElKUP0XlrZe9d9cEVSP2pe5EL51cdV2YMs61P6vvPy0vHjr8p2HT8ZraNN0oLdwa7Oix13uZpHJ/7CTl09tuZE+c7gYbixEGXT26Kkid6BfOp3DF5tMpuSOkkoUJJtqjf7HNZn6J0b+RrhWiGqwX2Unhe6yajp+CCCpOQ7tiAt33+5RO0R9iICJIyd8uu/X/K+Ofip/rjN6r+F2b/9RvsnWNIG67tTN8pJGxpJGVIFgS5JGWavR7/rC1pjNNNcXC6VT/9+z2aOammOEjerenk7zVGSwsPsbh2gsn51vuX9eb/04c0bO3osaa3D3fT9JCDVIKn/IDd5X/u11s8KkkXBUNlgynr+yY7b49zFbQW4SXAUN/sczGc4WcuO52NNOQdV0zUstm+1hu7t3OxiYV+0Xw5sdfvtAsLx75y2pucLrec3vzL8fofAaCJAwlgqv/b7+XSTA/1RthP7kY5JGyyxwXgkbegrKYOaSd573QPdNwuyhyXNUSqZmQVnNWwH+y1kW+FMa1aiwoMeNFdTD+2azFzNGhaXaTqYDK47LzssXHumrP9W0vOSgtu8FbR7TdqQ1IgdCCaf+7hZ6+erguHKBbjJBYqF4/o96qemw757Wmtr370jueBo29+99fWvV3Oz7GR6pNOxNeSMcT378EO9WJG6OJioB0lH+t3HyXfEmqhfaRccWdNaAfYoBorF2PJB4ZzzUb+bKNBxheCO35BDGjislM/mfkMtscHrPz2mJeU4qIqSNgRX5LV3j8r7b3oZBVFSBt9XUgaXTv+thUrv1hgQVaxZnb/ksx3yp0I3aYkH3j5+8vSSuMDX3IZdlc08LyoIPfusuJpzgQukJjVbx2WXGlXempzoAWNZnnZLoob9bZIyVMN1f1z31UCTmty+eX3T75o1s9Or4ed8EOT6XLjL+mRL+/2eFgRXa4XQy+PHjQEz659dEAa2rB4CfrYQFi7rwZC8L7+iNa2/3q21gKMiXNu3VNi39l1JXYBK9vm3dXpbP7tqTT8dWfsqM9hp9PlNTkoheEZXUnM18UWdfbGQyajmV/RT/3dBbjDaftkxdvzEq5V00g493uwiyiENzB7VzwszWuscuEl9T1/u1+D80Z2b1+Vpu33r+rwGjnpMRy0n6oq6/R9r8FSWaB+/Wo3OcX7NBndtLBTVxoXOmh1H57foO7Lv65eldbyxR4F3x24v36gKsEdRg4SxVX51teq9pfOWeqHLkjZY7UuPSRuiH8fRSNrQb1IGaSRlqC/vbV/s1X5HeXEtUsuV1ikrZEuc5c/6dx2xAOD4yddc/b/Ex84RnSzw/J0FDqk+R96Co93W5KSw72v2XovZucFUclX6swFPPbHPz/Z1fr4VtAv7nvtEb1ph1j6n/fFndzr92S2IZbl0tkwzOOJq+M6w4CPwYuflTH8Z/fC0MB7YMWCf3cuS+uxS3z1rXmzfzY/1u/dZdiye+DPUms6B1N7aRZTcrGJybB1JHVO2PQsaRNh2Lwwpa1zfbt+8cTb5fmQvODT3sX13Z3U62NzH0fuxoNX2fXR+y35H6mw/h4du3br+UIA9jAAJYy1J2nAhNWvakjbMXu8racPcU03asIWkDBocZQq1UVIG3ReCBrvS2iZIMkXx4WLSbCeUZmr032kBKQqK4ivUmYKDt2QFu7M9vmuTJS5678UhTD2zfd22EGjrsYKgfk72eUn8GYb1zy6urcimKLer4XQ03zlR4brWmlQgYp+duDupz6753XOTn9h3M5eO3Vtz6kFnUmyXGU4sSGqeF0LbnvrxVM8aJyPCvh/eh7aPV1oejPafvxrtz+S92GRBp+37Nuc3M5T9DIwrAiSMvQ5JG+b7SNoQ//A9jaQNW0zKIHETr2RxWdrLSRm6sSApKWQ/6rxUPRjw7ZrMRYUGvSJ+aKeTFSAJkkJvF0BWpH+NAh9Xw3fe7ds3lmtBeEjiz65b08pih++eeWQXJm7fujGUQntt/Zlj0sexFcrEz2WE3Ln1QVn38dHkot9Wm4p7u4ig09lh7WdgHBEgYVeIkjaIPKjfd9ZcrfekDVNPMWnDIJIy7HhH+i3yuWlHWCE7LqhFhYjNCmuSPP7ICtcuDI9aoaFNAXur72XY+2Ar6/c7OPXNOqanCoGPNllP/Dqpz65Nge+pHIcjuA292NZ2Wua12zevv5Cq6dhsPc3PTy9s1Na+fKHDhYmB7D9rDlhb23dokwAjOh9E27P+VT99PHfkM4738Y2z+h15IXeO62k/W2BUW/vqkK7jmgzGKJ7jduN6MWROgF1i9sZUMZ20QVX9kzUtWD3bmrTBvP7TUiNpQ8RXxAc7l7TBkjKE/rNsv6PakXb9jhpJGbL9jiwpw1H6HfXnlVdOlcIgKOnJ74+ynZNdNRT/RRDK/Vrtq8ry8vJA+jpgsI4ff3UmDORw4Ny385+fXvL7tPYkvMtV8NF04sTpafvswtAX9ersi40HnFsNvf/cifs0XA8rT+Pzmzl1quhq7nxmu/SY0h+Dvw/Xv1wep/OBneN8IXhRi+OHM9+RzH4er/cE7DQCJOwqs+9/fdq5grW7rh/bD/1acKQ8u9r+h+D1v1rQRS827nunVyvDeXn/LRkqS8pgaZUz/Y4sKUP7fkcaIFlSBntfxfrC3tcO0e8IAABgsAiQsOvM/ub5ORdII/213l4KQ5kvn/59+ye8/o41cXu5cd/7eXGFJXGhDI2P+hE1A7MoKcNftG0qZ0kZfJy+9Uzz6dH7oU8MAADAgBEgYVeaff/5ReekUTtjWd6kFi6W//wPbRZenJL1tU+0RqfeNE9rm4JLGiB9IcPio1S3yW2/Iv/41aG2/Y7+9hsSTAQL6X5HUVKG8el3BAAAMFYIkLBrnb3+vDVJa6Rl9Zb8YGPjXvns49aFT/20KBMTurzfLzupnpSh02CwExtHXCFKO1v34Orp3x8SAAAADAVZ7LBreRdkUrhqoGG1Nu0z1UUBSpRpaWc5fc1OwZElZYi3uc6SMvSTRQkAAAB9ogYJu1q7pA0ukENXTv2+faY6S9rg3HdlJ3j/6y5JGabcM6GlLS82liYpAwAAwNARIGHX6ztpw1NmSRnEy6JGcOk+VCRlAAAA2AEFAXa5h3ee/MP0sWemnJP/JZrho/+/nz428Q8P76zLKLGkDC5wCxoQ/UV9XpKU4ZIAAABg6KhBwp6QNFmzZAfNpA2+dkjWJh+0HUT2KeiQlGHl6unfvyAAAADYESRpwJ6gQdBqS9IGV7Dxj6ZkdEy1ScpwVAAAALBjqEHCnjL7t98oJTU0duy31s5cfSDy+LHsiGefFTl7MDPr7PvfvKeRW8luaw3XQZIyAAAA7KwJAfaQ8p//oTL7m+cvuEAuawjSrl+PjYO0U7VK1rbvUXqGF7mmkVvJe7lEcAQAALDzqEHCnjR7/fm5lqxwv/qt/vFlrcE5IzujrBHRWfnnf5yZOfv+8wvl136/IAAAANhxBEhA3a9+W9RvxIrsJC8HNECqCgAAAEYCSRqABn9RolZuOzg5+YkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCGEzw1Dx48kDAMBQAAAHtPEARy8OBBwWghQHpKLDhSZzVA+rYAAABgz9EAqar/ygRJo2VC8LTM6nTFrhwAAABgz/I6XROMDErnT5cXAAAA7FWUBUcQTeyeogcPHsyGYVgUAAAA7DlBEKwcPHiQ2iMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADBkTgAAAEbI3NycFNykhD6UQO//fOnnMgi2XpGCrjuI1m16XX/75xakJl6Wlt7t6fmBTOrSYWNe/Pw1ff6SABgdBEgAAGBkvDH/ptT8+n4NkM5476e0oHLfB0Hl8uV3vGxRFJwE+yQM1/aLTEwXnHvR1m2PRet3UhHn9PGCX1r6y9xz/0Ifqjnv16danxt8qgFSNXDy0InzP198p+W1L8y9Kd4e9OtFDZBKIv7b9cfi569VgmBytd1rp1/faWglLvC6H6T/919fh72ok63sy162oxEE6vu1wNNHxcxQmsVNfSAJEQOv+2up9/cyP/9mY/v1c/T5oLIRVEdL+Pg1neu6v+rHhX6ezec0tlSS7Qz9ZgG0HbNe36yPXlKfF4rvJWjG6CJAAgAAI8EK4QVXm9Oi6mLmAeeWnJf5dgFIL+sUebxfC8LnxYfndWVTrUv5VX2N5TAM3tbi7Uq9cHvhwo+0sOsOOBee1wL0mfbPjVS16H9J13Ot5uNApxFQeJnVgvN3tcBV6riRTsr22kHgV/IF+rm5t+z1r+jrT2vY8Z4GBwv91jgl67ij2zAd7cuwNt9vrZyuo6jruNpuO+y9BkHNheH6lAZIM/p+X9QA6bCP9lc41dxvTveTr2rg8akGSBqY+mWNpvzlTQKlJMi8F+3D6HNaO6uvvVp/PB1U67pfirbRXtO5S+32lwVGzk1o0LoxZceFBkiHG89J6Gs91HXdD7y/qwtX6p9ru23ToEjXISXdxs/19v+kAZIeR4WH7ZbHeAgEAABgJPhiS3AUzfbWvu2M9CkOjvyBwE1+ouu42DnA0fkayAQu/FjvHHxj7kdRjYXeXghc7RO9cb5LcGR0u/1V/f+Jvd4bb7wVva7++VhL2le6BkfR+4te+zN7PQvK0oIgvBw/37bR3oMUpQ9x0GkBlgZH0WvZvnQl6ZMGewudtyN6r3cCN/FZ8n7P++j1fDG736LPtxQ97vwdnWHveV4DHBc3YexotrEPvZ+xICx+b3MaxL5ln9OcvbYdO41tjJdt2V9zc2/YP61JlKt6XPzOlsk8p76luv3xdjo7Jj6295j/bOrbZjVQoYTXNBh+qIHuGxpszcTvHeOKAAkAAIwEJxuznR/1s2/Ehds+WHAUBT3FHp9QDJwVhuVlsUJx16CqzatpoVqDESv4zyWBVUn6ERfoF9Lv04fh5+lFNBCYlb7EQUlmjrgzmwQkGbY9WkN2ODe7UYMTvWcvMx32lU+mdoqiFUgSBZZR0NKWl7DY4SF7zpU4qO702s9K831YgOOOWMCs7+eMtN/Olu21/dcpgNVAr3R56WdLgQvmrGbMSbjopVAOpDYjGFsESAAAYFR0DEbiQn7vNR/W9MlqX6TPGhfbBqvd6Du4SViQpEHNYj+BVXYFUVBWqt8tiFtOP2yBSj+BYiBhqWWms2BG+ti+aHuK0thEuZtu4ibZgMJur+jfq7rgJd2P83r7nN3WB5a0tuWBtAYgGlhOfjw/3/v7uqDBThBMXtEIcjb3UBLg+Ef6mheWlv6yajPj2kR5OYhrhIqpxR/Zdtk2hl4OBd4fDX14TGsEy9H7yKy5NYB1zvmkpnLKOfm/A3H6vCe2b7b2+WMkTAgAAMAIsGAgjJqzdeDcRa35qPTYB2c2rtUYQ/o+tRBesX5CP1v6WWV+/oerLgm44iZqUcBS2Ww1ST+oM22qb6YKMjHdyzpM6KImbunt+yh9t+YLxwpSu6LLfaoBkAZPP6tI9+0qOrdxUd/HbH1e3KTNLejn22sfq4Xc56sv7Su6jl+Hsm7HSDW7uD/gXXgl0/3ey0ehbJzLBXt1y9F2yvp5p7VDqVexAPa+buc92864hi84oOsqewmWQ+cPF2TyjNNtEYwtAiQAADASLBh4Y/7Nh77eXyYnaSpmgcLqZuvSq/lntpz27ilL+umUpB7AeP+eBU31x7UQ3nys+5pamtc1xOurSG9eSt2uLi6+cy39YFJLc1R6lCx/dn7ujc81+LiY2igLji066vr5aqCjgUv6eVLVWp+zS0s/r3R6TtzUslmr5yW8tLj08wXZfDvndTu/SG+nd05rruSgbaeX2lIQBFedD5YLfqPoXaGo2+IWu2wLRh9N7AAAwMjwXt7r9njgJuY26z9jGdd89yZyK6FfP+B92PW16ptkzcNCLRDbcwLvjyTNr3q1osHOnD3XJl3bWck33Wr7oq4RJGrNWiX9mAYHZ3ppZpfvB6P75EHq9rTux02bgenrzLh0c0Hfc1C1KQtQXDZIm6onYOhG3//55m15oPv1YLfg6MLcm7OSblanNUeLi92Do/x26gula82KdhzaDat9unz53ZedDz/XGqRiGPq7/awbo4kaJAAAMDJCWV92MrHoOmec61rLEDcr21joNpKJBjnnLi8tVbXwv+y7Nemz7fH+aK7JWFWnyoW5H36ertXpwAKxQ7kmXGUNTJadm/xYt/Bg56e6F+u3kpq1SiroK8omzezm4vTTjVo0J77irB+QC+4ls+rBSLnzOua0tsrNpPdkIP6aDJIPL4kLSqk5h7ttU6J+bKzU/PrRDk3kIhZIeieZzymUwgXpUxgWLgSu9nJzjjuv616op0v/2SbNCjFeqEECAAAjIyrsWpOyzrRg3y2TW5Re+aXOj8tKr4XZOBlB+2UvL/1swdv4Sd2eL8F8u8K7zQt82FchPfTh/cx9DVw2ecp0uqliKEG5JrWH6W22AGqT2ripXLa36qADAdum9H3dpulenxv6QtfgKGH7qdi456VcT9zQj+g5TpZTs6a2ki4d44EaJAAAMFKsX4ddoe9Ui+Sce0mv3i+1G+w0ztrmumTDswFde2O1LtJ9Q+/qQh3HZ/L+yf1Oj1lgEPRxndr2SbrfjdbqWDO7uU4Dvjqx7G5BaluC+xZMzM/9sLHNm/Xpyjd30+XvyiYs4NLnWa2Nfky6HamOYF5neI06g6jZYmj7IAoWL8z/qFofN8j3mv2tx0BnoDVgYfR5zzQ3QXpOdIHxQoAEAABGSlyQf+O9Tk3YOmVya9ecKmcln2CgO7dpMohuutVuxIHBm9LPunLN7KY6NbOL90PQqEWzQK8eTBREymFq0N2kNm4pv452GfC8L3RML2cDsDoXOO/XixJvozUR/JZk06zb/rBxnaq6VZ/q/4f6nnSer/o+07H3GugE4l5MvYfVDdmo9DMGVJrWwlU0AE/NaTaDxO5CgAQAAEZOvsak5fEgON8m5Xe2OVXLOnuvPRpFlkJbo5BS/X7SzK7SumR23CJrXle/nU8bbrVxuh+XWlNrZzPgWTKEdjU2SSClgVGUWe8ngZssJcvHoxFl30A038cvHNU0qYe+/zGDVntuJplqZuji/mMHZMue6PomUvuu9+aAGC/0QQIAACPHakx8t1oC7zODnUaDdbqgW8KFan+1R6MnlI1ypg9R3MyudTkns+n73q9lm8b55n5NNbPLyA8wG4pr6ReWDJBqAcfHNgBrbnBdv8lUX8iCjKL0QeOs+70sl68pstfSAO6z7UwukyqcwWB3KwIkAAAwkgq+ezazeqrlmO+a2tsPOvvaU2BBo9b4VFKzWhIFWMCkhfjDjRlRX51sUz8bkDd9P5/0Iq4Vyvatsj5M0sIXbXyhfGCk7um8+dCHx0K//kJzkkOB90d1m87pZ7XkvNyTXCVTL5z4hz0uOtQARrdjRbAr0cQOAACMpDbprXPc+R/Ov7Ww4Z9YM6+Fbqm9vZ8oyy4QhP69dAY7L+5Mtqlhtnmdd8Fyfh2bN7PLN69r9mGqS6VTL6Zmr4Ten1vqM9OdfsYPOg0O3EFPfcNa+3n5VefdAxkA3d7Vmkz0nS4c44EACQAAjKx47J6O6ZStgG/JCO5nak3ytpjaeRTlg5soq5qXeUmCBmtelwoTVxcX/6p95jlrZueiMaVastm1Nq9r9mFKraCYTQHuV0M/cXSL+7nPZBi9J8+wJonNZnFOg5po3CQBuqGJHQAAGFkWELguqZS9hHNJOupip2VCKYx1coYWPtNccKogE1HtS5vmdcudVtHSzC5prpg0r0v35Vpt6cMkFpdt5Dr4BCMZhAbi0s3xikK/IfSAAAkAAIw0q0Xq9FhU++H8onReYNfUHtXlg5sko5/dzASK3VJhx1ngXLV+3wKreB1R87pmczcNstqlKw9ckElxHW6xj1ec6GF4QYv3PtN3Kj+2E9AOARIAABhpSUrnauclOg8MG4q8J7tMPriROMX2VLpvkqpumgrbh/lsdsV8zVDvA6uu99lMrvHKxT77H/UlyNU+WvKJN+Z+JEA3BEgAAGD0ed93oBMnF3i314xnY8Wnghs1ldSMvNRcoHOzxLp88BC4iVmXGmBWugRZ3kkuM95EUfpktUcFF74kQ5RvopkEgi8nNVd9mZt7Uy7Mv+lsIsja3QiQAADAyMuPAdTbcwq7tje+l1xWPucX02P09FLz06Z/l/U9KqZepNLpuT4MP8/cd1KyAKJX9TGU9DNdkCHLN9H0zl+x1+5ne9+Is+Ed1OmzZKKp3i5GgAQAAEZe1A+mv1qklY4Z3HYB61eVDW4yzQw3b16XCDN9dLJNFbs1T8z3g7KU6/rn4Bvz3WtWrJ/ThQu2jD9gYyh1ax45KLYvtMYtHSxPxa8tBy9ceNN1qk2ybZ2be0PmtcbI7gbO23OKNoXiZwW7Fmm+AQDAWPBSW7KCuOuhUO3F9ZC5zsk4897flTYp0L1Iz4Gh1UQ5qV1s81C1W/PEZIyqe/paR5JZGnSIBRDzF+bfvGajvzrfHATWuSjg0sqcdfvszgeudj4JjmywVfsgijJEeuzo8RAcdnEtkCnq9n6i/8v66Nu6zdVoI5NN1m2XWrStzvpH/SRumudS68sM2ItdhhokAAAwFvqoRdLao3c2bWJWk4lqt8e9Cx5JV12b/G3aHLBbk0Hv5AvZhDU7bPtc33vTwtaaqMZKNt3PNV84J3GAUzel7+mqxE3QLLPg2dRkyR8+DtzEZ7rui/XgKPSFo65rAo4ow55slx07ul+OaaCTHSjWy6zWJtWbzd3R6UoyfWLbGjj3scsOVKyxkb+0tPQOgyntYgRIAABgbMS1SJlCeYvQ+3PSgyT9d6d1Vb1/cr/b81ubmaV0GYOol2UK3m/6fCv054Mbvf+g37TmUU1UTigTPbz+X1YtwJHWfVh01p/JaaCRTBqYLMaBRhQYedtOe26P27rFDHmt27u4+O6hpLmdz2+z7ggbdHfWpjizXktNpQZ0/ujlyz9bEOxqBEgAAGBsWFDQoVBukqv7vfW/MaEPL0hrYdnWc63d+D9pUd8W8eU2z1/pZXBaLxO2TP59eF3ZUq99iJIEBPXX96G4vrP9JTVRK+nX7zXIsuUuL777gsTbsSKt+6LOx5N/pMte+LkGKvXX0M/gYeNxL/fyT9TC6kPJvMdCRbZhcenn83oMvZD67HrZ5kuhXz/Uz7GF8TXejW8BAMCeNDf3F8VANmaduD+x+1qKrYbif72VAqyty7mNi4F3397Kei7MvanbId+Nt8P/vQYcS5sFV9nXrp0PvLyor73qnbvbS/PA7DrenA7Ez4Ram7TVAnxjfzr3SIOXLY8d9cO5H5bCuKboj1wyAKztU+fk05r3n7bbvrm5uShNuS7zrZpfbxuY1rdPA8DlQaZut/WKrE87Fxx2Xr7tomaCUY3VardtBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg93ACDFlBAAAAMKpmdarq9FiGY79O/2PyPz1ZIPJERsu0Tj/V6YBO/yAAAAAA9pyyTkUZnrJOvsP0kcTByKgoSbxd9wQYogkBAADAXres06fJ7W/p9JJOMzpN6XRE+lNvBudl+/pZVy/Lbnd9g3xvGFEESAAAAKPPCuaHJa5NeihxMFMvpE8ljz9q87z9yXKr0t1diWuT6i4l6yul5lkTNwuaKsnrn0+2ZTn1Wmd0elGnL3S6nzyWDyaOJMtMJfev6bSSW8Ylr/1Savs6BSUu2a7/M3ndh8k608vnt63dMrMS799ryXutr+89iZs5llLbY88vCwAAAIAdVZa4YH5Hp0WJC/FXJdv8rSidm53Z81+S7uv3yXrrXLJum/9Zav5sMs+es5LcXkgeOyhxQGXzwmSy2w8kDk7qFlKPp5eby23X1dy6bPpIWpvYHUheI/+6tn1TqWVWOiyTbkJ4L7X+/HKLuXntthkAAADAkJUlDgyKufklyQYKZcnW9tRt1l+nLM3+RgvJtCRxUGABz0xq2VlpBgy/kzhomE62LR0wTSXz70hrQGOPnU+eU0zW+SiZpnKv81nqPdWXy6+vHjQtJuubTrbhamqZlTbLtNu2e7nXnU491yf7opisv74fAAAAAOygssRNw9qxAv10crskrcHQbJfnptefr6mpTyuSrVmalWawUGwz/2pu3RbwPGqzvNUoWY3TkeR2OVlmOvW+vLQGfAuSDWqK0jlQmdpk29Kv0+11689fzj23/r6wCwUCAACAUXa/y/x64b6S/J9OPX6my3PzLuj0Qmo6msy3wKKUW9b6A1VT9+uP54OI1WRZU0z+W7M0q6H5Lzr9vzr9N2k2AZzKLVvJra+cuz/dYbn6a6fX1W4/fJpbTzvV5P+jDuvHLkSABAAAML7SBXdLrHA+uV2UuHBfld6sppa3qZKsz+RroR62ea5plxL826nbRYmbudnyhyQuh/4P0j7AqS/f7f5qh/m9LlPftqoAKQRIAAAAo222w/zD0qwFMRWJa2FsWpA4+1o/XG6q1+x8scnz6jVHFpwdSD3fmtGVJG4CV5FmTY3VKj3ssu67qfWlt+d8bjlbRz3T3sHUctZs7+XUMp22zfoUVaU14AMAAAAwosoSN3OzWpx0sHBRmhnk0krSmqRgs/VbXxoLNFZSU72PjSVjKCbLzko2c11aPeucPfcjaSZPsL5M9UQPU8l9W/dcsr5y6rVKyXLF5HXrWfCuJuutZ5BL97WaS83/KFn2UTKvHpAtSLNPVX6ZdCa6dn2QStK+D1M9eQMAAACAHXRZmpnTLPOaFdQ/ke4ppq2gf0Z6X/9nHaZ61re6mWT++Q7rWkgeryd5+Fha+y/NpJapZ8K7KtmMdZK87se5ddWfeye3ztnc69rtM5ss027b2m3HtDT3RdrHkk2BDgAAAOApKG7yuNUu3ZOnq97Mr5uiDG5d/Szbz/oAAAAAjCmrMSlJszkegC2aEAAAAIwzqxGxmqOSTtekc1Y4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7BVO+vT48eO+nwMAAAAA42BC+hcKAAAAAOw+PhAAAAAAQIQACQAAAAASBEgAAAAAkCBAAgAAAIDEVpI0eAEAAACA3cf/dzh5bU8fdC1/AAAAAElFTkSuQmCC + favIconLogo: iVBORw0KGgoAAAANSUhEUgAAACQAAAAkCAYAAADhAJiYAAAABmJLR0QA/wD/AP+gvaeTAAAFTklEQVRYw71YfUxbVRS/c2NzfLSoi2xOTdRlfiszxo8FDfEfAy1gzOrEPkpblibyEfQfZ/xYXvBjvPcAEVpoYZHE0cfkn7nMLOqciwbaMvcHS+zClGwm+1A0GmXTuSVQf/fe1/Z17QYtrTc5aXvuvef87jm/c+4FQjIdkcgy4g1WEW/g05jOGxxjOjr3v43R0eWkP2gFkO/hPILvB3WAwkznDU5ivpatzdnwHc2DExvxhqY0IONJ0YhFLRjSgJ3C+lbSFVidxYiEV3IgwWnNCU/LggcIlWHdfm3PDA4gkqHDxZkD+fhYATudN3gmBqR/4pmkdTblISJII0zo9yvHQGCzBmweMgtgHyLa69JJjREb34L8xo2E9hLvxKNJ6+qUx4kg74PMQ36G/KJ938fmkoCNl8LeJ5A5yN+QHjIYunVhQJ4ja7H4a8ge4gs8mByR9jJSJ++H4wgHIW0nLjGftPSsgt4F3WltbgzAklM7MLERtj/CQQOkd+yWa9XxspYKGL3aoEAE+RBzZpVP4bOV2MXrk9ZZxJWYsxFB+ZEDU8Y5sNStgPtMMddc1XtPs8k90VrdXaIHyYwJ8hHt1NMsCuXiigUj7fLlcWDSCW3vMfbbEm8F8HkHfE5S38mATL0NmIw0Vns2cINIgyCHtVNOAoiFiOJ1aRcHBc+AyVMasDCzjdFY5SmjPltMbmcKQJ5dzWb3TEwhKOXMQJ3cdLVwpzVoZASpTTtgeTRdAHSxxeweTAHIfRxI49eAVXkTm+eIpd2YtZ5m69yoRekNnd8xSDhh3SvPfVAM5VyTyb09HiHpM5b3rA5EWpB/ZVUaJbXJ3Q7f868+23VjbFmT2V3Jc9nzVJzM8u+opv6sX0G8d/0RpUGL2VNFfTdX9FboAb0D5WVXlS+fNz3pXi20tqwDssqvM9u1HayyaGRodlBUbXH+mN2HaMnrunADB7RzQ9YBvdTxtNbLnDoehZG6rzj5wX5wZ7a50tOt488ubJrJyavB0rUati9BBnUtZwCgzou0RaD0NrEcmnu36vJ8HLI3Z08Z3mhjlYWA1LMeWOkpJU2V7ib2o8ZzGw/pzhtYudfJr+UQUDe7iC28shCUu1hQTJ5Gim4YP87qGqKJ5ZjeXbkaVnmr1nQrdWk7B0C7aYVNgVB9OvTvQS6zXOdq2LrWc0DSu7p+1EexEJHezonod7CUCVJ1DlO2Tau0HXp1EhauxQUqSAewYZZYO+7LfnQ6N8H2PwBzMHrzW0bJcips3u4vLnWqhhNOv0GM9wpG7Gl2Q2f1Lnv/Jtg8yd5TtR1romr49zhUw59OtYjz1qEaB6GYd4wYtyS+leULrNVn8uxIedvLX7DoCPIjMTB+gw2+I/YRw1D81XaArIIyBDlfrxbeH+/Y0vP8nay8vXTeKDKzVae8GFXZhw1PwOe/kADFkPjA252/DhNnafrsQ8XFVxiaQ5jNmV8XSg0DY5WlqGqbWlDiUItO21XDOedIfuq3NXL4JEBdgnweI5me5PTSTTsy0t3Y+5eexC4fybOrxm/g52KD3/DYNfc7/MaXtZy2LZnkFrFQewb/pCcxIuOlPvDpWJQdRGqAktzuN1riJ21/mJHcKgfw6VuU8LUX2N44mHoGxm9UFn0wGlJs+paSvGFP4QM6Pr2Adn80LaF7kkn8pXiYrEgr9fbRgrVoB2ew+YcEkmc4ovZAhZMutWhNRkYcI0WbKclReZ1LBqQahmFrNqGtZDKcfqMr1kH7x2/Gn9eWtGQwVMIPZ9zi8BfVZPce8gYU7T8hixdfyJu7f1r1B9aTvu/uTEt8Y7en4+I/ob4UT3VBKqAAAAAASUVORK5CYII= +#@ end +--- +apiVersion: v1 +kind: Secret +metadata: + name: tp-values + namespace: #@ data.values.tp.namespace +stringData: + values.yaml: #@ yaml.encode(tp_values()) diff --git a/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/values.yaml b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/values.yaml new file mode 100644 index 0000000..fe76ce5 --- /dev/null +++ b/manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0/values.yaml @@ -0,0 +1,70 @@ +#@data/values-schema +--- +certmanager: + enabled: true + package_repo: + install: false + repo: projects.registry.vmware.com/tkg/packages/standard/repo + version: 2.2.0 + package: + install: true + +openldap: + enabled: true + ssl: false + rootdn: dc=tp,dc=dev + group: usergroups + adminpassword: adminpassword + ldif: | + dn: dc=tp,dc=dev + objectClass: dcObject + objectclass: organization + o: tp + dc: tp + + dn: ou=usergroups,dc=tp,dc=dev + objectClass: organizationalUnit + objectClass: top + ou: usergroups + + dn: cn=tp01,ou=usergroups,dc=tp,dc=dev + cn: tp01 + sn: tp01 + objectClass: inetOrgPerson + objectClass: posixAccount + objectClass: shadowAccount + userPassword: VMware1! + uid: tp01 + mail: tp01@tp.com + uidNumber: 1000 + gidNumber: 1000 + homeDirectory: /home/tp01 + + dn: cn=tp:admin,ou=usergroups,dc=tp,dc=dev + cn: tp:admin + objectClass: groupOfNames + member: cn=tp01,ou=usergroups,dc=tp,dc=dev + +tp: + flavor: full + profile: evaluation + version: '10.0.0-oct-2024-rc.533-vc0bb325' + tmc_repo_sha: 995872bc410553e0858155a0b3a7bc6d3a280fa1e795fc1f7aac7c129e8c2b60 + storage_class: tkg-ds + ingress: + host: tp.example.com + self_signed_cert: true + certificate: "" + privateKey: "" + salt_disabled: true + vcf_disabled: true + imageRegistry: + server: harbor.example.com + username: admin + password: "" + repo: tpk8s/10.0.0 + organization: + name: default + namespace: tanzusm + ldap_enabled: true + oauthProviders: [ "" ] diff --git a/packages/tpk8s-opinionated.tanzu.japan.com/10.0.0.yaml b/packages/tpk8s-opinionated.tanzu.japan.com/10.0.0.yaml new file mode 100644 index 0000000..0bab490 --- /dev/null +++ b/packages/tpk8s-opinionated.tanzu.japan.com/10.0.0.yaml @@ -0,0 +1,144 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: Package +metadata: + name: tpk8s-opinionated.tanzu.japan.com.10.0.0 +spec: + refName: tpk8s-opinionated.tanzu.japan.com + version: 10.0.0 + valuesSchema: + openAPIv3: + title: tmc-sm.tanzu-jp values schema + properties: + domain: + type: string + default: example.com + ca: + type: object + additionalProperties: false + properties: + crt: + type: string + default: dummy + key: + type: string + default: dummy + certmanager: + type: object + additionalProperties: false + properties: + enabled: + type: boolean + default: true + package_repo: + type: object + additionalProperties: false + properties: + install: + type: boolean + default: false + repo: + type: string + default: projects.registry.vmware.com/tkg/packages/standard/repo + version: + type: string + default: 2.2.0 + package: + type: object + additionalProperties: false + properties: + install: + type: boolean + default: true + version: + type: string + default: 1.10.2+vmware.1-tkg.1 + dex: + type: object + additionalProperties: false + properties: + enabled: + type: boolean + default: true + version: + type: string + default: 0.14.3 + oidc: + type: object + additionalProperties: false + properties: + secret: + type: string + default: randomsecret + tmc: + type: object + additionalProperties: false + properties: + repo: + type: string + default: internalrepo.com/tmc + version: + type: string + default: 10.0.0 + postgres: + type: object + additionalProperties: false + properties: + password: + type: string + default: Passw0rd + minio: + type: object + additionalProperties: false + properties: + username: + type: string + default: root + password: + type: string + default: Passw0rd + openldap: + type: object + additionalProperties: false + properties: + ldif: + type: string + default: | + dn: dc=tmc,dc=dev + objectClass: dcObject + objectclass: organization + o: tmc + dc: tmc + + dn: ou=usergroups,dc=tmc,dc=dev + objectClass: organizationalUnit + objectClass: top + ou: usergroups + + dn: cn=tmc01,ou=usergroups,dc=tmc,dc=dev + cn: tmc01 + sn: tmc01 + objectClass: inetOrgPerson + objectClass: posixAccount + objectClass: shadowAccount + userPassword: VMware1! + uid: tmc01 + mail: tmc01@tmc.com + uidNumber: 1000 + gidNumber: 1000 + homeDirectory: /home/user01 + + dn: cn=tmc:admin,ou=usergroups,dc=tmc,dc=dev + cn: tmc:admin + objectClass: groupOfNames + member: cn=tmc01,ou=usergroups,dc=tmc,dc=dev + template: + spec: + fetch: + - git: + url: https://github.com/mhoshi-vm/tap-carvel + ref: origin/pkgr + subPath: manifests/tpk8s-opinionated.tanzu.japan.com/10.0.0 + template: + - ytt: {} + deploy: + - kapp: {} diff --git a/packages/tpk8s-opinionated.tanzu.japan.com/metadata.yaml b/packages/tpk8s-opinionated.tanzu.japan.com/metadata.yaml new file mode 100644 index 0000000..50b870c --- /dev/null +++ b/packages/tpk8s-opinionated.tanzu.japan.com/metadata.yaml @@ -0,0 +1,11 @@ +apiVersion: data.packaging.carvel.dev/v1alpha1 +kind: PackageMetadata +metadata: + name: tpk8s-opinionated.tanzu.japan.com +spec: + displayName: "TP Opinionated (Unofficial)" + shortDescription: "TP Opinionated (Unofficial)" + supportDescription: "https://carvel.dev/" + providerName: "Broadcom" + maintainers: + - name: "Machi Hoshino"