Last active
January 6, 2021 00:44
-
-
Save sudhikan/76e5c466e14b3cc6ef5df4ef1bf99cea to your computer and use it in GitHub Desktop.
orc8r services
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # Source: orc8r/charts/nms/templates/secrets-magmalte-mysql.yaml | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: magmalte-mysql-secrets | |
| namespace: magma | |
| labels: | |
| release_group: orc8r | |
| app.kubernetes.io/name: nms | |
| app.kubernetes.io/component: magmalte | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| type: Opaque | |
| data: | |
| MYSQL_USER: cm9vdA== | |
| MYSQL_PASS: OWJFa1hrRXdsbw== | |
| --- | |
| # Source: orc8r/charts/secrets/templates/certs.secret.yaml | |
| # Copyright 2020 The Magma Authors. | |
| # This source code is licensed under the BSD-style license found in the | |
| # LICENSE file in the root directory of this source tree. | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: orc8r-secrets-certs | |
| namespace: magma | |
| labels: | |
| app.kubernetes.io/name: secrets | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| helm.sh/chart: secrets-0.1.5 | |
| data: | |
| admin_operator.key.pem: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBcWFSbWxrR004cVd1TWY5ZUcvSEJCSlRLY1ZzM2xPU2xaTlphak92dW5MMEtpM1NjCnVVdXNRNVVNdWFNNzNJdmdhTk9uSW94VStOVzFndmVRci8za3oranF3WjV3UDQvZ3BBWitkankrdW1ZdEx2bHkKbENjZlpWaWEyYW1naFBHMFVsLy9BcllsR0ljT3RYQW1INUdOcnR0ek5SZWtPMjduem5jK2xKTzhsL3p2dFErawoycHFyNm5zR2N6SUJabk5EWlJoY3JxdlZnNGo0VXYyNmcxd2Nhd1FvRmJ6d0E1UXVHdS81Y3FmVzhXUmdqRmc5CmtGVUFRQ2JuQUVHSTJnb0dZYXBSV01CNXMydTJrOUk1TEtGaVNjaUMrQVdOTmRGSDd2TDFCbHM2alhsS1FoelgKajNLSVFWQS9vZnorL3lXQXZYTGpDRTRyK3VUdkk3dDdZUDJidndJREFRQUJBb0lCQUZLMGV1dEFWQVlzYml1ago4MjZ1UTBzSGUxY2VnSStQbFc3KzdqQ01DYzNTZ0NTVEdxRmYya0VzbG9LZXFWMlJ1RHVEREpYVVVzenA2ODlKCkFQbzhUdVJxQ3FHUXErcmhLMFRzZ1pVRmNuc1B1M0dPWGFVTEdjeGdFVWFTNDFaTlBIdDRuNnZqdjF3ZzVEUGkKMUVOSnhBaCtwc0U0b0hIMVZRQWN0SjdkRS9JSXErbml5dGovNFVLMDFpQS93V3hPVmh0K0RmRDkxWDl3VTVYVAo5S0JNVExxNC85WkNITUl1UjVBTElrWDBpS1dBMzRpc0UxRVkzUWNWM0dhTUpQZk5GQlZsa0t3R2tLa1M4aTdQCmFNOG5Wa2FlTXV5OXAyUnd4elU2Ny94amRGaUtodnVPUnJ6WENtZkU5MWphcVhMREhZYVl6U3gyUG9VZDdRRW4KZ0E3c3Z5RUNnWUVBd24zaVJEZkJEQVhzQy9vOEtPS0RFVzE5VUNvSDErUlQycGkrb2NzdS92Y0Zwem5MUEt1SgpDeUl4b0dRazhSQ1BFblNPZXJKRndJVDViR3lUR29OSFJiSVBrNjRydXlSQVFERGdFTWVPOG02bkR3TmtWbEg2ClcxZVh4MkhBR0IxZXF4SnVOZ2ZLL3c3TWs0a1VyS3JaeDEyZjFYZWhBYmpRTm94NStuem5HeEVDZ1lFQTMwcXcKZ2ljeTdWL3dTL2o5Ukl0WDhWZDBnN0UyOHFTVnlyNURxUEF3eXQ3WEJiMldDRFVnTDloRHBUeVRUV0ZrMkRROApITVdPZmFSeW51emVuTmV4blloR2FVUzBBTFFUMHY2SUM5M2JGYkc4U1NOMDhoQllxV0plcjVsdy9mdHNIbEQyCmllcTBNWDhkM2hBd3FYV1ZEdUFqWnVBejdudlViZnpyWk5nNUtjOENnWUJBQUNpN0JoWFNuUWhHRUx4SFAvS2QKZzRnZkh4V2hwNU1vZGVjVldzVkdSWWRvdGczNUV3RnYxbnE2S3ZvMUVadmpHTlBoOEZRZnZDSlAyWksyd01odApXT0RqV2djdCtBbmtsYkRHRk1VblpkNDNoSWc2RjVQcEJ2UDlPbDk2RUFBZEQxMlJEaE53eHkvdXhNYzI0cW56CmZ3MmZzMVFhT3ZUWlhuU3RSdmpONFFLQmdRRE9wZVRzenpKR2xQOWlrREIwZXpFTVhnK3F3UnRGUENTVTJianMKWkQ0RHdtL2xGQ3dCdElqeFBvaDhKNjk3Y2FOT3BDanR4N2V6ZDduTWN4TWl2RXZZcXdIZThvSlVGRlEwZFBPYgpaOXNXSE1OUVBNeENLZmFqN0RJTStVaWxCVVp1V0NlU1EvQTN6cGpwcHJvaVdudDBwT0tlbHVmNDBna3JNV0w0CmxWTng2UUtCZ1FDWFZJdllOcWtBZDczckNmeHEzMXEzeHl6NXU5UENoNXBtcGFTN3I2QmtzRDA0ZFJUTXVCc1cKQU5mTXpkRTUrNVVBYVJaRlpqOVFLclFHTTJkRllFQnlpbDcxV0ZDRUpTT3ZIMXJjU2JTMXRwOHJsWkhQMkxLbQpNNmZqbjBvbGhPYXFrZ0t6a2VSaEVmWnk2ZlFsYTFFbElsWHBvc0VtUEZjemV0Q3R2R0F5K1E9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==" | |
| admin_operator.pem: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVekNDQWp1Z0F3SUJBZ0lSQVB3RTNoQ0Z4ZlBSQ2V3N3BNZGZXQ0V3RFFZSktvWklodmNOQVFFTEJRQXcKTmpFTE1Ba0dBMVVFQmhNQ1ZWTXhKekFsQmdOVkJBTU1IbU5sY25ScFptbGxjaTV2Ym5CeVpXMHVabUp0WVdkdApZUzV1YVc1cVlUQWVGdzB5TVRBeE1EVXlNekExTURGYUZ3MHlNakF4TURZd01EQTFNREZhTUR3eEN6QUpCZ05WCkJBWVRBbFZUTVFrd0J3WURWUVFLRXdBeENUQUhCZ05WQkFzVEFERVhNQlVHQTFVRUF3d09ZV1J0YVc1ZmIzQmwKY21GMGIzSXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDcHBHYVdRWXp5cGE0eAovMTRiOGNFRWxNcHhXemVVNUtWazFscU02KzZjdlFxTGRKeTVTNnhEbFF5NW96dmNpK0JvMDZjaWpGVDQxYldDCjk1Q3YvZVRQNk9yQm5uQS9qK0NrQm41MlBMNjZaaTB1K1hLVUp4OWxXSnJacWFDRThiUlNYLzhDdGlVWWh3NjEKY0NZZmtZMnUyM00xRjZRN2J1Zk9kejZVazd5WC9PKzFENlRhbXF2cWV3WnpNZ0ZtYzBObEdGeXVxOVdEaVBoUwovYnFEWEJ4ckJDZ1Z2UEFEbEM0YTcvbHlwOWJ4WkdDTVdEMlFWUUJBSnVjQVFZamFDZ1pocWxGWXdIbXphN2FUCjBqa3NvV0pKeUlMNEJZMDEwVWZ1OHZVR1d6cU5lVXBDSE5lUGNvaEJVRCtoL1A3L0pZQzljdU1JVGl2NjVPOGoKdTN0Zy9adS9BZ01CQUFHalZqQlVNQTRHQTFVZER3RUIvd1FFQXdJRm9EQVRCZ05WSFNVRUREQUtCZ2dyQmdFRgpCUWNEQWpBTUJnTlZIUk1CQWY4RUFqQUFNQjhHQTFVZEl3UVlNQmFBRkQ3OHVsbXZuMnRCVUFrUXpoUHBFWUZKCm5MWFVNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJ6aVJDWHNsajdLQ2xPaGtFQ29KaFhxS2ZYak1pZm1tcXUKQU9oUEdhbE5LcGk1Z3BqcFg3RmhTRjVLTVpsaDJ4SGJMeFVjMUV0UzFzMUtVZjdUdjB1OGRsMDF4R0Z4K05MZgpramxzTm1xajVWZlhjdXo3T0pOUS9XcU9XV2puVlRORy9DVUkzVEQ4b2Y2Z1JkbUsvbUIyWmNyMkVSQnk5ckRECjRaQ0pVcmZPL3JuTmdJWHdJQXFtN3lIYmJhVHhFNHVBT2pGNUY2MlBVWjFHWlNCd1k1UTUyS0NWdCtsWXFqQVMKVnNYRFJWb2d6UE5IMHk4NmY4Nnptbko4RjZqWU1UQ2NBNkNwRnlvdE1xS2U1L0hyL3dtYXFXYVVZK2V4dnR0ZQpNaURxbkhOZlJlNVBDaWMxemNnQVh0UXFpTGhDTzlIaTBIZjErRE5weGpnaGRnVmgwSm5wCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=" | |
| bootstrapper.key: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBb1hSUXRveWhvbTJvc3lRQ1RvM2swNUhZRDlxcXh3UmJjRmJid1hhS1phbDlEK2QvCmN3Si9OWVNzbjRLZk1pZk5uKzRJMTRFU3J2UUhqSHlTMkdxbEs4RXhsdkVEdWV6NVlnRDRyRkZoVjhiRHdJT3cKVG9DU1V6S05wVjdYWjVBbVIyTG9TSVNYNDdsUXBCY2hGMDlRSEplS2EydE9QYzB6WHJtU1VncWJ0NXhVM01adAplditNUVpNeWFlU3MzckZHNnNBU0xnUmgwRWx3ZXRHUjRNM0N3ZEt3c2s4QTMveGJMdjNiOWZlbWhMZDIyM3lMCmlPUXl5NmJ6MDVuUHhBMW0va29qV0pVU3BOMHZLbm8yZkVaQ0pwOFVFN3VCZjdma1ZJQVgwbzF6Y3N5NDRqVHAKYkNYemo5Z3M3L3NYOVNqZFBiSWQyWFJTZmR6djBhbFhNVC9BTXdJREFRQUJBb0lCQUJYNk9GWnhGRHVCQTlyRwp4dzJjWVE2dnBxS1oyRzlZMTMyV1JUbXpnaWxPaGZpWlFZOE5Rdld0QnJaNzJHSENhMG9lNDlNNS9hb1ZDOFlDCjJ4WmNoZmxMeGcxTzUzdnlsd3ZSS0FpRTEyUlVhU2NXaGZSWnFoRnJLejdjaHlQUXluVWpNSTFXaHpwM2FsTzcKMWtSUEJvK3R6U2pNSlkxaUZtRUpqN0pkUVU4ZjRFZ0hTUE5sbjFCRnkvNkNxcThlTkZwMlFlK09pMCs5YTdpVQorcVozbXJzdlZ6cFBhSzlTVmE5SDB4ZWFyWjdYZlprcjVQRC9MalZjY1hwS2VYQWRqNUZJMnVLVkloaFQxOG92CkNLOGxxcFlNSzd3WEtLdThIYWJ2anZmNWExRFB0OXdodWlNaFdaNlZwK012czh5czVKNTJHT0xIWjh3SnEvNUgKU1VYdGhBRUNnWUVBMGtYamhvM1J4YlRqMlpETTdYMEZ3K2ZDWDZjQ2E3VGptYzBnU3NsWVBUdVN5VUlnS09hOQpvMzVtMGdIWklGK3pXN1NnMWdqTUludVBEM0g0a0VuVjFZdlFrdGt2UU12cHRTclZ4MEdiZXBDYUdMRUl5Qno5Cjc2VDNMcVl0WU16SG8xU0lsci9meTFnNFpRclFlQTNnYnFJMVZXQmdyN0xvTEdRVlE2Yml1ak1DZ1lFQXhKQ2sKbWxoWDJrdXZRTmxjV3QxTUJvbGJ3S2E3WnA0QXBGK3Mvc3J5aEdIeVdzNjRHUzN1VDJzWi80MmZYVFZ0V2dHbgpWYjVyUDU0Wmx2NjNDVWdrV2NmYzcxcnNsa0s2UUxEMlI3emhpalozdDFiS3pxY1dVWFdlbTZZMWMxSGhtS1IvCm9wRlFjQVJ6WDhLK0g4ckwybExBR0VDWURZOGp0YThWaWRJVTRnRUNnWUVBZ3RNMjMzV0hLWElGUFUwSkkwMWcKOCtWVEd2NG0xR3BrSFVIeHNIWWJMMlhNU3VtWVpycEJET0xOQ0NaY04vY3krWUNsZk9WV1ZMSDViVXVrc2VrdQpZTUd2a0Y0T04wdG5hZTl2dUp4S0p2U20yMnZ5SWNkZit1VHhZWlhFci9CWTJYYnowSThxcHpLSlM5eHhuZkJNClRha2djN0VXRnRyQjl6U0J3bWluc2Q4Q2dZQW1BRWl5Umk0RjErZnp3NUhsUnk4eGZGQ3V1QTAyMDRrUVBpYjEKdzBxTGFWd3ZUaE90V29IZC9MaXovUzg0RitJaUtudXRTZmoxL1p5NDRsbUVnOXZ6TjM1eEQ4VDViOEVPVEtmdwpTb1hYOEp2SWFCRWhUcEEwQTJjOGRDK1ZNZGxKWjFQOW05WlBNYTBVY0ZQTlZhbC9kY3dKWkVPQks1RWR5TkdECktZZzhBUUtCZ0ZRV2wydkZCaDVTTmFNVmtSTzNhUkRnTFJjM0RxN2tTeGJ2ekx1U2pPNm5XRDg2YzIrbTBULzcKM1VrOGxKNXpVV1hlN1NzV2RabmNOSTgyWTBzK3JJMkhjeUxTWnByalNEdjFham5UaTVLbkg3Wm11Ti8xNytkdgp4OHlmQXlhYkppYnp1NGJPMEM3MlNVbXMrdUh4MTQvR3JMN0F6aG5pRGFFUnVldm9oOGJRCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t" | |
| certifier.key: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBb3Y1cjdtRVNxaFlMSDRIb1lBejRDYVhKUy9xd0k1alNmeWwrMGo0R3dUUEl5U0p6CkxhNjcvSDV0dWp4TW9YVGdBRU5Zc20wOE5YM3p6VGF3bkRxdXo3NDhpZXAyRFJlOTkzdEg0VFhiK0JUb0xpTkMKK2RmeTRuZzM2WmJQQmVJeStvS3o3bDVjaERzbUhHUE1VNXlKNmNDWHdKdm93WFZPUGxvRThuTEg4SkZ1cUVHOApzcUpOSmZNVUxHYVVVaWt1UjlyUStXM2dpMkJpMmxKeFBObS8xYlMwQU5XMWtYdThiM2lPWmxOclEvUEQyTjFRCklqNTg5c1NxSDYwUEdCZGVkZHlZa0p6Mit4Q2ZxTDFxcmhDN1d6dkVValRlTURSem1Mak52aGtnc3ErbjVETkEKWnMvREJXWXNYbHJ2T3BpVTRMZHNpSzk0NUZoSEpMdm1XYUg2cXdJREFRQUJBb0lCQUM2MWxINmF5UHQvRjY3dQp6b1lBRVhES1Z0WjBQOWZqcXFjUVlDeWw0OCtvSkdrbmV6UmpON0lURlNUaXROOHNIQ2xYSTJyMmpPT1RkYk9nCmNacEQ0dWJiMElPQmNsVXNNWjlqYitUbFIyVmZzRzNRWXhnd1A0V1JDQXpqeis0U3RhTStvNHV5OVBaYjhQNy8KeG9WTGZlWkQ3L2tkZE9WRDFhbGVxTDVHRUhBcStCR1JqazAwS2hraW1aZmZORUtSVkJDZHJIbTdRcktEYWIySgpGRHdheSt5Z3BaZ3FVTTZhUmlmT0l4U3YzNCtubWpDbHM4MzV0Rmd3MER2RWQxeXY2NXo1N29BWFdJK1N5NWdQCmdXMnE1Y0M0Vjcyb3d0S2N4eG5wS3JJd0pVSHc4NUx0R0MyQmZ3L1pwNm9JdTJmL0ZnQlRGaXhRQzNQQjFuS08KTzNONGw0RUNnWUVBMDU5aW1za2trTnBhQlk4NnR5enZ1dEhBS0ljaE5NdDRLbnBCSzhJK0dnOXlxNFI3MFRVNQpkMmIzWWNJVWgzSmJGUUk5WDVtOUdzVktvMXRPK2s2R1NJVDNiUW1NY0c2VWZ5MWU5M05PNUNGc0FpQUJBWjkrCnZEb29ZdFB5c09HOGVSMDladG1hT05ISUFKRTcxalhpMFl3YjRCMUlpWlEyUDBmY2pZTS9lOEVDZ1lFQXhTeDYKK2FMbmo1aUl3aU9FN1BsUHhRZGZBR2FHclg5Wm8zeWM0Wk9KemZCSm05MU81KzdKOExaSGxmZ2FXeUt5aXU1ego3dWJrU01YMGJOcVRmNStiZCtFeTMybTB0cGt5a3FSTkJmWnk1aWdoa0hpTzA3TTkrVUJUem8wS1V2SHJnK081CjBZQlJvQXdOTDlxVlUwUTVDbzg0QmZXODhzY25NYW0vYVBQOWdXc0NnWUVBbWx2SXRiUi95blNxY3lHdEowMU0KczQwcFI2YUJMeHcyMDIwSE9sN2RvMjZmS3NKZytoR0RrRGQzdkVPdmE3aWEvVEQ4Q1U1L1pCYUNRYk5wWVNTRAp5RVBNb2lqejJsS2VXRUdFNHFPbDZMc0VLR3lscjBSaVVmTnQzK0JQUm52eFdMcGVQalg4eXZNaG1tQlZNQU53CkpYNjRHbm5obmhDUW5RblNzeG9INVVFQ2dZRUFub3BkZDB5ZGxNQzVkaURKU1NKT0djY0xoRzdyNjZWeWxob2sKcXR6TytXQTBUN2RyTXVLMlRXN0RzTHFGdHJIM2plNmVHWUplSElYUE81ZWs4Z0dNS0tCVEg0RUhaYXRaRnNBMQpqbzNUWld6dlVCTWdCT2tpODcvZG96K1ZCWXl3S3FSNVRSTTRqdEFoNmxCL3NTd3lFV09IVUlOL0lsY3dGS2JBCjJjc1dFM0VDZ1lFQXUzNllvZzRRVHExaGZuZU1GWEhTdnFkL1ZJQXlZQ0YrY1lhaEwwc1h4Wm1LeW1kbVFGZVEKamtRN1ZjcVhGYXdMWFpmWHdqcTJXYlNzREM4bUxlQ0pNVU9tbkp6dXdtWGowQ1MzUmx6c1Q3THV3cThaZWdBNgpjcEdzQ1FyanNiQngrMGk0NkN4RlRNQmU2Si8rNnVMOGpGVGpTc2hYU0lyU2cvWDNTT3dVOTc0PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==" | |
| certifier.pem: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURUVENDQWpXZ0F3SUJBZ0lVV1dZUzlOeWJ2WUduWnRQZmRLN0dTbDR0OTBnd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05qRUxNQWtHQTFVRUJoTUNWVk14SnpBbEJnTlZCQU1NSG1ObGNuUnBabWxsY2k1dmJuQnlaVzB1Wm1KdApZV2R0WVM1dWFXNXFZVEFlRncweU1UQXhNRFV4T0RFd016aGFGdzB6TVRBeE1ETXhPREV3TXpoYU1EWXhDekFKCkJnTlZCQVlUQWxWVE1TY3dKUVlEVlFRRERCNWpaWEowYVdacFpYSXViMjV3Y21WdExtWmliV0ZuYldFdWJtbHUKYW1Fd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUNpL212dVlSS3FGZ3NmZ2VoZwpEUGdKcGNsTCtyQWptTkovS1g3U1BnYkJNOGpKSW5NdHJydjhmbTI2UEV5aGRPQUFRMWl5YlR3MWZmUE5OckNjCk9xN1B2anlKNm5ZTkY3MzNlMGZoTmR2NEZPZ3VJMEw1MS9MaWVEZnBsczhGNGpMNmdyUHVYbHlFT3lZY1k4eFQKbklucHdKZkFtK2pCZFU0K1dnVHljc2Z3a1c2b1FieXlvazBsOHhRc1pwUlNLUzVIMnRENWJlQ0xZR0xhVW5FOAoyYi9WdExRQTFiV1JlN3h2ZUk1bVUydEQ4OFBZM1ZBaVBuejJ4S29mclE4WUYxNTEzSmlRblBiN0VKK292V3F1CkVMdGJPOFJTTk40d05IT1l1TTIrR1NDeXI2ZmtNMEJtejhNRlppeGVXdTg2bUpUZ3QyeUlyM2prV0Vja3UrWloKb2ZxckFnTUJBQUdqVXpCUk1CMEdBMVVkRGdRV0JCUSsvTHBacjU5clFWQUpFTTRUNlJHQlNaeTExREFmQmdOVgpIU01FR0RBV2dCUSsvTHBacjU5clFWQUpFTTRUNlJHQlNaeTExREFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFCcHk5bjJubUtITDhwc2RHN0pkd3Rqbm9nS0hDTlVMaitsTkRjRG8vaXIKQXIraS9Ecm1mdmR2a0pGVjVMd2IyeEpRSHhKL2EwL1VEQ0JlbjlKdzJnK1NNbWwvL0NLMnJnUG05amVEbkRiVgpLbTBDVmhsTDI2Qi9TYS8weGdxMTg4R3crSkpHMzRKYldBWlYzbUlHaHhHajBsdDhHdEZHUHZtVnlQc21TTUlvClVKcnlRdmQ3bXFUcEtiRnlUbmFGOHg3b2t5OUU2WkcwMTQzaUt1NzVob2ZWcW9oNmRjbnY0YlIxaW1mQkNyMk0KWmVqeGVQVjZQa1Y3UmovNE8yL2UwckFodWtkMkQ2NTZxSzVlNHBRbXNIZnhMY09Iek1rNVVHRGdvTXFyM2NyVApTU1VPdm5UR0pZcHpGUmdIUG9QeHU0bEpTbG1OZkl1Mno2Ky9xUmg1U2p4dQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t" | |
| controller.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2RENDQWRBQ0ZCSVVKaStqWUJCVFFlYjEvM01XZXc0MFVLNkpNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1ETXgKQ3pBSkJnTlZCQVlUQWxWVE1TUXdJZ1lEVlFRRERCdHliMjkwWTJFdWIyNXdjbVZ0TG1aaWJXRm5iV0V1Ym1sdQphbUV3SGhjTk1qRXdNVEExTVRneE1ESTRXaGNOTXpFd01UQXpNVGd4TURJNFdqQXVNUXN3Q1FZRFZRUUdFd0pWClV6RWZNQjBHQTFVRUF3d1dLaTV2Ym5CeVpXMHVabUp0WVdkdFlTNXVhVzVxWVRDQ0FTSXdEUVlKS29aSWh2Y04KQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUxCV0NHZ2RPTUFBeGhiN1gwY0N6NTZzMm5wSXVRMDkvT29seElkcgowdkkzTjM2QlVBbXVjRHE4ZTBWVGRyVGhFVnFoTzZWU21uZDhjZzNyTmRPWDFEaHZvN1BuNjM5eU5LNy9NNXdICjZFMlNkZldpOEpXL1dwZXFpZU4wbFVIWVJCQjlITkpSM1Q2U29SK0lRMEFCRWJqRUlVazhjU1NkSmVEVFlYTXIKRDVjWWJYcFVHSWxIYjQ2ZXhoWDNCY3RBU0tIR25jZmRLOC9oem1pWjJlWk11ZWJEc2dtSW5TdmVRaE10Y2U0VgpsYW5FMS9lbndyZ2VwaHpqbkdoVmtoRkxydjU4b3FFMWk5cXcxQ3BSbkZIelJ1S0QyR2xIbVR3c2tndUpwandOClpvQkxRMXgrdkVBb1p1Znp6bDJRN1F6NzZSa3BMdXc5TnY0SSsrZFhJcVhxRDVFQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQVFFQWJDSEw3YnQ4N1pITnF3YVFCbVBmak5MK0dCSlQ1c01XcVR1dkpha3ZJdEk3aDFOcQoyMEVuSElrL09RWUdzY1pUUG8yWlNKVzZzMDJYQzNLc2RKYlJmV251Q0dZWUxzTS9haFV2Z1hKblNITUNwY0x2Cm9zUWg0b25MRUxpN2ZtcjBNZXhKVnErb080ZDI2bUhrSXJrWUFQajJ6WXZqZk9QRDBiaXljcnNpYnN6Wms3NWcKNWkyWEEyVjBNN2EydG5sYkRkZWQyOWtzRkFSUzRTOWRMd3QxSnp2OTRxaGM0TXFGRXZVN3FQVFdWZ0N3NDFlbgp2Y01GRmZqSjNTTlhJMmxGWklwc1MwR0FUNERnMDh1dDFaS2tlaEdPQlRUNThqbGVDbGR0UUdreVRqK2xyOENNCm0waEc5KzJ2YWNNai9ObitKOE96Z1FOVEs5WjVWRGYyK2JGYkNRPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" | |
| controller.key: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBc0ZZSWFCMDR3QURHRnZ0ZlJ3TFBucXphZWtpNURUMzg2aVhFaDJ2UzhqYzNmb0ZRCkNhNXdPcng3UlZOMnRPRVJXcUU3cFZLYWQzeHlEZXMxMDVmVU9HK2pzK2ZyZjNJMHJ2OHpuQWZvVFpKMTlhTHcKbGI5YWw2cUo0M1NWUWRoRUVIMGMwbEhkUHBLaEg0aERRQUVSdU1RaFNUeHhKSjBsNE5OaGN5c1BseGh0ZWxRWQppVWR2anA3R0ZmY0Z5MEJJb2NhZHg5MHJ6K0hPYUpuWjVreTU1c095Q1lpZEs5NUNFeTF4N2hXVnFjVFg5NmZDCnVCNm1IT09jYUZXU0VVdXUvbnlpb1RXTDJyRFVLbEdjVWZORzRvUFlhVWVaUEN5U0M0bW1QQTFtZ0V0RFhINjgKUUNobTUvUE9YWkR0RFB2cEdTa3U3RDAyL2dqNzUxY2lwZW9Qa1FJREFRQUJBb0lCQVFDS3JONG5vdk9DYkJsYwo4WXRZZVNsMmpGRzFZWVBHbWoxUWx5c2JwUHhjYUhoSUVNSTFHdTVBQXdLZTNxaTRUMWdxZ2lvNk5lQXNuNzNDCm5IdlVUODhpSXdvRzdoa1NQV3FaUlRIOVAycTl0clQxM0pKLzhlRDQ3YkZMSStCTnpCcWJMUW1CamNnRThhT3MKL0tpR3FWQ2FrZ1ByYUpGQ1RpUC96NzBQcVltMU5MNHZQL3lwem5VTHQyQUhleTFPQUo2eTFPaTdRNzBVQkYwQQpaekZCRlFnKzBsV05Mc05iQjJNV2VWZnRRL2pvWXZrQzBDaHp1a01Rc21jSzRrWENLeHdOUjFhcjd5UlBndXZ1CkVhVDdOZjZRSjJBbk1xQTUyLzlFYkNUbXZYaHkxb3NPeGRINHV2c1ZXYnJ1TlNXTXM3dVpWZHNQd2ZmZlIyNEwKaEtXcUdBakJBb0dCQU44WkJ5ajFnSUkzUll3VlpVODNXYXBEc3ovMEdPOWNjMlJod1pvRUNpY0NQNkUxMkR2NQpzenMwcFYxNWFaR1lmU3RJNm9kN0xYdkcyd3UyUjZXcHpxWUxpUTNXbk9ySURHTHNTVGpoYjBGK09BaDlmVEhQCkp1UFZLMmtHT1pJakFabEhCcVJqM3hQOVBzWE1lSmxSUWQ0NE15aFdXdE1jdXlobk9sYUw5M3psQW9HQkFNcFgKaU5hblh4QUZJZVV3N3BldFVvbll0QXF0c203Q0Q5dGozYlI4OWhoVHlMcFgrQStiMmtDdEUrdFY5TmRtL2N4UwowdDhTRjlDVHk4VXVPU2MySnRZVnVUK3pPT3hyVVR6WVpsbG00b0U0QUNjd1RVSUlJWXpBb2dXNWEvYWRpOHUyCnhnZ3NBeUdGN3F0WW5CZmhxeG1ud08rd2dKOEtmblRrMlo0U3hFazlBb0dBUkcxRHdlOVN4QjI1eWhhQjVVTWYKMEZaRmMxY21Fcnh6ZEJWN3NRYU9LcHJJODJRMWQyZkY3bUhlV29ZenVBRmlXdFZaZ2NacEUrN1JIbzJBK2pIVAovUi9Lb0tEenJocy9tVlBKdlpWL2IwSU1ZNlpCc1BaTmdsSE9wNzdPQjZHUEN2azY4MDdpakJuL2wrRjRGK1pSCllwd3dMSzRYMjJxVGlQZm9iOFVzV25VQ2dZRUFrWE1XOUdaZjJWNDNIVTl0VXk3T05EVElSeHpSTlBqZStTL3kKZ1BtSzFiWDBocThScS9hMmp1TmJmRUhQdkw5V0ZYZzhDUW95Z0VhZHBlSXlSMU9QMnpqR2IxbmZ3MkxwaExseAo2VFlpQUExSFh1UkR4UUdmVEZSMG8zVEVmUVNISnlyOWM0WmZ3Y3RLNDNUUTBBSHlRb0RxR2VKZ3N2S1NNR2tKClhhM1QxMmtDZ1lCbzQ5VG5Sd2MwZVozcXhvY0R2SGF3dll0TjFPUkRPTHFudXlmNE1pQzlyQmtKbDBGUVpnK0kKMUVnRkxSQkVHSWpGZWxUZGQ0SlM1eXdQYmM2OEdKMlVFbnRpNzNkcU5qOEJJVTNFcTAvWWRuQm42MHZhTmttZwpGaGhZcjg3WWNlNHN0azV2eUJ3K3ZMb2d5aUh1VUcrc1B1VUk4SUZoREc1Qzg4TUJtT2xaVVE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==" | |
| fluentd.key: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBNXVWQURXdlEzNUdGVEhTM1p4SkpCZEpSaEdZalVpaXV0WEFLTDE5Q2MrYjJwMmwzCnRnbjhTeDdjNUlCclJwdVBIU0ZYRUZKeWZJNHRnUmRXWHROY0c3eFpXVEJGR3ZVUWRpSks2YkdmcXRPZFdTYWsKQXAwSmpYakNjVzJOMjJjRk1md2FleDFpa2ovZTA0MC8wNzMxZFpKREpLY1pxN2pJSGlMMUdTYVd6WlhUZ0piOApjTGFaSHhFUVNjbFdFdDk5NjA2bnFEYWs5aDFvK3pybXlsdDVCbnlhYjZpMktOZDE2OW5ac1VWMEpKWkw5YjZ4CjJWeDF2VlJNaFpvWGlrL1FUREU3eTQ2NExoQ29kNm8xK09jamYyZlRnTUpSKzE0Vk1NZW9ZbzJIbFFRaG5qY2MKaG5tcGRmRXpsNktxTzIvcy9iaU5GckJVVnVBZCtHdWxEQkdhMVFJREFRQUJBb0lCQUg5Z0ZOZlNsS1hoSjRJbwpHVTA1SHlPaEJPdGZWVGpyeklXM1MwY2E3QlA0WkRXeXp5R1RuS1RzWDd1R3hLZHRCYVJ5VWc5bERGZCtMOGc1ClVhSjZReVBoNGdCN3lvTzJrZUE1eHMzbytVWkorMUhGS1ZGdnhHZFJLU05kNXBZVTNSN1lEdHZBT0RLcUhZamoKTVVUa1ZGY0oyeFNMUW5Rak9mSzJJalEvdjQybGY0bFNOU3Z0bGJ0SjV1NW9BSVYzbERlbE5JUGw2WDZSM2dodgpRaUNGN0NhK2NaVjFnRjRWM0ZaSjVsbEpzTVRnY21HQ1B0ZmE4clZPa2xLZUNMOVJqNHZjcWxoYU0xUDJwMHdzCitzK1JxaFNHMGV3WFRlak51NUQ0QzVWMVhFZkZURzZ1MTVaaXhTdTZzNVdzS3J6M2RZTy9PYnkrbit2YnFUTnkKQVRYVXp3RUNnWUVBOU9Ud0lUdmdKc01pRU1EUytiT2U3dVRxZ0JIWFBsaTlLT2pWT013d05nZ1o1QzNmQnNZeApGaFJDYjk0bDgyWXlqSHdkbjVsZFF5TnhodmVaUGNOR1pMbnVjK2pJUGpuUGl4allpNjdHOHNrS0trSWFoRmhWClhmRDFWbjR5NFRJcDAyVUhIUHdJQWE1dGc0eXU0dW1GMFY5NjM4dEcxUlJnQkpOTElqM0VhdUVDZ1lFQThWM0wKcUswOER4UnZIZk80YVVidm1Vd3lzM2ZoTHJPQVFGYTdiS2NQZFNaR1ZHYVdGTkJmYUV1c09mcHZmTW5oV2xHZQpQSWt6S3JtMlRvZ202L09TcnRDYzhrNlI0ZDcvYzlKRFEwMWRpbjd1U25DMVRKK2ZwZUhWWC9qaHZWekxaL1NKCmVEUVZjQnM5S3VSeTBkekVtcjBZQ2ZmMGVZajR2N2MycDdaWEFuVUNnWUFnTHpwVDA4K29xSHFBb3liWEJFRTkKK2ozTGFRelZ0OG5jWjRVbU9zZVhRa2RNMHE1OThHd2hEN2FQaHkyTHFJRzZMdEdoMlFFRnd0RzN3RENXaW1Sawo5bjZkSXhtMSs5a0gyZE1Ud0h1TEN0cllKT25oUE02elV1aWJYbWlIYWhWUEgvYm9XME1lSFhOdEYzOGdlVHBLCkF2ZGVGQlFTQ3VSM2xYZ0pYdjdDWVFLQmdFZVZwdXBPL3FvR1NISmNyMHZoOHZ2SFFwNUJwcktBSUVCMHVMK2YKeUpEWkdqQzhBRFVLRzlIRjU3MkdUZngzcjNObkU0UW11TnNxR3l5dGFzVytCcm44T3lBT04yd0RCRVpvalBSdwpCSmNuMENxWnhOdUYyQWFOdFFmeXU1aTY1Y1RlSE10ZXZ5RHhvekdPY1pOV1k2VDFBaVVxdWdJMW9ualJzTThLCjRFRmxBb0dBSFFoQTNiVWJFRnhWZXZiem90UU1qdnpDTHhmaERxMEZWb1Y2L2NLTEZCdGFUbzRYR1hTc1BSNmYKaGpXeG1qTXRFWCtLRjBWZFV2ZTVaT3lPZEtkaHlCT0VQSEl2TmhMVE1Wc0JEbXR6MnNYZ3VoNFl1KzRJWXMwMQpOdkRKWDVRaFVuRkpjVXdEeWtqVXlDR1BOaGpIYVVmT3MyRXl3dGFIekJxQjdhbmp5N1U9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t" | |
| fluentd.pem: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURTVENDQWpHZ0F3SUJBZ0lVZWF3WFVJZnZyK1Z1QWdLSG1EMU51dGNYQy9Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd05ERUxNQWtHQTFVRUJoTUNWVk14SlRBakJnTlZCQU1NSEdac2RXVnVkR1F1YjI1d2NtVnRMbVppYldGbgpiV0V1Ym1sdWFtRXdIaGNOTWpFd01UQTFNVGd4TURNNFdoY05NekV3TVRBek1UZ3hNRE00V2pBME1Rc3dDUVlEClZRUUdFd0pWVXpFbE1DTUdBMVVFQXd3Y1pteDFaVzUwWkM1dmJuQnlaVzB1Wm1KdFlXZHRZUzV1YVc1cVlUQ0MKQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFPYmxRQTFyME4rUmhVeDB0MmNTU1FYUwpVWVJtSTFJb3JyVndDaTlmUW5QbTlxZHBkN1lKL0VzZTNPU0FhMGFiangwaFZ4QlNjbnlPTFlFWFZsN1RYQnU4CldWa3dSUnIxRUhZaVN1bXhuNnJUblZrbXBBS2RDWTE0d25GdGpkdG5CVEg4R25zZFlwSS8zdE9OUDlPOTlYV1MKUXlTbkdhdTR5QjRpOVJrbWxzMlYwNENXL0hDMm1SOFJFRW5KVmhMZmZldE9wNmcycFBZZGFQczY1c3BiZVFaOAptbStvdGlqWGRldloyYkZGZENTV1MvVytzZGxjZGIxVVRJV2FGNHBQMEV3eE84dU91QzRRcUhlcU5mam5JMzluCjA0RENVZnRlRlRESHFHS05oNVVFSVo0M0hJWjVxWFh4TTVlaXFqdHY3UDI0alJhd1ZGYmdIZmhycFF3Um10VUMKQXdFQUFhTlRNRkV3SFFZRFZSME9CQllFRkNVcUlRSWhXWGhodlBnUUVZdHVKUFo5SFFXWE1COEdBMVVkSXdRWQpNQmFBRkNVcUlRSWhXWGhodlBnUUVZdHVKUFo5SFFXWE1BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJCmh2Y05BUUVMQlFBRGdnRUJBRkxOak9Jc05SYnRQYkNFMEZYUy9TTXRiemtjWnJHb1huS2Jqd0huUnpmeHJyT0YKKy95Q2lWUHdIUFlrd29zUEZEUlBOKzErb0UyeHFUbE0wUjNXeUN6a2tVbmRoSUVCbnhxL2NkdmNkT091ZEhNYgpmRko3eDVmcjk2cVlSTEIvWEdDdGVLNmJBRWViNVliOFRtbHpqTkh5Z3ZkcGp2R0UyaTY2WjRlYlI4L2FrZG11CkRCaGZzMDNXRSt5SlFCU3NIZlpqR1pEVWV0NGZzM3FXU0twZElFbkVPangzdFVZL1A0eFRQcHFPWkJicmFYZUwKYUhFb0tnek05K0F2SmhsVkpJTVVUVDY4WnJGKzJERGE2anc2WGZxdmIwM2NYZm1NNE91Q1AzMitqMG9iN0VPbQpZSG1ndDZTZUtkS2lBcnZqd1gyVTlGR3ZRVlA0ZURvbWh1eFY1ZmM9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=" | |
| nms_nginx.key.pem: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdENXSHNyQ3pFeGJaSTVPRUlzR1FaeDdjZHUzQmEzSGh5am9CWE5NVlg2ZEJrTlROCkZ1WFc2K3dtYWFKc3ZqUWZlNWJDS3NBbWl0b0N5cnByMUNFTGNPSy9XSXIyYzBtL3ZaSU95YTJVWnhWVXQ5cDkKQXd1MXM0eEZIYWF3dXFsOVVGL1pFdDJVUHhEZjZ6azU4SlZHazRTQUxQMkd1MWRhRkxOMjNVS09LQmVwREhZSAoxbkRkemxlOTM3VHJGaTNZL1B0RXlKRE11OS8yQm1CTGZRM3hCcXNrR2o4M045TXRMVC90NkJyeUdzekFlS09NCmc5MkR4akxYdzRyQ3VuVFl3dEtmcTZRTWJTeE50T0R5SE13NDRad3VieDlkRHNXTDFhRGNJV2ozeW5uYWJZUG8KOFd6cDdHR05VaDc4Z1pkUDl6V1h6OVpVR2lyN1ZtZ3NYVTFoTFFJREFRQUJBb0lCQVFDTzlzSE1NNkxKNFhZTgpYOEtiZXBYSTRKc0Izd21DNVd2VSsxZWRmUDhYWERzU1gyOHJYdGZEZnpPMDNXd0RQb1pGcEkwUE5GTGlHc1hnCmNUV2xzVnZOQ0lYbUZOSWxDRUFjaDg4b2lwS2RoRFlwZWtGL3EwbFY1bG5yZ0IvODR3bEtRZWFackRNOElYNHkKeE1XUWdrYnlSMU1aWVZJTlZ2TnNQa2gwcTU3NWZRaVFlM0VzQVYxNDB1c1pmdzJvdFdkZjhQaGU0TlNCWkJ6Sgo1YnhsU0oxR2lPY1VCVU9GWHhnaDBjVkRDNk95SU9mVTEvZDYrT2NEdENiYThkS3BHa1ZabHRpcktQZWlaK3NRCmMrVFNoaERIWHFMUkJCUjlWZkdPb3JOZ2RaeEVxZVBNNWN0dXNsdnFPUnQyZVdlZGtFVm53cS9wTXh6aUEzWGIKY21VRWZ3Q1pBb0dCQU5sUmJ4dmFaelJGUzRVT3RYWWZIYVJLYk1lbWNCZC82TlR6a2EvRVZUM0xWei9PcExGWAo0MEhjZnlabnVUaTJHSCsvdkppdENRc0Yvc09SelpwQnpEZURWekxPWFVwYzNhaFpYbFlzOHJvK2dUSWE1eGFvCkJqeDZwdlBXUEY0Ryt2VzNndGNsdERYT2pWR2VZMDNBanZ1aW1jZU1BUXJWNVM5WXFZT3JmazJQQW9HQkFOUTIKUy8yb1htVDFsQ3ZyR3FhaGJEL1FuQU5tWWNnVE40ZUsxZWJFNmQ2VWlSZVJ6U1QyK0QvNHVlU1JUTEYxeFdiWApLaGE0L1hrY3J6ellmMUdCNnVZeXAzS1FiSTVkWHNzS0duRFRxOEw5RmJmVEVZelVmN09xWVBVQnVLbEVXelNtCi9tRmlYQUhMY24yNFFkbUF2WCtZaXg2SmlRckFCZTJMdWkvNFVyK0RBb0dBRTJHODdCb0ZmRmIxems4cWhmZHUKZUZtZTdBdC9FY2w1cFl4M29OcDgwNzhQOEFQcEVsd0pTN1Z6cmFRd2s4dEIwaHJ5b2hkRXFEUUhyYitTTzhERQppdXJ1MnZ3bXU5d2VkTVpMc0puZnFCYXRCUi83SGowc0dUYkRMeG9iVmpOL0xHMEtnVSsraTlINUxwOVdzZmVMCmlRdk9kVXFhU1RJY2Q2V0xzTStadXljQ2dZRUFoV1hnWFFLeTI4b1lLNGR0eUdOZXRicS81ODg3RmxjbUova1oKUHloM1R5aVdDUS9wSWh4eHIxeitGZlZVZlpWbjBwN2M0VTNHWUpTc2Y1WWthcXM5YXhsYWMwVGdTSm5mRmNregpGOHVuaERvdHBkRnpqZENpdWVFWGM4eHlOVTAzL0NBaGRqd3JWQ0Y4eGhUR3FDQXFmd1A0SitrVEVZUGw5ZzVJCnF4RHhpMXNDZ1lCcy84ODNHQmU5ZGlZSHRkSGl1VDA5ZWZCaHh3aFNwL0c4OGRUc2NuV21mVjBkbURPekRaeUcKMXJXa2NXTG41dTI3ZjNHbkZKLzRYZ241RFZOSHBPOTc3WjFKSjhlNFZaSHg4RVdYYTN2VUJEQXQ2UGFtMCtPcwpkNEloVXQwRTJnY29rQjNYWjdwYnRUQnl4ZllOU3pkNU9RcmFCcVpJMmVkM0lBUCsvU0t6V1E9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQ==" | |
| nms_nginx.pem: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2RENDQWRBQ0NRRGdQUFFOWnRHQXBEQU5CZ2txaGtpRzl3MEJBUXNGQURBMk1Rc3dDUVlEVlFRR0V3SlYKVXpFbk1DVUdBMVVFQXd3ZVkyVnlkR2xtYVdWeUxtOXVjSEpsYlM1bVltMWhaMjFoTG01cGJtcGhNQjRYRFRJeApNREV3TlRFNE5ERXdNbG9YRFRNeE1ERXdNekU0TkRFd01sb3dOakVMTUFrR0ExVUVCaE1DVlZNeEp6QWxCZ05WCkJBTU1IbU5sY25ScFptbGxjaTV2Ym5CeVpXMHVabUp0WVdkdFlTNXVhVzVxWVRDQ0FTSXdEUVlKS29aSWh2Y04KQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUxRbGg3S3dzeE1XMlNPVGhDTEJrR2NlM0hidHdXdHg0Y282QVZ6VApGVituUVpEVXpSYmwxdXZzSm1taWJMNDBIM3VXd2lyQUpvcmFBc3E2YTlRaEMzRGl2MWlLOW5OSnY3MlNEc210CmxHY1ZWTGZhZlFNTHRiT01SUjJtc0xxcGZWQmYyUkxkbEQ4UTMrczVPZkNWUnBPRWdDejlocnRYV2hTemR0MUMKamlnWHFReDJCOVp3M2M1WHZkKzA2eFl0MlB6N1JNaVF6THZmOWdaZ1MzME44UWFySkJvL056ZlRMUzAvN2VnYQo4aHJNd0hpampJUGRnOFl5MThPS3dycDAyTUxTbjZ1a0RHMHNUYlRnOGh6TU9PR2NMbThmWFE3Rmk5V2czQ0ZvCjk4cDUybTJENlBGczZleGhqVkllL0lHWFQvYzFsOC9XVkJvcSsxWm9MRjFOWVMwQ0F3RUFBVEFOQmdrcWhraUcKOXcwQkFRc0ZBQU9DQVFFQVRwMXdhMERHMWRwRExvaHVta2ZrR0dZU0dwUFZ0cmJBbE92V0FsbXFWc1pTR0p4YwoxUmtJKzFhSldSekNHSUQzS3RSQmRaL2FuRGJ0ZC9ZK210TEl1U3plb3RuL1dibjg3dDUzZEFBdzEzK0pJdFZ2CkdxQU42aFp3L0ppejhudUtJVklKTFFucm9SbWV1ZmMxYlhGUFZuWFpJaUw2M1YydGZ0L2VuSXNhTUlOU1Z6SjIKQjF0Nm1BQm9MVFVqam9udUFPNHNsNTd6YTdoVm1XZW10MytqWmVlcHM4c0ZlbFVhTkNqeGNqOUUrSFlwc2REegpRaURvVnhydmZsVUF5OUdiWHIxam9zaU1EZjNzMkZOcUNDWnI0ZGpwTStONGFudEhqcE9NbHNic3VSa2pyYUFrCjBSOFMwOHZ6cWlHUzE1Z1Q1eFZCbkNnMTBuWW9HTVhGZGYySUNnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" | |
| rootca.key: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBeHlJWW9TeVk4TS8rOGZaZ1JwYUlFdnhaeENXd1hDd1JDUVJWWXFJaEZRQlFzeDJOCjhDZnBZSnZlTEoxMFVwdWs4VWFvQkZ1UmE1Z3k4b2pIMVZydlA2QUcvWXFRRE1PNlRJaVczNGNXbWYrZDFINHcKZUJQR2hZWVMzRkQ2WGZ4d0lERGYyWUJYb1RDNVpiWkxzU2RNd1ptQ25EaEZVRlAvMk95Tzl2Qk5kd0lrUU05RgpaQ1JQVFk2aGhydHRCTElJdFBrN09tT0VMWFNOQ3lUK1VXeDFvVEZpZS9YUXBDZHlaVXN1Zldta1ByZDhjWFVJCkVKNlFQSnh1bjA1VGZmL1NGTkVOQkNyVzg3bDExNzRaUlk3NnA2T2RWSFJxWlV4bndVTWhDOGwydTFIQ3dHdG4KRlR2QTBCN1ZmUlJEOUx0b1RnYlhuako1am1Nby9EMXJuSDBlOXdJREFRQUJBb0lCQUFtenJwR0RzN3ZmMW1NQgpodlZKZGoyK2o3MFB2UVR3bksvY3h6QTBCL3FXOWxlVHRBdWtWaWwvenBaTDRaUDR3MU9DQnNPWGxvRXdmQ0wyCjZRMkxEYWNDNi9SRVlQcE9PdkJwb3pnbXc4SWpBeFNNUlY1RVVHTEhBbm83YzhkS2VrZ0hPWkRHUVA2NGVmL3IKbnNwMXlMYVIvUndSWGNjcElJajRGWXNRY0NYQkhmT0xUZ20yUnY1K2RWc3FQYUFDRmhQSk9EcVBvUG1GcWw0Zwp3Q29hWjdyS0lucUJ0OVdiSW9LU3JoMXVReDVnTzBCaWZlWDFBZGZ5Rlp2ZExoZzF5b2d4UlV5WVRGYm1idlRiCnBpMk83NGp1RHFwSDArOGFWUTBpUTZ3dnNzTlFpZ2tzRHQ1WmVBWGhCYmI0NENhS3ZBcE5ENjgvc3ErYndVdTYKUUxRYkR0a0NnWUVBNXFTbmF4ZlZBdU8rYmMrclI0YkkwOTdyRC9adjAvaFlHYnFTa2hLNEtyRGZENUkzbS9hSQo0YW9UbVk3QUtQc2lLeWUwS3B6dDZKbE5aRDNnMG83MVR2WmNyZE1SVktzcTJyeGphdGhEYlAzWVovY0lLWjdYCmVMTEErWE1WbEkvMDhhUFZsZlZ0UGphYTF0elRuc0hWTnRucUF0WTA4M2gzTE1MNTloWmVnSzBDZ1lFQTNRYWIKcU5RYUFXTXozejJNclBmaGdMRTdKVzRpdFZPYlMvY1dOUzBacGRlTzZqdVdGenBVWk5HU0gvS1BkZXZYNUpuZQpnZHNMTUZjNlpCblpHaktqV040cmMvZk9lRk5tSVBuejVNVHE3ejlhZzZ0UVZiVGdoRTVOZnJZRVlqVmNPajZtCitKNDNXWVdnNCsyVERrWjRvSDVkNzB0ZCt1Qm8wM1Mxcktma2ZyTUNnWUE2UUV1b1dKU0w3a2tpSXRqM2I2czUKRjR2MnRCNzZRamErQ01rTDYzNW9DZFBNY3Zsb2dwTi9xeHpZSTUyVXZCaWRIYUg3UVRjMUQ4TGtGbHk1MFRGVAppQlZRTVlhbkE3UUhHcDFoVnMxd3NZditkZjJ4eFZSV1A0OU5jU3Q2SWdHVEpmWERzZ0N0UGMxTmh1aExxRmpaClNhQTRwekVvYkx4c3FiSEgzVTV3NFFLQmdRQ002d0dqaWxkcU93MS9iNGFaWVJGdE01STZNeFg5OWVnMWJydkIKKzVjMm5WQ0pGcVNDK3JXRDhmbndWSDRTK09NVTVPVndkVytVeW9oMytlTHBTUS9NUVJvRFBpTnRvLzZoVjd1ZwpSOHhoN1VxUVdGRkgwNkt4dUJyQWh0d1VvV0RENGQ0aTlQemxIc1dOakpNTnJ2Q0pvd2ZRNFlSeHgxSU9QNEwxCktiWU04UUtCZ0FkS3JDQnc1ME9ucEkzcTIrUzVCUGVid1VCeHZubjd2T25UbEMyeTFoU1JmUC9ZZVp0Z2duVGUKU3UwT3pXdHcvM1IxSWNLWjlNV2ZBMktqcy9ibWZLUW13eVB3clJrSnErOE15NjRXTUJocForaEhuWFpoSmcxaApqM09aYzNYMENsK1ppZjhRSXJ3NXRMNkZ2TXBuT2l3dUtXTkMrZ1pEU3ZwUG9OdUw5ZFN5Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0t" | |
| rootca.pem: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURSekNDQWkrZ0F3SUJBZ0lVVzllWXlZVzh2NEhqa2k0OS9NVkRPYStCYlhjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd016RUxNQWtHQTFVRUJoTUNWVk14SkRBaUJnTlZCQU1NRzNKdmIzUmpZUzV2Ym5CeVpXMHVabUp0WVdkdApZUzV1YVc1cVlUQWVGdzB5TVRBeE1EVXhPREV3TWpoYUZ3MHpNVEF4TURNeE9ERXdNamhhTURNeEN6QUpCZ05WCkJBWVRBbFZUTVNRd0lnWURWUVFEREJ0eWIyOTBZMkV1YjI1d2NtVnRMbVppYldGbmJXRXVibWx1YW1Fd2dnRWkKTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFESEloaWhMSmp3ei83eDltQkdsb2dTL0ZuRQpKYkJjTEJFSkJGVmlvaUVWQUZDekhZM3dKK2xnbTk0c25YUlNtNlR4UnFnRVc1RnJtREx5aU1mVld1OC9vQWI5CmlwQU13N3BNaUpiZmh4YVovNTNVZmpCNEU4YUZoaExjVVBwZC9IQWdNTi9aZ0ZlaE1MbGx0a3V4SjB6Qm1ZS2MKT0VWUVUvL1k3STcyOEUxM0FpUkF6MFZrSkU5TmpxR0d1MjBFc2dpMCtUczZZNFF0ZEkwTEpQNVJiSFdoTVdKNwo5ZENrSjNKbFN5NTlhYVErdDN4eGRRZ1FucEE4bkc2ZlRsTjkvOUlVMFEwRUt0Ynp1WFhYdmhsRmp2cW5vNTFVCmRHcGxUR2ZCUXlFTHlYYTdVY0xBYTJjVk84RFFIdFY5RkVQMHUyaE9CdGVlTW5tT1l5ajhQV3VjZlI3M0FnTUIKQUFHalV6QlJNQjBHQTFVZERnUVdCQlJFQysybE9vVFlHZGV6OElHOEcxT3FYaC92M1RBZkJnTlZIU01FR0RBVwpnQlJFQysybE9vVFlHZGV6OElHOEcxT3FYaC92M1RBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUEwR0NTcUdTSWIzCkRRRUJDd1VBQTRJQkFRQUpwZndIT2dlUmxZOHYrTVBlTWFpc2dYOGZSQkVsMk9KZE5PMUxFUVEvdTI4b1F5NkwKcWNXUktaQlNoZ2J2TTdyS3I3dmRmVnZ0empJV3RvKzJkckZ6MkhNbDlsTzk2bk5LN0tqNGJYZ2Q0ZHFGajhvdApycVpsTkRtdVEwY3RZdkE5QWcvbjJSMnpIcHFoNDE2ZWliYjZ6cWhBTEg4aXNXRlZ6MTZJZzJzM0phcnFvTDdZCnY2LytNUWZSSzkxaGZHejFNRWZmTVVCV1NmbytYVXFtNm9xN0dWeGQrUFFjRDFTdkNXSWNPMGdHbERTVTVaZm4Kd2QyVlpiT3Vubk5Sa0NWV1NaNDVoMVgyMnlQRHdIZWNqYUc3ZVFuUTBTVnhaTk1SSERQaG5ibXpNTUFTcXJlRgpmTnN6eWRzSEtRUm8vL3hWZmV5L1RMNGMvQ2JYRDl0bnhLV0IKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ==" | |
| --- | |
| # Source: orc8r/charts/secrets/templates/configs-cwf.secret.yaml | |
| # Copyright 2020 The Magma Authors. | |
| # This source code is licensed under the BSD-style license found in the | |
| # LICENSE file in the root directory of this source tree. | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| # Config secrets for orc8r module | |
| # TODO: it should be possible to range at the top level and dynamically generate secrets based on subdirectories under .secrets/configs/ | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: orc8r-secrets-configs-cwf | |
| namespace: magma | |
| labels: | |
| app.kubernetes.io/name: secrets | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| helm.sh/chart: secrets-0.1.5 | |
| data: | |
| --- | |
| # Source: orc8r/charts/secrets/templates/configs-orc8r.secret.yaml | |
| # Copyright 2020 The Magma Authors. | |
| # This source code is licensed under the BSD-style license found in the | |
| # LICENSE file in the root directory of this source tree. | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| # Config secrets for orc8r module | |
| # TODO: it should be possible to range at the top level and dynamically generate secrets based on subdirectories under .secrets/configs/ | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: orc8r-secrets-configs-orc8r | |
| namespace: magma | |
| labels: | |
| app.kubernetes.io/name: secrets | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| helm.sh/chart: secrets-0.1.5 | |
| data: | |
| metricsd.yml: "cHJvZmlsZTogInByb21ldGhldXMiCnByb21ldGhldXNRdWVyeUFkZHJlc3M6ICJodHRwOi8vb3JjOHItcHJvbWV0aGV1czo5MDkwIgphbGVydG1hbmFnZXJBcGlVUkw6ICJodHRwOi8vb3JjOHItYWxlcnRtYW5hZ2VyOjkwOTMvYXBpL3YyL2FsZXJ0cyIKcHJvbWV0aGV1c0NvbmZpZ1NlcnZpY2VVUkw6ICJodHRwOi8vb3JjOHItY29uZmlnLW1hbmFnZXI6OTEwMCIKYWxlcnRtYW5hZ2VyQ29uZmlnU2VydmljZVVSTDogImh0dHA6Ly9vcmM4ci1jb25maWctbWFuYWdlcjo5MTAxIg==" | |
| orchestrator.yml: "cHJvbWV0aGV1c1B1c2hBZGRyZXNzZXM6ICJodHRwOi8vb3JjOHItcHJvbWV0aGV1cy1jYWNoZTo5MDkxL21ldHJpY3Mi" | |
| --- | |
| # Source: orc8r/charts/secrets/templates/envdir.secret.yaml | |
| # Copyright 2020 The Magma Authors. | |
| # This source code is licensed under the BSD-style license found in the | |
| # LICENSE file in the root directory of this source tree. | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: orc8r-secrets-envdir | |
| namespace: magma | |
| labels: | |
| app.kubernetes.io/name: secrets | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| helm.sh/chart: secrets-0.1.5 | |
| data: | |
| --- | |
| # Source: orc8r/charts/secrets/templates/registry.secret.yaml | |
| # Copyright 2020 The Magma Authors. | |
| # This source code is licensed under the BSD-style license found in the | |
| # LICENSE file in the root directory of this source tree. | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: orc8r-secrets-registry | |
| namespace: magma | |
| labels: | |
| app.kubernetes.io/name: secrets | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| helm.sh/chart: secrets-0.1.5 | |
| type: kubernetes.io/dockerconfigjson | |
| data: | |
| .dockerconfigjson: eyJhdXRocyI6IHsiZG9ja2VyLmlvIjogeyJhdXRoIjogImMzVmthR2xyWVc0Nk1qWmtOVEk1WldRdE5qTTNaUzAwT1RnMkxXSTJOR010TURNNU0yVTFZakF6TVRCayJ9fX0= | |
| --- | |
| # Source: orc8r/charts/secrets/templates/registry.secret.yaml | |
| # Create a copy of registry secrets in kube-system namespace for fluentd DS | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: orc8r-secrets-registry | |
| namespace: kube-system | |
| labels: | |
| app.kubernetes.io/name: secrets | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| helm.sh/chart: secrets-0.1.5 | |
| type: kubernetes.io/dockerconfigjson | |
| data: | |
| .dockerconfigjson: eyJhdXRocyI6IHsiZG9ja2VyLmlvIjogeyJhdXRoIjogImMzVmthR2xyWVc0Nk1qWmtOVEk1WldRdE5qTTNaUzAwT1RnMkxXSTJOR010TURNNU0yVTFZakF6TVRCayJ9fX0= | |
| --- | |
| # Source: orc8r/templates/controller.secret.yaml | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: orc8r-controller | |
| labels: | |
| app.kubernetes.io/component: controller | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| helm.sh/chart: orc8r-1.4.36 | |
| type: Opaque | |
| data: | |
| postgres.connstr: "ZGJuYW1lPW1hZ21hIHVzZXI9cG9zdGdyZXMgcGFzc3dvcmQ9cG9zdGdyZXMgaG9zdD1wb3N0Z3Jlc3FsIHBvcnQ9NTQzMiBzc2xtb2RlPWRpc2FibGU=" | |
| --- | |
| # Source: orc8r/charts/logging/templates/fluentd-daemon.configmap.yaml | |
| kind: ConfigMap | |
| apiVersion: v1 | |
| metadata: | |
| name: orc8r-fluentd-es-configs | |
| namespace: kube-system | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| data: | |
| kubernetes.conf: |- | |
| <match fluent.**> | |
| @type null | |
| </match> | |
| <source> | |
| @type tail | |
| @id in_tail_container_logs | |
| path /var/log/containers/*.log | |
| pos_file /var/log/fluentd-containers.log.pos | |
| tag kubernetes.* | |
| read_from_head true | |
| <parse> | |
| @type "#{ENV['FLUENT_CONTAINER_TAIL_PARSER_TYPE'] || 'json'}" | |
| time_format %Y-%m-%dT%H:%M:%S.%NZ | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_minion | |
| path /var/log/salt/minion | |
| pos_file /var/log/fluentd-salt.pos | |
| tag salt | |
| <parse> | |
| @type regexp | |
| expression /^(?<time>[^ ]* [^ ,]*)[^\[]*\[[^\]]*\]\[(?<severity>[^ \]]*) *\] (?<message>.*)$/ | |
| time_format %Y-%m-%d %H:%M:%S | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_startupscript | |
| path /var/log/startupscript.log | |
| pos_file /var/log/fluentd-startupscript.log.pos | |
| tag startupscript | |
| <parse> | |
| @type syslog | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_docker | |
| path /var/log/docker.log | |
| pos_file /var/log/fluentd-docker.log.pos | |
| tag docker | |
| <parse> | |
| @type regexp | |
| expression /^time="(?<time>[^)]*)" level=(?<severity>[^ ]*) msg="(?<message>[^"]*)"( err="(?<error>[^"]*)")?( statusCode=($<status_code>\d+))?/ | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_etcd | |
| path /var/log/etcd.log | |
| pos_file /var/log/fluentd-etcd.log.pos | |
| tag etcd | |
| <parse> | |
| @type none | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_kubelet | |
| multiline_flush_interval 5s | |
| path /var/log/kubelet.log | |
| pos_file /var/log/fluentd-kubelet.log.pos | |
| tag kubelet | |
| <parse> | |
| @type kubernetes | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_kube_proxy | |
| multiline_flush_interval 5s | |
| path /var/log/kube-proxy.log | |
| pos_file /var/log/fluentd-kube-proxy.log.pos | |
| tag kube-proxy | |
| <parse> | |
| @type kubernetes | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_kube_apiserver | |
| multiline_flush_interval 5s | |
| path /var/log/kube-apiserver.log | |
| pos_file /var/log/fluentd-kube-apiserver.log.pos | |
| tag kube-apiserver | |
| <parse> | |
| @type kubernetes | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_kube_controller_manager | |
| multiline_flush_interval 5s | |
| path /var/log/kube-controller-manager.log | |
| pos_file /var/log/fluentd-kube-controller-manager.log.pos | |
| tag kube-controller-manager | |
| <parse> | |
| @type kubernetes | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_kube_scheduler | |
| multiline_flush_interval 5s | |
| path /var/log/kube-scheduler.log | |
| pos_file /var/log/fluentd-kube-scheduler.log.pos | |
| tag kube-scheduler | |
| <parse> | |
| @type kubernetes | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_rescheduler | |
| multiline_flush_interval 5s | |
| path /var/log/rescheduler.log | |
| pos_file /var/log/fluentd-rescheduler.log.pos | |
| tag rescheduler | |
| <parse> | |
| @type kubernetes | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_glbc | |
| multiline_flush_interval 5s | |
| path /var/log/glbc.log | |
| pos_file /var/log/fluentd-glbc.log.pos | |
| tag glbc | |
| <parse> | |
| @type kubernetes | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_cluster_autoscaler | |
| multiline_flush_interval 5s | |
| path /var/log/cluster-autoscaler.log | |
| pos_file /var/log/fluentd-cluster-autoscaler.log.pos | |
| tag cluster-autoscaler | |
| <parse> | |
| @type kubernetes | |
| </parse> | |
| </source> | |
| # Example: | |
| # 2017-02-09T00:15:57.992775796Z AUDIT: id="90c73c7c-97d6-4b65-9461-f94606ff825f" ip="104.132.1.72" method="GET" user="kubecfg" as="<self>" asgroups="<lookup>" namespace="default" uri="/api/v1/namespaces/default/pods" | |
| # 2017-02-09T00:15:57.993528822Z AUDIT: id="90c73c7c-97d6-4b65-9461-f94606ff825f" response="200" | |
| <source> | |
| @type tail | |
| @id in_tail_kube_apiserver_audit | |
| multiline_flush_interval 5s | |
| path /var/log/kubernetes/kube-apiserver-audit.log | |
| pos_file /var/log/kube-apiserver-audit.log.pos | |
| tag kube-apiserver-audit | |
| <parse> | |
| @type multiline | |
| format_firstline /^\S+\s+AUDIT:/ | |
| # Fields must be explicitly captured by name to be parsed into the record. | |
| # Fields may not always be present, and order may change, so this just looks | |
| # for a list of key="\"quoted\" value" pairs separated by spaces. | |
| # Unknown fields are ignored. | |
| # Note: We can't separate query/response lines as format1/format2 because | |
| # they don't always come one after the other for a given query. | |
| format1 /^(?<time>\S+) AUDIT:(?: (?:id="(?<id>(?:[^"\\]|\\.)*)"|ip="(?<ip>(?:[^"\\]|\\.)*)"|method="(?<method>(?:[^"\\]|\\.)*)"|user="(?<user>(?:[^"\\]|\\.)*)"|groups="(?<groups>(?:[^"\\]|\\.)*)"|as="(?<as>(?:[^"\\]|\\.)*)"|asgroups="(?<asgroups>(?:[^"\\]|\\.)*)"|namespace="(?<namespace>(?:[^"\\]|\\.)*)"|uri="(?<uri>(?:[^"\\]|\\.)*)"|response="(?<response>(?:[^"\\]|\\.)*)"|\w+="(?:[^"\\]|\\.)*"))*/ | |
| time_format %Y-%m-%dT%T.%L%Z | |
| </parse> | |
| </source> | |
| <filter kubernetes.**orc8r-proxy**> | |
| @type parser | |
| key_name log | |
| <parse> | |
| @type multi_format | |
| <pattern> | |
| format regexp | |
| expression /^(?<time>.*)@\|@(?<remote_addr>.*)@\|@(?<http_host>.*)@\|@(?<server_port>.*)@\|@(?<request>.*)@\|@(?<status>.*)@\|@(?<body_bytes_sent>.*)@\|@(?<request_time>.*)@\|@(?<alpn>.*)@\|@(?<tls_client_serial>.*)@\|@(?<tls_client_subject_name>.*)@\|@(?<tls_session_reused>.*)@\|@(?<tls_sni>.*)@\|@(?<tls_protocol>.*)@\|@(?<tls_cipher>.*)@\|@(?<backend_host>.*)@\|@(?<backend_port>.*)$/ | |
| time_format %iso8601 | |
| </pattern> | |
| <pattern> | |
| format none | |
| </pattern> | |
| </parse> | |
| </filter> | |
| <filter kubernetes.**orc8r-nginx**> | |
| @type parser | |
| key_name log | |
| <parse> | |
| @type multi_format | |
| <pattern> | |
| format json | |
| </pattern> | |
| <pattern> | |
| format none | |
| </pattern> | |
| </parse> | |
| </filter> | |
| <filter kubernetes.**> | |
| @type kubernetes_metadata | |
| @id filter_kube_metadata | |
| </filter> | |
| systemd.conf: |- | |
| # Logs from systemd-journal for interesting services. | |
| <source> | |
| @type systemd | |
| @id in_systemd_kubelet | |
| matches [{ "_SYSTEMD_UNIT": "kubelet.service" }] | |
| <storage> | |
| @type local | |
| persistent true | |
| path /var/log/fluentd-journald-kubelet-cursor.json | |
| </storage> | |
| <entry> | |
| fields_strip_underscores true | |
| </entry> | |
| read_from_head true | |
| tag kubelet | |
| </source> | |
| # Logs from docker-systemd | |
| <source> | |
| @type systemd | |
| @id in_systemd_docker | |
| matches [{ "_SYSTEMD_UNIT": "docker.service" }] | |
| <storage> | |
| @type local | |
| persistent true | |
| path /var/log/fluentd-journald-docker-cursor.json | |
| </storage> | |
| <entry> | |
| fields_strip_underscores true | |
| </entry> | |
| read_from_head true | |
| tag docker.systemd | |
| </source> | |
| # Logs from systemd-journal for interesting services. | |
| <source> | |
| @type systemd | |
| @id in_systemd_bootkube | |
| matches [{ "_SYSTEMD_UNIT": "bootkube.service" }] | |
| <storage> | |
| @type local | |
| persistent true | |
| path /var/log/fluentd-journald-bootkube-cursor.json | |
| </storage> | |
| <entry> | |
| fields_strip_underscores true | |
| </entry> | |
| read_from_head true | |
| tag bootkube | |
| </source> | |
| output.conf: |- | |
| <match **> | |
| @type elasticsearch | |
| @id out_es | |
| @log_level info | |
| include_tag_key true | |
| host "#{ENV['FLUENT_ELASTICSEARCH_HOST']}" | |
| port "#{ENV['FLUENT_ELASTICSEARCH_PORT']}" | |
| scheme "#{ENV['FLUENT_ELASTICSEARCH_SCHEME'] || 'https'}" | |
| ssl_verify "#{ENV['FLUENT_ELASTICSEARCH_SSL_VERIFY'] || 'false'}" | |
| ssl_version "#{ENV['FLUENT_ELASTICSEARCH_SSL_VERSION'] || 'TLSv1'}" | |
| reload_connections "#{ENV['FLUENT_ELASTICSEARCH_RELOAD_CONNECTIONS'] || 'false'}" | |
| reconnect_on_error "#{ENV['FLUENT_ELASTICSEARCH_RECONNECT_ON_ERROR'] || 'true'}" | |
| reload_on_failure "#{ENV['FLUENT_ELASTICSEARCH_RELOAD_ON_FAILURE'] || 'true'}" | |
| log_es_400_reason "#{ENV['FLUENT_ELASTICSEARCH_LOG_ES_400_REASON'] || 'false'}" | |
| logstash_prefix "#{ENV['FLUENT_ELASTICSEARCH_LOGSTASH_PREFIX'] || 'logstash'}" | |
| logstash_format "#{ENV['FLUENT_ELASTICSEARCH_LOGSTASH_FORMAT'] || 'true'}" | |
| index_name "#{ENV['FLUENT_ELASTICSEARCH_LOGSTASH_INDEX_NAME'] || 'logstash'}" | |
| type_name "#{ENV['FLUENT_ELASTICSEARCH_LOGSTASH_TYPE_NAME'] || 'fluentd'}" | |
| <buffer> | |
| flush_thread_count "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_FLUSH_THREAD_COUNT'] || '8'}" | |
| flush_interval "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_FLUSH_INTERVAL'] || '5s'}" | |
| chunk_limit_size "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_CHUNK_LIMIT_SIZE'] || '2M'}" | |
| queue_limit_length "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_QUEUE_LIMIT_LENGTH'] || '32'}" | |
| retry_max_interval "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_RETRY_MAX_INTERVAL'] || '30'}" | |
| retry_forever true | |
| </buffer> | |
| </match> | |
| fluent.conf: |- | |
| @include /fluentd/etc/kubernetes.conf | |
| @include /fluentd/etc/systemd.conf | |
| @include /fluentd/etc/output.conf | |
| --- | |
| # Source: orc8r/charts/logging/templates/fluentd-forward.configmap.yaml | |
| kind: ConfigMap | |
| apiVersion: v1 | |
| metadata: | |
| name: orc8r-fluentd-forward-configs | |
| namespace: magma | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| data: | |
| forward.conf: |- | |
| <source> | |
| @type forward | |
| port 24224 | |
| bind 0.0.0.0 | |
| <transport tls> | |
| cert_path /var/opt/magma/certs/fluentd.pem | |
| private_key_path /var/opt/magma/certs/fluentd.key | |
| client_cert_auth true | |
| ca_path /var/opt/magma/certs/certifier.pem | |
| </transport> | |
| </source> | |
| output.conf: |- | |
| <match **> | |
| @type elasticsearch | |
| @id out_es | |
| @log_level info | |
| include_tag_key true | |
| host "#{ENV['FLUENT_ELASTICSEARCH_HOST']}" | |
| port "#{ENV['FLUENT_ELASTICSEARCH_PORT']}" | |
| scheme "#{ENV['FLUENT_ELASTICSEARCH_SCHEME'] || 'https'}" | |
| ssl_verify "#{ENV['FLUENT_ELASTICSEARCH_SSL_VERIFY'] || 'false'}" | |
| ssl_version "#{ENV['FLUENT_ELASTICSEARCH_SSL_VERSION'] || 'TLSv1'}" | |
| reload_connections "#{ENV['FLUENT_ELASTICSEARCH_RELOAD_CONNECTIONS'] || 'false'}" | |
| reconnect_on_error "#{ENV['FLUENT_ELASTICSEARCH_RECONNECT_ON_ERROR'] || 'true'}" | |
| reload_on_failure "#{ENV['FLUENT_ELASTICSEARCH_RELOAD_ON_FAILURE'] || 'true'}" | |
| log_es_400_reason "#{ENV['FLUENT_ELASTICSEARCH_LOG_ES_400_REASON'] || 'false'}" | |
| logstash_prefix "#{ENV['FLUENT_ELASTICSEARCH_LOGSTASH_PREFIX'] || 'fluentd'}" | |
| logstash_format "#{ENV['FLUENT_ELASTICSEARCH_LOGSTASH_FORMAT'] || 'true'}" | |
| index_name "#{ENV['FLUENT_ELASTICSEARCH_LOGSTASH_INDEX_NAME'] || 'fluentd'}" | |
| type_name "#{ENV['FLUENT_ELASTICSEARCH_LOGSTASH_TYPE_NAME'] || 'fluentd'}" | |
| <buffer> | |
| flush_thread_count "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_FLUSH_THREAD_COUNT'] || '8'}" | |
| flush_interval "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_FLUSH_INTERVAL'] || '5s'}" | |
| chunk_limit_size "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_CHUNK_LIMIT_SIZE'] || '2M'}" | |
| queue_limit_length "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_QUEUE_LIMIT_LENGTH'] || '32'}" | |
| retry_max_interval "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_RETRY_MAX_INTERVAL'] || '30'}" | |
| retry_forever true | |
| </buffer> | |
| </match> | |
| fluent.conf: |- | |
| @include /fluentd/etc/forward.conf | |
| @include /fluentd/etc/output.conf | |
| --- | |
| # Source: orc8r/charts/nms/templates/configmap-nginx-etc.yaml | |
| apiVersion: v1 | |
| kind: ConfigMap | |
| metadata: | |
| name: nginx-proxy-etc | |
| namespace: magma | |
| labels: | |
| release_group: orc8r | |
| app.kubernetes.io/name: nms | |
| app.kubernetes.io/component: nginx | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| data: | |
| nginx_proxy_ssl.conf: | | |
| server { | |
| listen 443; | |
| ssl on; | |
| ssl_certificate /etc/nginx/conf.d/nms_nginx.pem; | |
| ssl_certificate_key /etc/nginx/conf.d/nms_nginx.key.pem; | |
| location / { | |
| proxy_pass http://magmalte:8081; | |
| proxy_set_header Host $http_host; | |
| } | |
| } | |
| --- | |
| # Source: orc8r/charts/nms/templates/magmalte-service.yaml | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: magmalte | |
| labels: | |
| release_group: orc8r | |
| app.kubernetes.io/name: nms | |
| app.kubernetes.io/component: magmalte | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| spec: | |
| selector: | |
| release_group: orc8r | |
| app.kubernetes.io/name: nms | |
| app.kubernetes.io/component: magmalte | |
| app.kubernetes.io/instance: orc8r | |
| type: "ClusterIP" | |
| ports: | |
| - name: http | |
| port: 8081 | |
| targetPort: | |
| protocol: TCP | |
| --- | |
| # Source: orc8r/charts/nms/templates/nginx-proxy-service.yaml | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: nginx-proxy | |
| labels: | |
| release_group: orc8r | |
| app.kubernetes.io/name: nms | |
| app.kubernetes.io/component: nginx | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| spec: | |
| selector: | |
| release_group: orc8r | |
| app.kubernetes.io/name: nms | |
| app.kubernetes.io/component: nginx | |
| app.kubernetes.io/instance: orc8r | |
| type: "LoadBalancer" | |
| ports: | |
| - name: https | |
| port: 443 | |
| targetPort: | |
| protocol: TCP | |
| loadBalancerIP: 10.253.1.177 | |
| --- | |
| # Source: orc8r/templates/controller.service.yaml | |
| # Copyright 2020 The Magma Authors. | |
| # This source code is licensed under the BSD-style license found in the | |
| # LICENSE file in the root directory of this source tree. | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: orc8r-controller | |
| labels: | |
| app.kubernetes.io/component: controller | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| helm.sh/chart: orc8r-1.4.36 | |
| spec: | |
| selector: | |
| app.kubernetes.io/component: controller | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| type: ClusterIP | |
| ports: | |
| - name: web | |
| port: 8080 | |
| targetPort: 8080 | |
| - name: port-0 | |
| port: 9079 | |
| targetPort: 9079 | |
| - name: port-1 | |
| port: 9080 | |
| targetPort: 9080 | |
| - name: port-2 | |
| port: 9081 | |
| targetPort: 9081 | |
| - name: port-3 | |
| port: 9082 | |
| targetPort: 9082 | |
| - name: port-4 | |
| port: 9083 | |
| targetPort: 9083 | |
| - name: port-5 | |
| port: 9084 | |
| targetPort: 9084 | |
| - name: port-6 | |
| port: 9085 | |
| targetPort: 9085 | |
| - name: port-7 | |
| port: 9086 | |
| targetPort: 9086 | |
| - name: port-8 | |
| port: 9087 | |
| targetPort: 9087 | |
| - name: port-9 | |
| port: 9088 | |
| targetPort: 9088 | |
| - name: port-10 | |
| port: 9089 | |
| targetPort: 9089 | |
| - name: port-11 | |
| port: 9090 | |
| targetPort: 9090 | |
| - name: port-12 | |
| port: 9091 | |
| targetPort: 9091 | |
| - name: port-13 | |
| port: 9092 | |
| targetPort: 9092 | |
| - name: port-14 | |
| port: 9093 | |
| targetPort: 9093 | |
| - name: port-15 | |
| port: 9094 | |
| targetPort: 9094 | |
| - name: port-16 | |
| port: 9095 | |
| targetPort: 9095 | |
| - name: port-17 | |
| port: 9096 | |
| targetPort: 9096 | |
| - name: port-18 | |
| port: 9097 | |
| targetPort: 9097 | |
| - name: port-19 | |
| port: 9098 | |
| targetPort: 9098 | |
| - name: port-20 | |
| port: 9099 | |
| targetPort: 9099 | |
| - name: port-21 | |
| port: 9100 | |
| targetPort: 9100 | |
| - name: port-22 | |
| port: 9101 | |
| targetPort: 9101 | |
| - name: port-23 | |
| port: 9102 | |
| targetPort: 9102 | |
| - name: port-24 | |
| port: 9103 | |
| targetPort: 9103 | |
| - name: port-25 | |
| port: 9104 | |
| targetPort: 9104 | |
| - name: port-26 | |
| port: 9105 | |
| targetPort: 9105 | |
| - name: port-27 | |
| port: 9106 | |
| targetPort: 9106 | |
| - name: port-28 | |
| port: 9107 | |
| targetPort: 9107 | |
| - name: port-29 | |
| port: 9108 | |
| targetPort: 9108 | |
| --- | |
| # Source: orc8r/templates/ingress.service.yaml | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: orc8r-clientcert-nginx | |
| labels: | |
| app.kubernetes.io/component: nginx-proxy | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| helm.sh/chart: orc8r-1.4.36 | |
| spec: | |
| selector: | |
| app.kubernetes.io/component: nginx-proxy | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| type: LoadBalancer | |
| ports: | |
| - name: health | |
| port: 80 | |
| targetPort: 80 | |
| - name: clientcert-legacy | |
| port: 443 | |
| targetPort: 8443 | |
| - name: clientcert | |
| port: 8443 | |
| targetPort: 8443 | |
| --- | |
| # Source: orc8r/templates/ingress.service.yaml | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: bootstrapper-orc8r-nginx | |
| labels: | |
| app.kubernetes.io/component: nginx-proxy | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| helm.sh/chart: orc8r-1.4.36 | |
| spec: | |
| selector: | |
| app.kubernetes.io/component: nginx-proxy | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| type: LoadBalancer | |
| ports: | |
| - name: health | |
| port: 80 | |
| targetPort: 80 | |
| - name: open-legacy | |
| port: 443 | |
| targetPort: 8444 | |
| - name: open | |
| port: 8444 | |
| targetPort: 8444 | |
| --- | |
| # Source: orc8r/templates/ingress.service.yaml | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: orc8r-nginx-proxy | |
| labels: | |
| app.kubernetes.io/component: nginx-proxy | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| helm.sh/chart: orc8r-1.4.36 | |
| spec: | |
| selector: | |
| app.kubernetes.io/component: nginx-proxy | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| type: LoadBalancer | |
| ports: | |
| - name: health | |
| port: 80 | |
| targetPort: 80 | |
| - name: clientcert | |
| port: 8443 | |
| targetPort: 8443 | |
| - name: open | |
| port: 8444 | |
| targetPort: 8444 | |
| - name: api | |
| port: 443 | |
| targetPort: 9443 | |
| loadBalancerIP: 10.253.1.178 | |
| --- | |
| # Source: orc8r/charts/nms/templates/magmalte-deployment.yaml | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: nms-magmalte | |
| labels: | |
| release_group: orc8r | |
| app.kubernetes.io/name: nms | |
| app.kubernetes.io/component: magmalte | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| release_group: orc8r | |
| app.kubernetes.io/name: nms | |
| app.kubernetes.io/component: magmalte | |
| app.kubernetes.io/instance: orc8r | |
| template: | |
| metadata: | |
| labels: | |
| release_group: orc8r | |
| app.kubernetes.io/name: nms | |
| app.kubernetes.io/component: magmalte | |
| app.kubernetes.io/instance: orc8r | |
| spec: | |
| terminationGracePeriodSeconds: 60 | |
| containers: | |
| - name: nms-app | |
| image: "sudhikan/magmalte:1.3.2" | |
| imagePullPolicy: Always | |
| resources: | |
| {} | |
| args: | |
| - yarn | |
| - run | |
| - start:dev | |
| env: | |
| - name: API_CERT_FILENAME | |
| value: /run/secrets/admin_operator.pem | |
| - name: API_PRIVATE_KEY_FILENAME | |
| value: /run/secrets/admin_operator.key.pem | |
| - name: API_HOST | |
| value: "orc8r-nginx-proxy.magma.svc.cluster.local:443" | |
| - name: HOST | |
| value: "0.0.0.0" | |
| - name: PORT | |
| value: "8081" | |
| - name: MAPBOX_ACCESS_TOKEN | |
| value: "" | |
| - name: MYSQL_DB | |
| value: "magma" | |
| - name: MYSQL_HOST | |
| value: "mysql-mariadb-primary.magma.svc.cluster.local" | |
| - name: MYSQL_DIALECT | |
| value: "mariadb" | |
| - name: MYSQL_PASS | |
| valueFrom: | |
| secretKeyRef: | |
| name: magmalte-mysql-secrets | |
| key: MYSQL_PASS | |
| - name: MYSQL_USER | |
| valueFrom: | |
| secretKeyRef: | |
| name: magmalte-mysql-secrets | |
| key: MYSQL_USER | |
| - name: USER_GRAFANA_ADDRESS | |
| value: orc8r-user-grafana:3000 | |
| livenessProbe: | |
| exec: | |
| command: | |
| - curl | |
| - http://localhost:8081/healthz | |
| initialDelaySeconds: 60 | |
| ports: | |
| - containerPort: 8081 | |
| volumeMounts: | |
| - name: orc8r-secrets-certs | |
| mountPath: /run/secrets/admin_operator.pem | |
| subPath: admin_operator.pem | |
| - name: orc8r-secrets-certs | |
| mountPath: /run/secrets/admin_operator.key.pem | |
| subPath: admin_operator.key.pem | |
| volumes: | |
| - name: orc8r-secrets-certs | |
| secret: | |
| secretName: orc8r-certs | |
| defaultMode: 0444 | |
| --- | |
| # Source: orc8r/charts/nms/templates/nginx-proxy-deployment.yaml | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: nms-nginx-proxy | |
| labels: | |
| release_group: orc8r | |
| app.kubernetes.io/name: nms | |
| app.kubernetes.io/component: nginx | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| spec: | |
| replicas: 1 | |
| strategy: | |
| type: Recreate | |
| selector: | |
| matchLabels: | |
| release_group: orc8r | |
| app.kubernetes.io/name: nms | |
| app.kubernetes.io/component: nginx | |
| app.kubernetes.io/instance: orc8r | |
| template: | |
| metadata: | |
| labels: | |
| release_group: orc8r | |
| app.kubernetes.io/name: nms | |
| app.kubernetes.io/component: nginx | |
| app.kubernetes.io/instance: orc8r | |
| spec: | |
| terminationGracePeriodSeconds: 60 | |
| restartPolicy: Always | |
| containers: | |
| - name: nms-nginx | |
| image: "nginx:latest" | |
| imagePullPolicy: Always | |
| resources: | |
| {} | |
| ports: | |
| - containerPort: 443 | |
| volumeMounts: | |
| - name: nginx-proxy-etc | |
| mountPath: /etc/nginx/conf.d/nginx_proxy_ssl.conf | |
| subPath: nginx_proxy_ssl.conf | |
| - name: orc8r-secrets-certs | |
| mountPath: /etc/nginx/conf.d/nms_nginx.pem | |
| subPath: nms_nginx.pem | |
| readOnly: true | |
| - name: orc8r-secrets-certs | |
| mountPath: /etc/nginx/conf.d/nms_nginx.key.pem | |
| subPath: nms_nginx.key.pem | |
| readOnly: true | |
| volumes: | |
| - name: nginx-proxy-etc | |
| configMap: | |
| name: nginx-proxy-etc | |
| defaultMode: 0555 | |
| - name: orc8r-secrets-certs | |
| secret: | |
| secretName: orc8r-certs | |
| defaultMode: 0444 | |
| --- | |
| # Source: orc8r/templates/controller.deployment.yaml | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: orc8r-controller | |
| labels: | |
| app.kubernetes.io/component: controller | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| helm.sh/chart: orc8r-1.4.36 | |
| spec: | |
| replicas: 2 | |
| selector: | |
| matchLabels: | |
| app.kubernetes.io/component: controller | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| template: | |
| metadata: | |
| labels: | |
| app.kubernetes.io/component: controller | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| annotations: | |
| spec: | |
| volumes: | |
| - name: certs | |
| secret: | |
| secretName: orc8r-secrets-certs | |
| - name: envdir | |
| secret: | |
| secretName: orc8r-secrets-envdir | |
| - name: orc8r-secrets-configs-orc8r-orc8r | |
| secret: | |
| secretName: orc8r-secrets-configs-orc8r | |
| containers: | |
| - name: orc8r-controller | |
| image: sudhikan/controller:1.3.2 | |
| imagePullPolicy: IfNotPresent | |
| volumeMounts: | |
| - name: certs | |
| mountPath: /var/opt/magma/certs | |
| readOnly: true | |
| - name: envdir | |
| mountPath: /var/opt/magma/envdir | |
| readOnly: true | |
| - name: orc8r-secrets-configs-orc8r-orc8r | |
| mountPath: /var/opt/magma/configs/orc8r | |
| readOnly: true | |
| ports: | |
| - containerPort: 8080 | |
| - containerPort: 9079 | |
| - containerPort: 9080 | |
| - containerPort: 9081 | |
| - containerPort: 9082 | |
| - containerPort: 9083 | |
| - containerPort: 9084 | |
| - containerPort: 9085 | |
| - containerPort: 9086 | |
| - containerPort: 9087 | |
| - containerPort: 9088 | |
| - containerPort: 9089 | |
| - containerPort: 9090 | |
| - containerPort: 9091 | |
| - containerPort: 9092 | |
| - containerPort: 9093 | |
| - containerPort: 9094 | |
| - containerPort: 9095 | |
| - containerPort: 9096 | |
| - containerPort: 9097 | |
| - containerPort: 9098 | |
| - containerPort: 9099 | |
| - containerPort: 9100 | |
| - containerPort: 9101 | |
| - containerPort: 9102 | |
| - containerPort: 9103 | |
| - containerPort: 9104 | |
| - containerPort: 9105 | |
| - containerPort: 9106 | |
| - containerPort: 9107 | |
| - containerPort: 9108 | |
| env: | |
| - name: DATABASE_SOURCE | |
| valueFrom: | |
| secretKeyRef: | |
| name: orc8r-controller | |
| key: postgres.connstr | |
| - name: SQL_DRIVER | |
| value: postgres | |
| - name: SQL_DIALECT | |
| value: psql | |
| # Hostname override for dispatcher | |
| - name: SERVICE_HOST_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: status.podIP | |
| # Hostname override for metricsd | |
| - name: HOST_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: status.podIP | |
| livenessProbe: | |
| tcpSocket: | |
| port: 9081 | |
| initialDelaySeconds: 10 | |
| periodSeconds: 30 | |
| readinessProbe: | |
| tcpSocket: | |
| port: 9081 | |
| initialDelaySeconds: 5 | |
| periodSeconds: 10 | |
| resources: | |
| {} | |
| --- | |
| # Source: orc8r/templates/nginx.deployment.yaml | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: orc8r-nginx | |
| labels: | |
| app.kubernetes.io/component: nginx-proxy | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| helm.sh/chart: orc8r-1.4.36 | |
| spec: | |
| replicas: 2 | |
| selector: | |
| matchLabels: | |
| app.kubernetes.io/component: nginx-proxy | |
| template: | |
| metadata: | |
| labels: | |
| app.kubernetes.io/component: nginx-proxy | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| spec: | |
| volumes: | |
| - name: certs | |
| secret: | |
| secretName: orc8r-secrets-certs | |
| - name: envdir | |
| secret: | |
| secretName: orc8r-secrets-envdir | |
| containers: | |
| - name: orc8r-nginx | |
| image: sudhikan/nginx:1.3.2 | |
| imagePullPolicy: IfNotPresent | |
| volumeMounts: | |
| - name: certs | |
| mountPath: /var/opt/magma/certs | |
| readOnly: true | |
| - name: envdir | |
| mountPath: /var/opt/magma/envdir | |
| readOnly: true | |
| ports: | |
| - name: clientcert | |
| containerPort: 8443 | |
| - name: open | |
| containerPort: 8444 | |
| - name: api | |
| containerPort: 9443 | |
| - name: health | |
| containerPort: 80 | |
| env: | |
| - name: PROXY_BACKENDS | |
| value: "orc8r-controller.magma.svc.cluster.local" | |
| - name: CONTROLLER_HOSTNAME | |
| value: "orc8r" | |
| - name: RESOLVER | |
| value: "coredns.kube-system.svc.cluster.local valid=10s" | |
| livenessProbe: | |
| tcpSocket: | |
| port: health | |
| initialDelaySeconds: 10 | |
| periodSeconds: 30 | |
| readinessProbe: | |
| tcpSocket: | |
| port: health | |
| initialDelaySeconds: 5 | |
| periodSeconds: 10 | |
| resources: | |
| {} | |
| --- | |
| # Source: orc8r/charts/nms/templates/configmap-nginx-etc.yaml | |
| # Copyright 2020 The Magma Authors. | |
| # This source code is licensed under the BSD-style license found in the | |
| # LICENSE file in the root directory of this source tree. | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| --- | |
| # Source: orc8r/templates/cloudwatch-agent.yaml | |
| # Documentation and template from: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Container-Insights-setup-metrics.html | |
| # One of the pods tend to crashloop due to the node running out of available | |
| # inotify watchers (https://github.com/kubernetes/kubernetes/issues/70324) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # Source: orc8r/templates/controller.secret.yaml | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: orc8r-controller | |
| labels: | |
| app.kubernetes.io/component: controller | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| helm.sh/chart: orc8r-1.4.36 | |
| type: Opaque | |
| data: | |
| postgres.connstr: "ZGJuYW1lPW1hZ21hIHVzZXI9cG9zdGdyZXMgcGFzc3dvcmQ9cG9zdGdyZXMgaG9zdD1wb3N0Z3Jlc3FsIHBvcnQ9NTQzMiBzc2xtb2RlPWRpc2FibGU=" | |
| --- | |
| # Source: orc8r/charts/logging/templates/fluentd-daemon.configmap.yaml | |
| kind: ConfigMap | |
| apiVersion: v1 | |
| metadata: | |
| name: orc8r-fluentd-es-configs | |
| namespace: kube-system | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| data: | |
| kubernetes.conf: |- | |
| <match fluent.**> | |
| @type null | |
| </match> | |
| <source> | |
| @type tail | |
| @id in_tail_container_logs | |
| path /var/log/containers/*.log | |
| pos_file /var/log/fluentd-containers.log.pos | |
| tag kubernetes.* | |
| read_from_head true | |
| <parse> | |
| @type "#{ENV['FLUENT_CONTAINER_TAIL_PARSER_TYPE'] || 'json'}" | |
| time_format %Y-%m-%dT%H:%M:%S.%NZ | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_minion | |
| path /var/log/salt/minion | |
| pos_file /var/log/fluentd-salt.pos | |
| tag salt | |
| <parse> | |
| @type regexp | |
| expression /^(?<time>[^ ]* [^ ,]*)[^\[]*\[[^\]]*\]\[(?<severity>[^ \]]*) *\] (?<message>.*)$/ | |
| time_format %Y-%m-%d %H:%M:%S | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_startupscript | |
| path /var/log/startupscript.log | |
| pos_file /var/log/fluentd-startupscript.log.pos | |
| tag startupscript | |
| <parse> | |
| @type syslog | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_docker | |
| path /var/log/docker.log | |
| pos_file /var/log/fluentd-docker.log.pos | |
| tag docker | |
| <parse> | |
| @type regexp | |
| expression /^time="(?<time>[^)]*)" level=(?<severity>[^ ]*) msg="(?<message>[^"]*)"( err="(?<error>[^"]*)")?( statusCode=($<status_code>\d+))?/ | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_etcd | |
| path /var/log/etcd.log | |
| pos_file /var/log/fluentd-etcd.log.pos | |
| tag etcd | |
| <parse> | |
| @type none | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_kubelet | |
| multiline_flush_interval 5s | |
| path /var/log/kubelet.log | |
| pos_file /var/log/fluentd-kubelet.log.pos | |
| tag kubelet | |
| <parse> | |
| @type kubernetes | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_kube_proxy | |
| multiline_flush_interval 5s | |
| path /var/log/kube-proxy.log | |
| pos_file /var/log/fluentd-kube-proxy.log.pos | |
| tag kube-proxy | |
| <parse> | |
| @type kubernetes | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_kube_apiserver | |
| multiline_flush_interval 5s | |
| path /var/log/kube-apiserver.log | |
| pos_file /var/log/fluentd-kube-apiserver.log.pos | |
| tag kube-apiserver | |
| <parse> | |
| @type kubernetes | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_kube_controller_manager | |
| multiline_flush_interval 5s | |
| path /var/log/kube-controller-manager.log | |
| pos_file /var/log/fluentd-kube-controller-manager.log.pos | |
| tag kube-controller-manager | |
| <parse> | |
| @type kubernetes | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_kube_scheduler | |
| multiline_flush_interval 5s | |
| path /var/log/kube-scheduler.log | |
| pos_file /var/log/fluentd-kube-scheduler.log.pos | |
| tag kube-scheduler | |
| <parse> | |
| @type kubernetes | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_rescheduler | |
| multiline_flush_interval 5s | |
| path /var/log/rescheduler.log | |
| pos_file /var/log/fluentd-rescheduler.log.pos | |
| tag rescheduler | |
| <parse> | |
| @type kubernetes | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_glbc | |
| multiline_flush_interval 5s | |
| path /var/log/glbc.log | |
| pos_file /var/log/fluentd-glbc.log.pos | |
| tag glbc | |
| <parse> | |
| @type kubernetes | |
| </parse> | |
| </source> | |
| <source> | |
| @type tail | |
| @id in_tail_cluster_autoscaler | |
| multiline_flush_interval 5s | |
| path /var/log/cluster-autoscaler.log | |
| pos_file /var/log/fluentd-cluster-autoscaler.log.pos | |
| tag cluster-autoscaler | |
| <parse> | |
| @type kubernetes | |
| </parse> | |
| </source> | |
| # Example: | |
| # 2017-02-09T00:15:57.992775796Z AUDIT: id="90c73c7c-97d6-4b65-9461-f94606ff825f" ip="104.132.1.72" method="GET" user="kubecfg" as="<self>" asgroups="<lookup>" namespace="default" uri="/api/v1/namespaces/default/pods" | |
| # 2017-02-09T00:15:57.993528822Z AUDIT: id="90c73c7c-97d6-4b65-9461-f94606ff825f" response="200" | |
| <source> | |
| @type tail | |
| @id in_tail_kube_apiserver_audit | |
| multiline_flush_interval 5s | |
| path /var/log/kubernetes/kube-apiserver-audit.log | |
| pos_file /var/log/kube-apiserver-audit.log.pos | |
| tag kube-apiserver-audit | |
| <parse> | |
| @type multiline | |
| format_firstline /^\S+\s+AUDIT:/ | |
| # Fields must be explicitly captured by name to be parsed into the record. | |
| # Fields may not always be present, and order may change, so this just looks | |
| # for a list of key="\"quoted\" value" pairs separated by spaces. | |
| # Unknown fields are ignored. | |
| # Note: We can't separate query/response lines as format1/format2 because | |
| # they don't always come one after the other for a given query. | |
| format1 /^(?<time>\S+) AUDIT:(?: (?:id="(?<id>(?:[^"\\]|\\.)*)"|ip="(?<ip>(?:[^"\\]|\\.)*)"|method="(?<method>(?:[^"\\]|\\.)*)"|user="(?<user>(?:[^"\\]|\\.)*)"|groups="(?<groups>(?:[^"\\]|\\.)*)"|as="(?<as>(?:[^"\\]|\\.)*)"|asgroups="(?<asgroups>(?:[^"\\]|\\.)*)"|namespace="(?<namespace>(?:[^"\\]|\\.)*)"|uri="(?<uri>(?:[^"\\]|\\.)*)"|response="(?<response>(?:[^"\\]|\\.)*)"|\w+="(?:[^"\\]|\\.)*"))*/ | |
| time_format %Y-%m-%dT%T.%L%Z | |
| </parse> | |
| </source> | |
| <filter kubernetes.**orc8r-proxy**> | |
| @type parser | |
| key_name log | |
| <parse> | |
| @type multi_format | |
| <pattern> | |
| format regexp | |
| expression /^(?<time>.*)@\|@(?<remote_addr>.*)@\|@(?<http_host>.*)@\|@(?<server_port>.*)@\|@(?<request>.*)@\|@(?<status>.*)@\|@(?<body_bytes_sent>.*)@\|@(?<request_time>.*)@\|@(?<alpn>.*)@\|@(?<tls_client_serial>.*)@\|@(?<tls_client_subject_name>.*)@\|@(?<tls_session_reused>.*)@\|@(?<tls_sni>.*)@\|@(?<tls_protocol>.*)@\|@(?<tls_cipher>.*)@\|@(?<backend_host>.*)@\|@(?<backend_port>.*)$/ | |
| time_format %iso8601 | |
| </pattern> | |
| <pattern> | |
| format none | |
| </pattern> | |
| </parse> | |
| </filter> | |
| <filter kubernetes.**orc8r-nginx**> | |
| @type parser | |
| key_name log | |
| <parse> | |
| @type multi_format | |
| <pattern> | |
| format json | |
| </pattern> | |
| <pattern> | |
| format none | |
| </pattern> | |
| </parse> | |
| </filter> | |
| <filter kubernetes.**> | |
| @type kubernetes_metadata | |
| @id filter_kube_metadata | |
| </filter> | |
| systemd.conf: |- | |
| # Logs from systemd-journal for interesting services. | |
| <source> | |
| @type systemd | |
| @id in_systemd_kubelet | |
| matches [{ "_SYSTEMD_UNIT": "kubelet.service" }] | |
| <storage> | |
| @type local | |
| persistent true | |
| path /var/log/fluentd-journald-kubelet-cursor.json | |
| </storage> | |
| <entry> | |
| fields_strip_underscores true | |
| </entry> | |
| read_from_head true | |
| tag kubelet | |
| </source> | |
| # Logs from docker-systemd | |
| <source> | |
| @type systemd | |
| @id in_systemd_docker | |
| matches [{ "_SYSTEMD_UNIT": "docker.service" }] | |
| <storage> | |
| @type local | |
| persistent true | |
| path /var/log/fluentd-journald-docker-cursor.json | |
| </storage> | |
| <entry> | |
| fields_strip_underscores true | |
| </entry> | |
| read_from_head true | |
| tag docker.systemd | |
| </source> | |
| # Logs from systemd-journal for interesting services. | |
| <source> | |
| @type systemd | |
| @id in_systemd_bootkube | |
| matches [{ "_SYSTEMD_UNIT": "bootkube.service" }] | |
| <storage> | |
| @type local | |
| persistent true | |
| path /var/log/fluentd-journald-bootkube-cursor.json | |
| </storage> | |
| <entry> | |
| fields_strip_underscores true | |
| </entry> | |
| read_from_head true | |
| tag bootkube | |
| </source> | |
| output.conf: |- | |
| <match **> | |
| @type elasticsearch | |
| @id out_es | |
| @log_level info | |
| include_tag_key true | |
| host "#{ENV['FLUENT_ELASTICSEARCH_HOST']}" | |
| port "#{ENV['FLUENT_ELASTICSEARCH_PORT']}" | |
| scheme "#{ENV['FLUENT_ELASTICSEARCH_SCHEME'] || 'https'}" | |
| ssl_verify "#{ENV['FLUENT_ELASTICSEARCH_SSL_VERIFY'] || 'false'}" | |
| ssl_version "#{ENV['FLUENT_ELASTICSEARCH_SSL_VERSION'] || 'TLSv1'}" | |
| reload_connections "#{ENV['FLUENT_ELASTICSEARCH_RELOAD_CONNECTIONS'] || 'false'}" | |
| reconnect_on_error "#{ENV['FLUENT_ELASTICSEARCH_RECONNECT_ON_ERROR'] || 'true'}" | |
| reload_on_failure "#{ENV['FLUENT_ELASTICSEARCH_RELOAD_ON_FAILURE'] || 'true'}" | |
| log_es_400_reason "#{ENV['FLUENT_ELASTICSEARCH_LOG_ES_400_REASON'] || 'false'}" | |
| logstash_prefix "#{ENV['FLUENT_ELASTICSEARCH_LOGSTASH_PREFIX'] || 'logstash'}" | |
| logstash_format "#{ENV['FLUENT_ELASTICSEARCH_LOGSTASH_FORMAT'] || 'true'}" | |
| index_name "#{ENV['FLUENT_ELASTICSEARCH_LOGSTASH_INDEX_NAME'] || 'logstash'}" | |
| type_name "#{ENV['FLUENT_ELASTICSEARCH_LOGSTASH_TYPE_NAME'] || 'fluentd'}" | |
| <buffer> | |
| flush_thread_count "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_FLUSH_THREAD_COUNT'] || '8'}" | |
| flush_interval "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_FLUSH_INTERVAL'] || '5s'}" | |
| chunk_limit_size "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_CHUNK_LIMIT_SIZE'] || '2M'}" | |
| queue_limit_length "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_QUEUE_LIMIT_LENGTH'] || '32'}" | |
| retry_max_interval "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_RETRY_MAX_INTERVAL'] || '30'}" | |
| retry_forever true | |
| </buffer> | |
| </match> | |
| fluent.conf: |- | |
| @include /fluentd/etc/kubernetes.conf | |
| @include /fluentd/etc/systemd.conf | |
| @include /fluentd/etc/output.conf | |
| --- | |
| # Source: orc8r/charts/logging/templates/fluentd-forward.configmap.yaml | |
| kind: ConfigMap | |
| apiVersion: v1 | |
| metadata: | |
| name: orc8r-fluentd-forward-configs | |
| namespace: magma | |
| labels: | |
| addonmanager.kubernetes.io/mode: Reconcile | |
| data: | |
| forward.conf: |- | |
| <source> | |
| @type forward | |
| port 24224 | |
| bind 0.0.0.0 | |
| <transport tls> | |
| cert_path /var/opt/magma/certs/fluentd.pem | |
| private_key_path /var/opt/magma/certs/fluentd.key | |
| client_cert_auth true | |
| ca_path /var/opt/magma/certs/certifier.pem | |
| </transport> | |
| </source> | |
| output.conf: |- | |
| <match **> | |
| @type elasticsearch | |
| @id out_es | |
| @log_level info | |
| include_tag_key true | |
| host "#{ENV['FLUENT_ELASTICSEARCH_HOST']}" | |
| port "#{ENV['FLUENT_ELASTICSEARCH_PORT']}" | |
| scheme "#{ENV['FLUENT_ELASTICSEARCH_SCHEME'] || 'https'}" | |
| ssl_verify "#{ENV['FLUENT_ELASTICSEARCH_SSL_VERIFY'] || 'false'}" | |
| ssl_version "#{ENV['FLUENT_ELASTICSEARCH_SSL_VERSION'] || 'TLSv1'}" | |
| reload_connections "#{ENV['FLUENT_ELASTICSEARCH_RELOAD_CONNECTIONS'] || 'false'}" | |
| reconnect_on_error "#{ENV['FLUENT_ELASTICSEARCH_RECONNECT_ON_ERROR'] || 'true'}" | |
| reload_on_failure "#{ENV['FLUENT_ELASTICSEARCH_RELOAD_ON_FAILURE'] || 'true'}" | |
| log_es_400_reason "#{ENV['FLUENT_ELASTICSEARCH_LOG_ES_400_REASON'] || 'false'}" | |
| logstash_prefix "#{ENV['FLUENT_ELASTICSEARCH_LOGSTASH_PREFIX'] || 'fluentd'}" | |
| logstash_format "#{ENV['FLUENT_ELASTICSEARCH_LOGSTASH_FORMAT'] || 'true'}" | |
| index_name "#{ENV['FLUENT_ELASTICSEARCH_LOGSTASH_INDEX_NAME'] || 'fluentd'}" | |
| type_name "#{ENV['FLUENT_ELASTICSEARCH_LOGSTASH_TYPE_NAME'] || 'fluentd'}" | |
| <buffer> | |
| flush_thread_count "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_FLUSH_THREAD_COUNT'] || '8'}" | |
| flush_interval "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_FLUSH_INTERVAL'] || '5s'}" | |
| chunk_limit_size "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_CHUNK_LIMIT_SIZE'] || '2M'}" | |
| queue_limit_length "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_QUEUE_LIMIT_LENGTH'] || '32'}" | |
| retry_max_interval "#{ENV['FLUENT_ELASTICSEARCH_BUFFER_RETRY_MAX_INTERVAL'] || '30'}" | |
| retry_forever true | |
| </buffer> | |
| </match> | |
| fluent.conf: |- | |
| @include /fluentd/etc/forward.conf | |
| @include /fluentd/etc/output.conf | |
| --- | |
| # Source: orc8r/templates/controller.service.yaml | |
| # Copyright 2020 The Magma Authors. | |
| # This source code is licensed under the BSD-style license found in the | |
| # LICENSE file in the root directory of this source tree. | |
| # Unless required by applicable law or agreed to in writing, software | |
| # distributed under the License is distributed on an "AS IS" BASIS, | |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| # See the License for the specific language governing permissions and | |
| # limitations under the License. | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: orc8r-controller | |
| labels: | |
| app.kubernetes.io/component: controller | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| helm.sh/chart: orc8r-1.4.36 | |
| spec: | |
| selector: | |
| app.kubernetes.io/component: controller | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| type: ClusterIP | |
| ports: | |
| - name: web | |
| port: 8080 | |
| targetPort: 8080 | |
| - name: port-0 | |
| port: 9079 | |
| targetPort: 9079 | |
| - name: port-1 | |
| port: 9080 | |
| targetPort: 9080 | |
| - name: port-2 | |
| port: 9081 | |
| targetPort: 9081 | |
| - name: port-3 | |
| port: 9082 | |
| targetPort: 9082 | |
| - name: port-4 | |
| port: 9083 | |
| targetPort: 9083 | |
| - name: port-5 | |
| port: 9084 | |
| targetPort: 9084 | |
| - name: port-6 | |
| port: 9085 | |
| targetPort: 9085 | |
| - name: port-7 | |
| port: 9086 | |
| targetPort: 9086 | |
| - name: port-8 | |
| port: 9087 | |
| targetPort: 9087 | |
| - name: port-9 | |
| port: 9088 | |
| targetPort: 9088 | |
| - name: port-10 | |
| port: 9089 | |
| targetPort: 9089 | |
| - name: port-11 | |
| port: 9090 | |
| targetPort: 9090 | |
| - name: port-12 | |
| port: 9091 | |
| targetPort: 9091 | |
| - name: port-13 | |
| port: 9092 | |
| targetPort: 9092 | |
| - name: port-14 | |
| port: 9093 | |
| targetPort: 9093 | |
| - name: port-15 | |
| port: 9094 | |
| targetPort: 9094 | |
| - name: port-16 | |
| port: 9095 | |
| targetPort: 9095 | |
| - name: port-17 | |
| port: 9096 | |
| targetPort: 9096 | |
| - name: port-18 | |
| port: 9097 | |
| targetPort: 9097 | |
| - name: port-19 | |
| port: 9098 | |
| targetPort: 9098 | |
| - name: port-20 | |
| port: 9099 | |
| targetPort: 9099 | |
| - name: port-21 | |
| port: 9100 | |
| targetPort: 9100 | |
| - name: port-22 | |
| port: 9101 | |
| targetPort: 9101 | |
| - name: port-23 | |
| port: 9102 | |
| targetPort: 9102 | |
| - name: port-24 | |
| port: 9103 | |
| targetPort: 9103 | |
| - name: port-25 | |
| port: 9104 | |
| targetPort: 9104 | |
| - name: port-26 | |
| port: 9105 | |
| targetPort: 9105 | |
| - name: port-27 | |
| port: 9106 | |
| targetPort: 9106 | |
| - name: port-28 | |
| port: 9107 | |
| targetPort: 9107 | |
| - name: port-29 | |
| port: 9108 | |
| targetPort: 9108 | |
| --- | |
| # Source: orc8r/templates/ingress.service.yaml | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: orc8r-clientcert-nginx | |
| labels: | |
| app.kubernetes.io/component: nginx-proxy | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| helm.sh/chart: orc8r-1.4.36 | |
| spec: | |
| selector: | |
| app.kubernetes.io/component: nginx-proxy | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| type: LoadBalancer | |
| ports: | |
| - name: health | |
| port: 80 | |
| targetPort: 80 | |
| - name: clientcert-legacy | |
| port: 443 | |
| targetPort: 8443 | |
| - name: clientcert | |
| port: 8443 | |
| targetPort: 8443 | |
| --- | |
| # Source: orc8r/templates/ingress.service.yaml | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: bootstrapper-orc8r-nginx | |
| labels: | |
| app.kubernetes.io/component: nginx-proxy | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| helm.sh/chart: orc8r-1.4.36 | |
| spec: | |
| selector: | |
| app.kubernetes.io/component: nginx-proxy | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| type: LoadBalancer | |
| ports: | |
| - name: health | |
| port: 80 | |
| targetPort: 80 | |
| - name: open-legacy | |
| port: 443 | |
| targetPort: 8444 | |
| - name: open | |
| port: 8444 | |
| targetPort: 8444 | |
| --- | |
| # Source: orc8r/templates/ingress.service.yaml | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: orc8r-nginx-proxy | |
| labels: | |
| app.kubernetes.io/component: nginx-proxy | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| helm.sh/chart: orc8r-1.4.36 | |
| spec: | |
| selector: | |
| app.kubernetes.io/component: nginx-proxy | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| type: LoadBalancer | |
| ports: | |
| - name: health | |
| port: 80 | |
| targetPort: 80 | |
| - name: clientcert | |
| port: 8443 | |
| targetPort: 8443 | |
| - name: open | |
| port: 8444 | |
| targetPort: 8444 | |
| - name: api | |
| port: 443 | |
| targetPort: 9443 | |
| loadBalancerIP: 10.253.1.175 | |
| --- | |
| # Source: orc8r/templates/controller.deployment.yaml | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: orc8r-controller | |
| labels: | |
| app.kubernetes.io/component: controller | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| helm.sh/chart: orc8r-1.4.36 | |
| spec: | |
| replicas: 2 | |
| selector: | |
| matchLabels: | |
| app.kubernetes.io/component: controller | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| template: | |
| metadata: | |
| labels: | |
| app.kubernetes.io/component: controller | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| annotations: | |
| spec: | |
| volumes: | |
| - name: certs | |
| secret: | |
| secretName: orc8r-secrets-certs | |
| - name: envdir | |
| secret: | |
| secretName: orc8r-secrets-envdir | |
| - name: orc8r-secrets-configs-orc8r-orc8r | |
| secret: | |
| secretName: orc8r-secrets-configs-orc8r | |
| containers: | |
| - name: orc8r-controller | |
| image: sudhikan/controller:1.3.2 | |
| imagePullPolicy: IfNotPresent | |
| volumeMounts: | |
| - name: certs | |
| mountPath: /var/opt/magma/certs | |
| readOnly: true | |
| - name: envdir | |
| mountPath: /var/opt/magma/envdir | |
| readOnly: true | |
| - name: orc8r-secrets-configs-orc8r-orc8r | |
| mountPath: /var/opt/magma/configs/orc8r | |
| readOnly: true | |
| ports: | |
| - containerPort: 8080 | |
| - containerPort: 9079 | |
| - containerPort: 9080 | |
| - containerPort: 9081 | |
| - containerPort: 9082 | |
| - containerPort: 9083 | |
| - containerPort: 9084 | |
| - containerPort: 9085 | |
| - containerPort: 9086 | |
| - containerPort: 9087 | |
| - containerPort: 9088 | |
| - containerPort: 9089 | |
| - containerPort: 9090 | |
| - containerPort: 9091 | |
| - containerPort: 9092 | |
| - containerPort: 9093 | |
| - containerPort: 9094 | |
| - containerPort: 9095 | |
| - containerPort: 9096 | |
| - containerPort: 9097 | |
| - containerPort: 9098 | |
| - containerPort: 9099 | |
| - containerPort: 9100 | |
| - containerPort: 9101 | |
| - containerPort: 9102 | |
| - containerPort: 9103 | |
| - containerPort: 9104 | |
| - containerPort: 9105 | |
| - containerPort: 9106 | |
| - containerPort: 9107 | |
| - containerPort: 9108 | |
| env: | |
| - name: DATABASE_SOURCE | |
| valueFrom: | |
| secretKeyRef: | |
| name: orc8r-controller | |
| key: postgres.connstr | |
| - name: SQL_DRIVER | |
| value: postgres | |
| - name: SQL_DIALECT | |
| value: psql | |
| # Hostname override for dispatcher | |
| - name: SERVICE_HOST_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: status.podIP | |
| # Hostname override for metricsd | |
| - name: HOST_NAME | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: status.podIP | |
| livenessProbe: | |
| tcpSocket: | |
| port: 9081 | |
| initialDelaySeconds: 10 | |
| periodSeconds: 30 | |
| readinessProbe: | |
| tcpSocket: | |
| port: 9081 | |
| initialDelaySeconds: 5 | |
| periodSeconds: 10 | |
| resources: | |
| {} | |
| --- | |
| # Source: orc8r/templates/nginx.deployment.yaml | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: orc8r-nginx | |
| labels: | |
| app.kubernetes.io/component: nginx-proxy | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| app.kubernetes.io/managed-by: helm | |
| app.kubernetes.io/part-of: magma | |
| helm.sh/chart: orc8r-1.4.36 | |
| spec: | |
| replicas: 2 | |
| selector: | |
| matchLabels: | |
| app.kubernetes.io/component: nginx-proxy | |
| template: | |
| metadata: | |
| labels: | |
| app.kubernetes.io/component: nginx-proxy | |
| app.kubernetes.io/name: orc8r | |
| app.kubernetes.io/instance: orc8r | |
| spec: | |
| volumes: | |
| - name: certs | |
| secret: | |
| secretName: orc8r-secrets-certs | |
| - name: envdir | |
| secret: | |
| secretName: orc8r-secrets-envdir | |
| containers: | |
| - name: orc8r-nginx | |
| image: sudhikan/nginx:1.3.2 | |
| imagePullPolicy: IfNotPresent | |
| volumeMounts: | |
| - name: certs | |
| mountPath: /var/opt/magma/certs | |
| readOnly: true | |
| - name: envdir | |
| mountPath: /var/opt/magma/envdir | |
| readOnly: true | |
| ports: | |
| - name: clientcert | |
| containerPort: 8443 | |
| - name: open | |
| containerPort: 8444 | |
| - name: api | |
| containerPort: 9443 | |
| - name: health | |
| containerPort: 80 | |
| env: | |
| - name: PROXY_BACKENDS | |
| value: "orc8r-controller.magma.svc.cluster.local" | |
| - name: CONTROLLER_HOSTNAME | |
| value: "orc8r" | |
| - name: RESOLVER | |
| value: "coredns.kube-system.svc.cluster.local valid=10s" | |
| livenessProbe: | |
| tcpSocket: | |
| port: health | |
| initialDelaySeconds: 10 | |
| periodSeconds: 30 | |
| readinessProbe: | |
| tcpSocket: | |
| port: health | |
| initialDelaySeconds: 5 | |
| periodSeconds: 10 | |
| resources: | |
| {} | |
| --- | |
| # Source: orc8r/templates/cloudwatch-agent.yaml | |
| # Documentation and template from: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Container-Insights-setup-metrics.html | |
| # One of the pods tend to crashloop due to the node running out of available | |
| # inotify watchers (https://github.com/kubernetes/kubernetes/issues/70324) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment