From 4b5d2b96655ff68a01d85b8e4bcb746c40192f9b Mon Sep 17 00:00:00 2001 From: Radovan Zvoncek Date: Mon, 30 Sep 2024 17:26:29 +0300 Subject: [PATCH 1/8] MC-1296 Make k8ssandra-operator deploy Reaper capable of interaction with encrypted mgmt-api --- CHANGELOG/CHANGELOG-1.21.md | 1 + controllers/k8ssandra/reaper.go | 90 ++++++ controllers/k8ssandra/reaper_test.go | 19 +- controllers/reaper/reaper_controller.go | 36 +++ controllers/reaper/reaper_controller_test.go | 68 +++++ pkg/reaper/deployment.go | 38 ++- pkg/reaper/deployment_test.go | 11 + pkg/reaper/manager.go | 5 +- pkg/reaper/secrets.go | 4 + test/e2e/reaper_test.go | 40 ++- test/e2e/suite_test.go | 36 ++- .../reaper-control-plane/k8ssandra.yaml | 270 ++++++++++++++++-- .../fixtures/reaper-control-plane/reaper.yaml | 2 + 13 files changed, 561 insertions(+), 59 deletions(-) diff --git a/CHANGELOG/CHANGELOG-1.21.md b/CHANGELOG/CHANGELOG-1.21.md index 6d4d84c69..001170913 100644 --- a/CHANGELOG/CHANGELOG-1.21.md +++ b/CHANGELOG/CHANGELOG-1.21.md @@ -18,3 +18,4 @@ When cutting a new release, update the `unreleased` heading to the tag being gen * [CHANGE] [#1441](https://github.com/k8ssandra/k8ssandra-operator/issues/1441) Use k8ssandra-client instead of k8ssandra-tools for CRD upgrades * [BUGFIX] [#1383](https://github.com/k8ssandra/k8ssandra-operator/issues/1383) Do not create MedusaBackup if MadusaBakupJob did not fully succeed * [ENHANCEMENT] [#1667](https://github.com/k8ssahttps://github.com/k8ssandra/k8ssandra/issues/1667) Add `skipSchemaMigration` option to `K8ssandraCluster.spec.reaper` +* [FEATURE] [#1508](https://github.com/riptano/mission-control/issues/1508) Make k8ssandra-operator deploy Reaper capable of interaction with encrypted mgmt-api diff --git a/controllers/k8ssandra/reaper.go b/controllers/k8ssandra/reaper.go index c50852ea6..8f9f80462 100644 --- a/controllers/k8ssandra/reaper.go +++ b/controllers/k8ssandra/reaper.go @@ -29,6 +29,7 @@ import ( k8ssandralabels "github.com/k8ssandra/k8ssandra-operator/pkg/labels" "github.com/k8ssandra/k8ssandra-operator/pkg/reaper" "github.com/k8ssandra/k8ssandra-operator/pkg/result" + corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/types" @@ -100,6 +101,13 @@ func (r *K8ssandraClusterReconciler) reconcileReaper( // we might have nil-ed the template because a DC got stopped, so we need to re-check if reaperTemplate != nil { if reaperTemplate.HasReaperRef() { + + if uses, conf := usesHttpAuth(kc, actualDc); uses { + if err := addManagementApiSecretsToReaper(ctx, remoteClient, kc, actualDc, logger, conf); err != nil { + return result.Error(err) + } + } + logger.Info("ReaperRef present, registering with referenced Reaper instead of creating a new one") return r.addClusterToExternalReaper(ctx, kc, actualDc, logger) } @@ -267,6 +275,22 @@ func getSingleReaperDcName(kc *api.K8ssandraCluster) string { return "" } +func usesHttpAuth(kc *api.K8ssandraCluster, actualDc *cassdcapi.CassandraDatacenter) (bool, *cassdcapi.ManagementApiAuthManualConfig) { + // check for the mgmt api auth config in the cass-dc object of the DC were in + for _, dc := range kc.Spec.Cassandra.Datacenters { + if !dc.Stopped && dc.DatacenterName == actualDc.DatacenterName() { + return true, dc.ManagementApiAuth.Manual + } + } + // if that wasn't found, then check for the mgmt api auth config in the cluster object + if kc.Spec.Cassandra.ManagementApiAuth != nil { + if kc.Spec.Cassandra.ManagementApiAuth.Manual != nil { + return true, kc.Spec.Cassandra.ManagementApiAuth.Manual + } + } + return false, nil +} + func (r *K8ssandraClusterReconciler) addClusterToExternalReaper( ctx context.Context, kc *api.K8ssandraCluster, @@ -290,3 +314,69 @@ func (r *K8ssandraClusterReconciler) addClusterToExternalReaper( } return result.Continue() } + +func addManagementApiSecretsToReaper( + ctx context.Context, + remoteClient client.Client, + kc *api.K8ssandraCluster, + actualDc *cassdcapi.CassandraDatacenter, + logger logr.Logger, + authConfig *cassdcapi.ManagementApiAuthManualConfig, +) error { + + reaperName := kc.Spec.Reaper.ReaperRef.Name + + reaperNamespace := kc.Spec.Reaper.ReaperRef.Namespace + if reaperNamespace == "" { + reaperNamespace = kc.Namespace + } + + tssName := reaper.GetTruststoresSecretName(reaperName) + tssKey := client.ObjectKey{Namespace: reaperNamespace, Name: tssName} + + tss := &corev1.Secret{} + if err := remoteClient.Get(ctx, tssKey, tss); err != nil { + logger.Error(err, "failed to get Reaper's truststore secret") + return err + } + + cs := &corev1.Secret{} + csName := authConfig.ClientSecretName + "-ks" + csKey := client.ObjectKey{Namespace: kc.Namespace, Name: csName} + if err := remoteClient.Get(ctx, csKey, cs); err != nil { + logger.Error(err, "failed to get k8ssandra cluster client secret", "secretName", csName) + return err + } + + clusterName := cassdcapi.CleanupForKubernetes(actualDc.Spec.ClusterName) + clustersTruststore := clusterName + "-truststore.jks" + clustersKeystore := clusterName + "-keystore.jks" + + // check if the reaper's big secret already has entry for this cluster + if tss.Data == nil { + tss.Data = make(map[string][]byte) + } + _, hasTruststore := tss.Data[clustersTruststore] + _, hasKeystore := tss.Data[clustersKeystore] + + if hasTruststore && hasKeystore { + logger.Info("Cluster secrets already present in Reapers secret", "reaperName", reaperName, "clusterName", kc.Name) + return nil + } + + logger.Info("Patching Reaper's truststores with new secrets", "reaperName", reaperName, "clusterName", kc.Name) + + patch := client.MergeFrom(tss.DeepCopy()) + if !hasTruststore { + tss.Data[clustersTruststore] = cs.Data["truststore.jks"] + } + if !hasKeystore { + tss.Data[clustersKeystore] = cs.Data["keystore.jks"] + } + if err := remoteClient.Patch(ctx, tss, patch); err != nil { + logger.Error(err, "failed to patch reaper's config map") + return err + } + + return nil +} diff --git a/controllers/k8ssandra/reaper_test.go b/controllers/k8ssandra/reaper_test.go index 3ed5c7945..87b97f145 100644 --- a/controllers/k8ssandra/reaper_test.go +++ b/controllers/k8ssandra/reaper_test.go @@ -235,11 +235,12 @@ func createMultiDcClusterWithReaper(t *testing.T, ctx context.Context, f *framew func createMultiDcClusterWithControlPlaneReaper(t *testing.T, ctx context.Context, f *framework.Framework, namespace string) { require := require.New(t) + reaperName := "reaper" cpr := &reaperapi.Reaper{ ObjectMeta: metav1.ObjectMeta{ Namespace: namespace, - Name: "reaper", + Name: reaperName, }, Spec: newControlPlaneReaper(), } @@ -247,6 +248,15 @@ func createMultiDcClusterWithControlPlaneReaper(t *testing.T, ctx context.Contex err := f.Client.Create(ctx, cpr) require.NoError(err, "failed to create control plane reaper") + rts := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: namespace, + Name: reaper.GetTruststoresSecretName(reaperName), + }, + } + err = f.Client.Create(ctx, rts) + require.NoError(err, "failed to create reaper's truststore secret") + cpReaperKey := framework.ClusterKey{ K8sContext: f.ControlPlaneContext, NamespacedName: types.NamespacedName{ @@ -308,9 +318,6 @@ func createMultiDcClusterWithControlPlaneReaper(t *testing.T, ctx context.Contex verifyReaperAbsent(t, f, ctx, kc, f.DataPlaneContexts[0], dc1Key, namespace) verifyReaperAbsent(t, f, ctx, kc, f.DataPlaneContexts[1], dc2Key, namespace) - // check the kc is added to reaper - verifyClusterRegistered(t, f, ctx, kc, namespace) - err = f.DeleteK8ssandraCluster(ctx, utils.GetKey(kc), timeout, interval) require.NoError(err, "failed to delete K8ssandraCluster") } @@ -401,7 +408,3 @@ func verifyReaperAbsent(t *testing.T, f *framework.Framework, ctx context.Contex err := f.Get(ctx, reaperKey, reaper) require.True(t, err != nil && errors.IsNotFound(err), fmt.Sprintf("reaper %s should not be created in dc %s", reaperKey, dcKey)) } - -func verifyClusterRegistered(t *testing.T, f *framework.Framework, ctx context.Context, kc *api.K8ssandraCluster, namespace string) { - -} diff --git a/controllers/reaper/reaper_controller.go b/controllers/reaper/reaper_controller.go index 7522dda6b..8f5cfed18 100644 --- a/controllers/reaper/reaper_controller.go +++ b/controllers/reaper/reaper_controller.go @@ -30,6 +30,7 @@ import ( appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" "k8s.io/utils/ptr" @@ -206,6 +207,13 @@ func (r *ReaperReconciler) reconcileDeployment( } } + if actualReaper.Spec.HttpManagement.Enabled { + err := r.reconcileTrustStoresSecret(ctx, actualReaper, logger) + if err != nil { + return ctrl.Result{}, err + } + } + logger.Info("Reconciling reaper deployment", "actualReaper", actualReaper) // work out how to deploy Reaper @@ -484,3 +492,31 @@ func (r *ReaperReconciler) SetupWithManager(mgr ctrl.Manager) error { Owns(&corev1.Service{}). Complete(r) } + +func (r *ReaperReconciler) reconcileTrustStoresSecret(ctx context.Context, actualReaper *reaperapi.Reaper, logger logr.Logger) error { + sName := reaper.GetTruststoresSecretName(actualReaper.Name) + sKey := types.NamespacedName{Namespace: actualReaper.Namespace, Name: sName} + s := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: sName, + Namespace: actualReaper.Namespace, + }, + } + if err := r.Client.Get(ctx, sKey, s); err != nil { + if errors.IsNotFound(err) { + logger.Info("Creating Reaper's truststore ConfigMap", "ConfigMap", sKey) + if err = controllerutil.SetControllerReference(actualReaper, s, r.Scheme); err != nil { + logger.Error(err, "Failed to set owner on truststore ConfigMap") + return err + } + if err = r.Client.Create(ctx, s); err != nil { + logger.Error(err, "Failed to create Reaper's truststore ConfigMap") + return err + } + return nil + } + logger.Error(err, "Failed to get Reaper's truststores ConfigMap") + return err + } + return nil +} diff --git a/controllers/reaper/reaper_controller_test.go b/controllers/reaper/reaper_controller_test.go index edb66e248..7b9e11070 100644 --- a/controllers/reaper/reaper_controller_test.go +++ b/controllers/reaper/reaper_controller_test.go @@ -2,6 +2,7 @@ package reaper import ( "context" + "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/resource" "k8s.io/utils/ptr" "testing" @@ -64,6 +65,7 @@ func TestReaper(t *testing.T) { t.Run("CreateReaperWithAuthEnabled", reaperControllerTest(ctx, testEnv, testCreateReaperWithAuthEnabled)) t.Run("CreateReaperWithAuthEnabledExternalSecret", reaperControllerTest(ctx, testEnv, testCreateReaperWithAuthEnabledExternalSecret)) t.Run("CreateReaperWithLocalStorageBackend", reaperControllerTest(ctx, testEnv, testCreateReaperWithLocalStorageType)) + t.Run("CreateReaperWithHttpAuthEnabled", reaperControllerTest(ctx, testEnv, testCreateReaperWithHttpAuthEnabled)) } func newMockManager() reaper.Manager { @@ -570,6 +572,72 @@ func testCreateReaperWithLocalStorageType(t *testing.T, ctx context.Context, k8s assert.Equal(t, "reaper-data", dataVolumeMount.Name) } +func testCreateReaperWithHttpAuthEnabled(t *testing.T, ctx context.Context, k8sClient client.Client, testNamespace string) { + t.Log("create the Reaper object") + r := newReaper(testNamespace) + r.Spec.StorageType = reaperapi.StorageTypeLocal + r.Spec.StorageConfig = newStorageConfig() + r.Spec.HttpManagement.Enabled = true + + err := k8sClient.Create(ctx, r) + require.NoError(t, err) + + t.Log("check that the stateful set is created") + stsKey := types.NamespacedName{Namespace: testNamespace, Name: reaperName} + sts := &appsv1.StatefulSet{} + + require.Eventually(t, func() bool { + return k8sClient.Get(ctx, stsKey, sts) == nil + }, timeout, interval, "stateful set creation check failed") + + // if the http auth is enabled, reaper controller should prepare the secret where k8s controller will place per-cluster secrets + secretKey := types.NamespacedName{Namespace: testNamespace, Name: reaper.GetTruststoresSecretName(r.Name)} + truststoresSecret := &corev1.Secret{} + require.Eventually(t, func() bool { + return k8sClient.Get(ctx, secretKey, truststoresSecret) == nil + }, timeout, interval, "truststore secret creation check failed") + assert.True(t, truststoresSecret.Data == nil) + assert.Equal(t, 0, len(truststoresSecret.Data)) + + // In this configuration, we expect Reaper to also have a mount for the http auth secrets + assert.Len(t, sts.Spec.Template.Spec.Containers[0].VolumeMounts, 3) + confVolumeMount := sts.Spec.Template.Spec.Containers[0].VolumeMounts[0].DeepCopy() + assert.Equal(t, "conf", confVolumeMount.Name) + dataVolumeMount := sts.Spec.Template.Spec.Containers[0].VolumeMounts[2].DeepCopy() + assert.Equal(t, "reaper-data", dataVolumeMount.Name) + truststoresVolumeMount := sts.Spec.Template.Spec.Containers[0].VolumeMounts[1].DeepCopy() + assert.Equal(t, "management-api-keystores-per-cluster", truststoresVolumeMount.Name) + + // when we delete reaper, the STS and the secret both go away due to the owner reference + // however, that does not happen in env tests + err = k8sClient.Delete(ctx, r) + require.NoError(t, err) + + reaperKey := types.NamespacedName{Namespace: testNamespace, Name: reaperName} + assert.Eventually(t, func() bool { + err = k8sClient.Get(ctx, reaperKey, r) + return errors.IsNotFound(err) + }, timeout, interval, "reaper stateful set deletion check failed") + + assert.Eventually(t, func() bool { + err = k8sClient.Get(ctx, stsKey, sts) + // we'd expect errors.IsNotFound(err) here, except for some reason this is not happening in env tests + return err == nil + }, timeout, interval, "reaper stateful set deletion check failed") + + assert.Eventually(t, func() bool { + err = k8sClient.Get(ctx, secretKey, truststoresSecret) + // again, we'd expect errors.IsNotFound(err) ... + return err == nil + }, timeout, interval, "reaper truststore secret deletion check failed") + + // so we delete stuff manually + err = k8sClient.Delete(ctx, sts) + require.NoError(t, err) + err = k8sClient.Delete(ctx, truststoresSecret) + require.NoError(t, err) +} + // Check if env var exists func envVarExists(envVars []corev1.EnvVar, name string) bool { for _, envVar := range envVars { diff --git a/pkg/reaper/deployment.go b/pkg/reaper/deployment.go index cff7af0b4..3d62c1319 100644 --- a/pkg/reaper/deployment.go +++ b/pkg/reaper/deployment.go @@ -155,6 +155,7 @@ func computeEnvVars(reaper *api.Reaper, dc *cassdcapi.CassandraDatacenter) []cor Value: "true", }) + // we might have a general-purpose keystore and truststore if reaper.Spec.HttpManagement.Keystores != nil { envVars = append(envVars, corev1.EnvVar{ Name: "REAPER_HTTP_MANAGEMENT_KEYSTORE_PATH", @@ -165,6 +166,18 @@ func computeEnvVars(reaper *api.Reaper, dc *cassdcapi.CassandraDatacenter) []cor Value: "/etc/encryption/mgmt/truststore.jks", }) } + + // when we're a control plane, and we use http + // we might need to have specific stores per cluster managed by this Reaper instance + // we always deploy the secret that holds them, even if it never gets populated + if reaper.Spec.StorageType == api.StorageTypeLocal && reaper.Spec.DatacenterRef.Name == "" { + if reaper.Spec.HttpManagement.Enabled { + envVars = append(envVars, corev1.EnvVar{ + Name: "REAPER_HTTP_MANAGEMENT_TRUSTSTORES_DIR", + Value: "/etc/encryption/mgmt/perClusterTruststores", + }) + } + } } return envVars @@ -203,6 +216,21 @@ func computeVolumes(reaper *api.Reaper) ([]corev1.Volume, []corev1.VolumeMount) }) } + if reaper.Spec.HttpManagement.Enabled { + volumes = append(volumes, corev1.Volume{ + Name: "management-api-keystores-per-cluster", + VolumeSource: corev1.VolumeSource{ + Secret: &corev1.SecretVolumeSource{ + SecretName: GetTruststoresSecretName(reaper.Name), + }, + }, + }) + volumeMounts = append(volumeMounts, corev1.VolumeMount{ + Name: "management-api-keystores-per-cluster", + MountPath: "/etc/encryption/mgmt/perClusterTruststores", + }) + } + if reaper.Spec.StorageType == api.StorageTypeLocal { volumes = append(volumes, corev1.Volume{ Name: "reaper-data", @@ -286,7 +314,13 @@ func configureClientEncryption(reaper *api.Reaper, envVars []corev1.EnvVar, volu return envVars, volumes, volumeMounts } -func computePodSpec(reaper *api.Reaper, dc *cassdcapi.CassandraDatacenter, initContainerResources *corev1.ResourceRequirements, keystorePassword *string, truststorePassword *string) corev1.PodSpec { +func computePodSpec( + reaper *api.Reaper, + dc *cassdcapi.CassandraDatacenter, + initContainerResources *corev1.ResourceRequirements, + keystorePassword *string, + truststorePassword *string, +) corev1.PodSpec { envVars := computeEnvVars(reaper, dc) volumes, volumeMounts := computeVolumes(reaper) mainImage := reaper.Spec.ContainerImage.ApplyDefaults(defaultImage) @@ -365,7 +399,7 @@ func NewStatefulSet(reaper *api.Reaper, dc *cassdcapi.CassandraDatacenter, logge } if reaper.Spec.ReaperTemplate.StorageConfig == nil { - logger.Error(fmt.Errorf("reaper spec needs storage config when using memory sotrage type"), "missing storage config") + logger.Error(fmt.Errorf("reaper spec needs storage config when using 'local' sotrage type"), "missing storage config") return nil } diff --git a/pkg/reaper/deployment_test.go b/pkg/reaper/deployment_test.go index 9dc08f590..b934fd0de 100644 --- a/pkg/reaper/deployment_test.go +++ b/pkg/reaper/deployment_test.go @@ -314,6 +314,14 @@ func TestNewStatefulSetForControlPlane(t *testing.T) { Name: "REAPER_DATACENTER_AVAILABILITY", Value: "", }, + { + Name: "REAPER_HTTP_MANAGEMENT_ENABLE", + Value: "true", + }, + { + Name: "REAPER_HTTP_MANAGEMENT_TRUSTSTORES_DIR", + Value: "/etc/encryption/mgmt/perClusterTruststores", + }, }) } @@ -734,6 +742,9 @@ func newTestControlPlaneReaper() *reaperapi.Reaper { ReaperTemplate: reaperapi.ReaperTemplate{ StorageType: "local", StorageConfig: newTestStorageConfig(), + HttpManagement: reaperapi.HttpManagement{ + Enabled: true, + }, }, }, } diff --git a/pkg/reaper/manager.go b/pkg/reaper/manager.go index d8287b0fb..2bc2f6ade 100644 --- a/pkg/reaper/manager.go +++ b/pkg/reaper/manager.go @@ -68,7 +68,10 @@ func (r *restReaperManager) connect(ctx context.Context, reaperSvc, username, pa } func (r *restReaperManager) AddClusterToReaper(ctx context.Context, cassdc *cassdcapi.CassandraDatacenter) error { - return r.reaperClient.AddCluster(ctx, cassdcapi.CleanupForKubernetes(cassdc.Spec.ClusterName), cassdc.GetSeedServiceName()) + // this is a syntax trick coming from how Reaper parses hosts being added + // setting the cluster name allows Reaper to pick correct certs to do HTTPS with mgmt-api (if needed) + clusterName := cassdcapi.CleanupForKubernetes(cassdc.Spec.ClusterName) + return r.reaperClient.AddCluster(ctx, clusterName, cassdc.GetSeedServiceName()+"@"+clusterName) } func (r *restReaperManager) VerifyClusterIsConfigured(ctx context.Context, cassdc *cassdcapi.CassandraDatacenter) (bool, error) { diff --git a/pkg/reaper/secrets.go b/pkg/reaper/secrets.go index f054cda88..7037e056e 100644 --- a/pkg/reaper/secrets.go +++ b/pkg/reaper/secrets.go @@ -92,3 +92,7 @@ func secretToEnvVars(secret *corev1.Secret, envUsernameParam, envPasswordParam s return &usernameEnvVar, &passwordEnvVar, nil } + +func GetTruststoresSecretName(reaperName string) string { + return fmt.Sprintf("%s-truststores", reaperName) +} diff --git a/test/e2e/reaper_test.go b/test/e2e/reaper_test.go index 89df3e6b9..75f7ae92c 100644 --- a/test/e2e/reaper_test.go +++ b/test/e2e/reaper_test.go @@ -306,15 +306,26 @@ func createReaperAndDatacenter(t *testing.T, ctx context.Context, namespace stri } func createControlPlaneReaperAndDatacenter(t *testing.T, ctx context.Context, namespace string, f *framework.E2eFramework) { - reaperKey := framework.ClusterKey{K8sContext: f.ControlPlaneContext, NamespacedName: types.NamespacedName{Namespace: namespace, Name: "reaper1"}} - dcKey := framework.ClusterKey{K8sContext: f.DataPlaneContexts[0], NamespacedName: types.NamespacedName{Namespace: namespace, Name: "dc1"}} + reaperName := "reaper1" + cluster1Name := "enc-mgmt" + cluster2Name := "enc-mgmt-2" + + reaperKey := framework.ClusterKey{K8sContext: f.ControlPlaneContext, NamespacedName: types.NamespacedName{Namespace: namespace, Name: reaperName}} + c1dc1Key := framework.ClusterKey{K8sContext: f.DataPlaneContexts[0], NamespacedName: types.NamespacedName{Namespace: namespace, Name: fmt.Sprintf("%s-dc1", cluster1Name)}} + c2dc1Key := framework.ClusterKey{K8sContext: f.DataPlaneContexts[0], NamespacedName: types.NamespacedName{Namespace: namespace, Name: fmt.Sprintf("%s-dc1", cluster2Name)}} checkReaperReady(t, f, ctx, reaperKey) - checkDatacenterReady(t, ctx, dcKey, f) + checkDatacenterReady(t, ctx, c1dc1Key, f) + checkDatacenterReady(t, ctx, c2dc1Key, f) - dcPrefix := DcPrefix(t, f, dcKey) + t.Log("Verify Reaper received k8ssandra-cluster secrets") + verifyReaperSecrets(t, f, ctx, namespace, reaperName, cluster1Name, cluster2Name) + + c1dc1Prefix := DcPrefix(t, f, c1dc1Key) + c2dc1Prefix := DcPrefix(t, f, c2dc1Key) - createKeyspaceAndTable(t, f, ctx, f.DataPlaneContexts[0], namespace, "e2etestcluster", dcPrefix+"-default-sts-0", "test_ks", "test_table", 2) + createKeyspaceAndTable(t, f, ctx, f.DataPlaneContexts[0], namespace, cluster1Name, c1dc1Prefix+"-r1-sts-0", "test_ks_c1", "test_table", 2) + createKeyspaceAndTable(t, f, ctx, f.DataPlaneContexts[0], namespace, cluster2Name, c2dc1Prefix+"-r1-sts-0", "test_ks_c2", "test_table", 2) t.Log("deploying Reaper ingress routes in context", f.ControlPlaneContext) reaperRestHostAndPort := ingressConfigs[f.ControlPlaneContext].ReaperRest @@ -322,15 +333,17 @@ func createControlPlaneReaperAndDatacenter(t *testing.T, ctx context.Context, na defer f.UndeployAllIngresses(t, f.ControlPlaneContext, namespace) checkReaperApiReachable(t, ctx, reaperRestHostAndPort) - t.Run("TestReaperApi[0]", func(t *testing.T) { - t.Log("test Reaper API in context", f.ControlPlaneContext) - secretKey := framework.ClusterKey{K8sContext: f.ControlPlaneContext, NamespacedName: types.NamespacedName{Namespace: namespace, Name: "reaper-ui-secret"}} - username, password := retrieveCredentials(t, f, ctx, secretKey) - testReaperApi(t, ctx, f.ControlPlaneContext, DcClusterName(t, f, dcKey), "test_ks", username, password) - }) + secretKey := framework.ClusterKey{K8sContext: f.ControlPlaneContext, NamespacedName: types.NamespacedName{Namespace: namespace, Name: "reaper-ui-secret"}} + reaperUiUsername, reaperUiPassword := retrieveCredentials(t, f, ctx, secretKey) + + t.Logf("test Reaper API with cluster %s in context %s", cluster1Name, f.ControlPlaneContext) + testReaperApi(t, ctx, f.ControlPlaneContext, DcClusterName(t, f, c1dc1Key), "test_ks_c1", reaperUiUsername, reaperUiPassword) + t.Logf("test Reaper API with cluster %s in context %s", cluster2Name, f.ControlPlaneContext) + testReaperApi(t, ctx, f.ControlPlaneContext, DcClusterName(t, f, c2dc1Key), "test_ks_c2", reaperUiUsername, reaperUiPassword) t.Log("verify Reaper keyspace absent") - checkKeyspaceNeverCreated(t, f, ctx, f.DataPlaneContexts[0], namespace, "e2etestcluster", dcPrefix+"-default-sts-0", "reaper_db") + checkKeyspaceNeverCreated(t, f, ctx, f.DataPlaneContexts[0], namespace, cluster1Name, c1dc1Prefix+"-r1-sts-0", "reaper_db") + checkKeyspaceNeverCreated(t, f, ctx, f.DataPlaneContexts[0], namespace, cluster2Name, c2dc1Prefix+"-r1-sts-0", "reaper_db") } func checkReaperReady(t *testing.T, f *framework.E2eFramework, ctx context.Context, reaperKey framework.ClusterKey) { @@ -440,7 +453,6 @@ func testRemoveReaperFromK8ssandraCluster( } func connectReaperApi(t *testing.T, ctx context.Context, k8sContext, clusterName, username, password string) reaperclient.Client { - t.Logf("Testing Reaper API in context %v...", k8sContext) var reaperURL, _ = url.Parse(fmt.Sprintf("http://%s", ingressConfigs[k8sContext].ReaperRest)) var reaperClient = reaperclient.NewClient(reaperURL) if username != "" { @@ -472,7 +484,7 @@ func checkClusterIsRegisteredInReaper(t *testing.T, ctx context.Context, cluster } func triggerRepair(t *testing.T, ctx context.Context, clusterName, keyspace string, reaperClient reaperclient.Client) uuid.UUID { - t.Log("Starting a repair") + t.Logf("Starting a repair of cluster %s and keyspace %s", clusterName, keyspace) options := &reaperclient.RepairRunCreateOptions{SegmentCountPerNode: 5} repairId, err := reaperClient.CreateRepairRun(ctx, clusterName, keyspace, "k8ssandra", options) require.NoErrorf(t, err, "Failed to create repair run: %s", err) diff --git a/test/e2e/suite_test.go b/test/e2e/suite_test.go index 5a9b98d98..8ec82da72 100644 --- a/test/e2e/suite_test.go +++ b/test/e2e/suite_test.go @@ -5,6 +5,7 @@ import ( "encoding/json" "flag" "fmt" + "github.com/k8ssandra/k8ssandra-operator/pkg/reaper" "net/http" "net/url" "os" @@ -272,7 +273,7 @@ func TestOperator(t *testing.T) { testFunc: createReaperAndDatacenter, fixture: framework.NewTestFixture("reaper", dataPlanes[0]), skipK8ssandraClusterCleanup: true, - doCassandraDatacenterCleanup: true, + doCassandraDatacenterCleanup: false, })) t.Run("CreateControlPlaneReaperAndDataCenter", e2eTest(ctx, &e2eTestOpts{ testFunc: createControlPlaneReaperAndDatacenter, @@ -1933,24 +1934,47 @@ func createKeyspaceAndTable( ) { _, err := f.ExecuteCql(ctx, k8sContext, namespace, clusterName, pod, fmt.Sprintf("CREATE KEYSPACE %s WITH REPLICATION = {'class' : 'SimpleStrategy', 'replication_factor' : %d};", keyspace, replicationFactor)) require.NoError(t, err, "failed to create keyspace") - - _, err = f.ExecuteCql(ctx, k8sContext, namespace, clusterName, pod, fmt.Sprintf("CREATE TABLE %s.%s (id int PRIMARY KEY);", keyspace, table)) + _, err = f.ExecuteCql(ctx, k8sContext, namespace, clusterName, pod, fmt.Sprintf("CREATE TABLE %s.%s (id INT PRIMARY KEY, v TEXT);", keyspace, table)) require.NoError(t, err, "failed to create table") } +func verifyReaperSecrets( + t *testing.T, + f *framework.E2eFramework, + ctx context.Context, + namespace, reaperName, cluster1Name, cluster2Name string, +) { + // check that the secret now has 2 entries + updatedTruststoreSecret := &corev1.Secret{} + err := f.Client.Get(ctx, types.NamespacedName{Namespace: namespace, Name: reaper.GetTruststoresSecretName(reaperName)}, updatedTruststoreSecret) + require.NoError(t, err, "failed to get reaper's truststore secret") + require.Len(t, updatedTruststoreSecret.Data, 4, "truststore secret should have 2 entries") + + // check that updatedTruststoreSecret keys are made of correctly named truststore files + _, ok := updatedTruststoreSecret.Data[fmt.Sprintf("%s-truststore.jks", cluster1Name)] + require.True(t, ok, "truststore secret should have key %s", cluster1Name) + _, ok = updatedTruststoreSecret.Data[fmt.Sprintf("%s-keystore.jks", cluster1Name)] + require.True(t, ok, "truststore secret should have key %s", cluster1Name) + + _, ok = updatedTruststoreSecret.Data[fmt.Sprintf("%s-keystore.jks", cluster2Name)] + require.True(t, ok, "truststore secret should have key %s", cluster2Name) + _, ok = updatedTruststoreSecret.Data[fmt.Sprintf("%s-keystore.jks", cluster2Name)] + require.True(t, ok, "truststore secret should have key %s", cluster2Name) +} + func checkKeyspaceNeverCreated( t *testing.T, f *framework.E2eFramework, ctx context.Context, k8sContext, namespace, clusterName, pod, keyspace string, ) { - require.Never(t, func() bool { + require.Eventually(t, func() bool { keyspaces, err := f.ExecuteCql(ctx, k8sContext, namespace, clusterName, pod, "DESCRIBE KEYSPACES") if err != nil { t.Logf("failed to describe keyspaces: %v", err) return false } - return strings.Contains(keyspaces, keyspace) + return !strings.Contains(keyspaces, keyspace) }, 1*time.Minute, 3*time.Second) } @@ -1961,7 +1985,7 @@ func checkKeyspaceExists( k8sContext, namespace, clusterName, pod, keyspace string, ) { require.Eventually(t, func() bool { - keyspaces, err := f.ExecuteCql(ctx, k8sContext, namespace, clusterName, pod, "describe keyspaces") + keyspaces, err := f.ExecuteCql(ctx, k8sContext, namespace, clusterName, pod, "DESCRIBE KEYSPACES") if err != nil { t.Logf("failed to describe keyspaces: %v", err) return false diff --git a/test/testdata/fixtures/reaper-control-plane/k8ssandra.yaml b/test/testdata/fixtures/reaper-control-plane/k8ssandra.yaml index bbb7597e6..8827e7b97 100644 --- a/test/testdata/fixtures/reaper-control-plane/k8ssandra.yaml +++ b/test/testdata/fixtures/reaper-control-plane/k8ssandra.yaml @@ -1,45 +1,259 @@ apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: - name: cassandra-config + name: enc-mgmt-enc-mgmt-c1dc1-c-mgmt-ks data: - cassandra.yaml: | - concurrent_reads: 32 - concurrent_writes: 32 - concurrent_counter_writes: 32 + keystore.jks: >- + /u3+7QAAAAIAAAACAAAAAQAJcHJpdmF0ZS0wAAABkdwwuoQAAAUDMIIE/zAOBgorBgEEASoCEQEBBQAEggTrIud5P+CTK4pdwFj4iC4bkay2jbSzzKzpCG59VN4deISBghweTSAE4OwW/792IoOIt+FD9Z6/MUa04DlkDD+fHzHbe/7UR67b8Xcwfb0WdodjEGuFA6q0Eq3JanwT6cCVVkuwowPK+PBP3l2v1u4rG0KX5L5UjLiAIJ9nm85uX61H53G+C0BxpKbjV8Foaj0+nQqKb7cwolPGZ0VzSIPvKNJGTLP+NB3rKeCID32Qu2kSr4vftniZPKCjNfjoOB2XGe/VTcnyK1r6PQ6SeB3D9fW/SNeC23oKTnmJ8pYjevKHCGhJC6pom7f9yCdLeEYse6zmJNQTsp8cTqCDp2JLsQabUuZMHSMvxuKSKtzO2J3YcOFxjYU+8Lpyt9NJLfO2lQaeto+RBHK5dxSKr3CaHsO2XZ+RgzoeHeWSkCfYet9Ea+S2VOY/1SrAraJJoH7zpvtappunWgUP83O97KxLIa2avs19zvpnVVbXRmPrs+6c20ANncL9EPhujso7R/iv39xRJb4wcA5zZch+nunc7j7W8GW+7Fj/pZOiZKsARK8KjTZheNx+pdCawot9CuoYVQxi7nH7WgO4Mrg8NS+AZMwu1UFqIFuW5JqtDd1P/hNPmMwQvkh04BfSU6wR5mBWeTxvf+nr84HKZLPM2xm/lbqNwvJgj1ItBMWlbCLSiSeGpzt2zM/NVJCZm8+/2VczO6tyFUqQjtThmP5Y+MDu+sav8AxF/5CgPS/uI9KDeUxn77UVtIXQwzDtUnHZOAzjPuREIACfxlTc9WWmk1BTHdhRMEeyZvDdvK9nZVTrltvzYfLZh5O1S5rO5yi46nWZYR8x9rpHS5OduL/Co+IzAzviK+8/5VxeiD5bwZ+iLJJqFrVMnLs9EkZTMnXjbcGLvalaZT2wRK82FvnRAEnrBHq1lcJniLrwgHTKAxbx1ttn9rciPm6xnIF3rLRJWms60ja+65PqA7bpLeF9NWvLgi5holLzV8Rewnm/7dtIMPu0RzG0F8NH1AIhz2Iof89roBgF8A6XBFuvW9eZ6ymN3GIKyN5uMfPatW+qx6+2vh86k8ZMK+6R8dTxlTxntgdvuFiqb/gzgdx28zoyUVyeKoKFty1nFUtJLTRYWM3UMTtOXGVG4e3iXSO30wmEHxKO9H0hL/Gu2IKvOgbg0tgqfsIGGdAS3aEnseJHQxGuzDDzkks8pO0m4lhDv/lCU+BCwuUztRiVH+SQg/p8W8jmxH6zXvgldEVyyVvMNGEEj8uLtEKSxjfrGKAJPboEJkpmPVv/m+z1Yru0dJCMTu+qt2KEXOUMQl60E26vfYJkCsQnHxsdUV4z+nXEXDUhBWDt1kPgos1MFRpzy7SO7F28Y2YB4YcJPruD5g9NoANTWHzxN69FivRhiBPSK1Jt/PmuegrcgAa16XXAOOVuu2lY5JgQRbqJY8OW/OPFSoGM6zxk/4fzrUvGKwFL/yPnWwlLR+aovW1psWY42TpNGhpKeMXJIAguj1+R/A7Kd5+xYS/zqDl+gNusGktuYc7fyZhAGZnTPS1OZe0aStzioONG5Q9E28CJZlPVRqcNClewaCiZgphVsA6c6rJm+37wVVb/PToIceQxt/GgpcuFAcBoQgTMlG3gD9sw9Efyv/iwjYLrZdATIxzf0kJiSaVl3Q+7NwV1DOTVza+vRiwAAAABAARYNTA5AAADFzCCAxMwggH7oAMCAQICEQCcfz5/rhuik9FBcQ2o8I0GMA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNVBAMTFWVuYy1tZ210LW1nbXQtc2VsZi1jYTAeFw0yNDA5MTAxMzQ3NDZaFw0yNTAzMTIwMTQ3NDZaMCcxJTAjBgNVBAMTHGVuYy1tZ210LWVuYy1tZ210LWRjMS1jLW1nbXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD2CcosMdt/HfV0lGVGxfHD0hIKO2Xs+BWNbMpho8LOswkVvLcS/jyexlE+In6syIYoVjpB953YZzsZmvvGMmYF3bffLv6boT2UPu7P67CIgpHlSdTRiYDKFwNnPlADe6QZgSB7Mr2MS0lsXeBQKnLuHu1EeQCh+LpPluwc157glA5BdKYvnzYh5AND7IumcQBuiHIHUKfJLykEEXdy8S+gcnfYpkBfmP+qfud6QWQFuCZFkV1lV5yqcCm01Rw1IYc/txE04EdnoIp0MVYdFd7EXDpsEUjveh/W/77WJndZVGq/c1CmSO8vUxmVI/l/ftX+vORQIcnUeoC5vsTQz8ivAgMBAAGjQTA/MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFF1TJZqF6KTcxaN7f05vUIQRLCxNMA0GCSqGSIb3DQEBCwUAA4IBAQBHnQBGNrXDNNXdMan6g14rOhDDPzyZXBHAHccU+6hyXE1tSLMIsXuT1viKfqqIKkMDNsTXioWVObefoJGfAYW+1eDuDqqHFbiy71+IbzXQNFtMGveiopyG9G6xkjoxwFsjYeX7iAyhEXk8W7eiHy5RDh6epiuVsGasdV75yGq11vPeXEZnSXN0YpVWDmarBsKbVfiRJzU1xnyjsE98vYgryVWR8ObEX4AAte2QQsKKjjQABk//kmQY+TOUU9GDqhkfPiE2tvCV6dhNrL7iFmdfyDcLSfe6RlpEF+sOvQ2VYJiWvr50cmtUvGW8qctKa7WyFxyNTRR64/g2FM+lyRveAAAAAgAJa3MtY2VydC0wAAABkdwwuoMABFg1MDkAAAMXMIIDEzCCAfugAwIBAgIRAJx/Pn+uG6KT0UFxDajwjQYwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UEAxMVZW5jLW1nbXQtbWdtdC1zZWxmLWNhMB4XDTI0MDkxMDEzNDc0NloXDTI1MDMxMjAxNDc0NlowJzElMCMGA1UEAxMcZW5jLW1nbXQtZW5jLW1nbXQtZGMxLWMtbWdtdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPYJyiwx238d9XSUZUbF8cPSEgo7Zez4FY1symGjws6zCRW8txL+PJ7GUT4ifqzIhihWOkH3ndhnOxma+8YyZgXdt98u/puhPZQ+7s/rsIiCkeVJ1NGJgMoXA2c+UAN7pBmBIHsyvYxLSWxd4FAqcu4e7UR5AKH4uk+W7BzXnuCUDkF0pi+fNiHkA0Psi6ZxAG6IcgdQp8kvKQQRd3LxL6Byd9imQF+Y/6p+53pBZAW4JkWRXWVXnKpwKbTVHDUhhz+3ETTgR2eginQxVh0V3sRcOmwRSO96H9b/vtYmd1lUar9zUKZI7y9TGZUj+X9+1f685FAhydR6gLm+xNDPyK8CAwEAAaNBMD8wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUXVMlmoXopNzFo3t/Tm9QhBEsLE0wDQYJKoZIhvcNAQELBQADggEBAEedAEY2tcM01d0xqfqDXis6EMM/PJlcEcAdxxT7qHJcTW1Iswixe5PW+Ip+qogqQwM2xNeKhZU5t5+gkZ8Bhb7V4O4OqocVuLLvX4hvNdA0W0wa96KinIb0brGSOjHAWyNh5fuIDKEReTxbt6IfLlEOHp6mK5WwZqx1XvnIarXW895cRmdJc3RilVYOZqsGwptV+JEnNTXGfKOwT3y9iCvJVZHw5sRfgAC17ZBCwoqONAAGT/+SZBj5M5RT0YOqGR8+ITa28JXp2E2svuIWZ1/INwtJ97pGWkQX6w69DZVgmJa+vnRya1S8Zbypy0prtbIXHI1NFHrj+DYUz6XJG97yXLp+YAOo096c5gwUxzAQLmBxzQ== + truststore.jks: >- + /u3+7QAAAAIAAAABAAAAAgAKdHMtYWxpYXMtMAAAAZHcMLqFAARYNTA5AAADETCCAw0wggH1oAMCAQICEQCBdM+l+RLMG32Q6eM57zz4MA0GCSqGSIb3DQEBCwUAMCAxHjAcBgNVBAMTFWVuYy1tZ210LW1nbXQtc2VsZi1jYTAeFw0yNDA5MTAxMzQ3MDFaFw0yOTA5MDkxMzQ3MDFaMCAxHjAcBgNVBAMTFWVuYy1tZ210LW1nbXQtc2VsZi1jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDh8XgQmPB0flXH3WgrEuTY/U0HxrvTm3nExiKGYhRW/06V2V1UW+drNbVr4WemxUjVatlWyUhDhQQ5PSTVyHa7iCVNW56/LJZA4ciSMFi1R/v0P4SaEq58FXdEaMX33BHPgoaYRupQ6Es0mAxdzT9EoegBuc86HUxAA89602tuC5Ib1I6A+QptOxEQ+PKuGgY6m3lSFHqUElBMBlc11FnENo2NwpOqG75Vjim2yh9Dnb22OgUzvLATN0wFIh1iHL/J/+qx3bw/f2aU7+R7DMd3v+VJxIvvJxLZ/3gb2RBuUQ+9azn278/l/tJvU4e1JbCfuwZsH8yRoP9Si2UrhmsCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFF1TJZqF6KTcxaN7f05vUIQRLCxNMA0GCSqGSIb3DQEBCwUAA4IBAQCH9vjjehbIf1LLR9mXzjmNKTmyi0jXAqCdUwaW1VHT8IcxGyyA7+5A1dv2X+CL+EI5H4kq0x824YJOHnY6W1tKoXz7s/85q81S7tpj2Gn9wnRB6wv0CGqtrksgHOICJSVvfXnEsnlNbJCGzVcFwdZeEdPr4HKyeAGNbejL72I9kjFXpVpoOrm98EVHs3JvDUgoe5cDZFMsUmpfNy4TVNKHlly4Cw+y31maUNxOxAeh8TVVvodq4SEKNgUgyeonrW9gpuK/Xrc3CmWnp90nIomRZ3FcV/6y5hHd35WBlDj3yCScmxFhNLZ633zfgxSerpF27MSuPHn34OiNpyLcL6L12PO6NKpnNmNhMUUJI5U7LP3QEn4= +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: enc-mgmt-c1dc1-r1-sts-0-inode-ks +data: + keystore.jks: >- + /u3+7QAAAAIAAAACAAAAAQAJcHJpdmF0ZS0wAAABkdwwvWUAAAUCMIIE/jAOBgorBgEEASoCEQEBBQAEggTq8/gd5NwjWt24ah3k+GI12ZbWSN7kzv14LY0rVboU5VUlkELkZUZ+OnLi3hk8neZwljK/y48gRAKCV4fe54HswS0y+/f0oY8KK+HGcscrBCGWeXoPZsb2PyMjZmK/nVnufeYdsGJzdiHB0r0wYFAafsz+OM/MyMsT2IQL39PJNoc05Zj8mZJbAq5WmtSvtZvqMNrbbjBurzOp5Q2nMZrZ9R5Fm5hE+zvl5jIFBxDMbM/B+Y1lb5hLpcS1a+0wcyKf+ywYPKp6mosRP+xsDN7HwSNelY6qlFl5AEv0U5oOezmmWS1BHD6XMgCCYqDXjoJPjrq5f0JRfnAgf8hnQ3Ge6wcnM7ttANkjzYl9Vyk6y7GT3oB3jU0tp3qsEhY6krFgF4vo7O+k8qvqoRGd/b/58eCzEVSVMqfHeIQCuVNWlrM4OPG8/lgoCpnpy+usJELcA+lG/SZkUyvEBlk5+HaMXKI7KXgM/f61f4hteo7x8kj4iEmFu0lTTbUXbpTKjtMKtEEvVENzTpyevjStcsC3B11FcDV2MbJfB6x5EyWDczXlfBg0hWw39zOb/TcKq3G+nACQbPebpM+RvdCIt3g3y51lk+ZT/IfsH6KiO5kwAvWzzNYLekhby7vNic8NTto3tJ2ZXy31AVEA0uPXBiw/TMpY7q8f+AYW6DYJrdOYzEJqzlnvyMYroB+tdl5iLSsNaxn2/GCmWG9NhUBwvZAnaQK6N/wIT8cMyc/2gmfNztOOZ//ptyBDOicXbN02x5B7VSsgDcGXqcZXPQCRj/x73v8YPzRSUSUVVHyE6xpzN5gLi0rZ5B0aeotSQJnfXTrlrya8mzk1k1j6UT5C85+8L9iFEhbJ2YOQVdvxc48/e/9t3NuQVLwpSPRyVfzcXz1MQIfn0ven9Vitd4mAQSCqRcmpzsbhA1eRe95mtL0xkv37jWpc9qJARWjOvy1i5nVLDHZJ56ciuppb61XqlUrW2nV5D5626mQl5Q9PCnj0DL3ExLED5pI3+aMh5aebMmEm2ukJ5w3pzGaOPfHfUMwoI0iBFIGVrCYcE14KTezg/VAnrxVv/itpkyZ0b3EvmR07LRNrGpL+ah/qXZLrIsqGGTi4FKmODhvKJ9LQ5vqSMwXfCw8VmZEuEy7dvXTB3HgBkiUq+/auJzJBPaTcSGCVCup1XRYP52au4bR+CgizIJ8/lu8TFoP58+67B6ANOU++I6L8xZYJ/3zFj4yALa40W5UXNIrK+BcVzZpqGl3FpGFqIQVhuWpdyS/iS9EdwCV66hQbe101y0skF2xPwXo0xCxUY703dC96lObqa18It89sDvavgjLlhXjkcmfrqdZxL9jR5aB2gOBQe8d9OZqOT5m3dAsBrlysCF6LVWCm+/T6O4ZemmrXeSSkyts0dlStnC87Z8M2myIIGuYFHyrcf9d9EHjyPHP1WMt94TYoDMBrS7v9LHhGC1okwf+aFF60vIZX/LsClF/gslqCfJ0m8IM19zGcCf/0SrtEq4qqax6zTxARl8xz0xIj5l0LwD9qxvy5s3ci6+IX9VyWW7IiyRZ8bu3oypXqrpTXwe0OVMz6/KEgricfGg4d8JbiszkCAWzCTYNKaFBP2761/rh2s+6Jb4krwfkUsNUOk31gspBI9adGI/UYq3YB9JBjXu8q4jLPn1yr8LPc7wAAAAEABFg1MDkAAAMXMIIDEzCCAfugAwIBAgIRAK/45geKY/3Dbv0uZhHLO74wDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAxMWZW5jLW1nbXQtaW5vZGUtc2VsZi1jYTAeFw0yNDA5MTAxMzQ3NDZaFw0yNTAzMTIwMTQ3NDZaMCYxJDAiBgNVBAMTG2VuYy1tZ210LWRjMS1yMS1zdHMtMC1pbm9kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO+VQWIh5loFgQ7jyYK5aZnqKVP8JSLzA+ljKdgb50vHj3OZPyK2VlbvM4pTq5jp1BqZ7EmM/e/0kwzBqMdM09OjRQeU25XwUxdG5rnYKdfR8nWzdphVVZTuekrcELStn+GyInTuFEf2g/PkQs7bvQnZNWVK9TGg+DHvb4864QxkGKly6L4/ETYkpZQgvyO+KChSS7ijnA5xNu+2WVYRo4AXAbQwbDVhgLzVRbGZ6s275taXQwvqz8Lg8iCP4uCnp2Qd9EpoYmMH8UVjJDW1ZV1GEWhLQmkkoyzl+BwwbY2g8qrOAY07iRKWbB5vXOgfioJsmjyrdbnsimMBcg1qf8ECAwEAAaNBMD8wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUuXy1gsEz2abt0tX2eGU25V8VfOQwDQYJKoZIhvcNAQELBQADggEBABR9CsKN4dyH/I6JooVtZw6B3nyMCSZy+YPqU2ApFO6bl3QlAwAD37msimwDCjGbUV3QAYc2TWkX7ooM4XKyO248/AuDsJPKH2YSGAVuzzc9fzqg4LluUHcrBItORa2ok+QYmeMmrJNdI7mBpDpUKnOMpX4AyDSz3LmbXY0FY9zC36B7Ze9dbKjkIo+ErHpGyOmJ/PCbBKFIryY2MUY2cNMVW8VdMkLSYeMRYHlYRc9wPoaJUPj/6PGtChTZ7FHQwJ7FsEDWQO6e5mSTZVGSzDS4+9acyJiqdrmgZF3+bewotc/r8kUdXqZTS3dRcPMs9UCAatEbAV0bxyEBPd9VOhoAAAACAAlrcy1jZXJ0LTAAAAGR3DC9ZQAEWDUwOQAAAxcwggMTMIIB+6ADAgECAhEAr/jmB4pj/cNu/S5mEcs7vjANBgkqhkiG9w0BAQsFADAhMR8wHQYDVQQDExZlbmMtbWdtdC1pbm9kZS1zZWxmLWNhMB4XDTI0MDkxMDEzNDc0NloXDTI1MDMxMjAxNDc0NlowJjEkMCIGA1UEAxMbZW5jLW1nbXQtZGMxLXIxLXN0cy0wLWlub2RlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA75VBYiHmWgWBDuPJgrlpmeopU/wlIvMD6WMp2BvnS8ePc5k/IrZWVu8zilOrmOnUGpnsSYz97/STDMGox0zT06NFB5TblfBTF0bmudgp19HydbN2mFVVlO56StwQtK2f4bIidO4UR/aD8+RCztu9Cdk1ZUr1MaD4Me9vjzrhDGQYqXLovj8RNiSllCC/I74oKFJLuKOcDnE277ZZVhGjgBcBtDBsNWGAvNVFsZnqzbvm1pdDC+rPwuDyII/i4KenZB30SmhiYwfxRWMkNbVlXUYRaEtCaSSjLOX4HDBtjaDyqs4BjTuJEpZsHm9c6B+KgmyaPKt1ueyKYwFyDWp/wQIDAQABo0EwPzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBS5fLWCwTPZpu3S1fZ4ZTblXxV85DANBgkqhkiG9w0BAQsFAAOCAQEAFH0Kwo3h3If8jomihW1nDoHefIwJJnL5g+pTYCkU7puXdCUDAAPfuayKbAMKMZtRXdABhzZNaRfuigzhcrI7bjz8C4Owk8ofZhIYBW7PNz1/OqDguW5QdysEi05FraiT5BiZ4yask10juYGkOlQqc4ylfgDINLPcuZtdjQVj3MLfoHtl711sqOQij4SsekbI6Yn88JsEoUivJjYxRjZw0xVbxV0yQtJh4xFgeVhFz3A+holQ+P/o8a0KFNnsUdDAnsWwQNZA7p7mZJNlUZLMNLj71pzImKp2uaBkXf5t7Ci1z+vyRR1eplNLd1Fw8yz1QIBq0RsBXRvHIQE931U6GlfUSKwqvIRYPKy4Um0MBN8rrygL + truststore.jks: >- + /u3+7QAAAAIAAAABAAAAAgAKdHMtYWxpYXMtMAAAAZHcML1lAARYNTA5AAADEzCCAw8wggH3oAMCAQICEQCmnRktoOwl53WtaMHFdEs+MA0GCSqGSIb3DQEBCwUAMCExHzAdBgNVBAMTFmVuYy1tZ210LWlub2RlLXNlbGYtY2EwHhcNMjQwOTEwMTM0NjQ2WhcNMjkwOTA5MTM0NjQ2WjAhMR8wHQYDVQQDExZlbmMtbWdtdC1pbm9kZS1zZWxmLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2H+KTWGtlmRgyjPBFUOl/kCydI/on+pbxgOLJNrhxMQh5JhRD8DUhRN82vOL+Aeb+Ch2b/8kE0ZYNwsb/s2kZbd8UOMG4RvWJtgfq+hpnO9HGQ0vojlANEv6H4EvDvDxFvP/0554j1k9xlq+nNWxMjrOtU4BEdstMoxEF4zM3JM/WMd4P95LfO9HmaubJhRuFaMjvxwyOLzVf39xqN288uBsWB4u8ShjtEJB+gW/E7b/x3Y7zqnvqeU+aSisC+gz7H1fDV2I0LWOwG639d2UE/VW09FOKEE4R2J+hvs5O3WnRDfdL6RS131wM4TwPtAb9o8hqy1hBIgkFMTf3sq4RwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUuXy1gsEz2abt0tX2eGU25V8VfOQwDQYJKoZIhvcNAQELBQADggEBAKo3wIGO8gpwYRUIvULECKVMR369PijzpcfsYn1EiuqNbtS6dCB3JKi+dtPt46/RMPOblYMJTlYJM7OegLcWl8UjmIIdk8CSr7dteuUE93kGUx16TdQYko6nQPOGTwLCo3jXY0jJWTbNpqMj+S2GXkvvwcsFDVvJxKhmiOPwRxAGOAAupAM2zLeKjYsvWd0aSwqMcV3N5+/dzte5saY4113nF2wyfHgxBbRbRYWeBq1HJ+cnd6EZMXyhEKBtH4LbKdBDQ6pKs4BaIFeYcLxkg/SsMEZgf7DdFTo0FrnNGnw3jerkVB5yhX8MEYMPCoFTLGGqzUI4emOO8yu6d+/ukY9MUyVQ/zrBjtEFxD9V0aHsFIHorA== +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: enc-mgmt-c1dc1-r1-sts-1-inode-ks +data: + keystore.jks: >- + /u3+7QAAAAIAAAACAAAAAQAJcHJpdmF0ZS0wAAABkdwwvWUAAAUCMIIE/jAOBgorBgEEASoCEQEBBQAEggTq8/gd5NwjWt24ah3k+GI12ZbWSN7kzv14LY0rVboU5VUlkELkZUZ+OnLi3hk8neZwljK/y48gRAKCV4fe54HswS0y+/f0oY8KK+HGcscrBCGWeXoPZsb2PyMjZmK/nVnufeYdsGJzdiHB0r0wYFAafsz+OM/MyMsT2IQL39PJNoc05Zj8mZJbAq5WmtSvtZvqMNrbbjBurzOp5Q2nMZrZ9R5Fm5hE+zvl5jIFBxDMbM/B+Y1lb5hLpcS1a+0wcyKf+ywYPKp6mosRP+xsDN7HwSNelY6qlFl5AEv0U5oOezmmWS1BHD6XMgCCYqDXjoJPjrq5f0JRfnAgf8hnQ3Ge6wcnM7ttANkjzYl9Vyk6y7GT3oB3jU0tp3qsEhY6krFgF4vo7O+k8qvqoRGd/b/58eCzEVSVMqfHeIQCuVNWlrM4OPG8/lgoCpnpy+usJELcA+lG/SZkUyvEBlk5+HaMXKI7KXgM/f61f4hteo7x8kj4iEmFu0lTTbUXbpTKjtMKtEEvVENzTpyevjStcsC3B11FcDV2MbJfB6x5EyWDczXlfBg0hWw39zOb/TcKq3G+nACQbPebpM+RvdCIt3g3y51lk+ZT/IfsH6KiO5kwAvWzzNYLekhby7vNic8NTto3tJ2ZXy31AVEA0uPXBiw/TMpY7q8f+AYW6DYJrdOYzEJqzlnvyMYroB+tdl5iLSsNaxn2/GCmWG9NhUBwvZAnaQK6N/wIT8cMyc/2gmfNztOOZ//ptyBDOicXbN02x5B7VSsgDcGXqcZXPQCRj/x73v8YPzRSUSUVVHyE6xpzN5gLi0rZ5B0aeotSQJnfXTrlrya8mzk1k1j6UT5C85+8L9iFEhbJ2YOQVdvxc48/e/9t3NuQVLwpSPRyVfzcXz1MQIfn0ven9Vitd4mAQSCqRcmpzsbhA1eRe95mtL0xkv37jWpc9qJARWjOvy1i5nVLDHZJ56ciuppb61XqlUrW2nV5D5626mQl5Q9PCnj0DL3ExLED5pI3+aMh5aebMmEm2ukJ5w3pzGaOPfHfUMwoI0iBFIGVrCYcE14KTezg/VAnrxVv/itpkyZ0b3EvmR07LRNrGpL+ah/qXZLrIsqGGTi4FKmODhvKJ9LQ5vqSMwXfCw8VmZEuEy7dvXTB3HgBkiUq+/auJzJBPaTcSGCVCup1XRYP52au4bR+CgizIJ8/lu8TFoP58+67B6ANOU++I6L8xZYJ/3zFj4yALa40W5UXNIrK+BcVzZpqGl3FpGFqIQVhuWpdyS/iS9EdwCV66hQbe101y0skF2xPwXo0xCxUY703dC96lObqa18It89sDvavgjLlhXjkcmfrqdZxL9jR5aB2gOBQe8d9OZqOT5m3dAsBrlysCF6LVWCm+/T6O4ZemmrXeSSkyts0dlStnC87Z8M2myIIGuYFHyrcf9d9EHjyPHP1WMt94TYoDMBrS7v9LHhGC1okwf+aFF60vIZX/LsClF/gslqCfJ0m8IM19zGcCf/0SrtEq4qqax6zTxARl8xz0xIj5l0LwD9qxvy5s3ci6+IX9VyWW7IiyRZ8bu3oypXqrpTXwe0OVMz6/KEgricfGg4d8JbiszkCAWzCTYNKaFBP2761/rh2s+6Jb4krwfkUsNUOk31gspBI9adGI/UYq3YB9JBjXu8q4jLPn1yr8LPc7wAAAAEABFg1MDkAAAMXMIIDEzCCAfugAwIBAgIRAK/45geKY/3Dbv0uZhHLO74wDQYJKoZIhvcNAQELBQAwITEfMB0GA1UEAxMWZW5jLW1nbXQtaW5vZGUtc2VsZi1jYTAeFw0yNDA5MTAxMzQ3NDZaFw0yNTAzMTIwMTQ3NDZaMCYxJDAiBgNVBAMTG2VuYy1tZ210LWRjMS1yMS1zdHMtMC1pbm9kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO+VQWIh5loFgQ7jyYK5aZnqKVP8JSLzA+ljKdgb50vHj3OZPyK2VlbvM4pTq5jp1BqZ7EmM/e/0kwzBqMdM09OjRQeU25XwUxdG5rnYKdfR8nWzdphVVZTuekrcELStn+GyInTuFEf2g/PkQs7bvQnZNWVK9TGg+DHvb4864QxkGKly6L4/ETYkpZQgvyO+KChSS7ijnA5xNu+2WVYRo4AXAbQwbDVhgLzVRbGZ6s275taXQwvqz8Lg8iCP4uCnp2Qd9EpoYmMH8UVjJDW1ZV1GEWhLQmkkoyzl+BwwbY2g8qrOAY07iRKWbB5vXOgfioJsmjyrdbnsimMBcg1qf8ECAwEAAaNBMD8wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUuXy1gsEz2abt0tX2eGU25V8VfOQwDQYJKoZIhvcNAQELBQADggEBABR9CsKN4dyH/I6JooVtZw6B3nyMCSZy+YPqU2ApFO6bl3QlAwAD37msimwDCjGbUV3QAYc2TWkX7ooM4XKyO248/AuDsJPKH2YSGAVuzzc9fzqg4LluUHcrBItORa2ok+QYmeMmrJNdI7mBpDpUKnOMpX4AyDSz3LmbXY0FY9zC36B7Ze9dbKjkIo+ErHpGyOmJ/PCbBKFIryY2MUY2cNMVW8VdMkLSYeMRYHlYRc9wPoaJUPj/6PGtChTZ7FHQwJ7FsEDWQO6e5mSTZVGSzDS4+9acyJiqdrmgZF3+bewotc/r8kUdXqZTS3dRcPMs9UCAatEbAV0bxyEBPd9VOhoAAAACAAlrcy1jZXJ0LTAAAAGR3DC9ZQAEWDUwOQAAAxcwggMTMIIB+6ADAgECAhEAr/jmB4pj/cNu/S5mEcs7vjANBgkqhkiG9w0BAQsFADAhMR8wHQYDVQQDExZlbmMtbWdtdC1pbm9kZS1zZWxmLWNhMB4XDTI0MDkxMDEzNDc0NloXDTI1MDMxMjAxNDc0NlowJjEkMCIGA1UEAxMbZW5jLW1nbXQtZGMxLXIxLXN0cy0wLWlub2RlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA75VBYiHmWgWBDuPJgrlpmeopU/wlIvMD6WMp2BvnS8ePc5k/IrZWVu8zilOrmOnUGpnsSYz97/STDMGox0zT06NFB5TblfBTF0bmudgp19HydbN2mFVVlO56StwQtK2f4bIidO4UR/aD8+RCztu9Cdk1ZUr1MaD4Me9vjzrhDGQYqXLovj8RNiSllCC/I74oKFJLuKOcDnE277ZZVhGjgBcBtDBsNWGAvNVFsZnqzbvm1pdDC+rPwuDyII/i4KenZB30SmhiYwfxRWMkNbVlXUYRaEtCaSSjLOX4HDBtjaDyqs4BjTuJEpZsHm9c6B+KgmyaPKt1ueyKYwFyDWp/wQIDAQABo0EwPzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBS5fLWCwTPZpu3S1fZ4ZTblXxV85DANBgkqhkiG9w0BAQsFAAOCAQEAFH0Kwo3h3If8jomihW1nDoHefIwJJnL5g+pTYCkU7puXdCUDAAPfuayKbAMKMZtRXdABhzZNaRfuigzhcrI7bjz8C4Owk8ofZhIYBW7PNz1/OqDguW5QdysEi05FraiT5BiZ4yask10juYGkOlQqc4ylfgDINLPcuZtdjQVj3MLfoHtl711sqOQij4SsekbI6Yn88JsEoUivJjYxRjZw0xVbxV0yQtJh4xFgeVhFz3A+holQ+P/o8a0KFNnsUdDAnsWwQNZA7p7mZJNlUZLMNLj71pzImKp2uaBkXf5t7Ci1z+vyRR1eplNLd1Fw8yz1QIBq0RsBXRvHIQE931U6GlfUSKwqvIRYPKy4Um0MBN8rrygL + truststore.jks: >- + /u3+7QAAAAIAAAABAAAAAgAKdHMtYWxpYXMtMAAAAZHcML1lAARYNTA5AAADEzCCAw8wggH3oAMCAQICEQCmnRktoOwl53WtaMHFdEs+MA0GCSqGSIb3DQEBCwUAMCExHzAdBgNVBAMTFmVuYy1tZ210LWlub2RlLXNlbGYtY2EwHhcNMjQwOTEwMTM0NjQ2WhcNMjkwOTA5MTM0NjQ2WjAhMR8wHQYDVQQDExZlbmMtbWdtdC1pbm9kZS1zZWxmLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2H+KTWGtlmRgyjPBFUOl/kCydI/on+pbxgOLJNrhxMQh5JhRD8DUhRN82vOL+Aeb+Ch2b/8kE0ZYNwsb/s2kZbd8UOMG4RvWJtgfq+hpnO9HGQ0vojlANEv6H4EvDvDxFvP/0554j1k9xlq+nNWxMjrOtU4BEdstMoxEF4zM3JM/WMd4P95LfO9HmaubJhRuFaMjvxwyOLzVf39xqN288uBsWB4u8ShjtEJB+gW/E7b/x3Y7zqnvqeU+aSisC+gz7H1fDV2I0LWOwG639d2UE/VW09FOKEE4R2J+hvs5O3WnRDfdL6RS131wM4TwPtAb9o8hqy1hBIgkFMTf3sq4RwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUuXy1gsEz2abt0tX2eGU25V8VfOQwDQYJKoZIhvcNAQELBQADggEBAKo3wIGO8gpwYRUIvULECKVMR369PijzpcfsYn1EiuqNbtS6dCB3JKi+dtPt46/RMPOblYMJTlYJM7OegLcWl8UjmIIdk8CSr7dteuUE93kGUx16TdQYko6nQPOGTwLCo3jXY0jJWTbNpqMj+S2GXkvvwcsFDVvJxKhmiOPwRxAGOAAupAM2zLeKjYsvWd0aSwqMcV3N5+/dzte5saY4113nF2wyfHgxBbRbRYWeBq1HJ+cnd6EZMXyhEKBtH4LbKdBDQ6pKs4BaIFeYcLxkg/SsMEZgf7DdFTo0FrnNGnw3jerkVB5yhX8MEYMPCoFTLGGqzUI4emOO8yu6d+/ukY9MUyVQ/zrBjtEFxD9V0aHsFIHorA== +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: enc-mgmt-enc-mgmt-c1dc1-c-mgmt +data: + ca.crt: >- + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lSQUlGMHo2WDVFc3diZlpEcDR6bnZQUGd3RFFZSktvWklodmNOQVFFTEJRQXcKSURFZU1Cd0dBMVVFQXhNVlpXNWpMVzFuYlhRdGJXZHRkQzF6Wld4bUxXTmhNQjRYRFRJME1Ea3hNREV6TkRjdwpNVm9YRFRJNU1Ea3dPVEV6TkRjd01Wb3dJREVlTUJ3R0ExVUVBeE1WWlc1akxXMW5iWFF0YldkdGRDMXpaV3htCkxXTmhNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9PSHhlQkNZOEhSK1ZjZmQKYUNzUzVOajlUUWZHdTlPYmVjVEdJb1ppRkZiL1RwWFpYVlJiNTJzMXRXdmhaNmJGU05WcTJWYkpTRU9GQkRrOQpKTlhJZHJ1SUpVMWJucjhzbGtEaHlKSXdXTFZIKy9RL2hKb1NybndWZDBSb3hmZmNFYytDaHBoRzZsRG9TelNZCkRGM05QMFNoNkFHNXp6b2RURUFEejNyVGEyNExraHZVam9ENUNtMDdFUkQ0OHE0YUJqcWJlVklVZXBRU1VFd0cKVnpYVVdjUTJqWTNDazZvYnZsV09LYmJLSDBPZHZiWTZCVE84c0JNM1RBVWlIV0ljdjhuLzZySGR2RDkvWnBUdgo1SHNNeDNlLzVVbkVpKzhuRXRuL2VCdlpFRzVSRDcxck9mYnZ6K1grMG05VGg3VWxzSis3Qm13ZnpKR2cvMUtMClpTdUdhd0lEQVFBQm8wSXdRREFPQmdOVkhROEJBZjhFQkFNQ0FxUXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QWQKQmdOVkhRNEVGZ1FVWFZNbG1vWG9wTnpGbzN0L1RtOVFoQkVzTEUwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBSWYyK09ONkZzaC9Vc3RIMlpmT09ZMHBPYktMU05jQ29KMVRCcGJWVWRQd2h6RWJMSUR2N2tEVjIvWmY0SXY0ClFqa2ZpU3JUSHpiaGdrNGVkanBiVzBxaGZQdXovem1yelZMdTJtUFlhZjNDZEVIckMvUUlhcTJ1U3lBYzRnSWwKSlc5OWVjU3llVTFza0liTlZ3WEIxbDRSMCt2Z2NySjRBWTF0Nk12dllqMlNNVmVsV21nNnViM3dSVWV6Y204TgpTQ2g3bHdOa1V5eFNhbDgzTGhOVTBvZVdYTGdMRDdMZldacFEzRTdFQjZIeE5WVytoMnJoSVFvMkJTREo2aWV0CmIyQ200cjlldHpjS1phZW4zU2NpaVpGbmNWeFgvckxtRWQzZmxZR1VPUGZJSkp5YkVXRTB0bnJmZk4rREZKNnUKa1hic3hLNDhlZmZnNkkybkl0d3ZvdlU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.crt: >- + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lSQUp4L1BuK3VHNktUMFVGeERhandqUVl3RFFZSktvWklodmNOQVFFTEJRQXcKSURFZU1Cd0dBMVVFQXhNVlpXNWpMVzFuYlhRdGJXZHRkQzF6Wld4bUxXTmhNQjRYRFRJME1Ea3hNREV6TkRjMApObG9YRFRJMU1ETXhNakF4TkRjME5sb3dKekVsTUNNR0ExVUVBeE1jWlc1akxXMW5iWFF0Wlc1akxXMW5iWFF0ClpHTXhMV010YldkdGREQ0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQVBZSnlpd3gKMjM4ZDlYU1VaVWJGOGNQU0VnbzdaZXo0Rlkxc3ltR2p3czZ6Q1JXOHR4TCtQSjdHVVQ0aWZxekloaWhXT2tIMwpuZGhuT3htYSs4WXlaZ1hkdDk4dS9wdWhQWlErN3MvcnNJaUNrZVZKMU5HSmdNb1hBMmMrVUFON3BCbUJJSHN5CnZZeExTV3hkNEZBcWN1NGU3VVI1QUtINHVrK1c3QnpYbnVDVURrRjBwaStmTmlIa0EwUHNpNlp4QUc2SWNnZFEKcDhrdktRUVJkM0x4TDZCeWQ5aW1RRitZLzZwKzUzcEJaQVc0SmtXUlhXVlhuS3B3S2JUVkhEVWhoeiszRVRUZwpSMmVnaW5ReFZoMFYzc1JjT213UlNPOTZIOWIvdnRZbWQxbFVhcjl6VUtaSTd5OVRHWlVqK1g5KzFmNjg1RkFoCnlkUjZnTG0reE5EUHlLOENBd0VBQWFOQk1EOHdEZ1lEVlIwUEFRSC9CQVFEQWdXZ01Bd0dBMVVkRXdFQi93UUMKTUFBd0h3WURWUjBqQkJnd0ZvQVVYVk1sbW9Yb3BOekZvM3QvVG05UWhCRXNMRTB3RFFZSktvWklodmNOQVFFTApCUUFEZ2dFQkFFZWRBRVkydGNNMDFkMHhxZnFEWGlzNkVNTS9QSmxjRWNBZHh4VDdxSEpjVFcxSXN3aXhlNVBXCitJcCtxb2dxUXdNMnhOZUtoWlU1dDUrZ2taOEJoYjdWNE80T3FvY1Z1TEx2WDRodk5kQTBXMHdhOTZLaW5JYjAKYnJHU09qSEFXeU5oNWZ1SURLRVJlVHhidDZJZkxsRU9IcDZtSzVXd1pxeDFYdm5JYXJYVzg5NWNSbWRKYzNSaQpsVllPWnFzR3dwdFYrSkVuTlRYR2ZLT3dUM3k5aUN2SlZaSHc1c1JmZ0FDMTdaQkN3b3FPTkFBR1QvK1NaQmo1Ck01UlQwWU9xR1I4K0lUYTI4SlhwMkUyc3Z1SVdaMS9JTnd0Sjk3cEdXa1FYNnc2OURaVmdtSmErdm5SeWExUzgKWmJ5cHkwcHJ0YklYSEkxTkZIcmorRFlVejZYSkc5ND0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.key: >- + LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRDJDY29zTWR0L0hmVjAKbEdWR3hmSEQwaElLTzJYcytCV05iTXBobzhMT3N3a1Z2TGNTL2p5ZXhsRStJbjZzeUlZb1ZqcEI5NTNZWnpzWgptdnZHTW1ZRjNiZmZMdjZib1QyVVB1N1A2N0NJZ3BIbFNkVFJpWURLRndOblBsQURlNlFaZ1NCN01yMk1TMGxzClhlQlFLbkx1SHUxRWVRQ2grTHBQbHV3YzE1N2dsQTVCZEtZdm56WWg1QU5EN0l1bWNRQnVpSElIVUtmSkx5a0UKRVhkeThTK2djbmZZcGtCZm1QK3FmdWQ2UVdRRnVDWkZrVjFsVjV5cWNDbTAxUncxSVljL3R4RTA0RWRub0lwMApNVllkRmQ3RVhEcHNFVWp2ZWgvVy83N1dKbmRaVkdxL2MxQ21TTzh2VXhtVkkvbC9mdFgrdk9SUUljblVlb0M1CnZzVFF6OGl2QWdNQkFBRUNnZ0VBTzN3d2NqRDN0YXNqbmpVR3EyN09QaDc3RjVnMjAyMURvTGJOMDMrSmFQb20KVnlnU1J6aEtwY1NpL2RmUE1xMGtxbm4yaWQ1NVBrbnZJd2l5bUwrMHBQUnZNVG1tZXpBbnVFRGk4a2cwblR5YwpVNGhmT08zNndtR0FCQ1V2cVRmcWUvUVpTMUFBUGZ3eDIwNXpIazYxRE5kVFhEdTVLRy8vYzZDMG8yQ0tYQmRXClhuOXRjRWVrUStMTkFnMCtxU09GMWROQWI0dDluV0R5dEljMGs3alUyRmlxSEtoVXNhc0RvdW4wcUVXR00rSG8KYTQrZXgzdlFKT1FjcExJTU5WeFY5NmI3NUpjMGlUZU9hak0vZlBlL2FYdWJpUjU1LzdMVi9LRzM1dS9xNFRVagoybXZONkFBaHF5UU1Ua0pBQnp4c3BsVmg2OGVZMUdhMGVDVmtsRXdSNlFLQmdRRDJhbEJYUlByemZaem5PbXh5CkJIaytvOENtVkdpbXo3ZXF3djNsQXZ1Q0FrM2ViT3ZFNzlOTjcxY0sxRXFMS21zYmNiVDdzNCtqWjdUUURTUjMKdjdiSG5KR1MrOHFHOGYwQUVEelZQbE9OQTgrdGVXemFwSkFQU1MzejA2eG9aaEszbW10QUpLS1JuYzlnT0lMSgpnYjVFWDRzQUNYaEhvekdCTWtZb3JvN3o1UUtCZ1FEL203aXcxR3pWckhPdjQwVWVDWWN4NmFkMldPWkZ3VC9JCnZvUmdCN28yaXBYWlhQUkkxWnlKNkF1TDVQU2dRUGpjcVN5NDlFRnh3c0IrMmJjdjlxMHR5dWlPMnR2TDIvVGcKNFZYSmJQTGhNNzZpcnNqazZUUE8zc1MydVAvM2NNS1ljZTBIZ3FySUZYeE5EMHVxbUZ6ZWF1MlQ3Vk1Ma2tlOQpjNUdMT1JKcEF3S0JnUUNBS0ZqeW1vQytSTFZuR1Y2dmloNFk4d2ZPT2haWHM2NjlsRDZDYmlPcXdWSUlmYk85CnNGSEF0ZHNhV2NFUFVoZDBwWlhRVnRvOHpVSWY5c1hodGdiMUdEd3FLdVJ4Zk1mdDBZUWlFQkZhUlFJdElmcjQKV0NCSW92SFFYMlhLd2xPM3hBdEZ5QWY1SGc5dDV0WTJ3VkRZdEt4UmI1dHIvcmRQajNzbnkybXo5UUtCZ1FDMgp3SmEvVDFIMVA5U0MrQ0p0eEhBMS9wSHQ2c2ZSTGNjMTl3bGNRNG9lL3R6K3lSZ2JqeWJaN3Q5NmlSdGlETEloCnlvOGdPZnNrcEJMUFgwZzdjY29HQ0tKWHFTRW5VejkxSFljaGVkVDVzTzVuRUVLd2NBL0xvN2pQejl1ckJhTU0KTGNCRDgyZTVvS3I3eWFqVzh4TExMM1pub25JU3Z1YXVESmdPQzZNZkV3S0JnUUNnNW9HWURoVmlKK3pFUi9CNQozTkJ3QnBTaXRSaFFxU1dPVlBpY2FoNVo3SnlmSTAzVzdmaWlvQzdrYzFWOWlldWVDU0xtMHh3OWVPQUdEMGZlClBKWlRMWUVTQWhWdUpDV3AySTVvZlNSSFJzN0MvZE5NU3J3UmxTZFNUZVB0UXhWUzAwU1NRTzVkL3E1QnlINnAKOTFhcmZBOG43QWV4cFRmUHhBWExTSlc0a2c9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== +type: kubernetes.io/tls +--- +apiVersion: v1 +kind: Secret +metadata: + name: enc-mgmt-enc-mgmt-c1dc1-s-mgmt +data: + ca.crt: >- + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lSQUlGMHo2WDVFc3diZlpEcDR6bnZQUGd3RFFZSktvWklodmNOQVFFTEJRQXcKSURFZU1Cd0dBMVVFQXhNVlpXNWpMVzFuYlhRdGJXZHRkQzF6Wld4bUxXTmhNQjRYRFRJME1Ea3hNREV6TkRjdwpNVm9YRFRJNU1Ea3dPVEV6TkRjd01Wb3dJREVlTUJ3R0ExVUVBeE1WWlc1akxXMW5iWFF0YldkdGRDMXpaV3htCkxXTmhNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQW9PSHhlQkNZOEhSK1ZjZmQKYUNzUzVOajlUUWZHdTlPYmVjVEdJb1ppRkZiL1RwWFpYVlJiNTJzMXRXdmhaNmJGU05WcTJWYkpTRU9GQkRrOQpKTlhJZHJ1SUpVMWJucjhzbGtEaHlKSXdXTFZIKy9RL2hKb1NybndWZDBSb3hmZmNFYytDaHBoRzZsRG9TelNZCkRGM05QMFNoNkFHNXp6b2RURUFEejNyVGEyNExraHZVam9ENUNtMDdFUkQ0OHE0YUJqcWJlVklVZXBRU1VFd0cKVnpYVVdjUTJqWTNDazZvYnZsV09LYmJLSDBPZHZiWTZCVE84c0JNM1RBVWlIV0ljdjhuLzZySGR2RDkvWnBUdgo1SHNNeDNlLzVVbkVpKzhuRXRuL2VCdlpFRzVSRDcxck9mYnZ6K1grMG05VGg3VWxzSis3Qm13ZnpKR2cvMUtMClpTdUdhd0lEQVFBQm8wSXdRREFPQmdOVkhROEJBZjhFQkFNQ0FxUXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QWQKQmdOVkhRNEVGZ1FVWFZNbG1vWG9wTnpGbzN0L1RtOVFoQkVzTEUwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBSWYyK09ONkZzaC9Vc3RIMlpmT09ZMHBPYktMU05jQ29KMVRCcGJWVWRQd2h6RWJMSUR2N2tEVjIvWmY0SXY0ClFqa2ZpU3JUSHpiaGdrNGVkanBiVzBxaGZQdXovem1yelZMdTJtUFlhZjNDZEVIckMvUUlhcTJ1U3lBYzRnSWwKSlc5OWVjU3llVTFza0liTlZ3WEIxbDRSMCt2Z2NySjRBWTF0Nk12dllqMlNNVmVsV21nNnViM3dSVWV6Y204TgpTQ2g3bHdOa1V5eFNhbDgzTGhOVTBvZVdYTGdMRDdMZldacFEzRTdFQjZIeE5WVytoMnJoSVFvMkJTREo2aWV0CmIyQ200cjlldHpjS1phZW4zU2NpaVpGbmNWeFgvckxtRWQzZmxZR1VPUGZJSkp5YkVXRTB0bnJmZk4rREZKNnUKa1hic3hLNDhlZmZnNkkybkl0d3ZvdlU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + tls.crt: >- + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFakNDQWZxZ0F3SUJBZ0lRUkR3bGNKYVBITTJQMDd5R2xNUUlqekFOQmdrcWhraUc5dzBCQVFzRkFEQWcKTVI0d0hBWURWUVFERXhWbGJtTXRiV2R0ZEMxdFoyMTBMWE5sYkdZdFkyRXdIaGNOTWpRd09URXdNVE0wTnpRMgpXaGNOTWpVd016RXlNREUwTnpRMldqQW5NU1V3SXdZRFZRUURFeHhsYm1NdGJXZHRkQzFsYm1NdGJXZHRkQzFrCll6RXRjeTF0WjIxME1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdnEwWkZxM1QKaXZvaHZ5V05sZVdqV1UrQUZwNyswaUt3Nml4NzVTRW9IKzVuQURycHhNMlM3OUtrNy9ETFJTbUVPbTNxeVNmMwpzd2N0aXppWmUvdDc1M2w5SVU0RmtjNTQyZ1ZuQ2NRNkt1NjR0YWlPU3hWSDYxN3JDRStTY2IrTythMzM4VUk1CjNNSHFzTUFRMzFzOEo1WXYzaytucmJ6bVdoMi9VOC9TaTNCN0R0Y0xSaitVS0lTQWhwR3pqNksrT1dlSUJaeGQKTmdjeExVVDVUdzdtZU1xdGUrMTI0VnNJU280dURmbGlKMHlqTW5uY2dqWEpMc214bm5kSXFvS0pIci92eVVnZQo5bUhwSi9nN1BvclBBTEIwbHlIZ3lGeGdYN1h3ZFN1Q0lXOTE1S0pKM1dDWjV0UzRyZk0yY2pWK1ZFZjJpWjNJCkozK0EzL09KNTl2Z1BRSURBUUFCbzBFd1B6QU9CZ05WSFE4QkFmOEVCQU1DQmFBd0RBWURWUjBUQVFIL0JBSXcKQURBZkJnTlZIU01FR0RBV2dCUmRVeVdhaGVpazNNV2plMzlPYjFDRUVTd3NUVEFOQmdrcWhraUc5dzBCQVFzRgpBQU9DQVFFQURqZlNDdklyOHNKTi9mc2FsZ0FUTmV1MGFhSDlXMklSNkNGa242UTg3N3Mzc2kxWDJiVE5DSVZGCnZtMVhMUzZPNEJkblRNUzVxVnJhZ2dLelFJMUNHNCtwbSt2d3kvRVBidThvQzdwY0UvVFVwVUlxTlZQVktrZC8KSkZXODgrS0h5RmRLa2w2dHVLSTVKVXMxN3dla1hpY2xMSmo5b041MmVZZm1Qc2VCL0xrb3IxOENNanBXZFZuKwpjbFFhUVBPK2dpUWJBbVE0akJBZ3EwSmtUM3EyK1FuWHU0ZUptMFpMMzRNMEdmUllZb0MxRTVXVXdFbFEyVXBLCitENUxtMk5QN3R4bUtkTlVzQk45TFJlYkJrb003R2VIZ3JoSFY2djZqRlcvU2pZbm8zR0RTL0VYUzdVdnZWSSsKVExpallyeS9jL2xNbGVxblJxcHFtSmRXd2tESnNnPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= + tls.key: >- + LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQytyUmtXcmRPSytpRy8KSlkyVjVhTlpUNEFXbnY3U0lyRHFMSHZsSVNnZjdtY0FPdW5FelpMdjBxVHY4TXRGS1lRNmJlckpKL2V6QnkyTApPSmw3KzN2bmVYMGhUZ1dSem5qYUJXY0p4RG9xN3JpMXFJNUxGVWZyWHVzSVQ1Snh2NDc1cmZmeFFqbmN3ZXF3CndCRGZXendubGkvZVQ2ZXR2T1phSGI5VHo5S0xjSHNPMXd0R1A1UW9oSUNHa2JPUG9yNDVaNGdGbkYwMkJ6RXQKUlBsUER1WjR5cTE3N1hiaFd3aEtqaTROK1dJblRLTXllZHlDTmNrdXliR2VkMGlxZ29rZXYrL0pTQjcyWWVrbgorRHMraXM4QXNIU1hJZURJWEdCZnRmQjFLNEloYjNYa29rbmRZSm5tMUxpdDh6WnlOWDVVUi9hSm5jZ25mNERmCjg0bm4yK0E5QWdNQkFBRUNnZ0VCQUxLRi91ZHMrSk0yZmtJcE50Y1JtazhVVUNqZDFGZUtnM205RElNSytEWnQKVDZLM2hnZnRNWlc0OHhSenJ0MmljVnNEYnIvSDIvS1MxZUZ6ck1DWVJQb0VsVk9KYVUyS3N6dnRzdnRCN2ZRawpibXdtMUpNWDZhNUZ3R2lYbDlWSU5PVXdMT1NGelFjVHlGaVVlemVraEQzTU1DVkZEd2xydzRDOE9WYVBUZUdlCllNU3MzZnZtVmx4aEx1Q0ZGSW9ISnd0YWxUTHJyYTd4ZEJDQ3ZIYnYvK2YwZ3dwMStud0o3bkNCZGdUQWdFQjcKYVBObUNPbWpiVTd0c21qSWtkakNkcDFxUU9YOE9SaG5xOTlSSDlLVE1obHErenBXamR2UkduLyt5UzVMNkJLSAppc3RKMnBnR0ZFZ3phakcxci9IL1RlM29HTmhkQUtZV0c0TmFraitLOTBFQ2dZRUE0aVl1cXZSQ21wRGtOdGZpCkk5VThUZU00U1RlK1BQQTFDSkFHemgwRVI4eXVsSVl4WVQ3QWtrOU5XZWtMUzR1SEZzTzB6NjZ3VWRsT0tCZ0MKajVaT1RhdndZZm80QU9kVXpLTEhXZkEvWklSUUZUYStDaEt1RVJwMjhtV3NXR29tdHJ3L056S1dCVkkvb2tJUgpaaHRoQ3Y2cGlxV2RraER5ZFJqeUp4Y1BHYnNDZ1lFQTE5Zy9CeXJyVjdRWk1zZGVQQVhaaEh4Y1hsS0EzbWpOCnJISENCUW52OU9KKzJOQmh2d3dmVXROVnd4aWV3NkV5WW1JR0puWUR6VHhuY0ZVRE1wQ2RYeW1DL3A4VVFvMi8KRHdIRUFqTXVGM1ZoSjN0SXhQRi9GcWlyaiszbUFPK2dOSCt1YWNYUzM0MUdMTU15UHJleFJZMlpsa2I0MUs2RgpTOEVzSnRRbU1tY0NnWUIzSVB2MmJDTmx2cXVwUkVISTlId0czNG4zNzloVHk0bDBVRUoxY3cyZE1QSktKUUtBCklvbFl5Vk9LNkZ0ZDJVczVMN0Rnc2pvSmM3cGJIb0xDMXIrNjVMY0ZOY1VvbkxPcjlKZWxCZ3l1eTVCUURIMUIKV3lPOHVMOHQ0MmROVCtYQzN4bEIzM0R0cnF6OHNXYnU3YjlLQm1xVE1iajJoOXpnMkZvL1EwTmVId0tCZ0hqQgpZWm1uK0Z4cnhNRTA2dEtYenphZ3dLaUFiZHFBTmJqcE44dkw0SFJYbHZIRHV6dkFFM0lxQzh3SFpTTTdkczIxCjI0eis3MmVPQ0t5KzB2Z2lFZmtnWjBuK1E3NXNRTnlyZHpabjNieUFEZWVod0hkMlNFeXI5cmVpTjlDRVAxTy8KcnhzNzhwcmhGY2FMT2Z2K2x1MjdwNVo4aEUrd2g2QjNKVFZmOFRLM0FvR0FLblB0VzJQRnJXUUNGYm5hajRPRgphZW8wMkswT2RJMGFuS2RKbjh3TmRhck1KR2ErMzg2WUM0N0VKNVI4dHozSE4rUUVUeWZucHk5Z3k4cFpTWHlkCmZ4UXI2RDJBT09Uby9tOCtqUGVrUDFCK1cxWENpQk9CaDdtMFdXaS9RKzlSTzFmSUE4TWYvUnlraTQ4eTdyUVMKZEhYaVR5SlVwR1ozNHV6ZFVrNlo5NlE9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K +type: kubernetes.io/tls --- apiVersion: k8ssandra.io/v1alpha1 kind: K8ssandraCluster metadata: - name: test + name: enc-mgmt spec: + auth: true + secretsProvider: internal + cassandra: + config: + cassandraYaml: + server_encryption_options: + internode_encryption: all + keystore: /etc/encryption/internode/keystore.jks + keystore_password: changeit + truststore: /etc/encryption/internode/truststore.jks + truststore_password: changeit + jvmOptions: + gc: G1GC + heapSize: 1Gi + datacenters: + - config: + jvmOptions: + gc: G1GC + cassandra_ring_delay_ms: 0 + datacenterName: c1dc1 + managementApiAuth: + manual: + clientSecretName: enc-mgmt-enc-mgmt-c1dc1-c-mgmt + serverSecretName: enc-mgmt-enc-mgmt-c1dc1-s-mgmt + metadata: + name: enc-mgmt-dc1 + perNodeConfigInitContainerImage: mikefarah/yq:4 + perNodeConfigMapRef: {} + racks: + - name: r1 + size: 2 + perNodeConfigInitContainerImage: mikefarah/yq:4 + serverType: cassandra + serverVersion: 4.1.5 + storageConfig: + cassandraDataVolumeClaimSpec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: standard + superuserSecretRef: + name: enc-mgmt-superuser + metadata: + pods: + annotations: + k8ssandra.io/inject-secret: >- + [{"name": "${POD_NAME}-inode-ks", "path": + "/etc/encryption/internode"}] reaper: reaperRef: name: reaper1 uiUserSecretRef: name: reaper-ui-secret +--- +apiVersion: v1 +kind: Secret +metadata: + name: enc-mgmt-2-enc-mgmt-2-c2dc1-c-mgmt-ks +data: + keystore.jks: >- + /u3+7QAAAAIAAAACAAAAAQAJcHJpdmF0ZS0wAAABkeupV70AAAUBMIIE/TAOBgorBgEEASoCEQEBBQAEggTpXjpyNFnLY+d51oEX8QYD8dJPkrjbWm6XRXPURfsddbkHNBm0e/s3/lqRZJ5WpeGjaHQTvjk9dUGwMqFcEuewssR3qYRtkpp2N828plcuMSvs9qXUbvtdGZseftbRt4hTexQdjfFKt4UGhtmoO+H7vIpqSx6BF1vS2RCrmnZGDGv4mcZEZm7RvwVA1idB7m4uWjz0QApxpQpG0C4rHLjlTakdpYe5lLEFrr1DC/jY6q3W15+8Hy4cU/M1tmMuUFf90VkoqtfzYOFlQ+YsotHt26ERqNsiF5T4Gl2dKNfUMJ41rcXyycThT1j2h7U3Q4KpgWBOyd6Vlr++8W3r9i02OFB74rHNqm6iA0DNbksbGD3woFdopLx3sKeXsJP1liusJ6Xj9gb3l9DKo5L1/izSNOnaDhBPTrAFYItS6rx0eW/IhcSnx1Kc2JqVAcajFdGguqXrNb7+cOqeRhmID2yCAX3f3wvlyns5B51b536/m0E1/ethUbUH4EjdJ0pqmFpQC0HkfyIyIonElRLRoQDraUOo2I9gngN4frg28Gy4YeeheFr4USx1paQvXZYcTo1Gyhu5aZNEuPWoxbqwIt8DLZuHnBQDLtO835fP4hLsonYuzpuG3KFidMxCaUM8K/GJSBolfnoZat2vrSKJIrygyz+YMdH56rPDYPtsIBzvvodB7Kj+KDQJSGWbPVCgJkioOAiDTrKlR5V0Yi9z74ueFmADn8BhV7QfsWqzDoHhbN5uEcQA4vQr/aI097reNytlAio6OJnz44wINOFwbo2Fkps+p3bITmtoSHphp1TG/BT9H4gW85HHkIOiCLJ9E5r0H0uljjw4Z5G7m1EOry7oFD1ek1+xoLRbP66DK6/ODanULsKNzLs8/SNIDcLhQRiunmXwoGe3jFK7nn51gOUqgNRARw+fDzl6rZS6uRQwCnq5KnGNAWH2rIiGH46T/clrTYv9hH5TZDEfqA8BGdWBvbPTTf9Ap3KCwnCcrS7q8i8yHKHi0je1SM4/a8DnbJ+6DIPs3gA7fiCWUsoIsTM5g+CdYzeUG+Em3lVAZG+4RZ+uyV964kzHCEkuPzMrqOFcc9B65PK1r35t3oyjeWRni4BzTB74wZhLu1MV5fdMFqUedA8IbYmknqatjMOz2F9EX+u+TQWkDKZQLjCKFtDZ5KUzSfF/4LpTzBarNTbb0wxxAriCtSEy/KnYhDlID3ANwvFt5LUod55dh7FQXHycgtQFOLdTzobTXabbgvaPZ/2gajrjg1eHhcVy9VAlHdcttHfmoWGE6nV1O3U6lUKKg3SdP/5dQTYwsK4bWmHS5BIgKPE/uYns2uAsn6QnhvkeV/XkchADe+tXtBsiIZx1lQmOTOXIsB84/JxCGhPOgPj0qHv+2nw/RNCiwF4DIfoUt9UPzoH1sOIcmEe8rtyQsiVyNumC4Gk7HEyB2lZqGjaC0z1VmtTOJV6HZ2A6L0hiNbEvIp6vkz92t9YTankShmvW8CNKozyHZ6d0GMHhCVA/csy3dn0kllLBSJ49ya4ld1XA9LqodfkFBdnrzT3uFsDyMEVZxWTyOX9JuG6PGu2jqUFWCG/1WfRghgyFxg08fCcNo8vzQieoNZwnjRZw4M4NYQx+5XTRrVvanZjMoJfh6Ooqx30w0WlmD8nCVHe+C76/upPRz/ZYAAAAAQAEWDUwOQAAAx0wggMZMIICAaADAgECAhEAsAo2+fK64UMUiaWiQeH0tzANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQDExdlbmMtbWdtdC0yLW1nbXQtc2VsZi1jYTAeFw0yNDA5MTMxMzUzNDlaFw0yNTAzMTUwMTUzNDlaMCsxKTAnBgNVBAMTIGVuYy1tZ210LTItZW5jLW1nbXQtMi1kYzEtYy1tZ210MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzfnPkkF4ByvV8d0FLWbLiQVI5yHmaMXCJPb+s4+rIKowy2DsPghnHx3ihDwnR00ew3UpVfi1vdWzPpQMElbDkX5TIUaNhOVakf4ukrtRxzkC6iBzrYU5Tq3GZExn0NO9E/X9+AmT+1SrnV8u+L7on7Px6eby9uzed/jZPq2TrfDtZXQMV7ELqTThRPcnprxPtwB7JPBE6+IZpKP8Md916GnZ+7jcrXZxdtaaE08wyWAEIh2M8RSkiHWHd/KsqIhNeVB7TFhl6ecOV22FQV1nU2/HDYQAk0TR+ApCh4lJGc2MvjNqNGsjkE93VpA3PYLVIe86F6ako20lenqm4e78AwIDAQABo0EwPzAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBRVvil5SJHY1yDFrr9LLYlG8khobTANBgkqhkiG9w0BAQsFAAOCAQEAQGelzWnKoNQKPGNRVsBNsfiNsbD71UPm2mBSKjvv7wNFX2eeuJf7v+3VYBPEfrL0tFZqRcFcE5M+/GlSI/9kFfUd+mrG5f0kYjOZ8nIOBbBGPTVlt3n9lldQ1bQBs3eLxqbv6xJrJ3ZqaZ9n3zRN4ezf6MPyS+ObZZnJkz4cjtKF2CY/BDW9YuYj2BYgdpb0XPaSkhogMVQeY6ySEGX5vg4XUi4/kkOl8FpJgI0j+5cLA0qmjncYEyCWVMUCvKpAk2BC2ba9CJTmo5jESo/JWk9iAY5C5mmJ73pnhtU2h5vbFfBK932dSSTY+0B9SrGyRu4y4aiAk+zu7E6HVf71IwAAAAIACWtzLWNlcnQtMAAAAZHrqVe8AARYNTA5AAADHTCCAxkwggIBoAMCAQICEQCwCjb58rrhQxSJpaJB4fS3MA0GCSqGSIb3DQEBCwUAMCIxIDAeBgNVBAMTF2VuYy1tZ210LTItbWdtdC1zZWxmLWNhMB4XDTI0MDkxMzEzNTM0OVoXDTI1MDMxNTAxNTM0OVowKzEpMCcGA1UEAxMgZW5jLW1nbXQtMi1lbmMtbWdtdC0yLWRjMS1jLW1nbXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDN+c+SQXgHK9Xx3QUtZsuJBUjnIeZoxcIk9v6zj6sgqjDLYOw+CGcfHeKEPCdHTR7DdSlV+LW91bM+lAwSVsORflMhRo2E5VqR/i6Su1HHOQLqIHOthTlOrcZkTGfQ070T9f34CZP7VKudXy74vuifs/Hp5vL27N53+Nk+rZOt8O1ldAxXsQupNOFE9yemvE+3AHsk8ETr4hmko/wx33Xoadn7uNytdnF21poTTzDJYAQiHYzxFKSIdYd38qyoiE15UHtMWGXp5w5XbYVBXWdTb8cNhACTRNH4CkKHiUkZzYy+M2o0ayOQT3dWkDc9gtUh7zoXpqSjbSV6eqbh7vwDAgMBAAGjQTA/MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFFW+KXlIkdjXIMWuv0stiUbySGhtMA0GCSqGSIb3DQEBCwUAA4IBAQBAZ6XNacqg1Ao8Y1FWwE2x+I2xsPvVQ+baYFIqO+/vA0VfZ564l/u/7dVgE8R+svS0VmpFwVwTkz78aVIj/2QV9R36asbl/SRiM5nycg4FsEY9NWW3ef2WV1DVtAGzd4vGpu/rEmsndmppn2ffNE3h7N/ow/JL45tlmcmTPhyO0oXYJj8ENb1i5iPYFiB2lvRc9pKSGiAxVB5jrJIQZfm+DhdSLj+SQ6XwWkmAjSP7lwsDSqaOdxgTIJZUxQK8qkCTYELZtr0IlOajmMRKj8laT2IBjkLmaYnvemeG1TaHm9sV8Er3fZ1JJNj7QH1KsbJG7jLhqICT7O7sTodV/vUjWk1MKBpnwUz4G50rMA/tamVjs2k= + truststore.jks: >- + /u3+7QAAAAIAAAABAAAAAgAKdHMtYWxpYXMtMAAAAZHrqVe9AARYNTA5AAADFDCCAxAwggH4oAMCAQICEC+FWWac1NUTm9waR9sCL9UwDQYJKoZIhvcNAQELBQAwIjEgMB4GA1UEAxMXZW5jLW1nbXQtMi1tZ210LXNlbGYtY2EwHhcNMjQwOTEzMTM1MzAzWhcNMjkwOTEyMTM1MzAzWjAiMSAwHgYDVQQDExdlbmMtbWdtdC0yLW1nbXQtc2VsZi1jYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPAbTV25ATMWkdKwuoiMN12qUDXYa2wcXXe0mgE83ojsqp77pTnhEukLKa9vahcW7g81MCnSpBHJ5CPs0nJP1AOLaqtmmfVIlmPgrrDDO04WFUsYnYTNZ+WCuK6z72YD+XcaEDKJaIFJoX/57b3OC2abppQkjOxOW9f+AixIRFduPp3aMsFO2Wgeqmbdu0HcT8qiVoYb3by1xSpmnu33PAethRJ8QzeJtT/zULm7M4G6pfSvxMd4b6Xind7ibkuykpyO39k3TPVXWTMp1We1/5GkLyquRhlOrYmh4M1rN77qVozJg4Q3SdeTpGpv7gsBf/5a0DSvV08bFUaJKaP8TJcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgKkMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFW+KXlIkdjXIMWuv0stiUbySGhtMA0GCSqGSIb3DQEBCwUAA4IBAQCMTbyIgptAqCrAMAmeeV3zfAOpXx03G42NjbefuI51V9UaHQZq9cyfGoCrrdjtChvcd2EmCOU7RP4kl012S5V0lidOQr5kTY5+NAN6W51l1+iz9vdRiDJtdoBljFpIcBk9u2Zp7UG91DuGuSwqPmHuTHFFs98rG2jMTmGXXwUWIxKeNu8kzX8/lVa5eVqyLI90EXBD/aNJBbSda9aKonVjP5+cH1DAPTv2jij2ekv3QibT4K5GvwY7kszqXwAX9aNOiABbXdqTfTAUQke77kuQlmDycPu9JXL5NNjmiOe9aZA3iKYfhGF9EbOUh06jvPHeZkX9cY40wASF04iyQ+qkbMykPod5YpqLDtbshTwndTl5yBs= +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: enc-mgmt-2-enc-mgmt-2-c2dc1-c-mgmt +data: + ca.crt: >- + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFRENDQWZpZ0F3SUJBZ0lRTDRWWlpwelUxUk9iM0JwSDJ3SXYxVEFOQmdrcWhraUc5dzBCQVFzRkFEQWkKTVNBd0hnWURWUVFERXhkbGJtTXRiV2R0ZEMweUxXMW5iWFF0YzJWc1ppMWpZVEFlRncweU5EQTVNVE14TXpVegpNRE5hRncweU9UQTVNVEl4TXpVek1ETmFNQ0l4SURBZUJnTlZCQU1URjJWdVl5MXRaMjEwTFRJdGJXZHRkQzF6ClpXeG1MV05oTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4QnROWGJrQk14YVIKMHJDNmlJdzNYYXBRTmRocmJCeGRkN1NhQVR6ZWlPeXFudnVsT2VFUzZRc3ByMjlxRnhidUR6VXdLZEtrRWNuawpJK3pTY2svVUE0dHFxMmFaOVVpV1krQ3VzTU03VGhZVlN4aWRoTTFuNVlLNHJyUHZaZ1A1ZHhvUU1vbG9nVW1oCmYvbnR2YzRMWnB1bWxDU003RTViMS80Q0xFaEVWMjQrbmRveXdVN1phQjZxWnQyN1FkeFB5cUpXaGh2ZHZMWEYKS21hZTdmYzhCNjJGRW54RE40bTFQL05RdWJzemdicWw5Sy9FeDNodnBlS2QzdUp1UzdLU25JN2YyVGRNOVZkWgpNeW5WWjdYL2thUXZLcTVHR1U2dGlhSGd6V3MzdnVwV2pNbURoRGRKMTVPa2FtL3VDd0YvL2xyUU5LOVhUeHNWClJva3BvL3hNbHdJREFRQUJvMEl3UURBT0JnTlZIUThCQWY4RUJBTUNBcVF3RHdZRFZSMFRBUUgvQkFVd0F3RUIKL3pBZEJnTlZIUTRFRmdRVVZiNHBlVWlSMk5jZ3hhNi9TeTJKUnZKSWFHMHdEUVlKS29aSWh2Y05BUUVMQlFBRApnZ0VCQUl4TnZJaUNtMENvS3NBd0NaNTVYZk44QTZsZkhUY2JqWTJOdDUrNGpuVlgxUm9kQm1yMXpKOGFnS3V0CjJPMEtHOXgzWVNZSTVUdEUvaVNYVFhaTGxYU1dKMDVDdm1STmpuNDBBM3BibldYWDZMUDI5MUdJTW0xMmdHV00KV2tod0dUMjdabW50UWIzVU80YTVMQ28rWWU1TWNVV3ozeXNiYU14T1laZGZCUllqRXA0Mjd5VE5meitWVnJsNQpXcklzajNRUmNFUDlvMGtGdEoxcjFvcWlkV00vbjV3ZlVNQTlPL2FPS1BaNlMvZENKdFBncmthL0JqdVN6T3BmCkFCZjFvMDZJQUZ0ZDJwTjlNQlJDUjd2dVM1Q1dZUEp3KzcwbGN2azAyT2FJNTcxcGtEZUlwaCtFWVgwUnM1U0gKVHFPODhkNW1SZjF4ampUQUJJWFRpTEpENnFRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.crt: >- + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURHVENDQWdHZ0F3SUJBZ0lSQUxBS052bnl1dUZERkltbG9rSGg5TGN3RFFZSktvWklodmNOQVFFTEJRQXcKSWpFZ01CNEdBMVVFQXhNWFpXNWpMVzFuYlhRdE1pMXRaMjEwTFhObGJHWXRZMkV3SGhjTk1qUXdPVEV6TVRNMQpNelE1V2hjTk1qVXdNekUxTURFMU16UTVXakFyTVNrd0p3WURWUVFERXlCbGJtTXRiV2R0ZEMweUxXVnVZeTF0CloyMTBMVEl0WkdNeExXTXRiV2R0ZERDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUIKQU0zNXo1SkJlQWNyMWZIZEJTMW15NGtGU09jaDVtakZ3aVQyL3JPUHF5Q3FNTXRnN0Q0SVp4OGQ0b1E4SjBkTgpIc04xS1ZYNHRiM1ZzejZVREJKV3c1RitVeUZHallUbFdwSCtMcEs3VWNjNUF1b2djNjJGT1U2dHhtUk1aOURUCnZSUDEvZmdKay90VXE1MWZMdmkrNkorejhlbm04dmJzM25mNDJUNnRrNjN3N1dWMERGZXhDNmswNFVUM0o2YTgKVDdjQWV5VHdST3ZpR2FTai9ESGZkZWhwMmZ1NDNLMTJjWGJXbWhOUE1NbGdCQ0lkalBFVXBJaDFoM2Z5cktpSQpUWGxRZTB4WVplbm5EbGR0aFVGZFoxTnZ4dzJFQUpORTBmZ0tRb2VKU1JuTmpMNHphalJySTVCUGQxYVFOejJDCjFTSHZPaGVtcEtOdEpYcDZwdUh1L0FNQ0F3RUFBYU5CTUQ4d0RnWURWUjBQQVFIL0JBUURBZ1dnTUF3R0ExVWQKRXdFQi93UUNNQUF3SHdZRFZSMGpCQmd3Rm9BVVZiNHBlVWlSMk5jZ3hhNi9TeTJKUnZKSWFHMHdEUVlKS29aSQpodmNOQVFFTEJRQURnZ0VCQUVCbnBjMXB5cURVQ2p4alVWYkFUYkg0amJHdys5VkQ1dHBnVWlvNzcrOERSVjluCm5yaVgrNy90MVdBVHhINnk5TFJXYWtYQlhCT1RQdnhwVWlQL1pCWDFIZnBxeHVYOUpHSXptZkp5RGdXd1JqMDEKWmJkNS9aWlhVTlcwQWJOM2k4YW03K3NTYXlkMmFtbWZaOTgwVGVIczMrakQ4a3ZqbTJXWnlaTStISTdTaGRnbQpQd1ExdldMbUk5Z1dJSGFXOUZ6MmtwSWFJREZVSG1Pc2toQmwrYjRPRjFJdVA1SkRwZkJhU1lDTkkvdVhDd05LCnBvNTNHQk1nbGxURkFyeXFRSk5nUXRtMnZRaVU1cU9ZeEVxUHlWcFBZZ0dPUXVacGllOTZaNGJWTm9lYjJ4WHcKU3ZkOW5Va2syUHRBZlVxeHNrYnVNdUdvZ0pQczd1eE9oMVgrOVNNPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: >- + LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRRE4rYytTUVhnSEs5WHgKM1FVdFpzdUpCVWpuSWVab3hjSWs5djZ6ajZzZ3FqRExZT3crQ0djZkhlS0VQQ2RIVFI3RGRTbFYrTFc5MWJNKwpsQXdTVnNPUmZsTWhSbzJFNVZxUi9pNlN1MUhIT1FMcUlIT3RoVGxPcmNaa1RHZlEwNzBUOWYzNENaUDdWS3VkClh5NzR2dWlmcy9IcDV2TDI3TjUzK05rK3JaT3Q4TzFsZEF4WHNRdXBOT0ZFOXllbXZFKzNBSHNrOEVUcjRobWsKby93eDMzWG9hZG43dU55dGRuRjIxcG9UVHpESllBUWlIWXp4RktTSWRZZDM4cXlvaUUxNVVIdE1XR1hwNXc1WApiWVZCWFdkVGI4Y05oQUNUUk5INENrS0hpVWtaell5K00ybzBheU9RVDNkV2tEYzlndFVoN3pvWHBxU2piU1Y2CmVxYmg3dndEQWdNQkFBRUNnZ0VBZHNVYm1meENWL0JBOTZ3NHRndFdSZlpVS1dMMDEybGhINnVGQnNsTEpoUzgKK2lrelVEbk1MTGN3ekl0Ykl0UW5ieEY1K21ibGRVZHFpaVVZS09MNjlrUmZid3FkeEFuMGhjYUoySFpIRzVlVwpSS2JkelNySzlzRmhhcWhjSEtCYm9NengyenE2cCt3VTRUUG5nK3VoZTZWcFV6U20yUmVRMktFWHMvcW04MTYxCitmeGpvUmQrUHJwQ2h5SjE0b3Jvb0xjMEVXSkUyQTI4R2JpU3hiaG5oN1VDU1dUbmhLdkc1aHFDZDg2SVVPcHEKa2p1WHV1YjJTTXNncGRXeklBUGx0WVBOK1hoMjFHTEx4WmVjd2dlWW9wbGh0TEMxakdCWGZPVHFybDZlU2plTQpzZjdJV0JGYlFROTdXaHoxNnFZR0diMFd5RjBkTEdLeHVIRWhWZ1B6SVFLQmdRRFQvMGYvYW9SR3p4YVB3TzZkCkQzY0I3SlJUYXR3Z0p4cGJjRk1MNEI3MkRxdkI1SnZrQy9sM2tPTGJ0aWJjUG9zY2ZDZC9WamcwT0ZPWnFnSjQKTGJLY0lLRzFuYllnZE53RXNiYnQxeHZmem9wc0g3ejBjUlAyK3lRRWlIOWZOTkxMRnAyL3lXNEdXeUF0d0hXZQpteDNZdXZ4cDJ6RlNPcUg0NXdwRnNBdlhld0tCZ1FENHVwTzlmcXBOQTNjWDl6QjlPYWlLQkQrMTZqM1V2RE00Ci82WDZ6YzdoSjlHNTIzcFhlVDE5azlhY1B4bWRuUWswcmxWQ1ZTS3hpWlVZYjJ2VVB4Q3I1MlNZNkxva1Q4bUEKa3V6eUp2VTRLZlUzN3JJdVZoaWF1M1VGRG5ZejZ3bHNZaElOZmlYK282NklYNE8vRXdLdm96dEVnQU1ZM3p4dApBVk5ZdTVtREdRS0JnUUN4SGQwbk5mVGh1KzdibDVORHdVSHFaNS9jdWJERFpDZ1BNUjhSRXVTTEt1S3hFYkIwCnJOUjE0cVRHYjc2eno4VWx2VXk2aEd4Y3BKcWtEWGdXdEFjL2pidk5Jc0NoQ1VFdzR0RTBrTDJIRk9adFEyNzQKd3VpdE5sRjNRQnM2amNWM1M2UHNNZndzYjBISk43eU5FSWUxSlRQeHRPSFdFNHB6aTRQM2lRZTd0UUtCZ0VFVgpxV1V6aU9LZ0hvREI2UWxMbGlPUFd4Q0NHKzNYMVZ0NzRmWFA5dXVKM09KU1lTQVVsSmVRb042LzBEY2pDVzZrCms2REk0RXd1b1RvRXBlV2pIdnlzanZGSUxMVWx2NmVLU3NCT20ybzM2SGZiV1BxeEFyMHlnanR4ZmxLMWxRQ3MKWk9iczlJbytVSVJVNGdlVXRPWTZ3MTU0Vk5ja1N3NkhBMFU3eWI2NUFvR0FiYWt4a2RWQ0hqcTlZZ0d5Z3ljcQo1VHBvK3dwYU05VkFNVHdlMFBPc2xnYTE3Q0w0YU1KNk5zZnJnSWNETFpjQWcrdXJqVzJYc3VlRDBGYUxNa25HClIrdTk2U2JQSHphR1RuTk95UW1QM05OZ0FmYzZNMldueGx5NGZVblFycWVCYjA0UCtVaUh2UnpQbUFXMHRqOTEKMXJ4ZkJkNUdQTTZRVUVDSjFGWkJ3dHM9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K +type: kubernetes.io/tls +--- +apiVersion: v1 +kind: Secret +metadata: + name: enc-mgmt-2-c2dc1-r1-sts-0-inode-ks +data: + keystore.jks: >- + /u3+7QAAAAIAAAACAAAAAQAJcHJpdmF0ZS0wAAABkeupV40AAAUDMIIE/zAOBgorBgEEASoCEQEBBQAEggTrDgBTUFUM8KJxrfB6JcYuyPPS77PJYoH97Hvjb8+7FMZX6CP7Q9i/EBBcMyo7nhdUZpSdjUUhrdgDk1IzYk3+HQoOcjbBW7Tu3+e5/wTkrZ5+k4FL2UhJ1nh4JXmj7QehW/j7RMfWyZX7BbP/ir6trRE8RAPCjTeEgygvJKjrRFmY6XrVXI1Eh3/kSseUH8/hUIt/i6UduvFnODXLZsv0nG8njr5XNLDZvp9BrnFtHV1lbrsvxfgbUHdeIxDwzeefFVbrl+iz+kA7KKFEbL1I1ViIpyjpr/goQedvgeKMaj13IOgWEtbto9pbo+GYU4CGDA7QG+FVcISQsI9lJjm6j7HA+5dkos1w5ka+zmN4md+3AGsPpCu8l7wp9aZAx0YD1S1fEEEixsjBJ9CiGWP+UVSuTFtrmGhWEJUvi28rtbBbIyAYfl8uHF5WbwLJuUtgq2ONNqyw1WTMn3Pc6is0ZJxxDoAmUYJtNwhpannnsyT0L2/GyJsmFV+IgbEStt8QoFTyNuqlA9yTg3Nf7gRKVMQLGcivAlMCWoEla6hO2wdYoj/K3whu5tcTMOjxvthceVAgGFDLqeDP9H6W5DlVM6sSorzv2YpVHk641XgVU21mcpYeq1nXuRvnYJ4DTTXKEd3jMfMCp/OSUq8mwFZgDhaU3C4K3wT7fVG0Y65Qn1Nzj5crropG+QuTM9w4enM7x3Cyd9JeMUyY8xyFKmBt1rQaKIZz3gz1sg0aHWlZyKPm6TK1I40y3XcwbwX12QnevIUji6ImPQMeFAvBB4EapBjFAnmn9i9bdJKTiw1viNasZnzFDIoomlL7muqulUuqRdCFPGPBiH7WANBqTYSEdnUVyMFQa69PYutapgccuLysXnSNgEKiHDU3G3MN7ek4UGSwUhwaWccG8f1l2Ezi1p6vylCUVq98xXzDN5oz+iveIDm1xbMEL59KkhGe8s5dioA4f04U4yvY6ABPXBiakCGznJ3+fWuobUZ/Qzkxb2Z7hgkHriYK4TFo6DSgzvgVJXUl2VPc++OPMXnTZOWMFz3uSGjq0wklMEhWc0XBDp8QxJwPrpVU9Jgmb1NfZp5B01HA6xObv29r2M9FDqL8vUC9gW3evejv6hSPzj7ITpsI8LeJMKhLwXQTShoxIK9+WaEVdLWihJvT44CaLZQW6+4mNAmVBTmPdzkYKj5vcb32+iM2M8B4y98M5lrrVHC4AG+32GY6VDCfM6xYMtz1mT4rIPn0iz9q/LIuTEWKkd2W42JepHSHAdt0EXDmC3FejnjJ1Z0duQKvdQJSOZnhiFfX+7vrA6wVArbNiDRKBHgTEpmCyp3GFaMgAgZP8ZIOBXqwGKKfE7Nk4aMGSneukXII0vsvEvN9jTrK209iGHtkjqxDr7NXYMEDoXlkGARkbBFyCZHz34vGhZeJd+hym8Lm3hCgni3b7Oo9BUBk1uwhYV9AdnUECGsu//AXq3rY4LgLYP9MiCKdexVvcoO6zPVwEYqhkzByQv31RE+fAPLD2ZtLW2aueiZnvt712AVp8QrzNRfghJOnqsKkOqces8eXwfEtJEbNit7Qo0BCPllgvy5evo0oWcaOUUJyk8MilLSMMd9ph1PMkYwQFCJ5a7KV550dQPuMopNOTOUohrP20b359uaH88UKtt3F4KB9g5med7yL6vXDWjcAAAABAARYNTA5AAADGjCCAxYwggH+oAMCAQICEGFUGz+RlOIPJ3Z0vXWFEz0wDQYJKoZIhvcNAQELBQAwIzEhMB8GA1UEAxMYZW5jLW1nbXQtMi1pbm9kZS1zZWxmLWNhMB4XDTI0MDkxMzEzNTM0OVoXDTI1MDMxNTAxNTM0OVowKDEmMCQGA1UEAxMdZW5jLW1nbXQtMi1kYzEtcjEtc3RzLTAtaW5vZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDh7AwHJPckfAmJQ0SNe3/sB7av94l2VVKGmBzXq7uhgIuFZgGK1I3b+Wgra5boEEHUA8WDY1uXz19sxSsQoF+QOKETzgnCASeU3w0oN1jaZIv7yxkvCQLjc40JfS6cQTy+Y6s/AjEod6zJiL1wz8A6ong+e6fG3bTvTSgpezHTCeXU7b/YKSMm5V2p+NvROqwWlT4H5YaX+1QvuGiuhfu8FZFYkPoRxpmH24ezsKwpiWgZm2LhL8AQQioyW0ucaA6wg7hhEGql3Pk+2Rm+T9vUhwB4sk9dxaTb0LSL0c4qJHF9UEQB1sopo4LYMdY8InEZEAtpWa3VJ3LUf8VIRFE/AgMBAAGjQTA/MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFI5LKrilYmB1EuizQwghvpCa7FLTMA0GCSqGSIb3DQEBCwUAA4IBAQB7ottlLp5HpAtr4oHD7XBmmuwsfoSdXx0ryblSwYLA4yVWkIBHjmZ1tOc48EvR9IhQWrrSaxTHsM44PlCJVdEdIkN3DDcfu5vcu8eHG+XqpaOZoX62v9h1AiHrmvRzx0FREaiZRscZlpK1/tUz5zB+1JSBXZrD/jVg6iMYPa4eczfWSNINxdU2XsXo1zGF6xzc4o+XjupDI5yksdAzQSmOI2kGi+6CUDIRtv2SyRXrBy3/yDCpG4S4zOPwKfpJxxOVilEnLKUHepw0+JTPDClR0iqeJOOo/M2YTZXy3qDg6vyos5UD5+cgn0K7SYLT6Rm21Dv6mKQqdLRMWramfuVzAAAAAgAJa3MtY2VydC0wAAABkeupV40ABFg1MDkAAAMaMIIDFjCCAf6gAwIBAgIQYVQbP5GU4g8ndnS9dYUTPTANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhlbmMtbWdtdC0yLWlub2RlLXNlbGYtY2EwHhcNMjQwOTEzMTM1MzQ5WhcNMjUwMzE1MDE1MzQ5WjAoMSYwJAYDVQQDEx1lbmMtbWdtdC0yLWRjMS1yMS1zdHMtMC1pbm9kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOHsDAck9yR8CYlDRI17f+wHtq/3iXZVUoaYHNeru6GAi4VmAYrUjdv5aCtrlugQQdQDxYNjW5fPX2zFKxCgX5A4oRPOCcIBJ5TfDSg3WNpki/vLGS8JAuNzjQl9LpxBPL5jqz8CMSh3rMmIvXDPwDqieD57p8bdtO9NKCl7MdMJ5dTtv9gpIyblXan429E6rBaVPgflhpf7VC+4aK6F+7wVkViQ+hHGmYfbh7OwrCmJaBmbYuEvwBBCKjJbS5xoDrCDuGEQaqXc+T7ZGb5P29SHAHiyT13FpNvQtIvRziokcX1QRAHWyimjgtgx1jwicRkQC2lZrdUnctR/xUhEUT8CAwEAAaNBMD8wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUjksquKViYHUS6LNDCCG+kJrsUtMwDQYJKoZIhvcNAQELBQADggEBAHui22UunkekC2vigcPtcGaa7Cx+hJ1fHSvJuVLBgsDjJVaQgEeOZnW05zjwS9H0iFBautJrFMewzjg+UIlV0R0iQ3cMNx+7m9y7x4cb5eqlo5mhfra/2HUCIeua9HPHQVERqJlGxxmWkrX+1TPnMH7UlIFdmsP+NWDqIxg9rh5zN9ZI0g3F1TZexejXMYXrHNzij5eO6kMjnKSx0DNBKY4jaQaL7oJQMhG2/ZLJFesHLf/IMKkbhLjM4/Ap+knHE5WKUScspQd6nDT4lM8MKVHSKp4k46j8zZhNlfLeoODq/KizlQPn5yCfQrtJgtPpGbbUO/qYpCp0tExatqZ+5XNgYtCIdHPlDxIQ3kcQQc/65r17bA== + truststore.jks: >- + /u3+7QAAAAIAAAABAAAAAgAKdHMtYWxpYXMtMAAAAZHrqVeOAARYNTA5AAADFjCCAxIwggH6oAMCAQICECBcdRHTt+2agTmCaJ0FffQwDQYJKoZIhvcNAQELBQAwIzEhMB8GA1UEAxMYZW5jLW1nbXQtMi1pbm9kZS1zZWxmLWNhMB4XDTI0MDkxMzEzNTI0OFoXDTI5MDkxMjEzNTI0OFowIzEhMB8GA1UEAxMYZW5jLW1nbXQtMi1pbm9kZS1zZWxmLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjd3+VYhA6M131xivi4+JgTq11p7atQomwTiauWzXlNawmuyJVYFyXblkm4B0vI0mXyXim7DQtmCfboHgNMJUYmcUuKWFGKRhdCeTZVmkCECVeupA4mQyKfZRys7QNYjxtSyc+qnMWbtBQqVLwPdBku93n2pYb9Hj10pPhoxFjdDXR/wqalepe/YMhTZpcsb7tI2RBfDiyFkFdIFoppDKNhl4+NPfjVz6aWbt+sVhsD3Mi50EZPzMupIdSOOG31A/0LdpuWCMWfRtTBldaRJK9R4rQHyfBA+6U+mSExgTEYgYGMKYC6Du+R7xbsH4X6zyJ6sSBaSjXIQzymScONfiQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUjksquKViYHUS6LNDCCG+kJrsUtMwDQYJKoZIhvcNAQELBQADggEBAAcLOu4eLoUmP+S7wCZ4b8vS4LYvHFAj7ICL/DLQOKVIQS8ufF0JJORsDoegm1yFTCHc14Y1Wi4bJR/oG42U0b/gPAVmyi1eCFEgy6+0ckhrSD7z+A9IHkkWyQeMjhnWPTetSCu69n6i/mA25mIT4JAYOapuCMPSmzb3d6Dr0ZfzoKO5w07cnR4l8VGV3Es9XE6qxyyTdGmCHAb3+g1MqsfwkbfYZJVjUcjO+oYXEN2JWNEBPgHPIz2tQL+tWaINPrrBxhT+tQFsME6iro++mKc0uqO7QRwpitG8mFLLwhAPV5L+yTpSJ/P09JDtfoIqMVto98os8iQ+pkbjFNsz4AZGKWkPZA1HbBAh9Pho89dbXxrYhg== +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: enc-mgmt-2-c2dc1-r1-sts-1-inode-ks +data: + keystore.jks: >- + /u3+7QAAAAIAAAACAAAAAQAJcHJpdmF0ZS0wAAABkeupV40AAAUDMIIE/zAOBgorBgEEASoCEQEBBQAEggTrDgBTUFUM8KJxrfB6JcYuyPPS77PJYoH97Hvjb8+7FMZX6CP7Q9i/EBBcMyo7nhdUZpSdjUUhrdgDk1IzYk3+HQoOcjbBW7Tu3+e5/wTkrZ5+k4FL2UhJ1nh4JXmj7QehW/j7RMfWyZX7BbP/ir6trRE8RAPCjTeEgygvJKjrRFmY6XrVXI1Eh3/kSseUH8/hUIt/i6UduvFnODXLZsv0nG8njr5XNLDZvp9BrnFtHV1lbrsvxfgbUHdeIxDwzeefFVbrl+iz+kA7KKFEbL1I1ViIpyjpr/goQedvgeKMaj13IOgWEtbto9pbo+GYU4CGDA7QG+FVcISQsI9lJjm6j7HA+5dkos1w5ka+zmN4md+3AGsPpCu8l7wp9aZAx0YD1S1fEEEixsjBJ9CiGWP+UVSuTFtrmGhWEJUvi28rtbBbIyAYfl8uHF5WbwLJuUtgq2ONNqyw1WTMn3Pc6is0ZJxxDoAmUYJtNwhpannnsyT0L2/GyJsmFV+IgbEStt8QoFTyNuqlA9yTg3Nf7gRKVMQLGcivAlMCWoEla6hO2wdYoj/K3whu5tcTMOjxvthceVAgGFDLqeDP9H6W5DlVM6sSorzv2YpVHk641XgVU21mcpYeq1nXuRvnYJ4DTTXKEd3jMfMCp/OSUq8mwFZgDhaU3C4K3wT7fVG0Y65Qn1Nzj5crropG+QuTM9w4enM7x3Cyd9JeMUyY8xyFKmBt1rQaKIZz3gz1sg0aHWlZyKPm6TK1I40y3XcwbwX12QnevIUji6ImPQMeFAvBB4EapBjFAnmn9i9bdJKTiw1viNasZnzFDIoomlL7muqulUuqRdCFPGPBiH7WANBqTYSEdnUVyMFQa69PYutapgccuLysXnSNgEKiHDU3G3MN7ek4UGSwUhwaWccG8f1l2Ezi1p6vylCUVq98xXzDN5oz+iveIDm1xbMEL59KkhGe8s5dioA4f04U4yvY6ABPXBiakCGznJ3+fWuobUZ/Qzkxb2Z7hgkHriYK4TFo6DSgzvgVJXUl2VPc++OPMXnTZOWMFz3uSGjq0wklMEhWc0XBDp8QxJwPrpVU9Jgmb1NfZp5B01HA6xObv29r2M9FDqL8vUC9gW3evejv6hSPzj7ITpsI8LeJMKhLwXQTShoxIK9+WaEVdLWihJvT44CaLZQW6+4mNAmVBTmPdzkYKj5vcb32+iM2M8B4y98M5lrrVHC4AG+32GY6VDCfM6xYMtz1mT4rIPn0iz9q/LIuTEWKkd2W42JepHSHAdt0EXDmC3FejnjJ1Z0duQKvdQJSOZnhiFfX+7vrA6wVArbNiDRKBHgTEpmCyp3GFaMgAgZP8ZIOBXqwGKKfE7Nk4aMGSneukXII0vsvEvN9jTrK209iGHtkjqxDr7NXYMEDoXlkGARkbBFyCZHz34vGhZeJd+hym8Lm3hCgni3b7Oo9BUBk1uwhYV9AdnUECGsu//AXq3rY4LgLYP9MiCKdexVvcoO6zPVwEYqhkzByQv31RE+fAPLD2ZtLW2aueiZnvt712AVp8QrzNRfghJOnqsKkOqces8eXwfEtJEbNit7Qo0BCPllgvy5evo0oWcaOUUJyk8MilLSMMd9ph1PMkYwQFCJ5a7KV550dQPuMopNOTOUohrP20b359uaH88UKtt3F4KB9g5med7yL6vXDWjcAAAABAARYNTA5AAADGjCCAxYwggH+oAMCAQICEGFUGz+RlOIPJ3Z0vXWFEz0wDQYJKoZIhvcNAQELBQAwIzEhMB8GA1UEAxMYZW5jLW1nbXQtMi1pbm9kZS1zZWxmLWNhMB4XDTI0MDkxMzEzNTM0OVoXDTI1MDMxNTAxNTM0OVowKDEmMCQGA1UEAxMdZW5jLW1nbXQtMi1kYzEtcjEtc3RzLTAtaW5vZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDh7AwHJPckfAmJQ0SNe3/sB7av94l2VVKGmBzXq7uhgIuFZgGK1I3b+Wgra5boEEHUA8WDY1uXz19sxSsQoF+QOKETzgnCASeU3w0oN1jaZIv7yxkvCQLjc40JfS6cQTy+Y6s/AjEod6zJiL1wz8A6ong+e6fG3bTvTSgpezHTCeXU7b/YKSMm5V2p+NvROqwWlT4H5YaX+1QvuGiuhfu8FZFYkPoRxpmH24ezsKwpiWgZm2LhL8AQQioyW0ucaA6wg7hhEGql3Pk+2Rm+T9vUhwB4sk9dxaTb0LSL0c4qJHF9UEQB1sopo4LYMdY8InEZEAtpWa3VJ3LUf8VIRFE/AgMBAAGjQTA/MA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFI5LKrilYmB1EuizQwghvpCa7FLTMA0GCSqGSIb3DQEBCwUAA4IBAQB7ottlLp5HpAtr4oHD7XBmmuwsfoSdXx0ryblSwYLA4yVWkIBHjmZ1tOc48EvR9IhQWrrSaxTHsM44PlCJVdEdIkN3DDcfu5vcu8eHG+XqpaOZoX62v9h1AiHrmvRzx0FREaiZRscZlpK1/tUz5zB+1JSBXZrD/jVg6iMYPa4eczfWSNINxdU2XsXo1zGF6xzc4o+XjupDI5yksdAzQSmOI2kGi+6CUDIRtv2SyRXrBy3/yDCpG4S4zOPwKfpJxxOVilEnLKUHepw0+JTPDClR0iqeJOOo/M2YTZXy3qDg6vyos5UD5+cgn0K7SYLT6Rm21Dv6mKQqdLRMWramfuVzAAAAAgAJa3MtY2VydC0wAAABkeupV40ABFg1MDkAAAMaMIIDFjCCAf6gAwIBAgIQYVQbP5GU4g8ndnS9dYUTPTANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhlbmMtbWdtdC0yLWlub2RlLXNlbGYtY2EwHhcNMjQwOTEzMTM1MzQ5WhcNMjUwMzE1MDE1MzQ5WjAoMSYwJAYDVQQDEx1lbmMtbWdtdC0yLWRjMS1yMS1zdHMtMC1pbm9kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOHsDAck9yR8CYlDRI17f+wHtq/3iXZVUoaYHNeru6GAi4VmAYrUjdv5aCtrlugQQdQDxYNjW5fPX2zFKxCgX5A4oRPOCcIBJ5TfDSg3WNpki/vLGS8JAuNzjQl9LpxBPL5jqz8CMSh3rMmIvXDPwDqieD57p8bdtO9NKCl7MdMJ5dTtv9gpIyblXan429E6rBaVPgflhpf7VC+4aK6F+7wVkViQ+hHGmYfbh7OwrCmJaBmbYuEvwBBCKjJbS5xoDrCDuGEQaqXc+T7ZGb5P29SHAHiyT13FpNvQtIvRziokcX1QRAHWyimjgtgx1jwicRkQC2lZrdUnctR/xUhEUT8CAwEAAaNBMD8wDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUjksquKViYHUS6LNDCCG+kJrsUtMwDQYJKoZIhvcNAQELBQADggEBAHui22UunkekC2vigcPtcGaa7Cx+hJ1fHSvJuVLBgsDjJVaQgEeOZnW05zjwS9H0iFBautJrFMewzjg+UIlV0R0iQ3cMNx+7m9y7x4cb5eqlo5mhfra/2HUCIeua9HPHQVERqJlGxxmWkrX+1TPnMH7UlIFdmsP+NWDqIxg9rh5zN9ZI0g3F1TZexejXMYXrHNzij5eO6kMjnKSx0DNBKY4jaQaL7oJQMhG2/ZLJFesHLf/IMKkbhLjM4/Ap+knHE5WKUScspQd6nDT4lM8MKVHSKp4k46j8zZhNlfLeoODq/KizlQPn5yCfQrtJgtPpGbbUO/qYpCp0tExatqZ+5XNgYtCIdHPlDxIQ3kcQQc/65r17bA== + truststore.jks: >- + /u3+7QAAAAIAAAABAAAAAgAKdHMtYWxpYXMtMAAAAZHrqVeOAARYNTA5AAADFjCCAxIwggH6oAMCAQICECBcdRHTt+2agTmCaJ0FffQwDQYJKoZIhvcNAQELBQAwIzEhMB8GA1UEAxMYZW5jLW1nbXQtMi1pbm9kZS1zZWxmLWNhMB4XDTI0MDkxMzEzNTI0OFoXDTI5MDkxMjEzNTI0OFowIzEhMB8GA1UEAxMYZW5jLW1nbXQtMi1pbm9kZS1zZWxmLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmjd3+VYhA6M131xivi4+JgTq11p7atQomwTiauWzXlNawmuyJVYFyXblkm4B0vI0mXyXim7DQtmCfboHgNMJUYmcUuKWFGKRhdCeTZVmkCECVeupA4mQyKfZRys7QNYjxtSyc+qnMWbtBQqVLwPdBku93n2pYb9Hj10pPhoxFjdDXR/wqalepe/YMhTZpcsb7tI2RBfDiyFkFdIFoppDKNhl4+NPfjVz6aWbt+sVhsD3Mi50EZPzMupIdSOOG31A/0LdpuWCMWfRtTBldaRJK9R4rQHyfBA+6U+mSExgTEYgYGMKYC6Du+R7xbsH4X6zyJ6sSBaSjXIQzymScONfiQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAqQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUjksquKViYHUS6LNDCCG+kJrsUtMwDQYJKoZIhvcNAQELBQADggEBAAcLOu4eLoUmP+S7wCZ4b8vS4LYvHFAj7ICL/DLQOKVIQS8ufF0JJORsDoegm1yFTCHc14Y1Wi4bJR/oG42U0b/gPAVmyi1eCFEgy6+0ckhrSD7z+A9IHkkWyQeMjhnWPTetSCu69n6i/mA25mIT4JAYOapuCMPSmzb3d6Dr0ZfzoKO5w07cnR4l8VGV3Es9XE6qxyyTdGmCHAb3+g1MqsfwkbfYZJVjUcjO+oYXEN2JWNEBPgHPIz2tQL+tWaINPrrBxhT+tQFsME6iro++mKc0uqO7QRwpitG8mFLLwhAPV5L+yTpSJ/P09JDtfoIqMVto98os8iQ+pkbjFNsz4AZGKWkPZA1HbBAh9Pho89dbXxrYhg== +type: Opaque +--- +apiVersion: v1 +kind: Secret +metadata: + name: enc-mgmt-2-enc-mgmt-2-c2dc1-s-mgmt +data: + ca.crt: >- + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFRENDQWZpZ0F3SUJBZ0lRTDRWWlpwelUxUk9iM0JwSDJ3SXYxVEFOQmdrcWhraUc5dzBCQVFzRkFEQWkKTVNBd0hnWURWUVFERXhkbGJtTXRiV2R0ZEMweUxXMW5iWFF0YzJWc1ppMWpZVEFlRncweU5EQTVNVE14TXpVegpNRE5hRncweU9UQTVNVEl4TXpVek1ETmFNQ0l4SURBZUJnTlZCQU1URjJWdVl5MXRaMjEwTFRJdGJXZHRkQzF6ClpXeG1MV05oTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE4QnROWGJrQk14YVIKMHJDNmlJdzNYYXBRTmRocmJCeGRkN1NhQVR6ZWlPeXFudnVsT2VFUzZRc3ByMjlxRnhidUR6VXdLZEtrRWNuawpJK3pTY2svVUE0dHFxMmFaOVVpV1krQ3VzTU03VGhZVlN4aWRoTTFuNVlLNHJyUHZaZ1A1ZHhvUU1vbG9nVW1oCmYvbnR2YzRMWnB1bWxDU003RTViMS80Q0xFaEVWMjQrbmRveXdVN1phQjZxWnQyN1FkeFB5cUpXaGh2ZHZMWEYKS21hZTdmYzhCNjJGRW54RE40bTFQL05RdWJzemdicWw5Sy9FeDNodnBlS2QzdUp1UzdLU25JN2YyVGRNOVZkWgpNeW5WWjdYL2thUXZLcTVHR1U2dGlhSGd6V3MzdnVwV2pNbURoRGRKMTVPa2FtL3VDd0YvL2xyUU5LOVhUeHNWClJva3BvL3hNbHdJREFRQUJvMEl3UURBT0JnTlZIUThCQWY4RUJBTUNBcVF3RHdZRFZSMFRBUUgvQkFVd0F3RUIKL3pBZEJnTlZIUTRFRmdRVVZiNHBlVWlSMk5jZ3hhNi9TeTJKUnZKSWFHMHdEUVlKS29aSWh2Y05BUUVMQlFBRApnZ0VCQUl4TnZJaUNtMENvS3NBd0NaNTVYZk44QTZsZkhUY2JqWTJOdDUrNGpuVlgxUm9kQm1yMXpKOGFnS3V0CjJPMEtHOXgzWVNZSTVUdEUvaVNYVFhaTGxYU1dKMDVDdm1STmpuNDBBM3BibldYWDZMUDI5MUdJTW0xMmdHV00KV2tod0dUMjdabW50UWIzVU80YTVMQ28rWWU1TWNVV3ozeXNiYU14T1laZGZCUllqRXA0Mjd5VE5meitWVnJsNQpXcklzajNRUmNFUDlvMGtGdEoxcjFvcWlkV00vbjV3ZlVNQTlPL2FPS1BaNlMvZENKdFBncmthL0JqdVN6T3BmCkFCZjFvMDZJQUZ0ZDJwTjlNQlJDUjd2dVM1Q1dZUEp3KzcwbGN2azAyT2FJNTcxcGtEZUlwaCtFWVgwUnM1U0gKVHFPODhkNW1SZjF4ampUQUJJWFRpTEpENnFRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.crt: >- + LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURHRENDQWdDZ0F3SUJBZ0lRUDJHTURKdDNQRU03UFNkOGZFd1JPVEFOQmdrcWhraUc5dzBCQVFzRkFEQWkKTVNBd0hnWURWUVFERXhkbGJtTXRiV2R0ZEMweUxXMW5iWFF0YzJWc1ppMWpZVEFlRncweU5EQTVNVE14TXpVegpORGxhRncweU5UQXpNVFV3TVRVek5EbGFNQ3N4S1RBbkJnTlZCQU1USUdWdVl5MXRaMjEwTFRJdFpXNWpMVzFuCmJYUXRNaTFrWXpFdGN5MXRaMjEwTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUEKeVdxU0xkUTdyUmpUNEUrckt2MHB2cWpLNWpRVnExUXZYL1RBREg0MU5hNXR2SWZJUUlOMUJPdXVyamNrZk5HWQppa1ExWXlRM0psYUcvOTdMZ3VJeGl3a1VoYjNVb1lNQUttMmRjSmQyY1BJTENGRDRBeS9rL29ubjhpdlF1SjZ0CjJybndWOVBDcjJKU1N5SWQza01hdndYdXJ6czY4bjBCWllVVDQzeDJ0K0ZMNWRmRXlsaEsvYkNDWnBvTU9CZksKY2F3RDQ5bC8zTm1wSVRPMkdCWWVQckVNTGowSGI3R3lkN1JGK1dmWEJrR0w0SVQ3c1lwclYzamFwelRaK3RScgpEU3d3aWdsUzVKV1hUa1pGMTZ5a2RoaXE3Q3ZFRUNuNUdxNzJlejNLc1lJM3o3OGdaQVpiRk8rbUJVUDJEcnBpCkxvU2hRQ1hyTzdTMWxGbTMzdldmRFFJREFRQUJvMEV3UHpBT0JnTlZIUThCQWY4RUJBTUNCYUF3REFZRFZSMFQKQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JSVnZpbDVTSkhZMXlERnJyOUxMWWxHOGtob2JUQU5CZ2txaGtpRwo5dzBCQVFzRkFBT0NBUUVBc2lnVmdMblZKejBYSnhBRE5vSXZZelk1aXNHT1AwY1craWhqR2tLcUFjN25WbWlJClZwRkRDQSt1cm1NTFQycnd2M0cvL3NqU0QyRUZkSHBSTlU4c3pvYkZENzdVbDBhMDBTS01Ob0NuS0lNb2NnWW4KYUdyUm5NS2RiOTBMRFh5Q0RwYXVzNTA0MVY1VE5lVExwcXA4cjBzRGxLTG0wK3BvY0NHdGFvOUd4RTM4NWcwYQpLMFFRU0xYYW14QmU4VE51YjBQdmYxNGFtem1Ea0s4VWNJV0VpQWxQZjQ1a2V3TkVTMzZiS1JMdklXMDNMZHkxCjMxTjVpbjBKVkZyZENWd1kwOE9ZRWJqemd3eHREOVJqSVVpY0JoUWxQMFpOQ21xT2tGaHJDQkw0MFJ0Y0JjU00KbFB0U0FleWdpbDZYeGRUejFEMGIzNHlQZGVTSTZQM0NQRWhvK2c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + tls.key: >- + LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV3QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktvd2dnU21BZ0VBQW9JQkFRREphcEl0MUR1dEdOUGcKVDZzcS9TbStxTXJtTkJXclZDOWY5TUFNZmpVMXJtMjhoOGhBZzNVRTY2NnVOeVI4MFppS1JEVmpKRGNtVm9iLwozc3VDNGpHTENSU0Z2ZFNoZ3dBcWJaMXdsM1p3OGdzSVVQZ0RMK1QraWVmeUs5QzRucTNhdWZCWDA4S3ZZbEpMCkloM2VReHEvQmU2dk96cnlmUUZsaFJQamZIYTM0VXZsMThUS1dFcjlzSUptbWd3NEY4cHhyQVBqMlgvYzJha2gKTTdZWUZoNCtzUXd1UFFkdnNiSjN0RVg1WjljR1FZdmdoUHV4aW10WGVOcW5OTm42MUdzTkxEQ0tDVkxrbFpkTwpSa1hYcktSMkdLcnNLOFFRS2ZrYXJ2WjdQY3F4Z2pmUHZ5QmtCbHNVNzZZRlEvWU91bUl1aEtGQUplczd0TFdVCldiZmU5WjhOQWdNQkFBRUNnZ0VCQUxlTGdFNTNHekt3YjFQNEJkbVUvcGVhSmR3R0ZzRWNaRmVqSitlNmt5NnEKRjZJNGNrb29BVmxNbE5CNXU2eHJMQURFQzRxZkZBckJ5eUFjbllSV01DT3RVS0JYenc2bjNGek5xeTFST1VQUApyaklUNXc2d2RKTm9oSS94VWJFTUdRNDdaMFFCMjJZTHlVWmlmcWx1cVU3dVR3WXNpWmswUlRPSVJBbUlBSCtyCkZUazdJTGZNMWszR1FwLzg2S1BySGFvVEVzSFdFOGxvSml1bWo2dU5pMnVZOXdEc3g2cE94Y2lUdEFGU0VRMWYKVUJPaVRiSWVFampGeGhBb2lkZXlHTWg5d0Rjc1hJbkloenBCN0UvdWo4MUpmYlRTb2QxdDFRQkhvazFBVHpVNQpMZlFhZmRkYkFwa2VYT1Y2QWVZT1E4OXQ0R1ZnWVVUcTdwOWNrdG9LamdFQ2dZRUEvUzZyMlY4d2lBbk1TT2R3ClJGMm14MERlR0F3VSt1cnduWGxrdUg1UWNMQ2JJcFNUa01vT0dLZmV2WmpGYzlBeTBnU0pCMzZrbC9mMzkxc0IKK3MzQjAvdlFnL0pGOUN0cWh3WnV1dzN2K20ySU5EWjZwYno2cU5jcUEwcWtISkV4UWRxaUQ0Z1cvRzRTdVlZaQprdlJ6OElKRE14dURMSmlGdmY1UmdlbDBsa0VDZ1lFQXk2aHFjNkhDVHJ2V3BLWjVBR2Y3eitBMHQ1cHpHQlAwClJ5M1lXdlh6K2hLK1QzbHRudnFFM2JSazJzVExBMzdTOVFBeDlWenFVUVpUbWZiS2x0R0hvSjJjYWpVcnFaZFgKeXlDRExrdEJROGlFbnJ4cFpMRTdoejRGY3ZFVWRpVnNrLzhLQ3VBelphbjg3Mzl6eTBQV0xqSVhSTW8yWHJNSwo4ZlBLV3ZMNERjMENnWUVBdEFWbWJkWXdSTnBxcGYvaUpNcE9WdWs1d2ZGOVRYaVdBL0tYK2xMZVVYSlJySUhtCmR4SWtlY1dMTEZhZk54ejN0YnRCejlGdHFSekk5Tm1DQzlvWGt1by9Oa0tqR04xeURuWTFiODJXTUFPSDBGQlkKWHRhRGlHQU5ZRy9IUndTNStIQkR3VFZyMnF0TnB4cklKS09xZUgyMjJIVWNqUzRhRXFEdFJhbEFtOEVDZ1lFQQp3ZUd3amlxbDUveXRDQXl2enpJdktTUkNLN1N1ODNJenNQdTFLRXRVSEhOeG1BbDYwY21mYWMxTjRuTk03aVB6CncyaVBKdzV3eC9nazZNTm85SkcrODZwNGVTZnJURVdYUC9yUXgrYSsyRC94K1loWE1aUUVudWp0bVJKbnIxNUwKY3MxdkN4R0wvTElLNlJwRjYzSEdXaTQzdHJabmNsb3pCa3BZRDZPVmdOVUNnWUVBakJkb2FNQ2sxcDlPV2JlVQozQW5ocFlhcVUzWTRaZ1hocEZwWGVJakFOS2dWTzFXcXlsS1hLTEIrcko5OWxVWmZHYjRYWU52OFlydU5JdURTCnhNUnE4QkNIeUZYcklpckQ3YUJkUXRFdWtHNGhGVGJHOTRaYU9Ea1ExOTVWSG9iRTRBVytGWElWODkySVQ2cmcKVzZ2VXd1dTEvb1dsZ1czOFRWNzVOSHdLMlpVPQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg== +type: kubernetes.io/tls +--- +apiVersion: k8ssandra.io/v1alpha1 +kind: K8ssandraCluster +metadata: + name: enc-mgmt-2 +spec: + auth: true cassandra: - clusterName: "E2E Test Cluster" - serverVersion: "3.11.14" - serverImage: "k8ssandra/cass-management-api:3.11.14" - jmxInitContainerImage: - repository: library - name: busybox + config: + cassandraYaml: + server_encryption_options: + internode_encryption: all + keystore: /etc/encryption/internode/keystore.jks + keystore_password: changeit + truststore: /etc/encryption/internode/truststore.jks + truststore_password: changeit + jvmOptions: + gc: G1GC + heapSize: 2Gi datacenters: - - metadata: - name: dc1 - k8sContext: kind-k8ssandra-0 - size: 2 - storageConfig: - cassandraDataVolumeClaimSpec: - storageClassName: standard - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 5Gi - config: + - config: jvmOptions: - heapSize: 384Mi + gc: G1GC cassandra_ring_delay_ms: 0 - mgmtAPIHeap: 64Mi + datacenterName: c2dc1 + dseWorkloads: {} + managementApiAuth: + manual: + clientSecretName: enc-mgmt-2-enc-mgmt-2-c2dc1-c-mgmt + serverSecretName: enc-mgmt-2-enc-mgmt-2-c2dc1-s-mgmt + metadata: + name: enc-mgmt-2-dc1 + pods: {} + services: + additionalSeedService: {} + allPodsService: {} + dcService: {} + nodePortService: {} + seedService: {} + networking: {} + perNodeConfigInitContainerImage: mikefarah/yq:4 + perNodeConfigMapRef: {} + racks: + - name: r1 + size: 2 + stopped: false + metadata: + pods: + annotations: + k8ssandra.io/inject-secret: >- + [{"name": "${POD_NAME}-inode-ks", "path": + "/etc/encryption/internode"}] + services: + additionalSeedService: {} + allPodsService: {} + dcService: {} + nodePortService: {} + seedService: {} + perNodeConfigInitContainerImage: mikefarah/yq:4 + resources: + requests: + cpu: '1' + memory: 4Gi + serverType: cassandra + serverVersion: 4.1.6 + storageConfig: + cassandraDataVolumeClaimSpec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 2Gi + storageClassName: standard + superuserSecretRef: + name: enc-mgmt-2-superuser + reaper: + reaperRef: + name: reaper1 + uiUserSecretRef: + name: reaper-ui-secret + secretsProvider: internal diff --git a/test/testdata/fixtures/reaper-control-plane/reaper.yaml b/test/testdata/fixtures/reaper-control-plane/reaper.yaml index c3ee64c99..a4bbff281 100644 --- a/test/testdata/fixtures/reaper-control-plane/reaper.yaml +++ b/test/testdata/fixtures/reaper-control-plane/reaper.yaml @@ -17,3 +17,5 @@ spec: enabled: false uiUserSecretRef: name: reaper-ui-secret + containerImage: + tag: 6732873-tmp From ea8f3c081b9443306e1cf6de6ddbc8c0996d9774 Mon Sep 17 00:00:00 2001 From: Radovan Zvoncek Date: Thu, 24 Oct 2024 15:01:51 +0300 Subject: [PATCH 2/8] Add CP Reaper to CI tests --- .github/workflows/kind_e2e_tests.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/kind_e2e_tests.yaml b/.github/workflows/kind_e2e_tests.yaml index 4dd06fc2c..86a93fd7c 100644 --- a/.github/workflows/kind_e2e_tests.yaml +++ b/.github/workflows/kind_e2e_tests.yaml @@ -82,6 +82,7 @@ jobs: - CreateSingleReaperNoStargate - CreateSingleReaperWStargateAndHTTP - CreateReaperAndDatacenter + - CreateControlPlaneReaperAndDataCenter - CreateSingleMedusaJob - CreateMultiDcSingleMedusaJob - CreateSingleDseMedusaJob From 841545069848f7b77e32118b6fbaea00c5db8bbb Mon Sep 17 00:00:00 2001 From: Radovan Zvoncek Date: Fri, 25 Oct 2024 15:29:14 +0300 Subject: [PATCH 3/8] Make Reaper's truststore shorter --- pkg/reaper/secrets.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/reaper/secrets.go b/pkg/reaper/secrets.go index 7037e056e..928ef942e 100644 --- a/pkg/reaper/secrets.go +++ b/pkg/reaper/secrets.go @@ -94,5 +94,5 @@ func secretToEnvVars(secret *corev1.Secret, envUsernameParam, envPasswordParam s } func GetTruststoresSecretName(reaperName string) string { - return fmt.Sprintf("%s-truststores", reaperName) + return fmt.Sprintf("%s-ts", reaperName) } From f0c6a025974c7090b71a07afe861468fa6d51e36 Mon Sep 17 00:00:00 2001 From: Radovan Zvoncek Date: Fri, 25 Oct 2024 15:50:07 +0300 Subject: [PATCH 4/8] Replace ConfigMap with Secret in logs about Reaper's truststore creation --- controllers/reaper/reaper_controller.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/controllers/reaper/reaper_controller.go b/controllers/reaper/reaper_controller.go index 8f5cfed18..d044c0b26 100644 --- a/controllers/reaper/reaper_controller.go +++ b/controllers/reaper/reaper_controller.go @@ -504,18 +504,18 @@ func (r *ReaperReconciler) reconcileTrustStoresSecret(ctx context.Context, actua } if err := r.Client.Get(ctx, sKey, s); err != nil { if errors.IsNotFound(err) { - logger.Info("Creating Reaper's truststore ConfigMap", "ConfigMap", sKey) + logger.Info("Creating Reaper's truststore Secret", "Secret", sKey) if err = controllerutil.SetControllerReference(actualReaper, s, r.Scheme); err != nil { - logger.Error(err, "Failed to set owner on truststore ConfigMap") + logger.Error(err, "Failed to set owner on truststore Secret") return err } if err = r.Client.Create(ctx, s); err != nil { - logger.Error(err, "Failed to create Reaper's truststore ConfigMap") + logger.Error(err, "Failed to create Reaper's truststore Secret") return err } return nil } - logger.Error(err, "Failed to get Reaper's truststores ConfigMap") + logger.Error(err, "Failed to get Reaper's truststore Secret") return err } return nil From 7b3e21bb6aabe6db98017b011c3367b2439ca5fe Mon Sep 17 00:00:00 2001 From: Radovan Zvoncek Date: Fri, 25 Oct 2024 15:54:35 +0300 Subject: [PATCH 5/8] Remove redundant DeepCopy() in some tests --- controllers/reaper/reaper_controller_test.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/controllers/reaper/reaper_controller_test.go b/controllers/reaper/reaper_controller_test.go index 7b9e11070..b16541a1b 100644 --- a/controllers/reaper/reaper_controller_test.go +++ b/controllers/reaper/reaper_controller_test.go @@ -566,9 +566,9 @@ func testCreateReaperWithLocalStorageType(t *testing.T, ctx context.Context, k8s // In this configuration, we expect Reaper to have a config volume mount, and a data volume mount assert.Len(t, sts.Spec.Template.Spec.Containers[0].VolumeMounts, 2) - confVolumeMount := sts.Spec.Template.Spec.Containers[0].VolumeMounts[0].DeepCopy() + confVolumeMount := sts.Spec.Template.Spec.Containers[0].VolumeMounts[0] assert.Equal(t, "conf", confVolumeMount.Name) - dataVolumeMount := sts.Spec.Template.Spec.Containers[0].VolumeMounts[1].DeepCopy() + dataVolumeMount := sts.Spec.Template.Spec.Containers[0].VolumeMounts[1] assert.Equal(t, "reaper-data", dataVolumeMount.Name) } @@ -601,11 +601,11 @@ func testCreateReaperWithHttpAuthEnabled(t *testing.T, ctx context.Context, k8sC // In this configuration, we expect Reaper to also have a mount for the http auth secrets assert.Len(t, sts.Spec.Template.Spec.Containers[0].VolumeMounts, 3) - confVolumeMount := sts.Spec.Template.Spec.Containers[0].VolumeMounts[0].DeepCopy() + confVolumeMount := sts.Spec.Template.Spec.Containers[0].VolumeMounts[0] assert.Equal(t, "conf", confVolumeMount.Name) - dataVolumeMount := sts.Spec.Template.Spec.Containers[0].VolumeMounts[2].DeepCopy() + dataVolumeMount := sts.Spec.Template.Spec.Containers[0].VolumeMounts[2] assert.Equal(t, "reaper-data", dataVolumeMount.Name) - truststoresVolumeMount := sts.Spec.Template.Spec.Containers[0].VolumeMounts[1].DeepCopy() + truststoresVolumeMount := sts.Spec.Template.Spec.Containers[0].VolumeMounts[1] assert.Equal(t, "management-api-keystores-per-cluster", truststoresVolumeMount.Name) // when we delete reaper, the STS and the secret both go away due to the owner reference From cd78ce8b3bd779e57ba9e603a093499893473859 Mon Sep 17 00:00:00 2001 From: Radovan Zvoncek Date: Fri, 25 Oct 2024 16:10:34 +0300 Subject: [PATCH 6/8] In tests for reapers STS templates, find containers properly --- controllers/reaper/reaper_controller_test.go | 22 +++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/controllers/reaper/reaper_controller_test.go b/controllers/reaper/reaper_controller_test.go index b16541a1b..5ff34bca1 100644 --- a/controllers/reaper/reaper_controller_test.go +++ b/controllers/reaper/reaper_controller_test.go @@ -2,6 +2,7 @@ package reaper import ( "context" + "github.com/k8ssandra/k8ssandra-operator/pkg/cassandra" "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/resource" "k8s.io/utils/ptr" @@ -599,14 +600,21 @@ func testCreateReaperWithHttpAuthEnabled(t *testing.T, ctx context.Context, k8sC assert.True(t, truststoresSecret.Data == nil) assert.Equal(t, 0, len(truststoresSecret.Data)) + reaperContainerIdx, foundReaper := cassandra.FindContainer(&sts.Spec.Template, "reaper") + assert.True(t, foundReaper, "reaper container not found in reaper's STS template") + + reaperContainer := sts.Spec.Template.Spec.Containers[reaperContainerIdx] // In this configuration, we expect Reaper to also have a mount for the http auth secrets - assert.Len(t, sts.Spec.Template.Spec.Containers[0].VolumeMounts, 3) - confVolumeMount := sts.Spec.Template.Spec.Containers[0].VolumeMounts[0] - assert.Equal(t, "conf", confVolumeMount.Name) - dataVolumeMount := sts.Spec.Template.Spec.Containers[0].VolumeMounts[2] - assert.Equal(t, "reaper-data", dataVolumeMount.Name) - truststoresVolumeMount := sts.Spec.Template.Spec.Containers[0].VolumeMounts[1] - assert.Equal(t, "management-api-keystores-per-cluster", truststoresVolumeMount.Name) + assert.Len(t, reaperContainer.VolumeMounts, 3) + + _, foundConfVolume := cassandra.FindVolume(&sts.Spec.Template, "conf") + assert.True(t, foundConfVolume, "conf volume not found in reaper's STS template") + + _, foundDataVolume := cassandra.FindVolume(&sts.Spec.Template, "reaper-data") + assert.True(t, foundDataVolume, "reaper-data volume not found in reaper's STS template") + + _, foundTruststoresVolume := cassandra.FindVolume(&sts.Spec.Template, "management-api-keystores-per-cluster") + assert.True(t, foundTruststoresVolume, "management-api-keystores-per-cluster volume not found in reaper's STS template") // when we delete reaper, the STS and the secret both go away due to the owner reference // however, that does not happen in env tests From c7c0baa501012dc1fc9feab10259bda319484c1b Mon Sep 17 00:00:00 2001 From: Radovan Zvoncek Date: Fri, 25 Oct 2024 16:48:05 +0300 Subject: [PATCH 7/8] In CP Reaper tests, compare certificate fingerprints --- test/e2e/reaper_test.go | 4 +++- test/e2e/suite_test.go | 33 ++++++++++++++++++++++++++++----- 2 files changed, 31 insertions(+), 6 deletions(-) diff --git a/test/e2e/reaper_test.go b/test/e2e/reaper_test.go index 75f7ae92c..8c9366379 100644 --- a/test/e2e/reaper_test.go +++ b/test/e2e/reaper_test.go @@ -308,7 +308,9 @@ func createReaperAndDatacenter(t *testing.T, ctx context.Context, namespace stri func createControlPlaneReaperAndDatacenter(t *testing.T, ctx context.Context, namespace string, f *framework.E2eFramework) { reaperName := "reaper1" cluster1Name := "enc-mgmt" + cluster1DcName := "c1dc1" cluster2Name := "enc-mgmt-2" + cluster2DcName := "c2dc1" reaperKey := framework.ClusterKey{K8sContext: f.ControlPlaneContext, NamespacedName: types.NamespacedName{Namespace: namespace, Name: reaperName}} c1dc1Key := framework.ClusterKey{K8sContext: f.DataPlaneContexts[0], NamespacedName: types.NamespacedName{Namespace: namespace, Name: fmt.Sprintf("%s-dc1", cluster1Name)}} @@ -319,7 +321,7 @@ func createControlPlaneReaperAndDatacenter(t *testing.T, ctx context.Context, na checkDatacenterReady(t, ctx, c2dc1Key, f) t.Log("Verify Reaper received k8ssandra-cluster secrets") - verifyReaperSecrets(t, f, ctx, namespace, reaperName, cluster1Name, cluster2Name) + verifyReaperSecrets(t, f, ctx, namespace, reaperName, cluster1Name, cluster1DcName, cluster2Name, cluster2DcName) c1dc1Prefix := DcPrefix(t, f, c1dc1Key) c2dc1Prefix := DcPrefix(t, f, c2dc1Key) diff --git a/test/e2e/suite_test.go b/test/e2e/suite_test.go index 8ec82da72..8511cafd2 100644 --- a/test/e2e/suite_test.go +++ b/test/e2e/suite_test.go @@ -2,6 +2,7 @@ package e2e import ( "context" + "crypto/sha256" "encoding/json" "flag" "fmt" @@ -1942,7 +1943,7 @@ func verifyReaperSecrets( t *testing.T, f *framework.E2eFramework, ctx context.Context, - namespace, reaperName, cluster1Name, cluster2Name string, + namespace, reaperName, cluster1Name, cluster1DcName, cluster2Name, cluster2DcName string, ) { // check that the secret now has 2 entries updatedTruststoreSecret := &corev1.Secret{} @@ -1951,15 +1952,20 @@ func verifyReaperSecrets( require.Len(t, updatedTruststoreSecret.Data, 4, "truststore secret should have 2 entries") // check that updatedTruststoreSecret keys are made of correctly named truststore files - _, ok := updatedTruststoreSecret.Data[fmt.Sprintf("%s-truststore.jks", cluster1Name)] + c1ts, ok := updatedTruststoreSecret.Data[fmt.Sprintf("%s-truststore.jks", cluster1Name)] require.True(t, ok, "truststore secret should have key %s", cluster1Name) - _, ok = updatedTruststoreSecret.Data[fmt.Sprintf("%s-keystore.jks", cluster1Name)] + c1ks, ok := updatedTruststoreSecret.Data[fmt.Sprintf("%s-keystore.jks", cluster1Name)] require.True(t, ok, "truststore secret should have key %s", cluster1Name) - _, ok = updatedTruststoreSecret.Data[fmt.Sprintf("%s-keystore.jks", cluster2Name)] + // compare the secrets in reaper's truststore with the actual secrets the cluster uses + verifyTruststoreFingerprints(t, f, ctx, namespace, cluster1Name, cluster1DcName, c1ts, c1ks) + + c2ts, ok := updatedTruststoreSecret.Data[fmt.Sprintf("%s-keystore.jks", cluster2Name)] require.True(t, ok, "truststore secret should have key %s", cluster2Name) - _, ok = updatedTruststoreSecret.Data[fmt.Sprintf("%s-keystore.jks", cluster2Name)] + c2ks, ok := updatedTruststoreSecret.Data[fmt.Sprintf("%s-keystore.jks", cluster2Name)] require.True(t, ok, "truststore secret should have key %s", cluster2Name) + + verifyTruststoreFingerprints(t, f, ctx, namespace, cluster2Name, cluster2DcName, c2ts, c2ks) } func checkKeyspaceNeverCreated( @@ -2386,3 +2392,20 @@ func CheckLabelsAnnotationsCreated(dcKey framework.ClusterKey, t *testing.T, ctx assert.True(t, cassDC.Spec.AdditionalAnnotations["anAnnotationKeyClusterLevel"] == "anAnnotationValueClusterLevel") return nil } + +func verifyTruststoreFingerprints( + t *testing.T, + f *framework.E2eFramework, + ctx context.Context, + namespace, clusterName, dcName string, + reapersTruststore, reapersKeystore []byte, +) { + c1SecretName := fmt.Sprintf("%s-%s-%s-c-mgtm-ks", clusterName, clusterName, dcName) + c1SecretKey := types.NamespacedName{Namespace: namespace, Name: c1SecretName} + c1Secret := &corev1.Secret{} + err := f.Client.Get(ctx, c1SecretKey, c1Secret) + require.NoError(t, err, "failed to get secret %s", c1SecretKey) + actualTs, actualKs := c1Secret.Data["truststore.jks"], c1Secret.Data["keystore.jks"] + require.Equal(t, sha256.Sum256(reapersTruststore), sha256.Sum256(actualTs)) + require.Equal(t, sha256.Sum256(reapersKeystore), sha256.Sum256(actualKs)) +} From 55d9605a9a10e2530ae4872fb0c128b32625e62d Mon Sep 17 00:00:00 2001 From: Radovan Zvoncek Date: Tue, 26 Nov 2024 14:13:21 +0200 Subject: [PATCH 8/8] Remove confusing .Eventually() --- controllers/reaper/reaper_controller_test.go | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/controllers/reaper/reaper_controller_test.go b/controllers/reaper/reaper_controller_test.go index 5ff34bca1..e9bb14ec3 100644 --- a/controllers/reaper/reaper_controller_test.go +++ b/controllers/reaper/reaper_controller_test.go @@ -627,18 +627,6 @@ func testCreateReaperWithHttpAuthEnabled(t *testing.T, ctx context.Context, k8sC return errors.IsNotFound(err) }, timeout, interval, "reaper stateful set deletion check failed") - assert.Eventually(t, func() bool { - err = k8sClient.Get(ctx, stsKey, sts) - // we'd expect errors.IsNotFound(err) here, except for some reason this is not happening in env tests - return err == nil - }, timeout, interval, "reaper stateful set deletion check failed") - - assert.Eventually(t, func() bool { - err = k8sClient.Get(ctx, secretKey, truststoresSecret) - // again, we'd expect errors.IsNotFound(err) ... - return err == nil - }, timeout, interval, "reaper truststore secret deletion check failed") - // so we delete stuff manually err = k8sClient.Delete(ctx, sts) require.NoError(t, err)