Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[custom certs] Updates charts to support custom certificate #369

Merged
merged 3 commits into from
Jan 20, 2020
Merged

[custom certs] Updates charts to support custom certificate #369

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c91a26c
Updates charts to support custom certificate
GoelDeepak Jan 17, 2020
34ffcc9
updates dex-k8s-authenticator with custom cert path info
GoelDeepak Jan 18, 2020
17f8539
Merge branch 'dev' into deepak/custom-certs
alejandroEsc Jan 20, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion staging/dex-k8s-authenticator/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v1
appVersion: "v1.1.1"
description: "Authenticator for using Dex with Kubernetes"
name: dex-k8s-authenticator
version: 1.1.12
version: 1.1.13
home: https://github.com/mesosphere/charts
sources:
- https://github.com/mintel/dex-k8s-authenticator
Expand Down
18 changes: 9 additions & 9 deletions staging/dex-k8s-authenticator/html-templates/linux-mac-common.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ <h3>Copy IDP CA Certificate From URL</h3>
<button class="btn" style="float:right" data-clipboard-snippet="">
<img class="clippy" width="13" src="{{ .Web_Path_Prefix }}static/clippy.svg" alt=""/>
</button>
<pre><code>curl --create-dirs -s {{ .IDPCaURI }} -o ${HOME}/.kube/certs/{{ .ClusterName }}/idp-ca.crt</code></pre>
<pre><code>curl --create-dirs -s {{ .IDPCaURI }} -o ${HOME}/.kube/certs/{{ .Username }}-{{ .ClusterName }}/idp-ca.crt</code></pre>
hectorj2f marked this conversation as resolved.
Show resolved Hide resolved
</div>
{{ end }}

Expand All @@ -22,7 +22,7 @@ <h3>Copy IDP CA Certificate From PEM</h3>
<button class="btn" style="float:right" data-clipboard-snippet="">
<img class="clippy" width="13" src="{{ .Web_Path_Prefix }}static/clippy.svg" alt=""/>
</button>
<pre><code>mkdir -p ${HOME}/.kube/certs/{{ .ClusterName }}/ &amp;&amp; cat &lt;&lt; EOF &gt; ${HOME}/.kube/certs/{{ .ClusterName }}/idp-ca.crt
<pre><code>mkdir -p ${HOME}/.kube/certs/{{ .Username }}-{{ .ClusterName }}/ &amp;&amp; cat &lt;&lt; EOF &gt; ${HOME}/.kube/certs/{{ .Username }}-{{ .ClusterName }}/idp-ca.crt
{{ .IDPCaPem }}
EOF</code></pre>
</div>
Expand All @@ -38,7 +38,7 @@ <h3>Copy Kubernetes CA Certificate From URL</h3>
<button class="btn" style="float: right" data-clipboard-snippet="">
<img class="clippy" width="13" src="{{ .Web_Path_Prefix }}static/clippy.svg" alt=""/>
</button>
<pre><code>curl --create-dirs -s {{ .K8sCaURI }} -o ${HOME}/.kube/certs/{{ .ClusterName }}/k8s-ca.crt</code></pre>
<pre><code>curl --create-dirs -s {{ .K8sCaURI }} -o ${HOME}/.kube/certs/{{ .Username }}-{{ .ClusterName }}/k8s-ca.crt</code></pre>
</div>
{{ end }}

Expand All @@ -52,7 +52,7 @@ <h3>Copy Kubernetes CA Certificate From PEM</h3>
<button class="btn" style="float:right" data-clipboard-snippet="">
<img class="clippy" width="13" src="{{ .Web_Path_Prefix }}static/clippy.svg" alt=""/>
</button>
<pre><code>mkdir -p ${HOME}/.kube/certs/{{ .ClusterName }}/ &amp;&amp; cat &lt;&lt; EOF &gt; ${HOME}/.kube/certs/{{ .ClusterName }}/k8s-ca.crt
<pre><code>mkdir -p ${HOME}/.kube/certs/{{ .Username }}-{{ .ClusterName }}/ &amp;&amp; cat &lt;&lt; EOF &gt; ${HOME}/.kube/certs/{{ .Username }}-{{ .ClusterName }}/k8s-ca.crt
{{ .K8sCaPem }}
EOF</code></pre>
</div>
Expand All @@ -67,8 +67,8 @@ <h3>Run configuration commands</h3>
<button class="btn" style="float:right" data-clipboard-snippet="">
<img class="clippy" width="13" src="{{ .Web_Path_Prefix }}static/clippy.svg" alt="">
</button>
<pre><code>kubectl config set-cluster {{ .ClusterName }} \
--certificate-authority=${HOME}/.kube/certs/{{ .ClusterName}}/k8s-ca.crt \
<pre><code>kubectl config set-cluster {{ .Username }}-{{ .ClusterName }} \
--certificate-authority=${HOME}/.kube/certs/{{ .Username }}-{{ .ClusterName}}/k8s-ca.crt \
--server={{ .K8sMasterURI }}</code></pre>
</div>

Expand All @@ -80,7 +80,7 @@ <h3>Run configuration commands</h3>
<pre><code>kubectl config set-credentials {{ .Username }}-{{ .ClusterName }} \
--token={{ .IDToken }}
{{- if or (.IDPCaURI) (.IDPCaPem) }} \
--auth-provider-arg=idp-certificate-authority=${HOME}/.kube/certs/{{ .ClusterName }}/idp-ca.crt
--auth-provider-arg=idp-certificate-authority=${HOME}/.kube/certs/{{ .Username }}-{{ .ClusterName }}/idp-ca.crt
{{- end }}</code></pre>
</div>

Expand All @@ -90,8 +90,8 @@ <h3>Run configuration commands</h3>
<img class="clippy" width="13" src="{{ .Web_Path_Prefix }}static/clippy.svg" alt="">
</button>
<pre><code class="hljs">kubectl config set-context {{ .Username }}-{{ .ClusterName }} \
--cluster={{ .ClusterName }} \
--user={{ .Username}}-{{.ClusterName }}</code></pre>
--cluster={{ .Username }}-{{ .ClusterName }} \
--user={{ .Username }}-{{.ClusterName }}</code></pre>
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

-{{ .ClusterName }}

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@alejandroEsc ^

</div>

<div class="command">
Expand Down
8 changes: 8 additions & 0 deletions staging/dex-k8s-authenticator/templates/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,4 +30,12 @@ data:
clusters:
{{ toYaml .clusters | indent 4 }}
{{- end }}
{{- if .Values.caCerts.enabled }}
caCerts: "true"
{{- if .Values.caCerts.secrets }}
caCertPath: /certs/{{ .filename }}
{{- else }}
caCertPath: /certs/ca.crt
{{- end }}
{{- end }}

28 changes: 27 additions & 1 deletion staging/dex-k8s-authenticator/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,18 @@ spec:
{{- if .Values.initContainers }}
initContainers:
{{- toYaml .Values.initContainers | nindent 8 }}
volumeMounts:
{{- if .Values.caCerts.enabled }}
{{- if .Values.caCerts.secrets }}
{{- range .Values.caCerts.secrets }}
- name: {{ template "dex-k8s-authenticator.fullname" $ }}-{{ .name }}
mountPath: /certs/
{{- end }}
{{- else if .Values.caCerts.caSecretName }}
- name: {{ template "dex-k8s-authenticator.fullname" $ }}-ca-certificate
mountPath: /certs/
{{- end }}
{{- end }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
Expand Down Expand Up @@ -65,10 +77,15 @@ spec:
- name: html-templates
mountPath: /app/templates/
{{- if .Values.caCerts.enabled }}
{{- if .Values.caCerts.secrets }}
{{- range .Values.caCerts.secrets }}
- name: {{ template "dex-k8s-authenticator.fullname" $ }}-{{ .name }}
mountPath: /certs/
{{- end }}
{{- else if .Values.caCerts.caSecretName }}
- name: {{ template "dex-k8s-authenticator.fullname" $ }}-ca-certificate
mountPath: /certs/
{{- end }}
{{- end }}
resources:
{{ toYaml .Values.resources | indent 10 }}
Expand Down Expand Up @@ -105,12 +122,21 @@ spec:
path: {{ base $path }}
{{- end }}
{{- if .Values.caCerts.enabled }}
{{- range .Values.caCerts.secrets }}
{{- if .Values.caCerts.secrets }}
{{- range .Values.caCerts.secrets }}
- name: {{ template "dex-k8s-authenticator.fullname" $ }}-{{ .name }}
secret:
secretName: {{ template "dex-k8s-authenticator.fullname" $ }}-{{ .name }}
items:
- key: {{ .name }}
path: {{ .filename }}
{{- end }}
{{- else if .Values.caCerts.caSecretName }}
- name: {{ template "dex-k8s-authenticator.fullname" $ }}-ca-certificate
secret:
secretName: {{ .Values.caCerts.caSecretName }}
items:
- key: ca.crt
path: ca.crt
{{- end }}
{{- end }}
2 changes: 2 additions & 0 deletions staging/dex-k8s-authenticator/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,8 @@ resources: {}

caCerts:
enabled: false
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

enabled: false ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah, the default is false. It is enabled by the operator if they want to use custom certs

# specify either caSecretName or secrets
caSecretName:
secrets: {}
# Array of Self Signed Certificates
# cat CA.crt | base64 -w 0
Expand Down
2 changes: 1 addition & 1 deletion staging/kube-oidc-proxy/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ appVersion: "v0.1.1"
description: A Helm chart for kube-oidc-proxy
home: https://github.com/mesosphere/charts
name: kube-oidc-proxy
version: 0.1.7
version: 0.1.8
sources:
- https://github.com/jetstack/kube-oidc-proxy
maintainers:
Expand Down
13 changes: 11 additions & 2 deletions staging/kube-oidc-proxy/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,10 @@ spec:
- "--oidc-client-id=$(OIDC_CLIENT_ID)"
- "--oidc-issuer-url=$(OIDC_ISSUER_URL)"
- "--oidc-username-claim=$(OIDC_USERNAME_CLAIM)"
{{- if .Values.oidc.caPEM }}
{{- if or .Values.oidc.caPEM .Values.oidc.caSecretName }}
- "--oidc-ca-file=/etc/oidc/oidc-ca.pem"
{{- else }}
- "--oidc-ca-file=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
{{ end }}
{{- if .Values.oidc.usernamePrefix }}
- "--oidc-username-prefix=$(OIDC_USERNAME_PREFIX)"
Expand Down Expand Up @@ -141,7 +143,7 @@ spec:
key: api-audiences
{{ end }}
volumeMounts:
{{ if .Values.oidc.caPEM }}
{{ if or .Values.oidc.caPEM .Values.oidc.caSecretName }}
- name: kube-oidc-proxy-config
mountPath: /etc/oidc
readOnly: true
Expand All @@ -157,6 +159,13 @@ spec:
items:
- key: oidc.ca-pem
path: oidc-ca.pem
{{- else if .Values.oidc.caSecretName }}
- name: kube-oidc-proxy-config
secret:
secretName: {{ .Values.oidc.caSecretName }}
items:
- key: ca.crt
path: oidc-ca.pem
{{ end }}
- name: kube-oidc-proxy-tls
secret:
Expand Down
1 change: 1 addition & 0 deletions staging/kube-oidc-proxy/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ oidc:
# ...
# -----END CERTIFICATE-----
caPEM:
caSecretName: # specify caPEM or caSecretName

usernamePrefix:
groupsClaim:
Expand Down
2 changes: 1 addition & 1 deletion staging/traefik-forward-auth/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ apiVersion: v1
appVersion: "latest"
description: Minimal forward authentication service that provides OIDC based login and authentication for the traefik reverse proxy
name: traefik-forward-auth
version: 0.2.11
version: 0.2.12
keywords:
- traefik-forward-auth
- traefik
Expand Down
11 changes: 9 additions & 2 deletions staging/traefik-forward-auth/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,13 @@ spec:
items:
- key: ca.crt
path: ca.crt
{{- else if .Values.traefikForwardAuth.caSecretName }}
- name: etc-traefik-forward-auth-ca
secret:
secretName: {{ .Values.traefikForwardAuth.caSecretName }}
items:
- key: ca.crt
path: ca.crt
{{- end }}
- name: etc-traefik-forward-auth-config
configMap:
Expand All @@ -48,7 +55,7 @@ spec:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
volumeMounts:
{{- if .Values.traefikForwardAuth.caCertificate }}
{{- if or .Values.traefikForwardAuth.caCertificate .Values.traefikForwardAuth.caSecretName }}
- name: etc-traefik-forward-auth-ca
mountPath: "/etc/traefik-forward-auth/ca"
readOnly: true
Expand All @@ -66,7 +73,7 @@ spec:
- name: CONFIG
value: "/etc/traefik-forward-auth/config/config.ini"
- name: SSL_CERT_FILE
{{- if .Values.traefikForwardAuth.caCertificate }}
{{- if or .Values.traefikForwardAuth.caCertificate .Values.traefikForwardAuth.caSecretName }}
value: "/etc/traefik-forward-auth/ca/ca.crt"
{{- else}}
value: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
Expand Down
1 change: 1 addition & 0 deletions staging/traefik-forward-auth/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ traefikForwardAuth:
# -----BEGIN
# ...
# -----END
# or caSecretName: < name of the secret >
extraConfig: ""
userCookieName: "_forward_auth_name"

Expand Down
2 changes: 1 addition & 1 deletion staging/traefik/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v1
name: traefik
version: 1.72.11
version: 1.72.12
appVersion: 1.7.12
description: A Traefik based Kubernetes ingress controller with Let's Encrypt support
keywords:
Expand Down
2 changes: 1 addition & 1 deletion staging/traefik/templates/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ data:
{{- if .Values.ssl.sniStrict }}
sniStrict = true
{{- end }}
{{- if .Values.ssl.customCert }}
{{- if .Values.ssl.caSecretName }}
[[entryPoints.https.tls.certificates]]
certFile = "/custom-ssl/tls.crt"
keyFile = "/custom-ssl/tls.key"
Expand Down
11 changes: 8 additions & 3 deletions staging/traefik/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ spec:
- mountPath: /ssl
name: ssl
{{- end }}
{{- if .Values.ssl.customCert }}
{{- if .Values.ssl.caSecretName }}
- mountPath: /custom-ssl
name: custom-ssl
{{- end }}
Expand Down Expand Up @@ -188,10 +188,15 @@ spec:
secret:
secretName: {{ template "traefik.fullname" . }}-certificate
{{- end }}
{{- if .Values.ssl.customCert }}
{{- if .Values.ssl.caSecretName }}
- name: custom-ssl
secret:
secretName: {{ template "traefik.fullname" . }}-custom-certificate
secretName: {{ .Values.ssl.caSecretName }}
items:
- key: tls.crt
path: tls.crt
- key: tls.key
path: tls.key
{{- end }}
{{- if .Values.acme.enabled }}
- name: acme
Expand Down
2 changes: 1 addition & 1 deletion staging/traefik/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ ssl:
# tlsMinVersion: VersionTLS12
# https://docs.traefik.io/configuration/entrypoints/#strict-sni-checking
# sniStrict: false
customCert: false
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what about doing something like https://github.com/mesosphere/charts/pull/369/files#diff-84491f379c2eed7f94384116a9e49e45R74 with a boolean and a secret name ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, didn't understand your comment. This variable was introduced by us and this patch is taking it out

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I meant, why don't you respect the same structure and have a complex object with a boolean and a secretName as done in https://github.com/mesosphere/charts/pull/369/files#diff-84491f379c2eed7f94384116a9e49e45R74

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the benefit of that structure?

caSecretName: # for custom certificate
defaultCert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVtekNDQTRPZ0F3SUJBZ0lKQUpBR1FsTW1DMGt5TUEwR0NTcUdTSWIzRFFFQkJRVUFNSUdQTVFzd0NRWUQKVlFRR0V3SlZVekVSTUE4R0ExVUVDQk1JUTI5c2IzSmhaRzh4RURBT0JnTlZCQWNUQjBKdmRXeGtaWEl4RkRBUwpCZ05WQkFvVEMwVjRZVzF3YkdWRGIzSndNUXN3Q1FZRFZRUUxFd0pKVkRFV01CUUdBMVVFQXhRTktpNWxlR0Z0CmNHeGxMbU52YlRFZ01CNEdDU3FHU0liM0RRRUpBUllSWVdSdGFXNUFaWGhoYlhCc1pTNWpiMjB3SGhjTk1UWXgKTURJME1qRXdPVFV5V2hjTk1UY3hNREkwTWpFd09UVXlXakNCanpFTE1Ba0dBMVVFQmhNQ1ZWTXhFVEFQQmdOVgpCQWdUQ0VOdmJHOXlZV1J2TVJBd0RnWURWUVFIRXdkQ2IzVnNaR1Z5TVJRd0VnWURWUVFLRXd0RmVHRnRjR3hsClEyOXljREVMTUFrR0ExVUVDeE1DU1ZReEZqQVVCZ05WQkFNVURTb3VaWGhoYlhCc1pTNWpiMjB4SURBZUJna3EKaGtpRzl3MEJDUUVXRVdGa2JXbHVRR1Y0WVcxd2JHVXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQwpBUThBTUlJQkNnS0NBUUVBdHVKOW13dzlCYXA2SDROdUhYTFB6d1NVZFppNGJyYTFkN1ZiRUJaWWZDSStZNjRDCjJ1dThwdTNhVTVzYXVNYkQ5N2pRYW95VzZHOThPUHJlV284b3lmbmRJY3RFcmxueGpxelUyVVRWN3FEVHk0bkEKNU9aZW9SZUxmZXFSeGxsSjE0VmlhNVFkZ3l3R0xoRTlqZy9jN2U0WUp6bmg5S1dZMnFjVnhEdUdEM2llaHNEbgphTnpWNFdGOWNJZm1zOHp3UHZPTk5MZnNBbXc3dUhUKzNiSzEzSUloeDI3ZmV2cXVWcENzNDFQNnBzdStWTG4yCjVIRHk0MXRoQkN3T0wrTithbGJ0ZktTcXM3TEFzM25RTjFsdHpITHZ5MGE1RGhkakpUd2tQclQrVXhwb0tCOUgKNFpZazErRUR0N09QbGh5bzM3NDFRaE4vSkNZK2RKbkFMQnNValFJREFRQUJvNEgzTUlIME1CMEdBMVVkRGdRVwpCQlJwZVc1dFhMdHh3TXJvQXM5d2RNbTUzVVVJTERDQnhBWURWUjBqQklHOE1JRzVnQlJwZVc1dFhMdHh3TXJvCkFzOXdkTW01M1VVSUxLR0JsYVNCa2pDQmp6RUxNQWtHQTFVRUJoTUNWVk14RVRBUEJnTlZCQWdUQ0VOdmJHOXkKWVdSdk1SQXdEZ1lEVlFRSEV3ZENiM1ZzWkdWeU1SUXdFZ1lEVlFRS0V3dEZlR0Z0Y0d4bFEyOXljREVMTUFrRwpBMVVFQ3hNQ1NWUXhGakFVQmdOVkJBTVVEU291WlhoaGJYQnNaUzVqYjIweElEQWVCZ2txaGtpRzl3MEJDUUVXCkVXRmtiV2x1UUdWNFlXMXdiR1V1WTI5dGdna0FrQVpDVXlZTFNUSXdEQVlEVlIwVEJBVXdBd0VCL3pBTkJna3EKaGtpRzl3MEJBUVVGQUFPQ0FRRUFjR1hNZms4TlpzQit0OUtCemwxRmw2eUlqRWtqSE8wUFZVbEVjU0QyQjRiNwpQeG5NT2pkbWdQcmF1SGI5dW5YRWFMN3p5QXFhRDZ0YlhXVTZSeENBbWdMYWpWSk5aSE93NDVOMGhyRGtXZ0I4CkV2WnRRNTZhbW13QzFxSWhBaUE2MzkwRDNDc2V4N2dMNm5KbzdrYnIxWVdVRzN6SXZveGR6OFlEclpOZVdLTEQKcFJ2V2VuMGxNYnBqSVJQNFhac25DNDVDOWdWWGRoM0xSZTErd3lRcTZoOVFQaWxveG1ENk5wRTlpbVRPbjJBNQovYkozVktJekFNdWRlVTZrcHlZbEpCemRHMXVhSFRqUU9Xb3NHaXdlQ0tWVVhGNlV0aXNWZGRyeFF0aDZFTnlXCnZJRnFhWng4NCtEbFNDYzkzeWZrL0dsQnQrU0tHNDZ6RUhNQjlocVBiQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
defaultKey: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdHVKOW13dzlCYXA2SDROdUhYTFB6d1NVZFppNGJyYTFkN1ZiRUJaWWZDSStZNjRDCjJ1dThwdTNhVTVzYXVNYkQ5N2pRYW95VzZHOThPUHJlV284b3lmbmRJY3RFcmxueGpxelUyVVRWN3FEVHk0bkEKNU9aZW9SZUxmZXFSeGxsSjE0VmlhNVFkZ3l3R0xoRTlqZy9jN2U0WUp6bmg5S1dZMnFjVnhEdUdEM2llaHNEbgphTnpWNFdGOWNJZm1zOHp3UHZPTk5MZnNBbXc3dUhUKzNiSzEzSUloeDI3ZmV2cXVWcENzNDFQNnBzdStWTG4yCjVIRHk0MXRoQkN3T0wrTithbGJ0ZktTcXM3TEFzM25RTjFsdHpITHZ5MGE1RGhkakpUd2tQclQrVXhwb0tCOUgKNFpZazErRUR0N09QbGh5bzM3NDFRaE4vSkNZK2RKbkFMQnNValFJREFRQUJBb0lCQUhrTHhka0dxNmtCWWQxVAp6MkU4YWFENnhneGpyY2JSdGFCcTc3L2hHbVhuQUdaWGVWcE81MG1SYW8wbHZ2VUgwaE0zUnZNTzVKOHBrdzNmCnRhWTQxT1dDTk1PMlYxb1MvQmZUK3Zsblh6V1hTemVQa0pXd2lIZVZMdVdEaVVMQVBHaWl4emF2RFMyUnlQRmEKeGVRdVNhdE5pTDBGeWJGMG5Zd3pST3ZoL2VSa2NKVnJRZlZudU1melFkOGgyMzZlb1UxU3B6UnhSNklubCs5UApNc1R2Wm5OQmY5d0FWcFo5c1NMMnB1V1g3SGNSMlVnem5oMDNZWUZJdGtDZndtbitEbEdva09YWHBVM282aWY5ClRIenBleHdubVJWSmFnRG85bTlQd2t4QXowOW80cXExdHJoU1g1U2p1K0xyNFJvOHg5bytXdUF1VnVwb0lHd0wKMWVseERFRUNnWUVBNzVaWGp1enNJR09PMkY5TStyYVFQcXMrRHZ2REpzQ3gyZnRudk1WWVJKcVliaGt6YnpsVQowSHBCVnk3NmE3WmF6Umxhd3RGZ3ljMlpyQThpM0F3K3J6d1pQclNJeWNieC9nUVduRzZlbFF1Y0FFVWdXODRNCkdSbXhKUGlmOGRQNUxsZXdRalFjUFJwZVoxMzlYODJreGRSSEdma1pscHlXQnFLajBTWExRSEVDZ1lFQXcybkEKbUVXdWQzZFJvam5zbnFOYjBlYXdFUFQrbzBjZ2RyaENQOTZQK1pEekNhcURUblZKV21PeWVxRlk1eVdSSEZOLwpzbEhXU2lTRUFjRXRYZys5aGlMc0RXdHVPdzhUZzYyN2VrOEh1UUtMb2tWWEFUWG1NZG9xOWRyQW9INU5hV2lECmRSY3dEU2EvamhIN3RZV1hKZDA4VkpUNlJJdU8vMVZpbDBtbEk5MENnWUVBb2lsNkhnMFNUV0hWWDNJeG9raEwKSFgrK1ExbjRYcFJ5VEg0eldydWY0TjlhYUxxNTY0QThmZGNodnFiWGJHeEN6U3RxR1E2cW1peUU1TVpoNjlxRgoyd21zZEpxeE14RnEzV2xhL0lxSzM0cTZEaHk3cUNld1hKVGRKNDc0Z3kvY0twZkRmeXZTS1RGZDBFejNvQTZLCmhqUUY0L2lNYnpxUStQREFQR0YrVHFFQ2dZQmQ1YnZncjJMMURzV1FJU3M4MHh3MDBSZDdIbTRaQVAxdGJuNk8KK0IvUWVNRC92UXBaTWV4c1hZbU9lV2Noc3FCMnJ2eW1MOEs3WDY1NnRWdGFYay9nVzNsM3ZVNTdYSFF4Q3RNUwpJMVYvcGVSNHRiN24yd0ZncFFlTm1XNkQ4QXk4Z0xiaUZhRkdRSDg5QWhFa0dTd1d5cWJKc2NoTUZZOUJ5OEtUCkZaVWZsUUtCZ0V3VzJkVUpOZEJMeXNycDhOTE1VbGt1ZnJxbllpUTNTQUhoNFZzWkg1TXU0MW55Yi95NUUyMW4KMk55d3ltWGRlb3VJcFZjcUlVTXl0L3FKRmhIcFJNeVEyWktPR0QyWG5YaENNVlRlL0FQNDJod294Nm02QkZpQgpvemZFa2wwak5uZmREcjZrL1p2MlQ1TnFzaWxaRXJBQlZGOTBKazdtUFBIa0Q2R1ZMUUJ4Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
# Basic auth to protect all the routes. Can use htpasswd to generate passwords
Expand Down