From 5e3ce8e189d40ae0c164ccbdd2e0b63b3b7e20be Mon Sep 17 00:00:00 2001 From: jsarasin Date: Fri, 4 Nov 2022 11:51:55 +0100 Subject: [PATCH 1/7] feat(dependency-track): enable to include internal certificate authorities Signed-off-by: jsarasin --- charts/dependency-track/Chart.yaml | 2 +- charts/dependency-track/README.md | 2 +- .../ci/withinternalcertificat-values.yaml | 41 ++++++++++++++++++ .../dependency-track/templates/_helpers.tpl | 4 ++ .../templates/backend/cert-configmap.yaml | 10 +++++ .../templates/backend/deployment.yaml | 43 +++++++++++++++++++ charts/dependency-track/values.yaml | 2 + 7 files changed, 102 insertions(+), 2 deletions(-) create mode 100644 charts/dependency-track/ci/withinternalcertificat-values.yaml create mode 100644 charts/dependency-track/templates/backend/cert-configmap.yaml diff --git a/charts/dependency-track/Chart.yaml b/charts/dependency-track/Chart.yaml index ad3cbf5..056b3ee 100644 --- a/charts/dependency-track/Chart.yaml +++ b/charts/dependency-track/Chart.yaml @@ -4,7 +4,7 @@ description: | Dependency-Track is an intelligent Software Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill-of-Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve. name: dependency-track home: https://dependencytrack.org/ -version: 1.5.3 +version: 1.5.4 icon: https://raw.githubusercontent.com/DependencyTrack/branding/master/dt-logo-black-text.svg keywords: - security diff --git a/charts/dependency-track/README.md b/charts/dependency-track/README.md index 03f6b01..eb15b40 100644 --- a/charts/dependency-track/README.md +++ b/charts/dependency-track/README.md @@ -29,7 +29,7 @@ Dependency-Track is an intelligent Software Supply Chain Component Analysis plat | Key | Type | Default | Description | |-----|------|---------|-------------| -| apiserver | object | `{"affinity":{},"emptyDir":{"sizeLimit":"8Gi"},"enabled":true,"env":[],"fullnameOverride":"","image":{"pullPolicy":"IfNotPresent","repository":"dependencytrack/apiserver","tag":"4.6.2"},"initContainers":[],"livenessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"path":"/api/version","periodSeconds":10,"successThreshold":1,"timeoutSeconds":2},"nameOverride":"","nodeSelector":{},"persistentVolume":{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"size":"8Gi","storageClass":""},"podSecurityContext":{"fsGroup":1000},"readinessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"path":"/","periodSeconds":10,"successThreshold":1,"timeoutSeconds":2},"replicaCount":1,"resources":{"limits":{"cpu":4,"memory":"16Gi"},"requests":{"cpu":2,"memory":"4608Mi"}},"securityContext":{"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"service":{"annotations":{},"port":80,"type":"ClusterIP"},"serviceAccount":{"annotations":{},"create":true,"name":"apiserver-serviceaccount"},"tolerations":[]}` | config of the apiserver | +| apiserver | object | `{"affinity":{},"emptyDir":{"sizeLimit":"8Gi"},"enabled":true,"env":[],"fullnameOverride":"","image":{"pullPolicy":"IfNotPresent","repository":"dependencytrack/apiserver","tag":"4.6.2"},"initContainers":[],"internalCertificate":{"enabled":false},"livenessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"path":"/api/version","periodSeconds":10,"successThreshold":1,"timeoutSeconds":2},"nameOverride":"","nodeSelector":{},"persistentVolume":{"accessModes":["ReadWriteOnce"],"annotations":{},"enabled":true,"size":"8Gi","storageClass":""},"podSecurityContext":{"fsGroup":1000},"readinessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"path":"/","periodSeconds":10,"successThreshold":1,"timeoutSeconds":2},"replicaCount":1,"resources":{"limits":{"cpu":4,"memory":"16Gi"},"requests":{"cpu":2,"memory":"4608Mi"}},"securityContext":{"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000},"service":{"annotations":{},"port":80,"type":"ClusterIP"},"serviceAccount":{"annotations":{},"create":true,"name":"apiserver-serviceaccount"},"tolerations":[]}` | config of the apiserver | | frontend | object | `{"affinity":{},"emptyDir":{"sizeLimit":"8Gi"},"enabled":true,"env":[{"name":"API_BASE_URL","value":""}],"fullnameOverride":"","image":{"pullPolicy":"IfNotPresent","repository":"dependencytrack/frontend","tag":"4.6.1"},"initContainers":[],"livenessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"path":"/","periodSeconds":10,"successThreshold":1,"timeoutSeconds":2},"nameOverride":"","nodeSelector":{},"readinessProbe":{"enabled":true,"failureThreshold":3,"initialDelaySeconds":60,"path":"/","periodSeconds":10,"successThreshold":1,"timeoutSeconds":2},"replicaCount":2,"resources":{"limits":{"cpu":1,"memory":"512Mi"},"requests":{"cpu":"100m","memory":"128Mi"}},"securityContext":{"allowPrivilegeEscalation":false,"runAsUser":101},"service":{"annotations":{},"port":80,"type":"ClusterIP"},"serviceAccount":{"annotations":{},"create":true,"name":"frontend-serviceaccount"},"tolerations":[]}` | config of the frontend | | frontend.env | list | `[{"name":"API_BASE_URL","value":""}]` | See https://docs.dependencytrack.org/getting-started/configuration/ for frontend ENV variables. | | global | object | `{"imageRegistry":"docker.io"}` | global configuration | diff --git a/charts/dependency-track/ci/withinternalcertificat-values.yaml b/charts/dependency-track/ci/withinternalcertificat-values.yaml new file mode 100644 index 0000000..3dbd1e5 --- /dev/null +++ b/charts/dependency-track/ci/withinternalcertificat-values.yaml @@ -0,0 +1,41 @@ +postgresql: + enabled: false +apiserver: + internalCertificate: + enabled: true + keytool: + image: + repository: eclipse-temurin + tag: 11-jre + data: + alias: acme-inc + filename: acme-inc.crt + content: | + -----BEGIN CERTIFICATE----- + MIIEczCCA1ugAwIBAgIBADANBgkqhkiG9w0BAQQFAD..AkGA1UEBhMCR0Ix + EzARBgNVBAgTClNvbWUtU3RhdGUxFDASBgNVBAoTC0..0EgTHRkMTcwNQYD + VQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcn..XRpb24gQXV0aG9y + aXR5MRQwEgYDVQQDEwtCZXN0IENBIEx0ZDAeFw0wMD..TUwMTZaFw0wMTAy + MDQxOTUwMTZaMIGHMQswCQYDVQQGEwJHQjETMBEGA1..29tZS1TdGF0ZTEU + MBIGA1UEChMLQmVzdCBDQSBMdGQxNzA1BgNVBAsTLk..DEgUHVibGljIFBy + aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFD..AMTC0Jlc3QgQ0Eg + THRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCg..Tz2mr7SZiAMfQyu + vBjM9OiJjRazXBZ1BjP5CE/Wm/Rr500PRK+Lh9x5eJ../ANBE0sTK0ZsDGM + ak2m1g7oruI3dY3VHqIxFTz0Ta1d+NAjwnLe4nOb7/..k05ShhBrJGBKKxb + 8n104o/5p8HAsZPdzbFMIyNjJzBM2o5y5A13wiLitE..fyYkQzaxCw0Awzl + kVHiIyCuaF4wj571pSzkv6sv+4IDMbT/XpCo8L6wTa..sh+etLD6FtTjYbb + rvZ8RQM1tlKdoMHg2qxraAV++HNBYmNWs0duEdjUbJ..XI9TtnS4o1Ckj7P + OfljiQIDAQABo4HnMIHkMB0GA1UdDgQWBBQ8urMCRL..5AkIp9NJHJw5TCB + tAYDVR0jBIGsMIGpgBQ8urMCRLYYMHUKU5AkIp9NJH..aSBijCBhzELMAkG + A1UEBhMCR0IxEzARBgNVBAgTClNvbWUtU3RhdGUxFD..AoTC0Jlc3QgQ0Eg + THRkMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcm..ENlcnRpZmljYXRp + b24gQXV0aG9yaXR5MRQwEgYDVQQDEwtCZXN0IENBIE..DAMBgNVHRMEBTAD + AQH/MA0GCSqGSIb3DQEBBAUAA4IBAQC1uYBcsSncwA..DCsQer772C2ucpX + xQUE/C0pWWm6gDkwd5D0DSMDJRqV/weoZ4wC6B73f5..bLhGYHaXJeSD6Kr + XcoOwLdSaGmJYslLKZB3ZIDEp0wYTGhgteb6JFiTtn..sf2xdrYfPCiIB7g + BMAV7Gzdc4VspS6ljrAhbiiawdBiQlQmsBeFz9JkF4..b3l8BoGN+qMa56Y + It8una2gY4l2O//on88r5IWJlm1L0oA8e4fR2yrBHX..adsGeFKkyNrwGi/ + 7vQMfXdGsRrXNGRGnX+vWDZ3/zWI0joDtCkNnqEpVn..HoX + -----END CERTIFICATE----- +frontend: + replicaCount: 2 diff --git a/charts/dependency-track/templates/_helpers.tpl b/charts/dependency-track/templates/_helpers.tpl index e349ca7..a3aef4d 100644 --- a/charts/dependency-track/templates/_helpers.tpl +++ b/charts/dependency-track/templates/_helpers.tpl @@ -4,6 +4,10 @@ {{- include "common.images.image" ( dict "imageRoot" .Values.apiserver.image "global" .Values.global ) -}} {{- end -}} +{{- define "apiserver.internalCertificate.keytool.image" -}} +{{- include "common.images.image" ( dict "imageRoot" .Values.apiserver.internalCertificate.keytool.image "global" .Values.global ) -}} +{{- end -}} + {{- define "frontend.image" -}} {{- include "common.images.image" ( dict "imageRoot" .Values.frontend.image "global" .Values.global ) -}} {{- end -}} diff --git a/charts/dependency-track/templates/backend/cert-configmap.yaml b/charts/dependency-track/templates/backend/cert-configmap.yaml new file mode 100644 index 0000000..fb33914 --- /dev/null +++ b/charts/dependency-track/templates/backend/cert-configmap.yaml @@ -0,0 +1,10 @@ +{{- if .Values.apiserver.internalCertificate.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: cert-{{ include "common.names.fullname" . }}-apiserver + labels: {{- include "backend.labels.standard" . | nindent 4 }} +data: + {{ .Values.apiserver.internalCertificate.data.filename }}: | +{{ .Values.apiserver.internalCertificate.data.content | indent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/dependency-track/templates/backend/deployment.yaml b/charts/dependency-track/templates/backend/deployment.yaml index 0e67354..74673c8 100644 --- a/charts/dependency-track/templates/backend/deployment.yaml +++ b/charts/dependency-track/templates/backend/deployment.yaml @@ -25,6 +25,37 @@ spec: {{- with .Values.apiserver.initContainers }} initContainers: {{- toYaml . | nindent 6 }} {{- end }} + {{- if .Values.apiserver.internalCertificate.enabled }} + {{- if not .Values.apiserver.initContainers }} + initContainers: + {{- end }} + - name: init-cacerts + image: {{ include "apiserver.image" . }} + command: + - bash + - -c + - | + cp -R /opt/java/openjdk/lib/security/* /security/ + volumeMounts: + - mountPath: /security + name: security + - name: amend-cacerts + image: {{ include "apiserver.internalCertificate.keytool.image" . }} + command: + - bash + - -c + - | + while [ ! –e /security/cacerts ] + do + sleep 1 + done + keytool -keystore /security/cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias {{ .Values.apiserver.internalCertificate.data.alias }} -file /work/{{ .Values.apiserver.internalCertificate.data.filename }} + volumeMounts: + - mountPath: /security + name: security + - mountPath: /work + name: work + {{- end }} containers: - name: {{ .Chart.Name }}-apiserver securityContext: {{- toYaml .Values.apiserver.securityContext | nindent 12 }} @@ -59,6 +90,10 @@ spec: mountPath: /data - name: tmp mountPath: /tmp + {{- if .Values.apiserver.internalCertificate.enabled }} + - name: security + mountPath: /opt/java/openjdk/lib/security + {{- end }} ports: - name: api containerPort: 8080 @@ -100,6 +135,14 @@ spec: volumes: - name: tmp emptyDir: {} + {{- if .Values.apiserver.internalCertificate.enabled }} + - name: security + emptyDir: {} + - configMap: + name: cert-{{ include "common.names.fullname" . }}-apiserver + defaultMode: 420 + name: cert-{{ include "common.names.fullname" . }}-apiserver-volume + {{- end }} - name: data {{- if .Values.apiserver.persistentVolume.enabled }} persistentVolumeClaim: diff --git a/charts/dependency-track/values.yaml b/charts/dependency-track/values.yaml index eecfae7..d324f59 100644 --- a/charts/dependency-track/values.yaml +++ b/charts/dependency-track/values.yaml @@ -130,6 +130,8 @@ apiserver: nameOverride: "" fullnameOverride: "" initContainers: [] + internalCertificate: + enabled: false serviceAccount: # Specifies whether a service account should be created create: true From 7a2df9b3c464013d3cac0b84548f1347a1c08bb8 Mon Sep 17 00:00:00 2001 From: jsarasin Date: Fri, 4 Nov 2022 12:54:55 +0100 Subject: [PATCH 2/7] feat(dependency-track): bump chart verison Signed-off-by: jsarasin --- charts/dependency-track/Chart.yaml | 2 +- charts/dependency-track/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/dependency-track/Chart.yaml b/charts/dependency-track/Chart.yaml index 056b3ee..93aeb5e 100644 --- a/charts/dependency-track/Chart.yaml +++ b/charts/dependency-track/Chart.yaml @@ -4,7 +4,7 @@ description: | Dependency-Track is an intelligent Software Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill-of-Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve. name: dependency-track home: https://dependencytrack.org/ -version: 1.5.4 +version: 1.5.5 icon: https://raw.githubusercontent.com/DependencyTrack/branding/master/dt-logo-black-text.svg keywords: - security diff --git a/charts/dependency-track/README.md b/charts/dependency-track/README.md index eb15b40..a6a6f25 100644 --- a/charts/dependency-track/README.md +++ b/charts/dependency-track/README.md @@ -1,6 +1,6 @@ # dependency-track -![Version: 1.5.2](https://img.shields.io/badge/Version-1.5.2-informational?style=flat-square) ![AppVersion: 4.6.2](https://img.shields.io/badge/AppVersion-4.6.2-informational?style=flat-square) +![Version: 1.5.5](https://img.shields.io/badge/Version-1.5.5-informational?style=flat-square) ![AppVersion: 4.6.2](https://img.shields.io/badge/AppVersion-4.6.2-informational?style=flat-square) Dependency-Track is an intelligent Software Supply Chain Component Analysis platform that allows organizations to identify and reduce risk from the use of third-party and open source components. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill-of-Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve. From fa771a59f03d37f40e2ba53dfd0f788c1c1a7017 Mon Sep 17 00:00:00 2001 From: jsarasin Date: Wed, 9 Nov 2022 14:05:56 +0100 Subject: [PATCH 3/7] feat(dependency-track): fix configmap mounting in init-container Signed-off-by: jsarasin --- charts/dependency-track/templates/backend/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/dependency-track/templates/backend/deployment.yaml b/charts/dependency-track/templates/backend/deployment.yaml index f4f0386..54d8d33 100644 --- a/charts/dependency-track/templates/backend/deployment.yaml +++ b/charts/dependency-track/templates/backend/deployment.yaml @@ -57,7 +57,7 @@ spec: - mountPath: /security name: security - mountPath: /work - name: work + name: cert-{{ include "common.names.fullname" . }}-apiserver-volume {{- end }} containers: - name: {{ .Chart.Name }}-apiserver From fd6925c8062d4acc1fb85c960e6dbe040db02008 Mon Sep 17 00:00:00 2001 From: jsarasin Date: Wed, 9 Nov 2022 14:11:08 +0100 Subject: [PATCH 4/7] feat(dependency-track): apply security context for init-container Signed-off-by: jsarasin --- charts/dependency-track/templates/backend/deployment.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/dependency-track/templates/backend/deployment.yaml b/charts/dependency-track/templates/backend/deployment.yaml index 54d8d33..3f1f613 100644 --- a/charts/dependency-track/templates/backend/deployment.yaml +++ b/charts/dependency-track/templates/backend/deployment.yaml @@ -34,6 +34,7 @@ spec: {{- end }} - name: init-cacerts image: {{ include "apiserver.image" . }} + securityContext: {{- toYaml .Values.apiserver.securityContext | nindent 12 }} command: - bash - -c @@ -44,6 +45,7 @@ spec: name: security - name: amend-cacerts image: {{ include "apiserver.internalCertificate.keytool.image" . }} + securityContext: {{- toYaml .Values.apiserver.securityContext | nindent 12 }} command: - bash - -c From cdfc8f87b112b91f17226cc69542a5df307a71b9 Mon Sep 17 00:00:00 2001 From: jsarasin Date: Wed, 9 Nov 2022 15:56:52 +0100 Subject: [PATCH 5/7] feat(dependency-track): define resources limits to run tests on CI Signed-off-by: jsarasin --- .../dependency-track/ci/withinternalcertificat-values.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/charts/dependency-track/ci/withinternalcertificat-values.yaml b/charts/dependency-track/ci/withinternalcertificat-values.yaml index 3dbd1e5..ba74570 100644 --- a/charts/dependency-track/ci/withinternalcertificat-values.yaml +++ b/charts/dependency-track/ci/withinternalcertificat-values.yaml @@ -1,6 +1,13 @@ postgresql: enabled: false apiserver: + resources: + requests: + cpu: 1600m + memory: 5Gi + limits: + cpu: 2 + memory: 5Gi internalCertificate: enabled: true keytool: From d5969d3aa6d08fc256fdbac4d8b71eeccebea213 Mon Sep 17 00:00:00 2001 From: jsarasin Date: Tue, 15 Nov 2022 13:42:02 +0100 Subject: [PATCH 6/7] feat(dependency-track): set Front replicas at 1 for CI tests Signed-off-by: jsarasin --- charts/dependency-track/ci/withinternalcertificat-values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/dependency-track/ci/withinternalcertificat-values.yaml b/charts/dependency-track/ci/withinternalcertificat-values.yaml index ba74570..e757bc7 100644 --- a/charts/dependency-track/ci/withinternalcertificat-values.yaml +++ b/charts/dependency-track/ci/withinternalcertificat-values.yaml @@ -45,4 +45,4 @@ apiserver: 7vQMfXdGsRrXNGRGnX+vWDZ3/zWI0joDtCkNnqEpVn..HoX -----END CERTIFICATE----- frontend: - replicaCount: 2 + replicaCount: 1 From f55a344593ef56f16dba4e8045f77f202033a52c Mon Sep 17 00:00:00 2001 From: jsarasin Date: Tue, 15 Nov 2022 15:17:40 +0100 Subject: [PATCH 7/7] feat(dependency-track): replace cert by a valid X.509 certificate Signed-off-by: jsarasin --- .../ci/withinternalcertificat-values.yaml | 37 +++++++------------ 1 file changed, 13 insertions(+), 24 deletions(-) diff --git a/charts/dependency-track/ci/withinternalcertificat-values.yaml b/charts/dependency-track/ci/withinternalcertificat-values.yaml index e757bc7..8a03ec9 100644 --- a/charts/dependency-track/ci/withinternalcertificat-values.yaml +++ b/charts/dependency-track/ci/withinternalcertificat-values.yaml @@ -19,30 +19,19 @@ apiserver: filename: acme-inc.crt content: | -----BEGIN CERTIFICATE----- - MIIEczCCA1ugAwIBAgIBADANBgkqhkiG9w0BAQQFAD..AkGA1UEBhMCR0Ix - EzARBgNVBAgTClNvbWUtU3RhdGUxFDASBgNVBAoTC0..0EgTHRkMTcwNQYD - VQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcn..XRpb24gQXV0aG9y - aXR5MRQwEgYDVQQDEwtCZXN0IENBIEx0ZDAeFw0wMD..TUwMTZaFw0wMTAy - MDQxOTUwMTZaMIGHMQswCQYDVQQGEwJHQjETMBEGA1..29tZS1TdGF0ZTEU - MBIGA1UEChMLQmVzdCBDQSBMdGQxNzA1BgNVBAsTLk..DEgUHVibGljIFBy - aW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFD..AMTC0Jlc3QgQ0Eg - THRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCg..Tz2mr7SZiAMfQyu - vBjM9OiJjRazXBZ1BjP5CE/Wm/Rr500PRK+Lh9x5eJ../ANBE0sTK0ZsDGM - ak2m1g7oruI3dY3VHqIxFTz0Ta1d+NAjwnLe4nOb7/..k05ShhBrJGBKKxb - 8n104o/5p8HAsZPdzbFMIyNjJzBM2o5y5A13wiLitE..fyYkQzaxCw0Awzl - kVHiIyCuaF4wj571pSzkv6sv+4IDMbT/XpCo8L6wTa..sh+etLD6FtTjYbb - rvZ8RQM1tlKdoMHg2qxraAV++HNBYmNWs0duEdjUbJ..XI9TtnS4o1Ckj7P - OfljiQIDAQABo4HnMIHkMB0GA1UdDgQWBBQ8urMCRL..5AkIp9NJHJw5TCB - tAYDVR0jBIGsMIGpgBQ8urMCRLYYMHUKU5AkIp9NJH..aSBijCBhzELMAkG - A1UEBhMCR0IxEzARBgNVBAgTClNvbWUtU3RhdGUxFD..AoTC0Jlc3QgQ0Eg - THRkMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcm..ENlcnRpZmljYXRp - b24gQXV0aG9yaXR5MRQwEgYDVQQDEwtCZXN0IENBIE..DAMBgNVHRMEBTAD - AQH/MA0GCSqGSIb3DQEBBAUAA4IBAQC1uYBcsSncwA..DCsQer772C2ucpX - xQUE/C0pWWm6gDkwd5D0DSMDJRqV/weoZ4wC6B73f5..bLhGYHaXJeSD6Kr - XcoOwLdSaGmJYslLKZB3ZIDEp0wYTGhgteb6JFiTtn..sf2xdrYfPCiIB7g - BMAV7Gzdc4VspS6ljrAhbiiawdBiQlQmsBeFz9JkF4..b3l8BoGN+qMa56Y - It8una2gY4l2O//on88r5IWJlm1L0oA8e4fR2yrBHX..adsGeFKkyNrwGi/ - 7vQMfXdGsRrXNGRGnX+vWDZ3/zWI0joDtCkNnqEpVn..HoX + MIICEjCCAXsCAg36MA0GCSqGSIb3DQEBBQUAMIGbMQswCQYDVQQGEwJKUDEOMAwG + A1UECBMFVG9reW8xEDAOBgNVBAcTB0NodW8ta3UxETAPBgNVBAoTCEZyYW5rNERE + MRgwFgYDVQQLEw9XZWJDZXJ0IFN1cHBvcnQxGDAWBgNVBAMTD0ZyYW5rNEREIFdl + YiBDQTEjMCEGCSqGSIb3DQEJARYUc3VwcG9ydEBmcmFuazRkZC5jb20wHhcNMTIw + ODIyMDUyNjU0WhcNMTcwODIxMDUyNjU0WjBKMQswCQYDVQQGEwJKUDEOMAwGA1UE + CAwFVG9reW8xETAPBgNVBAoMCEZyYW5rNEREMRgwFgYDVQQDDA93d3cuZXhhbXBs + ZS5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAm/xmkHmEQrurE/0re/jeFRLl + 8ZPjBop7uLHhnia7lQG/5zDtZIUC3RVpqDSwBuw/NTweGyuP+o8AG98HxqxTBwID + AQABMA0GCSqGSIb3DQEBBQUAA4GBABS2TLuBeTPmcaTaUW/LCB2NYOy8GMdzR1mx + 8iBIu2H6/E2tiY3RIevV2OW61qY2/XRQg7YPxx3ffeUugX9F4J/iPnnu1zAxxyBy + 2VguKv4SWjRFoRkIfIlHX0qVviMhSlNy2ioFLy7JcPZb+v3ftDGywUqcBiVDoea0 + Hn+GmxZA -----END CERTIFICATE----- + frontend: replicaCount: 1