mthomson/fleet-infra
1
0
Fork 0
mirror of https://github.com/michaelthomson0797/fleet-infra.git synced 2026-02-04 13:09:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

removed weave

Browse Source
This commit is contained in:
Michael Thomson
2023-11-24 12:01:19 -05:00
parent d0f29b415a
commit 5bb6661a32
7 changed files with 0 additions and 744 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
bootstrap/helmrepositories/helmrepository-weave-gitops.yaml
View File

@@ -1,9 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: weave-gitops
namespace: flux-system
spec:
interval: 15m
type: oci
url: oci://ghcr.io/weaveworks/charts

18
bootstrap/kustomizations/kustomization-weave-gitops.yaml
View File

@@ -1,18 +0,0 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: weave-gitops
namespace: flux-system
spec:
interval: 15m
path: ./weave-gitops
prune: true # remove any elements later removed from the above path
timeout: 2m # if not set, this defaults to interval duration, which is 1h
sourceRef:
kind: GitRepository
name: flux-system
healthChecks:
- apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
name: weave-gitops
namespace: weave-gitops

4
bootstrap/namespaces/namespace-weave-gitops.yaml
View File

@@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: weave-gitops

12
weave-gitops/dns-endpoint-weave-gitops.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: externaldns.k8s.io/v1alpha1
kind: DNSEndpoint
metadata:
name: weave-gitops.michaelthomson.dev
namespace: weave-gitops
spec:
endpoints:
- dnsName: weave-gitops.michaelthomson.dev
recordTTL: 180
recordType: CNAME
targets:
- server.michaelthomson.dev

457
weave-gitops/helmrelease-oauth2-proxy.yaml
View File

@@ -1,457 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: oauth2-proxy
namespace: weave-gitops
spec:
chart:
spec:
chart: oauth2-proxy
version: 6.19.x # auto-update to semver bugfixes only
sourceRef:
kind: HelmRepository
name: oauth2-proxy
namespace: flux-system
interval: 15m
timeout: 5m
releaseName: oauth2-proxy
values: # paste contents of upstream values.yaml below, indented 4 spaces
## Override the deployment namespace
##
namespaceOverride: ""
# Force the target Kubernetes version (it uses Helm `.Capabilities` if not set).
# This is especially useful for `helm template` as capabilities are always empty
# due to the fact that it doesn't query an actual cluster
kubeVersion:
# Oauth client configuration specifics
config:
# Add config annotations
annotations: {}
# OAuth client ID
clientID: "kube-apiserver"
# OAuth client secret
clientSecret: "iVdGhQUc8k4bK7rT3HAiuOjctxUW7T8bDxz4hm6aPagZkdkoCDvmnLjC5mMF6ooR0obGrezYdyt9nAjVbC0RVZsOIdSsfrSYbe0kEWGfk21FazXXApqNTIrsqBF4mSJH"
# Create a new secret with the following command
# openssl rand -base64 32 | head -c 32 | base64
# Use an existing secret for OAuth2 credentials (see secret.yaml for required fields)
# Example:
# existingSecret: secret
cookieSecret: "2W87TuxTRkTFVkwxbz3MuJxWE3EAJeab"
# The name of the cookie that oauth2-proxy will create
# If left empty, it will default to the release name
cookieName: ""
google: {}
# adminEmail: xxxx
# useApplicationDefaultCredentials: true
# targetPrincipal: xxxx
# serviceAccountJson: xxxx
# Alternatively, use an existing secret (see google-secret.yaml for required fields)
# Example:
# existingSecret: google-secret
# groups: []
# Example:
# - group1@example.com
# - group2@example.com
# Default configuration, to be overridden
configFile: |-
email_domains = [ "*" ]
upstreams = [ "http://weave-gitops:9001" ]
# Custom configuration file: oauth2_proxy.cfg
# configFile: |-
# pass_basic_auth = false
# pass_access_token = true
# Use an existing config map (see configmap.yaml for required fields)
# Example:
# existingConfig: config
alphaConfig:
enabled: false
# Add config annotations
annotations: {}
# Arbitrary configuration data to append to the server section
serverConfigData: {}
# Arbitrary configuration data to append to the metrics section
metricsConfigData: {}
# Arbitrary configuration data to append
configData: {}
# Arbitrary configuration to append
# This is treated as a Go template and rendered with the root context
configFile: ""
# Use an existing config map (see secret-alpha.yaml for required fields)
existingConfig: ~
# Use an existing secret
existingSecret: ~
image:
repository: "quay.io/oauth2-proxy/oauth2-proxy"
# appVersion is used by default
tag: ""
pullPolicy: "IfNotPresent"
# Optionally specify an array of imagePullSecrets.
# Secrets must be manually created in the namespace.
# ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
# imagePullSecrets:
# - name: myRegistryKeySecretName
# Set a custom containerPort if required.
# This will default to 4180 if this value is not set and the httpScheme set to http
# This will default to 4443 if this value is not set and the httpScheme set to https
# containerPort: 4180
extraArgs:
provider: oidc
provider-display-name: "Authentik"
skip-provider-button: "true"
pass-authorization-header: "true"
oidc-issuer-url: "https://authentik.michaelthomson.dev/application/o/kube-apiserver/"
extraEnv: []
# -- Custom labels to add into metadata
customLabels: {}
# To authorize individual email addresses
# That is part of extraArgs but since this needs special treatment we need to do a separate section
authenticatedEmailsFile:
enabled: false
# Defines how the email addresses file will be projected, via a configmap or secret
persistence: configmap
# template is the name of the configmap what contains the email user list but has been configured without this chart.
# It's a simpler way to maintain only one configmap (user list) instead changing it for each oauth2-proxy service.
# Be aware the value name in the extern config map in data needs to be named to "restricted_user_access" or to the
# provided value in restrictedUserAccessKey field.
template: ""
# The configmap/secret key under which the list of email access is stored
# Defaults to "restricted_user_access" if not filled-in, but can be overridden to allow flexibility
restrictedUserAccessKey: ""
# One email per line
# example:
# restricted_access: |-
# name1@domain
# name2@domain
# If you override the config with restricted_access it will configure a user list within this chart what takes care of the
# config map resource.
restricted_access: ""
annotations: {}
# helm.sh/resource-policy: keep
service:
type: ClusterIP
# when service.type is ClusterIP ...
# clusterIP: 192.0.2.20
# when service.type is LoadBalancer ...
# loadBalancerIP: 198.51.100.40
# loadBalancerSourceRanges: 203.0.113.0/24
# when service.type is NodePort ...
# nodePort: 80
portNumber: 80
# Protocol set on the service
appProtocol: http
annotations: {}
# foo.io/bar: "true"
## Create or use ServiceAccount
serviceAccount:
## Specifies whether a ServiceAccount should be created
enabled: true
## The name of the ServiceAccount to use.
## If not set and create is true, a name is generated using the fullname template
name:
automountServiceAccountToken: true
annotations: {}
ingress:
enabled: true
# className: nginx
path: /
# Only used if API capabilities (networking.k8s.io/v1) allow it
pathType: ImplementationSpecific
# Used to create an Ingress record.
hosts:
- weave-gitops.michaelthomson.dev
# Extra paths to prepend to every host configuration. This is useful when working with annotation based services.
# Warning! The configuration is dependant on your current k8s API version capabilities (networking.k8s.io/v1)
# extraPaths:
# - path: /*
# pathType: ImplementationSpecific
# backend:
# service:
# name: ssl-redirect
# port:
# name: use-annotation
labels: {}
# annotations:
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
tls:
- secretName: letsencrypt-wildcard-cert-michaelthomson.dev
hosts:
- weave-gitops.michaelthomson.dev
resources: {}
# limits:
# cpu: 100m
# memory: 300Mi
# requests:
# cpu: 100m
# memory: 300Mi
extraVolumes: []
# - name: ca-bundle-cert
# secret:
# secretName: <secret-name>
extraVolumeMounts: []
# - mountPath: /etc/ssl/certs/
# name: ca-bundle-cert
# Additional containers to be added to the pod.
extraContainers: []
# - name: my-sidecar
# image: nginx:latest
priorityClassName: ""
# Host aliases, useful when working "on premise" where (public) DNS resolver does not know about my hosts.
hostAlias:
enabled: false
# ip: "10.xxx.xxx.xxx"
# hostname: "auth.example.com"
# [TopologySpreadConstraints](https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/) configuration.
# Ref: https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling
# topologySpreadConstraints: []
# Affinity for pod assignment
# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
# affinity: {}
# Tolerations for pod assignment
# Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []
# Node labels for pod assignment
# Ref: https://kubernetes.io/docs/user-guide/node-selection/
nodeSelector: {}
# Whether to use secrets instead of environment values for setting up OAUTH2_PROXY variables
proxyVarsAsSecrets: true
# Configure Kubernetes liveness and readiness probes.
# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
# Disable both when deploying with Istio 1.0 mTLS. https://istio.io/help/faq/security/#k8s-health-checks
livenessProbe:
enabled: true
initialDelaySeconds: 0
timeoutSeconds: 1
readinessProbe:
enabled: true
initialDelaySeconds: 0
timeoutSeconds: 5
periodSeconds: 10
successThreshold: 1
# Configure Kubernetes security context for container
# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
securityContext:
enabled: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 2000
runAsGroup: 2000
seccompProfile:
type: RuntimeDefault
deploymentAnnotations: {}
podAnnotations: {}
podLabels: {}
replicaCount: 1
revisionHistoryLimit: 10
## PodDisruptionBudget settings
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
podDisruptionBudget:
enabled: true
minAvailable: 1
# Configure Kubernetes security context for pod
# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
podSecurityContext: {}
# whether to use http or https
httpScheme: http
initContainers:
# if the redis sub-chart is enabled, wait for it to be ready
# before starting the proxy
# creates a role binding to get, list, watch, the redis master pod
# if service account is enabled
waitForRedis:
enabled: true
image:
repository: "docker.io/bitnami/kubectl"
pullPolicy: "IfNotPresent"
# uses the kubernetes version of the cluster
# the chart is deployed on, if not set
kubectlVersion: ""
securityContext:
enabled: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 65534
runAsGroup: 65534
seccompProfile:
type: RuntimeDefault
timeout: 180
# Additionally authenticate against a htpasswd file. Entries must be created with "htpasswd -B" for bcrypt encryption.
# Alternatively supply an existing secret which contains the required information.
htpasswdFile:
enabled: false
existingSecret: ""
entries: []
# One row for each user
# example:
# entries:
# - testuser:$2y$05$gY6dgXqjuzFhwdhsiFe7seM9q9Tile4Y3E.CBpAZJffkeiLaC21Gy
# Configure the session storage type, between cookie and redis
sessionStorage:
# Can be one of the supported session storage cookie|redis
type: cookie
redis:
# Name of the Kubernetes secret containing the redis & redis sentinel password values (see also `sessionStorage.redis.passwordKey`)
existingSecret: ""
# Redis password value. Applicable for all Redis configurations. Taken from redis subchart secret if not set. `sessionStorage.redis.existingSecret` takes precedence
password: ""
# Key of the Kubernetes secret data containing the redis password value
passwordKey: "redis-password"
# Can be one of standalone|cluster|sentinel
clientType: "standalone"
standalone:
# URL of redis standalone server for redis session storage (e.g. `redis://HOST[:PORT]`). Automatically generated if not set
connectionUrl: ""
cluster:
# List of Redis cluster connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`)
connectionUrls: []
sentinel:
# Name of the Kubernetes secret containing the redis sentinel password value (see also `sessionStorage.redis.sentinel.passwordKey`). Default: `sessionStorage.redis.existingSecret`
existingSecret: ""
# Redis sentinel password. Used only for sentinel connection; any redis node passwords need to use `sessionStorage.redis.password`
password: ""
# Key of the Kubernetes secret data containing the redis sentinel password value
passwordKey: "redis-sentinel-password"
# Redis sentinel master name
masterName: ""
# List of Redis sentinel connection URLs (e.g. `["redis://127.0.0.1:8000", "redis://127.0.0.1:8000"]`)
connectionUrls: []
# Enables and configure the automatic deployment of the redis subchart
redis:
# provision an instance of the redis sub-chart
enabled: false
# Redis specific helm chart settings, please see:
# https://github.com/bitnami/charts/tree/master/bitnami/redis#parameters
# redisPort: 6379
# cluster:
# enabled: false
# slaveCount: 1
# Enables apiVersion deprecation checks
checkDeprecation: true
metrics:
# Enable Prometheus metrics endpoint
enabled: true
# Serve Prometheus metrics on this port
port: 44180
# when service.type is NodePort ...
# nodePort: 44180
# Protocol set on the service for the metrics port
service:
appProtocol: http
serviceMonitor:
# Enable Prometheus Operator ServiceMonitor
enabled: false
# Define the namespace where to deploy the ServiceMonitor resource
namespace: ""
# Prometheus Instance definition
prometheusInstance: default
# Prometheus scrape interval
interval: 60s
# Prometheus scrape timeout
scrapeTimeout: 30s
# Add custom labels to the ServiceMonitor resource
labels: {}
## scheme: HTTP scheme to use for scraping. Can be used with `tlsConfig` for example if using istio mTLS.
scheme: ""
## tlsConfig: TLS configuration to use when scraping the endpoint. For example if using istio mTLS.
## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig
tlsConfig: {}
## bearerTokenFile: Path to bearer token file.
bearerTokenFile: ""
## Used to pass annotations that are used by the Prometheus installed in your cluster to select Service Monitors to work with
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
annotations: {}
## Metric relabel configs to apply to samples before ingestion.
## [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs)
metricRelabelings: []
# - action: keep
# regex: 'kube_(daemonset|deployment|pod|namespace|node|statefulset).+'
# sourceLabels: [__name__]
## Relabel configs to apply to samples before ingestion.
## [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config)
relabelings: []
# - sourceLabels: [__meta_kubernetes_pod_node_name]
# separator: ;
# regex: ^(.*)$
# targetLabel: nodename
# replacement: $1
# action: replace
# Extra K8s manifests to deploy
extraObjects: []
# - apiVersion: secrets-store.csi.x-k8s.io/v1
# kind: SecretProviderClass
# metadata:
# name: oauth2-proxy-secrets-store
# spec:
# provider: aws
# parameters:
# objects: |
# - objectName: "oauth2-proxy"
# objectType: "secretsmanager"
# jmesPath:
# - path: "client_id"
# objectAlias: "client-id"
# - path: "client_secret"
# objectAlias: "client-secret"
# - path: "cookie_secret"
# objectAlias: "cookie-secret"
# secretObjects:
# - data:
# - key: client-id
# objectName: client-id
# - key: client-secret
# objectName: client-secret
# - key: cookie-secret
# objectName: cookie-secret
# secretName: oauth2-proxy-secrets-store
# type: Opaque

220
weave-gitops/helmrelease-weave-gitops.yaml
View File

@@ -1,220 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: weave-gitops
namespace: weave-gitops
spec:
chart:
spec:
chart: weave-gitops
version: 4.x
sourceRef:
kind: HelmRepository
name: weave-gitops
namespace: flux-system
interval: 15m
timeout: 5m
releaseName: weave-gitops
values:
# Default values for chart.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# Note: paragraphs starting with `# --` will end up in our manual -
# see https://github.com/norwoodj/helm-docs
replicaCount: 1
image:
# FIXME check the app name
repository: ghcr.io/weaveworks/wego-app
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: "v0.37.0"
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
# -- What log level to output. Valid levels are 'debug', 'info', 'warn' and 'error'
logLevel: debug
# -- Additional arguments to pass in to the gitops-server
additionalArgs:
- --insecure-no-authentication-user=kube-apiserver
# Any other environment variables:
envVars:
- name: WEAVE_GITOPS_FEATURE_TENANCY
value: "true"
- name: WEAVE_GITOPS_FEATURE_CLUSTER
value: "false"
# -- Annotations to add to the deployment
annotations: {}
# Should the 'oidc-auth' secret be created. For a detailed
# explanation of these attributes please see our documentation:
# https://docs.gitops.weave.works/docs/configuration/securing-access-to-the-dashboard/#login-via-an-oidc-provider
oidcSecret:
create: false
# clientID:
# clientSecret:
# issuerURL:
# redirectURL:
# -- If non empty, additional keys can be added to the OIDC secret
additionalKeys: {}
# additionalKeys:
# claimUsername: "email"
# claimGroups: "groups"
# customScopes: "openid,offline_access,email,groups"
serviceAccount:
# -- Specifies whether a service account should be created
create: true
# -- Annotations to add to the service account
annotations: {}
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
rbac:
# -- Specifies whether the clusterRole & binding to the service account should be created
create: true
# -- If non-empty, this limits the resources that the service
# account can impersonate. This applies to both users and groups, e.g.
# `['user1@corporation.com', 'user2@corporation.com', 'operations']`
impersonationResourceNames: []
# -- Limit the type of principal that can be impersonated
impersonationResources: ["users", "groups"]
# -- If non-empty, this limits the secrets that can be accessed by
# the service account to the specified ones, e.g. `['weave-gitops-enterprise-credentials']`
viewSecretsResourceNames: ["cluster-user-auth", "oidc-auth"]
# -- If non-empty, these additional rules will be appended to the RBAC role and the cluster role.
# for example,
# additionalRules:
# - apiGroups: ["infra.contrib.fluxcd.io"]
# resources: ["terraforms"]
# verbs: [ "get", "list", "patch" ]
additionalRules: []
adminUser:
# -- Whether the local admin user should be created.
# If you use this make sure you add it to `rbac.impersonationResourceNames`.
create: false
# -- Specifies whether the clusterRole & binding to the admin user should be created.
# Will be created only if `adminUser.create` is enabled. Without this,
# the adminUser will only be able to see resources in the target namespace.
createClusterRole: true
# -- Whether we should create the secret for the local
# adminUser. Will be created only if `adminUser.create` is
# enabled. Without this, we'll still set up the roles and
# permissions, but the secret with username and password has to be
# provided separately.
createSecret: true
# -- Set username for local admin user, this should match the value in the secret `cluster-user-auth`
# which can be created with `adminUser.createSecret`. Requires `adminUser.create`.
username: gitops-test-user
# -- (string) Set the password for local admin user. Requires `adminUser.create` and `adminUser.createSecret`
# This needs to have been hashed using bcrypt.
# You can do this via our CLI with `gitops get bcrypt-hash`.
passwordHash:
podAnnotations: {}
podLabels: {}
# aadpodidbinding: identity
podSecurityContext: {}
# fsGroup: 2000
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
runAsUser: 1000
readOnlyRootFilesystem: true
service:
create: true
type: ClusterIP
port: 9001
# nodePort:
annotations: {}
ingress:
enabled: false
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: weave-gitops.michaelthomson.dev
paths:
- path: /
pathType: ImplementationSpecific
tls:
- secretName: letsencrypt-wildcard-cert-michaelthomson.dev
hosts:
- weave-gitops.michaelthomson.dev
extraVolumes: []
extraVolumeMounts: []
# Example using extraVolumes and extraVolumeMounts to load 'oidc-auth' secret
# with a secrets store CSI driver. Specify the secretName 'oidc-auth' in the
# secretProviderClass so this will be created by the secrets store CSI driver.
# See https://secrets-store-csi-driver.sigs.k8s.io/topics/sync-as-kubernetes-secret.html
# extraVolumeMounts:
# - name: ww-gitops-oauth-volume
# mountPath: /mnt/secrets
# readOnly: true
# extraVolumes:
# - name: ww-gitops-oauth-volume
# csi:
# driver: secrets-store.csi.k8s.io
# readOnly: true
# volumeAttributes:
# secretProviderClass: ww-gitops-oauth-provider
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
networkPolicy:
# -- Specifies whether default network policies should be created.
create: true
nodeSelector: {}
tolerations: []
affinity: {}
serverTLS:
# -- Enable TLS termination in gitops itself. If you enable this,
# you need to create a secret, and specify the secretName. Another
# option is to create an ingress.
enable: false
# -- Specify the tls secret name. This type of secrets have a key called `tls.crt` and `tls.key` containing their corresponding values in base64 format.
# See
# https://kubernetes.io/docs/concepts/configuration/secret/#tls-secrets for more details and examples
secretName: "my-secret-tls"
# Example of tls secret
#
# apiVersion: v1
# kind: Secret
# metadata:
# name: my-secret-tls
# type: kubernetes.io/tls
# data:
# # the data is abbreviated in this example
# tls.crt: |
# MIIC2DCCAcCgAwIBAgIBATANBgkqh ...
# tls.key: |
# MIIEpgIBAAKCAQEA7yn3bRHQ5FHMQ ...
#
# You can also create a tls secre t from files whith this k8s command:
# kubectl create secret tls my-tls-secret \
# --cert=path/to/cert/file \
# --key=path/to/key/file
metrics:
# -- Start the metrics exporter
enabled: false
service:
# -- Port to start the metrics exporter on
port: 2112
# -- Annotations to set on the service
annotations:
prometheus.io/scrape: "true"
prometheus.io/path: "/metrics"
prometheus.io/port: "{{ .Values.metrics.service.port }}"

24
weave-gitops/sealedsecret-weave-gitops-oidc-auth.yaml
View File

@@ -1,24 +0,0 @@
{
"kind": "SealedSecret",
"apiVersion": "bitnami.com/v1alpha1",
"metadata": {
"name": "oidc-auth",
"namespace": "weave-gitops",
"creationTimestamp": null
},
"spec": {
"template": {
"metadata": {
"name": "oidc-auth",
"namespace": "weave-gitops",
"creationTimestamp": null
}
},
"encryptedData": {
"clientID": "AgABYkm/TxTCYVvC4IR4b0lMMWTbnPUAl1z0va8Bw+U/OXelPIQUGzElPpKXYXLjs3iWL/U6pok7DFVLBoUAx1JYtFOb+Mnqrb5u+phKIiGZKMQIXdZRJwmyE7+vldZDghRDMiLuE6KvJVtC6UIsTRu15oF/ZmIbDX20zXvO8vRnHnHKw1SUb9i/kbnvQuZX5dtn7VSJtVFtXni/p07MEFjtnXVVYQxRgHD6Nukxanqx99iEiivisd3gxpUUGp+/OTeikxxW/Z0+5UGZkR6TXRILgSRj29FjJMYeNUocb14g6Voj0IuzBauhcrg12NcGbuCIThQjiwO67RQref6lmAgm/uuu7ZWc5wPTkEtLM2qAwt+jeETVTRw5dMQd9zPIR8DIYkIb02RmYUaRW4rUf0bVhxcuZ8VUvzzvPQRJ0a7OT8VP3PIMKQe4s+rzbfeXRRPObf85rZIzZZfSwG9QaAT4OhbndhBrhg3hApldU+jqSUCF5n4Lelm7SZEmWhcZJHxiXEZwCtHIM23NUQl5xR7dATacBUzGWmduuLY0rDS/xbRacWJBoYS9lYaeN8QiUND5lhtB2ZFfJn9b/nGdPG36OvLmmULP+rwiRWrNy4TpLGPhVhTjIhhsPt+nnVRYERyo71bj3dRt7IfvrbvbgFWYBQIKjbm4VTrHoLDuQxLjUnbTciBbp1+eV7rWo3oSc4JQm4vWA37VoiaihRTcvg==",
"clientSecret": "AgB/xHp3BTJJQRDqmFhCnoaowvx8DwT2JoDqSPnjgIQWm0Y18OIGteWLh47CaeJO0nHiFrLiPJ25K6+VDILBg7xCF7BIs62poQS9HWRoHfZ1y80mltvlP6u4PeE1EJZCGrMvZYJZakdKAewMN5NG8KHXlaIM1wmk4YUjvBB/tic7G7JPDaglvxlSJku48Bu0nR+boJKoiDKrbv7pHKl0K4JFgBogEy9R5/MnaR3uP03Ak53bUNOj7GIpqJyF8YO4Dqzu/oIS8rglqFPuDmO1wIHwnQf+eLRh2fWk5yiWCIpkUyYKesfaJ1ujrF9zja5vSwamoKxqK4Gl9WpZ2K+I0o70ib0zxzTFZpHoG8/IMmv1z1R5Pgqb+u73xvhXzslyRU7wQYKT3MoZiEBPojgqucl0CmdLXi5/hmVDr5exxVOqElYrdIFzVWZfjopO3rV1FavJz7uBiDybzcguQ7V7vX/VCjB1XX5h+GypMlDdzZsuVb1Hx2A+O1ZQavru7nOpIPtGoj//Vewkl0jQpj6VOFA196LTJB2deufyTOMnucmbkg52UwL6KsFTRGRVR09ck4iDO21xIbEBl/CWVk6q4xRNNME5yNFvtVazzqoKAzT0aVUQ3d2EzHjR1VP8vyUCqAveBFKYvuUoIqrBILF8jJfSG1nJPUrv6j7xLgEbzQouA0NDoBJQjzl8KtlpbT0pNgXvrTUHAPucogbAEu7NQIZac4jg9MNM9M8lOw1KRREIpfbjTF+lA5/Ac5hc00Bl3liPLlbsSNwyrusW4tUQrzeHVXa9i52DDYZ2q0wObeHrzvJlExKrDjVPp/aXYdhZrVM2BFAzxPdKM2naT8cpPk/8EBTA0jVV0kHk+nXBZQqGiA==",
"issuerUrl": "AgAq1sklCG8nAhmrqVaqK7MyLq66eclgOL0gvhDLlm5+NM7kDx7uqUEZdoSQUF6+NhNFx6rfZN4v5/lcQQkR+OB2ZffyPcNecRFHBb8SWdycNO1FF169ok0CoIe3UFJFMhR0nZkoR5nVI4f2TCCFhlZklReB8ou7EwkFDJviYxo1gqODchGDtXyOJqoL493ooq+WsZfHM1+TfCWv5mMTyNQ/uHiiqI1MftKJCN1Vdyzj6lPYQOb/D+QKU5xH+2OmVCRZfSlVl1Nc5VBoM1YW+SftW3ZOSyakQJSj6kImuZd9LF/+mm6g/KosgCU6XkPM1au53N10RlqT2I1Pzwp4/xCKMc1vIJMN/La84zqRcTuc77QyxwVU/SA+BUrNP9nfsxjcPcfZTjniG18ynYsJ9OrfFoAuQZ4QKxlX5nsulN2Ram+1yKSnpDjE6prYscCwouk8fwVJ+poy2R6tNNGsFxN7xxjXGuykmfoUU0D9du7Gxk9DPKP2MdS53a+GrljQOKrqZ1pqa1bHAmlL6vOx2FQLdA1nlXQTJoaIj0groh38+SNWGn/eOluiGLAJzLrvjNqWk47VKRgtiarpVdo9FNbf0Npn0IdecnOOANBsZdKov28Zh27/lvADIlXL2SI8MGqHXj7Qan1VKlgPkjj4dww+HX3VVAIT0t04lvxGL3m/c1Xdz2WlulAtIjnwadwHuRfT/nnmVJhrbfgo1Zvfeu4oHH5Lsjmp3TK5iFc6GybEZcwpi2akhLfxFMJ/2VpyLhLdYxeM1kaWxJ6lz/Y9wWsTYbI=",
"redirectURL": "AgAmFOssOnd5V5+JMogdLuUepVAD7wb7DjvGAB22t2L6ubyqvbxBptho07wKwDT0tkXuzFTwVCSvz3CCIwNismrtgx8RKnsDGPvLcB1+8sB3bscgmTPsObg9KhOnUvViXbj2HUjDS8l74E+1LNIxRpRAEt2b3T1DtEWnheR1n5Oo2GMa6DFPLBJ4D4VGN0Cq9ZKv7IeLxAGCs/bMOsSIJ0hBkkUIgCaEW4IAh2u3c5yqhIzMVeMsKqLIKx+wg6qeYlm9NX3y6+Aq4Us6pw87PGLRwz1+xaCBFrT7iqaFKmBxbB2icH1F3kynqdXrAv6MiHj7k8CYUIFTSSrKI+4wFd6vLhy8PdRGe6F7pd0JoeIlQq0Mul3l7OT3SsPOXleCQe/zfJTMK1mry7Fci1M59dE27F8tMA5Bew8xzo/GGiBhE0Pw9TERumpo4j8X1MGaG/2Dz6CEggmLHOh6F5i++JnyySRNBWT+A+rj5ljZ/eZ/ixwUj+7c4W2Al8pqVu40Ta9SrOxKYLhpxKrrxiPknvzcpdQYmj2SHDAUBLAJbZGKKEaShHKR/Osl2cZ6JMojHIXT9UoEjS9yqyOaek97WtqXZfNjFtXfkEYxKVHDkWh9zeIIRWukDMjY2UkpOc6syf83WPT5w8mG8uhJP7FEPkuONNdz3rKPCVd/7OBxHPEavQAQ7cF63lmvwOlAtEHRyAkBhDrGCDacnQ9PAmLdK5RbEo3oPgUsUUOBvDMQbJIhOlYZ4ypVMhIVrqy6sCthCw=="
}
}
}