clank/kubernetes-state
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

Removed everything

Browse Source
This commit is contained in:
Kasper Juul Hermansen 2022-06-04 00:57:54 +02:00
parent 32ca369e16
commit 87a9790081
Signed by: kjuulh
GPG Key ID: 0F95C140730F2F23
34 changed files with 0 additions and 6240 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
clank/apps/prod/darklight/client.yaml
View File

@ -1,52 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: darklight
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: darklight-client-deployment
namespace: darklight
labels:
app: darklight-client
spec:
replicas: 3
selector:
matchLabels:
app: darklight-client
template:
metadata:
labels:
app: darklight-client
spec:
containers:
- name: darklight-client
image: kasperhermansen/darklight-client
ports:
- containerPort: 3000
livenessProbe:
httpGet:
path: /
port: 3000
initialDelaySeconds: 5
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /
port: 3000
initialDelaySeconds: 5
timeoutSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
name: darklight-client
namespace: darklight
spec:
ports:
- port: 80
name: http
targetPort: 3000
selector:
app: darklight-client

26
clank/apps/prod/darklight/ingress.yaml
View File

@ -1,26 +0,0 @@
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: darklight
namespace: darklight
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`darklight.kjuulh.app`)
kind: Rule
services:
- name: darklight-client
kind: Service
namespace: darklight
port: 80
- match: Host(`darklight-api.kjuulh.app`)
kind: Rule
services:
- name: darklight-server
kind: Service
namespace: darklight
port: 80
tls:
secretName: clank-cert

6
clank/apps/prod/darklight/kustomization.yaml
View File

@ -1,6 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- client.yaml
- server.yaml
- ingress.yaml

47
clank/apps/prod/darklight/server.yaml
View File

@ -1,47 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: darklight-server-deployment
namespace: darklight
labels:
app: darklight-server
spec:
replicas: 3
selector:
matchLabels:
app: darklight-server
template:
metadata:
labels:
app: darklight-server
spec:
containers:
- name: darklight-server
image: kasperhermansen/darklight-server:latest
ports:
- containerPort: 8000
livenessProbe:
httpGet:
path: /download/healthz
port: 8000
initialDelaySeconds: 5
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /download/healthz
port: 8000
initialDelaySeconds: 5
timeoutSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
name: darklight-server
namespace: darklight
spec:
ports:
- port: 80
name: http
targetPort: 8000
selector:
app: darklight-server

52
clank/apps/prod/wishlist/app.yaml
View File

@ -1,52 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: wishlist
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: wishlist-deployment
namespace: wishlist
labels:
app: wishlist
spec:
replicas: 3
selector:
matchLabels:
app: wishlist
template:
metadata:
labels:
app: wishlist
spec:
containers:
- name: wishlist
image: kasperhermansen/wishlist-2022
ports:
- containerPort: 80
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 5
timeoutSeconds: 5
---
apiVersion: v1
kind: Service
metadata:
name: wishlist
namespace: wishlist
spec:
ports:
- port: 80
name: http
targetPort: 80
selector:
app: wishlist

15
clank/apps/test/podinfo-kustomization.yaml
View File

@ -1,15 +0,0 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: podinfo
namespace: flux-system
spec:
interval: 10m0s
retryInterval: 30s
path: ./kustomize
prune: true
sourceRef:
kind: GitRepository
name: podinfo
targetNamespace: default

12
clank/apps/test/podinfo-source.yaml
View File

@ -1,12 +0,0 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: GitRepository
metadata:
name: podinfo
namespace: flux-system
spec:
interval: 5min
ref:
branch: master
url: https://github.com/stefanprodan/podinfo

13
clank/clusters/platform/platform.yaml
View File

@ -1,13 +0,0 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: platform
namespace: flux-system
spec:
interval: 10m0s
path: ./clank/platform
prune: true
sourceRef:
kind: GitRepository
name: flux-system
namespace: flux-system

16
clank/clusters/prod/darklight/app.yaml
View File

@ -1,16 +0,0 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: darklight
namespace: prod
spec:
interval: 10m0s
retryInterval: 30s
path: ./clank/apps/prod/darklight
prune: true
sourceRef:
kind: GitRepository
name: flux-system
namespace: flux-system
targetNamespace: darklight

16
clank/clusters/prod/wishlist/app.yaml
View File

@ -1,16 +0,0 @@
---
apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
kind: Kustomization
metadata:
name: wishlist
namespace: prod
spec:
interval: 10m0s
retryInterval: 30s
path: ./clank/apps/prod/wishlist
prune: true
sourceRef:
kind: GitRepository
name: flux-system
namespace: flux-system
targetNamespace: wishlist

5388
clank/platform/cert-manager/cert-manager.yaml
View File

File diff suppressed because it is too large Load Diff

21
clank/platform/cert-manager/certificate.yaml
View File

@ -1,21 +0,0 @@
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: clank
namespace: cert-manager
spec:
commonName: kjuulh.app
secretName: clank-cert
dnsNames:
- kjuulh.app
- "*.kjuulh.app"
issuerRef:
name: letsencrypt-issuer
kind: ClusterIssuer
secretTemplate:
annotations:
reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "platform,kube-system,wishlist,darklight" # Control destination namespaces
reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true" # Auto create reflection for matching namespaces
reflector.v1.k8s.emberstack.com/reflection-auto-namespaces: "platform,wishlist,darklight" # Control auto-reflection namespaces

16
clank/platform/cert-manager/cloudflare-secret.sealed.yaml
View File

@ -1,16 +0,0 @@
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
creationTimestamp: null
name: cloudflare-api-token-secret
namespace: cert-manager
spec:
encryptedData:
api-token: AgB8kf7TaAZpwTCn4aYNY5+aCpFyTPwVGLhQL8S6Muoss8/jz+9RIH7WPIxeyTlfjtTw8dzjro3SYfkZ9FHNiL8AS3/YDU9ZHoD1JTrlLB8j6lvPvuMbc0iXimNDWtU5KCwGwjC6gw6TNhnAns1EwMsCH93W2e9XUOYHz4NLxcaue284p0t9JgmtXLi220WCqoG7fs2hQo9dhYitcpmjnOEQRBA75t8paxc3jSA3BqKKeTm0KtYSgOENtahs/u3GQRmLu3y7L9epAyJOUCw1q23jgGZugAmDXY7b2gPXxAF0LMLrjI9l3UAl6FT0fUTrhQZxNZfurIFfV+yVFAkO2nGDlFWkN9xlxV8QzGPeTZEISI3/3aV5+MbJKV2bamOckh2q5Tj5xVAHB5pBc0CJzLpy8okmLnheNZXFRp/jlbH+D9p/sZErFt7TmvZfJS/GYCF/PRjzNwZlFWgiQ3ITTbGcEymXvfRS2NntsU1RCohUw4byAzYw/pxdGx7GA+irFTJyVQ2KwYdkR/P69PotHD0LGyHNWuLcrC1/kbq0lQtSvKHKUNbQM4jSVUweLgSYHlyxKft5F42eunR8BOG1EmUpdR2Y7U86HylwR5CxMJcpkO7a9EfoHDwMMegt1cgbPr37uXN+BKZ3uNUJ9AorZbvnrmFn7gAju+b3URTvaOldlCEaBA0fA8zfbF9lMFz1Lv6zzqOCGhXbOz/1wDUbGKjd2dS0pqIMmp7HOVEyP7TeW2LPJFdkj1F4
template:
data: null
metadata:
creationTimestamp: null
name: cloudflare-api-token-secret
namespace: cert-manager

25
clank/platform/cert-manager/cluster-issuer.yaml
View File

@ -1,25 +0,0 @@
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt-issuer
spec:
acme:
# You must replace this email address with your own.
# Let's Encrypt will use this to contact you about expiring
# certificates, and issues related to your account.
email: contact@kjuulh.io
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
# Secret resource that will be used to store the account's private key.
name: letsencrypt-issuer-secret
# Add a single challenge solver, HTTP01 using nginx
solvers:
- dns01:
cloudflare:
apiTokenSecretRef:
name: cloudflare-api-token-secret
key: api-token
selector:
dnsNames:
- 'kjuulh.app'
- '*.kjuulh.app'

19
clank/platform/cert-manager/create-secret.sh
View File

@ -1,19 +0,0 @@
#!/bin/bash
echo "Encrypt secret with 'sealed-secrets'"
kubectl -n default create secret generic cloudflare-api-token-secret \
--from-literal=api-token="$1" \
--namespace="cert-manager" \
--dry-run=client \
-o yaml > cloudflare-secret.yaml
echo "secret: $1"
kubeseal --format=yaml \
< cloudflare-secret.yaml > cloudflare-secret.sealed.yaml
echo "Updated/created secret"
rm cloudflare-secret.yaml

8
clank/platform/cert-manager/kustomization.yaml
View File

@ -1,8 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- cert-manager.yaml
- certificate.yaml
- cloudflare-secret.sealed.yaml
- cluster-issuer.yaml

9
clank/platform/kustomization.yaml
View File

@ -1,9 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- sources
- reflector
- traefik
- cert-manager
- sealed-secrets
- postgres

12
clank/platform/postgres/git.yaml
View File

@ -1,12 +0,0 @@
---
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: GitRepository
metadata:
name: postgres
namespace: postgres
spec:
interval: 5m
ref:
branch: main
url: https://github.com/CrunchyData/postgres-operator-examples

6
clank/platform/postgres/kustomization.yaml
View File

@ -1,6 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- namespace.yaml
- git.yaml
- release.yaml

4
clank/platform/postgres/namespace.yaml
View File

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: postgres

19
clank/platform/postgres/release.yaml
View File

@ -1,19 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: postgres
namespace: postgres
spec:
releaseName: postgres
chart:
spec:
chart: postgres
sourceRef:
kind: GitRepository
name: ./helm/install
namespace: postgres
version: "0.3.0"
interval: 1h0m0s
install:
remediation:
retries: 3

6
clank/platform/reflector/kustomization.yaml
View File

@ -1,6 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: reflector
resources:
- namespace.yaml
- release.yaml

4
clank/platform/reflector/namespace.yaml
View File

@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: reflector

18
clank/platform/reflector/release.yaml
View File

@ -1,18 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: reflector
spec:
releaseName: reflector
chart:
spec:
chart: reflector
sourceRef:
kind: HelmRepository
name: emberstack
namespace: flux-system
version: "6.1.47"
interval: 1h0m0s
install:
remediation:
retries: 3

252
clank/platform/sealed-secrets/controller.yaml
View File

@ -1,252 +0,0 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
annotations: {}
labels:
name: sealed-secrets-service-proxier
name: sealed-secrets-service-proxier
namespace: kube-system
rules:
- apiGroups:
- ""
resourceNames:
- sealed-secrets-controller
resources:
- services
verbs:
- get
- apiGroups:
- ""
resourceNames:
- 'http:sealed-secrets-controller:'
- sealed-secrets-controller
resources:
- services/proxy
verbs:
- create
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
annotations: {}
labels:
name: sealed-secrets-key-admin
name: sealed-secrets-key-admin
namespace: kube-system
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: secrets-unsealer
subjects:
- kind: ServiceAccount
name: sealed-secrets-controller
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations: {}
labels:
name: secrets-unsealer
name: secrets-unsealer
rules:
- apiGroups:
- bitnami.com
resources:
- sealedsecrets
verbs:
- get
- list
- watch
- apiGroups:
- bitnami.com
resources:
- sealedsecrets/status
verbs:
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- create
- update
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
namespace: kube-system
---
apiVersion: apps/v1
kind: Deployment
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
namespace: kube-system
spec:
minReadySeconds: 30
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
name: sealed-secrets-controller
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
spec:
containers:
- args: []
command:
- controller
env: []
image: docker.io/bitnami/sealed-secrets-controller:v0.17.5
imagePullPolicy: Always
livenessProbe:
httpGet:
path: /healthz
port: http
name: sealed-secrets-controller
ports:
- containerPort: 8080
name: http
readinessProbe:
httpGet:
path: /healthz
port: http
securityContext:
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1001
stdin: false
tty: false
volumeMounts:
- mountPath: /tmp
name: tmp
imagePullSecrets: []
initContainers: []
securityContext:
fsGroup: 65534
serviceAccountName: sealed-secrets-controller
terminationGracePeriodSeconds: 30
volumes:
- emptyDir: {}
name: tmp
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: sealedsecrets.bitnami.com
spec:
group: bitnami.com
names:
kind: SealedSecret
listKind: SealedSecretList
plural: sealedsecrets
singular: sealedsecret
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
spec:
type: object
x-kubernetes-preserve-unknown-fields: true
status:
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: v1
kind: Service
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
namespace: kube-system
spec:
ports:
- port: 8080
targetPort: 8080
selector:
name: sealed-secrets-controller
type: ClusterIP
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations: {}
labels:
name: sealed-secrets-service-proxier
name: sealed-secrets-service-proxier
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: sealed-secrets-service-proxier
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:authenticated
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations: {}
labels:
name: sealed-secrets-controller
name: sealed-secrets-controller
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: sealed-secrets-key-admin
subjects:
- kind: ServiceAccount
name: sealed-secrets-controller
namespace: kube-system

5
clank/platform/sealed-secrets/kustomization.yaml
View File

@ -1,5 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- controller.yaml

7
clank/platform/sources/emberstack.yaml
View File

@ -1,7 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: emberstack
spec:
interval: 30m
url: https://emberstack.github.io/helm-charts

6
clank/platform/sources/kustomization.yaml
View File

@ -1,6 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: flux-system
resources:
- emberstack.yaml
- traefik.yaml

7
clank/platform/sources/traefik.yaml
View File

@ -1,7 +0,0 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: traefik
spec:
interval: 30m
url: https://helm.traefik.io/traefik

38
clank/platform/traefik/ingress.yaml
View File

@ -1,38 +0,0 @@
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik-dashboard
namespace: kube-system
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`traefik.kjuulh.app`) # Hostname to match
kind: Rule
services: # Service to redirect requests to
- name: api@internal # Special service created by Traefik pod
kind: TraefikService
tls:
secretName: clank-cert
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: wishlist
namespace: wishlist
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`wishlist.kjuulh.app`)
kind: Rule
services:
- name: wishlist
kind: Service
namespace: wishlist
port: 80
tls:
secretName: clank-cert

6
clank/platform/traefik/kustomization.yaml
View File

@ -1,6 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
# - release.yaml
- traefik.values.yaml
- ingress.yaml

19
clank/platform/traefik/release.yaml
View File

@ -1,19 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: traefik
namespace: kube-system
spec:
releaseName: traefik
chart:
spec:
chart: traefik
sourceRef:
kind: HelmRepository
name: traefik
namespace: flux-system
version: "10.19.5"
interval: 1h0m0s
install:
remediation:
retries: 3

62
clank/platform/traefik/traefik.values.yaml
View File

@ -1,62 +0,0 @@
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
namespace: kube-system
spec:
failurePolicy: abort
valuesContent: |-
logs:
general:
level: INFO
providers:
kubernetesCRD:
enabled: true
allowCrossNamespace: true
allowExternalNameServices: true
# ingressClass: traefik-internal
# labelSelector: environment=production,method=traefik
namespaces:
- "default"
- "kube-system"
- "wishlist"
- "darklight"
kubernetesIngress:
enabled: true
allowExternalNameServices: true
allowEmptyServices: true
# ingressClass: traefik-internal
# labelSelector: environment=production,method=traefik
namespaces:
- "default"
- "kube-system"
- "wishlist"
- "darklight"
# IP used for Kubernetes Ingress endpoints
publishedService:
enabled: true
# Published Kubernetes Service to copy status from. Format: namespace/servicename
# By default this Traefik service
# pathOverride: ""
service:
enabled: true
type: LoadBalancer
annotations:
"load-balancer.hetzner.cloud/name": "clank"
# make hetzners load-balancer connect to our nodes via our private k3s
"load-balancer.hetzner.cloud/use-private-ip": "true"
# keep hetzner-ccm from exposing our private ingress ip, which in general isn't routeable from the public internet
"load-balancer.hetzner.cloud/disable-private-ingress": "true"
# disable ipv6 by default, because external-dns doesn't support AAAA for hcloud yet https://github.com/kubernetes-sigs/external-dns/issues/2044
"load-balancer.hetzner.cloud/ipv6-disabled": "true"
"load-balancer.hetzner.cloud/location": "fsn1"
"load-balancer.hetzner.cloud/type": "lb11"
"load-balancer.hetzner.cloud/uses-proxyprotocol": "true"
additionalArguments:
- "--entryPoints.web.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
- "--entryPoints.websecure.proxyProtocol.trustedIPs=127.0.0.1/32,10.0.0.0/8"
- "--entryPoints.web.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
- "--entryPoints.websecure.forwardedHeaders.trustedIPs=127.0.0.1/32,10.0.0.0/8"
- "--providers.kubernetescrd.allowCrossNamespace=true"

28
pub-sealed-secrets.pem
View File

@ -1,28 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIEzTCCArWgAwIBAgIRAKEa+ZM214zPc+OIpLSmfxIwDQYJKoZIhvcNAQELBQAw
ADAeFw0yMjA1MDgyMDI4MjZaFw0zMjA1MDUyMDI4MjZaMAAwggIiMA0GCSqGSIb3
DQEBAQUAA4ICDwAwggIKAoICAQC5S/jTgBcc3GbSCl1S7Do3SnX7HUrlgvIWYTLi
6D2+l3Bvpkb70kGi8pXN3N+Ijv3dQEu847G1jsiTKjcT8CAEGh6PSK6VmTUHQNzE
TXYusmde66Ob4806DQtG/nEP9tt3N+ZrgCLB2lrD6P7OHO4Eiw+f5eWvKqF1zH8M
MS98/Gwrf2rjVfkfy+wreFFOcJd9hX1+rR12JVd6FWC/5jesmTdmw6nZEiTc7sFf
qN3GEQQFG15dwlmFk8WueZxYcMhcXxQGzMBa292LvpWs15+vAum0/n+o9dOu4FaJ
3V9Qj2A4e35dd39Rm1rCAfpFNu7euYUM88K5/sbH+8Iswk2mm/MnFO2+G+U24uij
PIsoLz5G0vHNpbSzjqTP/oBMwyfgcu8m2im+X5XBFIP5kFM5fJhPbTIxNLah1OxJ
dLnc5ymSxIVOSh6lyO3vkwxeBI7jowzQWpisXHav8H5eFeTWvg3kOJuhZgV+kQOd
WUohsKB8BJh1psrk/Yo4TvMAnj/gfXRRvXBbOeydHU+PlAVJKWfpFx3yOnC5/XuP
SGCY52NfCP+Hy0L+uQJ6y6xVVwG4xJkPCsMlP7zpcwtmsgd/cBHP3gvoK6Hly8DZ
z06bs2BdeVkARUghd8y6o4paXZxde74OLMQYgILR1MYA6w0NyLFp6fmbFlYMnnfp
lwsmIQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAAEwDwYDVR0TAQH/BAUwAwEB/zAd
BgNVHQ4EFgQUPXJCXyBH0esFFwXjkJ3k/ID9Yg0wDQYJKoZIhvcNAQELBQADggIB
AE6s5RCqmFTH/c3I18mFBVQd5pSi/Tp1JJIslBIa11cyp9HUf45iUti93k6ngcAU
yRsp/qgOVHgBrRCNls6ftg4KvKrDbpvsjQ/j5ppsdQhXKXXfUBowuY7OdapC5td1
QErT6c2R4zhuSQog5D/YqnEK/z2CuVd3Fr2HM6vHF8HXrmAe4FNuUi8JQSJzbVzw
QuZW8LbWuFrf/F6x9vNBdmNaLKEsz/hiVDGmygdpgBjzaVIYMCP9DauupxgXxtL6
ojg8gWCJvFwbegci6MPXWLSs9pPXH8sso6z9nQcMSlKcHaG4EP5cTiGOc1Mc3G8F
a+TcldQovT49AjEtRkI3e607Pjj1Q+ygMevJ2/IOXGPUHfRPAaix19v58yievcHl
g9lY6rTjT4anzUnkOFsTqU+RMLH+4UaPqsmws0y+m8TCK/Z2iLdhL9Kby0r4AwhB
wjGv8kH/mkL2MZWSramBvPnn/hJ5fEky5M83J/Lg/BfXyncIODu7G/I2f4AJJqXw
9e8wpa9eJ6vRstVnPqBbZSxz0YS8z5oIhElOmVP7Swbhm40lCaSgocc76fER6rTx
HIYZP2zOtSdnP9GuR4IXlMbEaGA9y/B4LBNPWtYH+atRhxCQuI5CQFcZ5hZptQ7P
7gY+thU0IL50aLgWTu0GhlZ+gGXG5poyBp3zYgm6tQvT
-----END CERTIFICATE-----