From a6bb35d988d23f1aa4e7a7bf3fc0f0434cebe492 Mon Sep 17 00:00:00 2001 From: Florian Marrero Liestmann Date: Sat, 14 Dec 2024 23:03:58 +0100 Subject: [PATCH] Merge spark deployment of master and history server --- docker/playground/Dockerfile | 9 +++- k8s/clickhouse/base/secrets.yaml | 34 ++++++------ k8s/dagster/base/secrets.yaml | 16 +++--- k8s/minio/base/secrets.yaml | 34 ++++++------ k8s/nessie/base/secrets.yaml | 20 +++---- k8s/spark/base/history-server-deployment.yaml | 53 ------------------- k8s/spark/base/history-server-service.yaml | 14 ----- k8s/spark/base/kustomization.yaml | 2 - k8s/spark/base/master-deployment.yaml | 41 ++++++++++++++ k8s/spark/base/master-service.yaml | 3 +- k8s/spark/base/secrets.yaml | 48 ++++++++--------- k8s/spark/base/worker-deployment.yaml | 12 ++++- k8s/trino/base/secrets.yaml | 24 ++++----- 13 files changed, 150 insertions(+), 160 deletions(-) delete mode 100644 k8s/spark/base/history-server-deployment.yaml delete mode 100644 k8s/spark/base/history-server-service.yaml diff --git a/docker/playground/Dockerfile b/docker/playground/Dockerfile index f38ad04..533ba1f 100644 --- a/docker/playground/Dockerfile +++ b/docker/playground/Dockerfile @@ -1,6 +1,11 @@ # syntax=docker/dockerfile:1 FROM ghcr.io/fxttr/spark:latest +ARG USERNAME=spark +ARG USER_UID=185 + +USER root + RUN apt update && apt upgrade -y && \ apt install -y --no-install-recommends \ python3 \ @@ -29,8 +34,10 @@ COPY conf/ipython/startup/README /root/.ipython/profile_default/startup COPY conf/notebook ${BIN_DIR}/notebook COPY conf/notebook ${BIN_DIR}/pyspark-notebook -RUN chmod u+x ${BIN_DIR}/notebook && chmod u+x ${BIN_DIR}/pyspark-notebook +RUN chown ${USERNAME} ${BIN_DIR}/notebook && chmod u+x ${BIN_DIR}/notebook +RUN chown ${USERNAME} ${BIN_DIR}/pyspark-notebook && chmod u+x ${BIN_DIR}/pyspark-notebook EXPOSE 8888 +USER ${USER_UID} CMD ["notebook"] \ No newline at end of file diff --git a/k8s/clickhouse/base/secrets.yaml b/k8s/clickhouse/base/secrets.yaml index 63adc57..8005b79 100644 --- a/k8s/clickhouse/base/secrets.yaml +++ b/k8s/clickhouse/base/secrets.yaml @@ -4,8 +4,8 @@ metadata: name: clickhouse-operator-secret type: Opaque stringData: - username: ENC[AES256_GCM,data:8jCUAhnVdgxuKLnwKlrg3Xhstg==,iv:II1ngue3DKTRPk0it/Q/Kg9Js/gNzQNL2R57a4Zs7no=,tag:GoR5HHKbNAnUOjaom7dePQ==,type:str] - password: ENC[AES256_GCM,data:Flq2sW9Hvy5ScF9jtKKq8RhOpN9NPlOS3A==,iv:nufP1R/HbMZ30+AhIFSzFVtoZGA5i4xvgmb4p2B0xrk=,tag:rdmRbjBxdyRAUpQRmNXy0g==,type:str] + username: ENC[AES256_GCM,data:X0njqHUNdmV1jDoxHaa1OL3awA==,iv:6MtaR6p/B37sKk4N5CJ5tMGsK3N/q3DreU5gdglQsv4=,tag:16ujsWSTLP+SXNSDbeDjiw==,type:str] + password: ENC[AES256_GCM,data:ID8c1MTkbDfebof2y2U0c9oj/Wm/mw9p8Q==,iv:EaECKCAEiLJIK14Dx5tIC7ImXEBa4nyV8QGmTf6T7wk=,tag:/+7qOiGksmaG7M8WODjqNA==,type:str] sops: kms: [] gcp_kms: [] @@ -15,14 +15,14 @@ sops: - recipient: age1dwu9ccy3t86c4tgd4ufs4jkmv572jfflkvdejm5kvjf95r3qsgus847qgd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySnkvbUFhK25xdURYSHUv - UHZPb0dmbU9VQ083bEJYWngwUG91ZHFUYVdRCm13Y0xmU25Kb2JJOGQzWW9XSDlS - ak82Y0JKYWdHZzBHVmw2L2RQVW9MQnMKLS0tIEx5a3FPYzVGZ3BkeG5DWjRJU1ZN - MU9qOHFYZHFURzV2MkwzZldFY0pWN2sKspB2jhBXZDsQGwma902Z8jtjAiew4Ug8 - Hc6ZPrBhHhiqWw4yRDYV2f9wx/YjtA8/vakkEn9SOImjJmIZ7/jlWg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhMnBEKzIwSUtvMDkxSzdB + dkM0Z2x1UEE5RStGTDBjSEFjMEhFR0I3M0dFCmZVSzZnb1BxMk9CZk14UHVkclN2 + czNpTk1kT0JreWRPSER4MTBJWEhEZE0KLS0tIFhPeFVXeU43QVF6b0h1ZUNpWXZy + MjBYd2ZZYkRqaXJHUmpWN3Q3M2pDcFkKexMvNLMyFLARYxO48Wq04WrIPP+tdp7k + cmGuNAngFm1E3gh4J7TgRtDbKjm+klAGklpaX2q7vSb7MleMYAkyng== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-14T21:02:24Z" - mac: ENC[AES256_GCM,data:psdLcNIZwVHkSIinyJZf4dhVc0n88iKMvL3neQ37k0OUNuolDjKuKgDnzrIFCaA+lKAj+d2IFWhPj0XhyANqrwP4Qb4CXr6ca8iT8IFsIVzDVaiHiijtOHcoY+H+kyA7TG4NA3d2EIon9HsRe9DnSqpnTRlZIu9e1TGP6agL60g=,iv:CLQDlaSyKSNuaLlIzlhpwakXQmDYUhqj8FBxCveoeTE=,tag:BhpVMCYUwDapGypaU/Fa6Q==,type:str] + lastmodified: "2024-12-14T22:01:43Z" + mac: ENC[AES256_GCM,data:Zj7SEBAvZ/4T2Iga6wGw1bugTYzcmxH+3GhFsropt7O+vtH27vy32aqY/Fa+6IkoPerZBxBh9PzPNQ8wkt7Wh8oBoTR1Cdc1J42YltFbncCrqU+UrOVDMfaBxOpSQ9o1RmEBOvjp3KFmnM9NjlWq165ORs7BYvfSOvWmsCf29Ho=,iv:ED7/+YXkhxr//OwjnGs75VIu+oTujFXwGFTqVxzwUic=,tag:RheBnT30efJw+MqTNtYiSw==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.9.1 @@ -33,7 +33,7 @@ metadata: name: clickhouse-user-secret type: Opaque data: - password: ENC[AES256_GCM,data:tdoFFmfpIhFj0WPZdXyZAA==,iv:quVnu3XQJrgAXLcg4Hi0KtYKy/3cFMQ3DdnceTgNcIA=,tag:C8UKmCDUC3VHmtw4etTvOg==,type:str] + password: ENC[AES256_GCM,data:6WNJIxoSr7KT2ZUVg+RuIg==,iv:n6dj1LrNrhz/9L1YeDtbi0FD+nUEezzjgGJHRA0qOqk=,tag:2n2/o1lNluGq0J5BzROCUQ==,type:str] sops: kms: [] gcp_kms: [] @@ -43,14 +43,14 @@ sops: - recipient: age1dwu9ccy3t86c4tgd4ufs4jkmv572jfflkvdejm5kvjf95r3qsgus847qgd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySnkvbUFhK25xdURYSHUv - UHZPb0dmbU9VQ083bEJYWngwUG91ZHFUYVdRCm13Y0xmU25Kb2JJOGQzWW9XSDlS - ak82Y0JKYWdHZzBHVmw2L2RQVW9MQnMKLS0tIEx5a3FPYzVGZ3BkeG5DWjRJU1ZN - MU9qOHFYZHFURzV2MkwzZldFY0pWN2sKspB2jhBXZDsQGwma902Z8jtjAiew4Ug8 - Hc6ZPrBhHhiqWw4yRDYV2f9wx/YjtA8/vakkEn9SOImjJmIZ7/jlWg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhMnBEKzIwSUtvMDkxSzdB + dkM0Z2x1UEE5RStGTDBjSEFjMEhFR0I3M0dFCmZVSzZnb1BxMk9CZk14UHVkclN2 + czNpTk1kT0JreWRPSER4MTBJWEhEZE0KLS0tIFhPeFVXeU43QVF6b0h1ZUNpWXZy + MjBYd2ZZYkRqaXJHUmpWN3Q3M2pDcFkKexMvNLMyFLARYxO48Wq04WrIPP+tdp7k + cmGuNAngFm1E3gh4J7TgRtDbKjm+klAGklpaX2q7vSb7MleMYAkyng== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-14T21:02:24Z" - mac: ENC[AES256_GCM,data:psdLcNIZwVHkSIinyJZf4dhVc0n88iKMvL3neQ37k0OUNuolDjKuKgDnzrIFCaA+lKAj+d2IFWhPj0XhyANqrwP4Qb4CXr6ca8iT8IFsIVzDVaiHiijtOHcoY+H+kyA7TG4NA3d2EIon9HsRe9DnSqpnTRlZIu9e1TGP6agL60g=,iv:CLQDlaSyKSNuaLlIzlhpwakXQmDYUhqj8FBxCveoeTE=,tag:BhpVMCYUwDapGypaU/Fa6Q==,type:str] + lastmodified: "2024-12-14T22:01:43Z" + mac: ENC[AES256_GCM,data:Zj7SEBAvZ/4T2Iga6wGw1bugTYzcmxH+3GhFsropt7O+vtH27vy32aqY/Fa+6IkoPerZBxBh9PzPNQ8wkt7Wh8oBoTR1Cdc1J42YltFbncCrqU+UrOVDMfaBxOpSQ9o1RmEBOvjp3KFmnM9NjlWq165ORs7BYvfSOvWmsCf29Ho=,iv:ED7/+YXkhxr//OwjnGs75VIu+oTujFXwGFTqVxzwUic=,tag:RheBnT30efJw+MqTNtYiSw==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.9.1 diff --git a/k8s/dagster/base/secrets.yaml b/k8s/dagster/base/secrets.yaml index d820797..ec25792 100644 --- a/k8s/dagster/base/secrets.yaml +++ b/k8s/dagster/base/secrets.yaml @@ -6,7 +6,7 @@ metadata: app: dagster-database type: Opaque data: - postgresql-password: ENC[AES256_GCM,data:5d+Nso/M+17NUB/dCWS1XpGZjgFRGz1X,iv:mU/gg3F62LXhsMimpuRQDDgJ2vj7Jc1VIeQH1+Q5aYY=,tag:sDRqGDnScdxvHXcwOeoc8Q==,type:str] + postgresql-password: ENC[AES256_GCM,data:KvQ+HpwvZECXqpOgqwal+VC1rH2mG1RL,iv:SYeveUfQSMZKYUBppQAmqYdJt8bP79eXi0cm0stTUo8=,tag:l5kAmVL0kyHEHxZ5jaWgjg==,type:str] sops: kms: [] gcp_kms: [] @@ -16,14 +16,14 @@ sops: - recipient: age1dwu9ccy3t86c4tgd4ufs4jkmv572jfflkvdejm5kvjf95r3qsgus847qgd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJSDY2ZHEzMGYweGRiTUZh - SkZXSHJLUWxZUUh5SFRKV3hpQ0ExNUpvdVNJCm9KeFVhV3p5SmZGMU1kcmZTN1do - dHdJVUZpTWw0WDhjVVZUU1B2TnFtRkkKLS0tIE96QXNlOTBwU01PMTVjOGszc0Nv - cXBvRWg4VVFYZnVGbEt1TGFxZ0ZZVEEKxY4H/xrk4O3T6+1tc79VKEL6AV98eYe3 - 7AM7kx1INxjG71W9ZGNXqlcM+mNr+EE8EjEVcXgAtZdl6p2RR3afBQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBRDlDTjBFbGhMQ2QzTzFa + N1BhcjUzTVFxbFUxU2lZOFllM2h3S2laeWdzCjRBTzhWdjBzK2p5QkNIdWQwK2N6 + SVlveGpzSXFiVGliMDhhQURqVllKWHcKLS0tIGtFTTVuRnI3ZXZka3J3Y3dvZ3FL + SWFhc3kwWXZlOWxOQmtuRTFBaTlHVXcKRJJyap7Osgh+jv+yp+Y0vroKNVEuS8Mo + SVWYbfytqaGD+Rsj8xOv2U9R+QP3c+tjauY6V0OwzVVVeN0or/QT7w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-14T21:02:25Z" - mac: ENC[AES256_GCM,data:sOOuanYMLjoOjbO6ff1odRCv4PwaKepd1ilvnQex6AnsxWhSlf8g9u29yW6hZ7NNO9J62CQ+tMotS05oQcXS64TJaCe1aRsluY0IGrRRQcRoTS8tgGppi17gL+hLbO+Oe4VzxJRvwZYEu41KSIsO5gKfZCx0Fnggo/Dyz2Fgr3c=,iv:alBW8LJf6WTJcXy6LIMENXIk8DuZLym+JrOlHXqqjQ0=,tag:8+6deznjAc2lp2Voh+NUpA==,type:str] + lastmodified: "2024-12-14T22:01:43Z" + mac: ENC[AES256_GCM,data:lj8A62GqFpBoXcGg4jJM53Epg7H8B6TF/3jpjIQTjG76ZXBq2R0cO42HWxyBJhrVyVmHIhamxeGP2nbJhOdxaUbfiz3uYFtdWTlMYuWu/ucWVR6Rzjj49zorQv4Xfg1vjOvs6QwmEqIaZchWWcRynoW2rCKKAWDr1aQfSicXi/I=,iv:DkdLnjd/oEO3GQnTa2xPRlqTGrxXJsinW+VYRbdsGUg=,tag:TWI60+wgmsfCSG6U/NlcUw==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.9.1 diff --git a/k8s/minio/base/secrets.yaml b/k8s/minio/base/secrets.yaml index 696ff81..a200450 100644 --- a/k8s/minio/base/secrets.yaml +++ b/k8s/minio/base/secrets.yaml @@ -4,7 +4,7 @@ metadata: name: storage-configuration type: Opaque stringData: - config.env: ENC[AES256_GCM,data:jc7YoExX/tx4mdLslTJONh53VS9kNAfB+J2i72PhUXTCHCPgTTtmPs3mqT5OnE5HBURyXUg31pxoq/KH/nL/Dt2DyIhN7qtOhcC25XkdkUASiI1ObOko/qmlAH9bYPkmoo6Ch/i9OskiUnOw0wKAVCw3Uttzbg9/sp9qjKa1ktSsvvVYLf+Y1L/WxQQR,iv:yS4stIbr+kSqCgQyhwrlIGBVQHH68EPJEMyKPNvoEms=,tag:xuEscpItwrAQ2WTohm0m4g==,type:str] + config.env: ENC[AES256_GCM,data:v4jpzsTRhlJoegg7fevyEs41alM1/gRnrX9ZvpuQypuIpzmtKKaRDuFSojkA71gxQcjb8/m+fZ3emjgC4noh2EjW8hgCEjRFVnX0OM7LFoAOl2kgNB1o8IkQWQiLClbljr5IqcByf+iDxtiZRFOEPL/lkRTYN1GVQzPH/25+KhA3sNdQcO2/EWjA4MZc,iv:sbVqB14HVZgpppobmENQYR5+y0G48dyxKpHmt/tlKsM=,tag:dFDJgWzwE8vOEbjeCJkRwQ==,type:str] sops: kms: [] gcp_kms: [] @@ -14,14 +14,14 @@ sops: - recipient: age1dwu9ccy3t86c4tgd4ufs4jkmv572jfflkvdejm5kvjf95r3qsgus847qgd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKY28yY2l2TmJxZUNIMlJy - bzkyOFdlTDdIZ0lrRDBnRjBkL2lCaWFBNkVVCnRUYm8ySE4rM3hWNExpS3Y1TVdh - aC8zN3ZZT3Rac2t3R0VDMzZLT0QyZDQKLS0tIEV3Q2dhTmhSUkJxaytrdW1TWlA3 - TXR5SmhOV1lCOHNnV21pR3d4MnB1NlkKZbhrP7nfIAOt5BFZnx2SJvYvegqKqkMK - r4zNkacSIzKxFXqzd1yS6hhvqtZ/FU7I5eR6MZ6EVhNb5iMei1XXGQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0aUtXdHMzME5qTWlOM1NR + Njhlb0tFK0doZElTNVdaR0Z2N3NWbGJrem5BCkE3QTJHU1k4MFpiSlhYYUNqd1JQ + bEtYRFluV0thdHVFcUtVa0pmYTlqb2MKLS0tIFRNckhGUzU3YVRMZ1FndXppTWRZ + bDZCWm5KUVNYQ1c2K25JUnkyOUdxMkUK8YsVu+A50Y33ONDCzO5iRodQcQNMY2e4 + JJ0gIhLIejJs/Jb739/h/8uOonC5IwUgOVF7YZKXXkyTNtJ6eAFrcA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-14T21:02:25Z" - mac: ENC[AES256_GCM,data:p+DRG3i55HKL+M0yyWB2F8rjjJfIk6RZ4A2YuYBTTSoMTwPxeHK51NOHgnAocKuD769hpIiRugfpc5j2C8aaMhNMBK6i3liAnrEyp99rsyXSN3YuQ32u6QMwkdC1yLRjphTST5/HRgc5Pkz5qWwSI55bMf8+ZsJdDo4FIJ5O+RY=,iv:I4bJrkmGgHLL8imjVT+AUYqc0lE/FGhx9OwTPAWUE6c=,tag:OjpF9+m5HA1gcLtPIaaG7w==,type:str] + lastmodified: "2024-12-14T22:01:43Z" + mac: ENC[AES256_GCM,data:Ovcl1g1UTnJJ3toIDDjTtcpVyIFp7XhcL72xsZWBWpNFaGIpa+7gZ7CHn3NsqPYmaT9ZXcm8BY6Eg6Mk4SKYX9puvrB5swlvEUuCANIkUqM8nPDGt3WQrs0BKTKn8i1ZTbaG21ZbyA2xKj/JspRZo9SAK7IXWdrB+4ZhXuaVlbE=,iv:ZaoZNLQjS/sdtGiwP3s+CAlFUedhTZ33K7roR3vcSrA=,tag:5jLMMEMSk6Fgok+irAnJVQ==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.9.1 @@ -32,8 +32,8 @@ metadata: name: storage-user type: Opaque data: - CONSOLE_ACCESS_KEY: ENC[AES256_GCM,data:sWVN6j4pYwIfsZ7z,iv:SSa36EN2HlUE5chPKloJ4tat8x+wIinCXF6kADRmgVo=,tag:n6JPNDIwxNEtZFz24Rq/dQ==,type:str] - CONSOLE_SECRET_KEY: ENC[AES256_GCM,data:PlssLY+f4jUQZsrZ5TIgmA==,iv:dv+EDkElpmUhx1EZv4faMrt72TsTmHW2v8OWf7upMBQ=,tag:GfwppQBEf1BH9yxD8NZaEg==,type:str] + CONSOLE_ACCESS_KEY: ENC[AES256_GCM,data:mqG+6jN+WIlTBPlS,iv:er3c5nIAKP3srOm+nP+CcDseHb5yzrMo/9Ia6Wt+UbQ=,tag:rpWi9sEs5B8nxUOhJmnV3A==,type:str] + CONSOLE_SECRET_KEY: ENC[AES256_GCM,data:JG+1z/VorEc8PTDqSLFs5Q==,iv:y6nMi5tju8MLQSos9Zn93N0LMa7fYaBEvXGJivp2N4I=,tag:qOyTF5ayOuFhNNHuKmvhvA==,type:str] sops: kms: [] gcp_kms: [] @@ -43,14 +43,14 @@ sops: - recipient: age1dwu9ccy3t86c4tgd4ufs4jkmv572jfflkvdejm5kvjf95r3qsgus847qgd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKY28yY2l2TmJxZUNIMlJy - bzkyOFdlTDdIZ0lrRDBnRjBkL2lCaWFBNkVVCnRUYm8ySE4rM3hWNExpS3Y1TVdh - aC8zN3ZZT3Rac2t3R0VDMzZLT0QyZDQKLS0tIEV3Q2dhTmhSUkJxaytrdW1TWlA3 - TXR5SmhOV1lCOHNnV21pR3d4MnB1NlkKZbhrP7nfIAOt5BFZnx2SJvYvegqKqkMK - r4zNkacSIzKxFXqzd1yS6hhvqtZ/FU7I5eR6MZ6EVhNb5iMei1XXGQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0aUtXdHMzME5qTWlOM1NR + Njhlb0tFK0doZElTNVdaR0Z2N3NWbGJrem5BCkE3QTJHU1k4MFpiSlhYYUNqd1JQ + bEtYRFluV0thdHVFcUtVa0pmYTlqb2MKLS0tIFRNckhGUzU3YVRMZ1FndXppTWRZ + bDZCWm5KUVNYQ1c2K25JUnkyOUdxMkUK8YsVu+A50Y33ONDCzO5iRodQcQNMY2e4 + JJ0gIhLIejJs/Jb739/h/8uOonC5IwUgOVF7YZKXXkyTNtJ6eAFrcA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-14T21:02:25Z" - mac: ENC[AES256_GCM,data:p+DRG3i55HKL+M0yyWB2F8rjjJfIk6RZ4A2YuYBTTSoMTwPxeHK51NOHgnAocKuD769hpIiRugfpc5j2C8aaMhNMBK6i3liAnrEyp99rsyXSN3YuQ32u6QMwkdC1yLRjphTST5/HRgc5Pkz5qWwSI55bMf8+ZsJdDo4FIJ5O+RY=,iv:I4bJrkmGgHLL8imjVT+AUYqc0lE/FGhx9OwTPAWUE6c=,tag:OjpF9+m5HA1gcLtPIaaG7w==,type:str] + lastmodified: "2024-12-14T22:01:43Z" + mac: ENC[AES256_GCM,data:Ovcl1g1UTnJJ3toIDDjTtcpVyIFp7XhcL72xsZWBWpNFaGIpa+7gZ7CHn3NsqPYmaT9ZXcm8BY6Eg6Mk4SKYX9puvrB5swlvEUuCANIkUqM8nPDGt3WQrs0BKTKn8i1ZTbaG21ZbyA2xKj/JspRZo9SAK7IXWdrB+4ZhXuaVlbE=,iv:ZaoZNLQjS/sdtGiwP3s+CAlFUedhTZ33K7roR3vcSrA=,tag:5jLMMEMSk6Fgok+irAnJVQ==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.9.1 diff --git a/k8s/nessie/base/secrets.yaml b/k8s/nessie/base/secrets.yaml index 1a2ba44..1f91768 100644 --- a/k8s/nessie/base/secrets.yaml +++ b/k8s/nessie/base/secrets.yaml @@ -6,9 +6,9 @@ metadata: app: nessie-database type: Opaque data: - db: ENC[AES256_GCM,data:fJYr5gT8l/4=,iv:0pxQ1ARQHQoW2WsZkqmH4jgobgCypg01bRsMMctTNoA=,tag:q5WAB3FDD6gzA6cKHl5BnQ==,type:str] - username: ENC[AES256_GCM,data:ds+mPO7eE3Y=,iv:yD1FfYg1J1hgtSfVYMdcTfgUK/mXHlQyCWOGWSq1d68=,tag:YcF4gAfJDyXEZrPQ/fMqWQ==,type:str] - password: ENC[AES256_GCM,data:Hmidu+M1x+KCnTfeb1IsQg==,iv:+i1puk7HMK6ZxXNS8g1K9iPanUabRz9fvy/aW1m2KQ0=,tag:khv6SUIIaDWzihdreGakhA==,type:str] + db: ENC[AES256_GCM,data:XxnMEgqG/yo=,iv:nvhPS88rwT6dHQqpqojs/WgNz6F/xvB7QIuJUndHRvU=,tag:PkNGPcuvzhKT01/bBH6kzA==,type:str] + username: ENC[AES256_GCM,data:Z052Nq/Hipo=,iv:QoD7+ZvzNf4hNRrN+CweA+fupVJvfc0/5p81QzSuKSY=,tag:Ji+tPjH78JnYKPyPL+9WIA==,type:str] + password: ENC[AES256_GCM,data:P058yJLklg5vzUUXL1Sq1g==,iv:LV5Yq4EZ4cnF8HkZTRN2cKn2j2u/KkqYue1n0kXC7hQ=,tag:J8kqkW1wxNO09XazOfO/pA==,type:str] sops: kms: [] gcp_kms: [] @@ -18,14 +18,14 @@ sops: - recipient: age1dwu9ccy3t86c4tgd4ufs4jkmv572jfflkvdejm5kvjf95r3qsgus847qgd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ejJuOHZ4aE9zc0lNYWJ1 - TmZWVnJ5QzJEdHIwZmFmd1AvM3ZIY0tvZmcwCnl1NFFITUJCL2E0NlRLYnRqeUV1 - QUh6cVNJVzNDbStRS3ozWnhmcmdxUDgKLS0tIDhFOEMwWitxWDNLUDZxZ05QZEFF - RlVva0FTcUFMYUlaUkJRd3BIK241aFUK6p9nf0OJTPjXnMegtHfYaJJhrKryZ3In - LWq4PWcrP/VA3TmogeBs/5w/zAXHCeZrkIsfqiOC7VNu+nvMP5L2Xw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKRmp4NUthY0R2L0FIT2hU + cHBWL085KyttOU92ZEozQjV5anFDZ000V3g0CldXcjlieGpFcnRMVTVNbmZJbnJu + eU1yOFNYZy9SdG9uZnVaMVRzeUN3Q0kKLS0tIHV4SU14SklVV3M5NjhtVWgwcGlj + bnJGakd0dEw5QmlWSUkvalFqSU0rMnMKZED/lMQMIPlBZfcr8neLgiD69QP92JYl + D2BDmiaJ6sbB1AWsyJ9Z048ct/+EfVLaO3cy8s9TZBVbg0wK3NTfpg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-14T21:02:25Z" - mac: ENC[AES256_GCM,data:+JRiWREXdL69uWP9iittTQENPWKSEyFy3dou2oRKbSE3AzP8syursf9QrOdqV3BryRSoXPf5jw2nAiZT13LvcUY4mUBsPKxF2Fo/r0aO3aoadJEwEOGQHp87P73b7teHnAggkzuPC77SiTL3OaXqfXFQ42rkjLfVoeSQU+VupvA=,iv:fRCcnsuT6PBTLD8rcTJZFGwirYxmO/UedB3zS9+atFI=,tag:9NV6TGYTq5D6PSIubZocaQ==,type:str] + lastmodified: "2024-12-14T22:01:43Z" + mac: ENC[AES256_GCM,data:XoDzfvXQvTRfAkfu9EOMunFOm8pKeBnWf1RgLILG68O1h8b/GoZwHISgMHGa/q5Sq9uRp074h9juuCmk6wCC236QSY7lfq7ijwBVFxqElq3fxM4/N3DCiycrfS0hxBQnoZbmmUwf4WBFdfp8pGlvaOR0no00EB0e0y7rmLZkcgs=,iv:3LLQMKxR4glCT+moS5272JDRCWVCEq0MdJKZLkwuNo4=,tag:WBCNirCz3beOImhZ34T5gg==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.9.1 diff --git a/k8s/spark/base/history-server-deployment.yaml b/k8s/spark/base/history-server-deployment.yaml deleted file mode 100644 index c132112..0000000 --- a/k8s/spark/base/history-server-deployment.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: spark-history-server - labels: - app: spark - component: history-server -spec: - replicas: 1 - selector: - matchLabels: - app: spark - component: history-server - template: - metadata: - labels: - app: spark - component: history-server - spec: - serviceAccountName: spark - imagePullSecrets: - - name: dockerconfigjson - containers: - - name: spark-history-server - image: ghcr.io/fxttr/spark:latest - imagePullPolicy: Always - command: - - "start-history-server.sh" - ports: - - containerPort: 18080 - env: - - name: SPARK_MODE - value: "history-server" - - name: SPARK_NO_DAEMONIZE - value: "true" - - name: SPARK_HISTORY_OPTS - value: "-Dspark.history.fs.logDirectory=/opt/spark/logs -Dspark.history.ui.port=18080" - envFrom: - - secretRef: - name: spark-env - resources: - requests: - memory: "1Gi" - cpu: "1" - limits: - memory: "4Gi" - cpu: "2" - volumeMounts: - - mountPath: /opt/spark/logs - name: spark-logs - volumes: - - name: spark-logs - emptyDir: {} \ No newline at end of file diff --git a/k8s/spark/base/history-server-service.yaml b/k8s/spark/base/history-server-service.yaml deleted file mode 100644 index b932316..0000000 --- a/k8s/spark/base/history-server-service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: spark-history-server - labels: - app: spark -spec: - ports: - - port: 18080 - name: history-server-ui - selector: - app: spark - component: history-server - type: LoadBalancer diff --git a/k8s/spark/base/kustomization.yaml b/k8s/spark/base/kustomization.yaml index a71dc1b..69fd152 100644 --- a/k8s/spark/base/kustomization.yaml +++ b/k8s/spark/base/kustomization.yaml @@ -9,6 +9,4 @@ resources: - master-service.yaml - worker-deployment.yaml - worker-service.yaml - - history-server-deployment.yaml - - history-server-service.yaml - secrets.yaml \ No newline at end of file diff --git a/k8s/spark/base/master-deployment.yaml b/k8s/spark/base/master-deployment.yaml index 97164b7..7abce30 100644 --- a/k8s/spark/base/master-deployment.yaml +++ b/k8s/spark/base/master-deployment.yaml @@ -20,6 +20,12 @@ spec: serviceAccountName: spark imagePullSecrets: - name: dockerconfigjson + securityContext: + runAsNonRoot: true + runAsUser: 185 + runAsGroup: 185 + seccompProfile: + type: "RuntimeDefault" containers: - name: spark-master image: ghcr.io/fxttr/spark:latest @@ -54,6 +60,41 @@ spec: volumeMounts: - mountPath: /opt/spark/logs name: spark-logs + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + - name: spark-history-server + image: ghcr.io/fxttr/spark:latest + imagePullPolicy: Always + command: + - "start-history-server.sh" + ports: + - containerPort: 18080 + env: + - name: SPARK_MODE + value: "history-server" + - name: SPARK_NO_DAEMONIZE + value: "true" + - name: SPARK_HISTORY_OPTS + value: "-Dspark.history.fs.logDirectory=/opt/spark/logs -Dspark.history.ui.port=18080" + envFrom: + - secretRef: + name: spark-env + resources: + requests: + memory: "1Gi" + cpu: "1" + limits: + memory: "4Gi" + cpu: "2" + volumeMounts: + - mountPath: /opt/spark/logs + name: spark-logs + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] volumes: - name: spark-logs emptyDir: {} \ No newline at end of file diff --git a/k8s/spark/base/master-service.yaml b/k8s/spark/base/master-service.yaml index 1c355b3..3df5922 100644 --- a/k8s/spark/base/master-service.yaml +++ b/k8s/spark/base/master-service.yaml @@ -10,7 +10,8 @@ spec: name: spark-master - port: 8080 name: spark-ui + - port: 18080 + name: history-server-ui selector: app: spark component: master - clusterIP: None # Headless service for easier resolution \ No newline at end of file diff --git a/k8s/spark/base/secrets.yaml b/k8s/spark/base/secrets.yaml index 2348e2e..60b3f40 100644 --- a/k8s/spark/base/secrets.yaml +++ b/k8s/spark/base/secrets.yaml @@ -6,15 +6,15 @@ metadata: app: spark type: Opaque data: - CLICKHOUSE_HOST: ENC[AES256_GCM,data:3cXZqm32HBWGFE8q5sTPRWT4VDvvYOtH,iv:FKrBa1Cym8l2k2+wZczr8Y++kOiCk+1DBorzCAcZzrI=,tag:ORZvJT5iUwZUzDSXodfOlA==,type:str] - CLICKHOUSE_USERNAME: ENC[AES256_GCM,data:RvEboT/v+q5a2aba,iv:dwUjV5MK2xMMJak1yd3BhaHQRjNq/V1np2cOhDtcHIk=,tag:l0a7dDiNgxg7i76ptzyFiQ==,type:str] - CLICKHOUSE_PASSWORD: ENC[AES256_GCM,data:IMVeDA0flhf7iTlStCdLgg==,iv:BF81z/f+h6Hy0iIo7JNH5RDKuX0dB3k68d1RaiBu1yg=,tag:kSdeeTW/PIHQ3pt2tB3Sog==,type:str] - CLICKHOUSE_DATABASE: ENC[AES256_GCM,data:1dg6DWdn4JySCUn4,iv:mWOO6hROiGZXRpnX2fSZDPUq/hbmdi5yH9qZq/k+ERM=,tag:erqQUum6KZX2VVa67S++jg==,type:str] - NESSIE_HOST: ENC[AES256_GCM,data:XROtgdFYX3Q=,iv:+Dmuqu5izaMlxtXExexJQ5mFfISVwD1qRL8z11M3HIc=,tag:fMI+j++o4hJkaZk8+lcagA==,type:str] - MINIO_ENDPOINT: ENC[AES256_GCM,data:vyhX4BUpH/U=,iv:OI00uPYDiY5xz2hi90xe1ykbpsJqHYfcpnxn+Mnn8Mk=,tag:kfTxVWNfwUC4l/wNa6eK0Q==,type:str] - MINIO_REGION: ENC[AES256_GCM,data:0F9m99+Xu1GTmkHC,iv:CWvY7jORYwauFycd1tkb3e+2WlPGcFXFhT5hAvPfx40=,tag:b17brr0RINoYqrdtWHkjLg==,type:str] - MINIO_ACCESS_KEY: ENC[AES256_GCM,data:UZTKCOXgZGtiiKE+,iv:YAUnX6yfdZC6MkQJGQ+PZ49C1+Yy7sj7hhLLm8i6AQw=,tag:sDoKPlVFMi8HQC45MD6rbw==,type:str] - MINIO_SECRET_KEY: ENC[AES256_GCM,data:Gfu5SIQPw6S60+HNlG2n7Q==,iv:Zrv+/CXtoaDUA+LYo/q+QsmSQsEH9v8SS3tGHuaLOes=,tag:Q3wZMWqHjG+Zd0krL9SS3w==,type:str] + CLICKHOUSE_HOST: ENC[AES256_GCM,data:cMn6luqfpQpC5OgPpYYvTiUSxrp0PkhN,iv:jL1qDcU7mK3HjXH4Tv2N43JizgmteN0aZSpdSLornRk=,tag:tjbZfZjo/TehNRK0JYYa+A==,type:str] + CLICKHOUSE_USERNAME: ENC[AES256_GCM,data:Ddo1dNsToIKI0CDn,iv:eHxgJvxGGFtzQ3ZZkU+iDyLVD+kfiO9qXCcqCewtiNM=,tag:mid7bFL676ygalW2Tm6tHA==,type:str] + CLICKHOUSE_PASSWORD: ENC[AES256_GCM,data:015v8LdBzg7xID4it3PJfA==,iv:pEmiG42p59UdF6hOu1GxNR7syUdiUtm5tPSIKlXVEOE=,tag:h+NIL12w2gf/rHJaJRlNMA==,type:str] + CLICKHOUSE_DATABASE: ENC[AES256_GCM,data:lmyjPxqW1JVuWuky,iv:WoCSFkXx+k4/tV7rSWOmAgzFrGfIBVcf8VZob9WcGrs=,tag:gMLhRlkct7EukrsP4Fhs/A==,type:str] + NESSIE_HOST: ENC[AES256_GCM,data:c2t/y0BdcsE=,iv:FVcZwc5Et51noF67sSA8pKMSLxeMCYOqcX2kwQR/838=,tag:3gei2uc9jFTTW/C6t+4uAw==,type:str] + MINIO_ENDPOINT: ENC[AES256_GCM,data:zoK/K4wusR0=,iv:ItGh8/w/h6Xs1mYt6M+Z45eOWFdk2d5oRioR3Od+YYw=,tag:CLnjE8VBd639+ZUFI+aNqA==,type:str] + MINIO_REGION: ENC[AES256_GCM,data:q0hKNge/0OKgOjqO,iv:Lmo+j/tWk78IhSSBJpwtJq0bV9WVq3sLGWAhz+7azIw=,tag:CNeMQck3bxiKq4XtIQZKnQ==,type:str] + MINIO_ACCESS_KEY: ENC[AES256_GCM,data:nuzAUW82lfLBvsRt,iv:xgNAEDwf/AiVqCgY5M1F30ut7cWWoPfFZ26wfwWZiSM=,tag:PsAj8ZMf+HP+t9q4uHmUYw==,type:str] + MINIO_SECRET_KEY: ENC[AES256_GCM,data:4dk4F812UIF5+mMB/7J4vw==,iv:FsKlOtUZYRUrSikE+pAuDjhxxkVQwB+YVC3zQwxpxe0=,tag:6cpWcSOl0BBYIhvUdjrh3Q==,type:str] sops: kms: [] gcp_kms: [] @@ -24,14 +24,14 @@ sops: - recipient: age1dwu9ccy3t86c4tgd4ufs4jkmv572jfflkvdejm5kvjf95r3qsgus847qgd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvZnUvL1ZsYkpWcGVwUXdN - eDMzQzRjNy9WYTFNaDgxeTlkMFFiQnlRVWpZCnpEeE5kbHZWUExmbmtma3NxbTUr - SlZVdEh1eVl0UmxDVCtDeG5QS2NmWnMKLS0tIFB5bTdMdXNUT0pZWkE0Q1RFNkJm - cUFlVFNUdzNOd05ITVNZNmltS2dVUVUKd+TAgiDJKTZZVSCes/BpGMAS3gtzFInD - UQBYadesP3EhEgidguKx6QGXmUFtYAHzXDqkoV4K2s4yPdvtxXu6jg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NkJZZkhMOFlhN0lXTGpV + NStLT3ZHU01VbjY0cTJFVGFUazVkcGlaZTBnCnp2SHA5Q0pyaXlRc01vTFJsc0wv + azIyTE9wN2Zqc1pBTW96QmJlaEhvYWcKLS0tIHdGZFlXVkpRT0lCRmlOWHJCMnA0 + K1JyTzRwUkJHRzI5N3JhZ3RHbThDTHcKL5VA46Et9JBhRU4msRkL6ibbltZjW4UD + Qz0hM05duJOFAbfJEF1nC2fgvuj8Kx+kCyhEbUVm15oKTZdFGbA5lg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-14T21:02:25Z" - mac: ENC[AES256_GCM,data:PRe6AXa2YPKKh4PE57y3IKrqse/kvmR9TafKejXmRo1B4kkY6pXXxy1f0qxy2n+x1JbJH4lYPug85GAwqrZbuWakqYatlbeprq+3da00NkrNWXhpE0/giPSna+/D6KkzVXoWzY/PX+3EPU4q8SlTtJR2shoVHVxrqjAbqXU6r+o=,iv:DTSoXeNrqs4VDnFLHy/Sz9Yb+U67YsxSXltMj10VY34=,tag:ogEuy0OTC1aHthEcJJnJng==,type:str] + lastmodified: "2024-12-14T22:01:43Z" + mac: ENC[AES256_GCM,data:CLoWRuNvqsKIXvt9r2XkSs3tp8+aPe6+STqXUI6E+nbsPKZFQsTI3WPmUYbiNrstE6Hexu24rIjPCK3Z2NiYpBHrTZPwUMX4XflkJ5/YDkzLfw8hE8fncpSKSEzm1RLjMRvASlhTLE4Kl54keTuq9TiCRs66knPy4KtaygjPRqQ=,iv:oZUTod0N8Stycx7SEJMhhCNLc6cmTnNouFGNc2ZRfiE=,tag:+lQIlMJfaZAVOmiPqmtB1A==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.9.1 @@ -42,7 +42,7 @@ metadata: name: dockerconfigjson type: kubernetes.io/dockerconfigjson data: - .dockerconfigjson: ENC[AES256_GCM,data:hhF/Cxn6jwETsPj2W2loka5ke4lS3X7TMaDf0Fnl3qNAR5JPiOJXzDfzEdnLBMNC933Tv1/MAQAic1eal3eanGLVN61S4aW1PaPdX64Xg2KqbN+dkVkO7EWpwqSF1nJg+RGw/4a0aL9hnI+FNdKmaoI/6uDdv0Q0a9jNiR5NV8CBhKiH,iv:cEg1UnAafFL4Wgz1Gsj+zPS4SGv/cNzYpsVAJOoUDIU=,tag:BN5+kCkVCSwmLKoHp0OBXA==,type:str] + .dockerconfigjson: ENC[AES256_GCM,data:sDgC/hNCDGAbnek2s2AsaFLShGdkf82sfGKWyh2utgLBwxVuFaIw6l5/AKhdbCFVlDPJwtW1JIolAiL2iyG0XntPp/fhePFW+sHcl59gbWJAys0xojgSB5RTXx2WN9mCHZcEs+gTObCUX8i2YRSEjsiOLA18k8EPNpzeqiEU7NaUDrOR,iv:LiX72SQdj6u7RFtAsJHcFpEfpKgpQB4HHErazzY7beI=,tag:hFDk5nQ06/ekaftGbIMhtA==,type:str] sops: kms: [] gcp_kms: [] @@ -52,14 +52,14 @@ sops: - recipient: age1dwu9ccy3t86c4tgd4ufs4jkmv572jfflkvdejm5kvjf95r3qsgus847qgd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvZnUvL1ZsYkpWcGVwUXdN - eDMzQzRjNy9WYTFNaDgxeTlkMFFiQnlRVWpZCnpEeE5kbHZWUExmbmtma3NxbTUr - SlZVdEh1eVl0UmxDVCtDeG5QS2NmWnMKLS0tIFB5bTdMdXNUT0pZWkE0Q1RFNkJm - cUFlVFNUdzNOd05ITVNZNmltS2dVUVUKd+TAgiDJKTZZVSCes/BpGMAS3gtzFInD - UQBYadesP3EhEgidguKx6QGXmUFtYAHzXDqkoV4K2s4yPdvtxXu6jg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3NkJZZkhMOFlhN0lXTGpV + NStLT3ZHU01VbjY0cTJFVGFUazVkcGlaZTBnCnp2SHA5Q0pyaXlRc01vTFJsc0wv + azIyTE9wN2Zqc1pBTW96QmJlaEhvYWcKLS0tIHdGZFlXVkpRT0lCRmlOWHJCMnA0 + K1JyTzRwUkJHRzI5N3JhZ3RHbThDTHcKL5VA46Et9JBhRU4msRkL6ibbltZjW4UD + Qz0hM05duJOFAbfJEF1nC2fgvuj8Kx+kCyhEbUVm15oKTZdFGbA5lg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-14T21:02:25Z" - mac: ENC[AES256_GCM,data:PRe6AXa2YPKKh4PE57y3IKrqse/kvmR9TafKejXmRo1B4kkY6pXXxy1f0qxy2n+x1JbJH4lYPug85GAwqrZbuWakqYatlbeprq+3da00NkrNWXhpE0/giPSna+/D6KkzVXoWzY/PX+3EPU4q8SlTtJR2shoVHVxrqjAbqXU6r+o=,iv:DTSoXeNrqs4VDnFLHy/Sz9Yb+U67YsxSXltMj10VY34=,tag:ogEuy0OTC1aHthEcJJnJng==,type:str] + lastmodified: "2024-12-14T22:01:43Z" + mac: ENC[AES256_GCM,data:CLoWRuNvqsKIXvt9r2XkSs3tp8+aPe6+STqXUI6E+nbsPKZFQsTI3WPmUYbiNrstE6Hexu24rIjPCK3Z2NiYpBHrTZPwUMX4XflkJ5/YDkzLfw8hE8fncpSKSEzm1RLjMRvASlhTLE4Kl54keTuq9TiCRs66knPy4KtaygjPRqQ=,iv:oZUTod0N8Stycx7SEJMhhCNLc6cmTnNouFGNc2ZRfiE=,tag:+lQIlMJfaZAVOmiPqmtB1A==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.9.1 diff --git a/k8s/spark/base/worker-deployment.yaml b/k8s/spark/base/worker-deployment.yaml index febea66..425da32 100644 --- a/k8s/spark/base/worker-deployment.yaml +++ b/k8s/spark/base/worker-deployment.yaml @@ -6,7 +6,7 @@ metadata: app: spark component: worker spec: - replicas: 3 + replicas: 1 selector: matchLabels: app: spark @@ -20,6 +20,12 @@ spec: serviceAccountName: spark imagePullSecrets: - name: dockerconfigjson + securityContext: + runAsNonRoot: true + runAsUser: 185 + runAsGroup: 185 + seccompProfile: + type: "RuntimeDefault" containers: - name: spark-worker image: ghcr.io/fxttr/spark:latest @@ -63,6 +69,10 @@ spec: volumeMounts: - mountPath: /opt/spark/logs name: spark-logs + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] volumes: - name: spark-logs emptyDir: {} \ No newline at end of file diff --git a/k8s/trino/base/secrets.yaml b/k8s/trino/base/secrets.yaml index e8fb6dc..7ef0bce 100644 --- a/k8s/trino/base/secrets.yaml +++ b/k8s/trino/base/secrets.yaml @@ -6,11 +6,11 @@ metadata: app: trino type: Opaque data: - MINIO_ACCESS_KEY: ENC[AES256_GCM,data:iwTX8AbIL3DI/G0T,iv:xQ76dF9iDQtJLBiu28mCmy7r5tLWYfwswliqcJhqS1U=,tag:RCg4AXgrbOUMzop/dtyl7g==,type:str] - MINIO_SECRET_KEY: ENC[AES256_GCM,data:s1xIT54UUa1a14Hic39TOA==,iv:Xr8tK4CFiUj9zxGXV8AotfTpyeAoMomBm4JUUyb+eh4=,tag:4LU1NRjAUyE3edQu4pz+Xw==,type:str] - CLICKHOUSE_DATABASE: ENC[AES256_GCM,data:i4bbOUKRoQrmN5TD,iv:OOV+S98eX8r9UwJVMl/+XjXijTg5Sl+U3lcnWVMHiBU=,tag:UMWA9ApH8w19LgnQ7FsX2g==,type:str] - CLICKHOUSE_USERNAME: ENC[AES256_GCM,data:snDUBhp66X8wv45E,iv:sshoQ7DOC1Fb14SA3vLMMZWmM4cZJ0eolUip+w6ycEY=,tag:dyKrgTYMoxkuavz6gj5aMg==,type:str] - CLICKHOUSE_PASSWORD: ENC[AES256_GCM,data:v6PfCK70ikPFHPLz6soj3A==,iv:l6Ivka/71zgJ+Eu/HegduYhpy3zjOpLU26a8og42DVc=,tag:sV6PTkQHaokwTx7OtpY3NQ==,type:str] + MINIO_ACCESS_KEY: ENC[AES256_GCM,data:xFbsQ3X4EsGByvK5,iv:eOWOtMqyj50N9zlf/36WboLXCF37rBIPfx/kpJRMxrg=,tag:R+ZTIuVbrK6aQwsMc/mW1Q==,type:str] + MINIO_SECRET_KEY: ENC[AES256_GCM,data:L0APENZapxfTwAPM4UTkbg==,iv:c9VIgqoavUs5O4UB5hWjpYgQxlMgSHSw/danK4CVewg=,tag:+B3rmtaHlPX72nMDyXh6yQ==,type:str] + CLICKHOUSE_DATABASE: ENC[AES256_GCM,data:ptalQi2cBItHFgZx,iv:zI5xkvW6D4QLiPa/NwiVx8NhdQqkkgGpt5Lirn/MXb4=,tag:e74X3B28PXtNk/fE5U15eQ==,type:str] + CLICKHOUSE_USERNAME: ENC[AES256_GCM,data:HyttsGGeOokXajzW,iv:KyXtKcXiHCCEjt08pBYDZxl4abgEQBPmyJFAp4K+32c=,tag:N7e0BVDEqrhrFNLz3VR3oA==,type:str] + CLICKHOUSE_PASSWORD: ENC[AES256_GCM,data:xwCKQsamE+ozHXYvzi5Mfw==,iv:wYE60gUwTa8X/GiHqPexLCwA7cioY12+tTg6GyZFhko=,tag:ykBTuW1grDa+l4OA4rzpCg==,type:str] sops: kms: [] gcp_kms: [] @@ -20,14 +20,14 @@ sops: - recipient: age1dwu9ccy3t86c4tgd4ufs4jkmv572jfflkvdejm5kvjf95r3qsgus847qgd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSK01JWXdYL0R3V3o0Uysz - OTJ3NVpBckxmTysvOFBWc1lNZlE3MnFNREYwCjdnNWk5MTU2bVhLdUxqTjJHVHp4 - SnNvajA2Q3NaYkQzeVg2SVVzM251OEEKLS0tIFhiaENJWEgwVHdFOEcycEVOZFoz - d0tpdUIvZ3pIOFhVL1VxUGlubEZRSmcKRTK6CBMG4noasgUdDHlVmbvzBKBwpRVa - F+Us7M1W8L2ziVNQE6IaEQJQFXBt3lgXTslZ3yyPI8PEQ8new5B9zw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyUzVZR0lOSEVveEZLckdC + eGdab3gxOG8rclFiZ2NKZlFWNWI3OThKOFF3ClFWT0lJYWVDeE05KzRMZnI2bUEx + dWMxV2UyTkdQYTNQMXZ5NHFDY3U0OWcKLS0tIExJWDR5U212SVZ2RVl0V1BoN3FU + ZFIrRHdXYUZ3YzBQVEFyb1RwaXkva3cKpq9sq37ohVxbC3+oNSNpThVa8Kzd9OAm + PvQ+nSoULXbyLbLApT09rLsqMzd0yj/5uSa6xihoPkxTK5/SRLQ2kg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-14T21:02:25Z" - mac: ENC[AES256_GCM,data:4AMcLsdjupP9qHnUx3XWqXu1H8YE5L3ccfbyRhwod9jYJPVGNTZdHK+XcQTNicgdU1/gJNhzzRcDDf4rezu0bVvl6cnwFUch29RkdqZPWMBLQrGv8SlibKkTfTycpxJZeuGo62CjKsEoSoB1STDGhencZSIsP3BnGKtysHk489k=,iv:EoVOd/X092HyzjFGNxuuAI0eFwl1/tCrYXeedyXYdPg=,tag:r3qTV1sjCPK4/C8siwdQxA==,type:str] + lastmodified: "2024-12-14T22:01:43Z" + mac: ENC[AES256_GCM,data:Xyxg16ckeew7CU5eXiurWPJdL1w3pFWbuejhdcUGIZLy1DobFcEkUjzJqnjN6F6dTFYewxChmNV9PzBu1zoC3uTtkJm/Swo392PTMhzU+IpXQOtxQXYm4DA4n8gDZUq4btu5FiLYc2qLp4GMhng/7LsPSOqEpMvq8tBY6GLzCA8=,iv:gsISvjML6ucbxUjY4hdPOn4W0Qgm+B8Qgg4RmTvzaU8=,tag:kT8OGQaRXhrMPGGWt1n2fw==,type:str] pgp: [] encrypted_regex: ^(data|stringData)$ version: 3.9.1