init commit

1f80ecec · jacklull · 1f80ecec · 1f80ecec · 1f80ecec · 1f80ecec
Commit 1f80ecec authored Jun 30, 2025 by jacklull
34 changed files
--- a/.gitignore
+++ b/.gitignore
+*.decrypted~*
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
--- a/.sops.yaml
+++ b/.sops.yaml
+---
+creation_rules:
+  - path_regex: .*
+    key_groups:
+      - age:
+        - age15ra3xwq6r3kgz92nalkxplxupd57yd380ulwgs2hmvu0gr9trqhqkxernk
--- a/README.md
+++ b/README.md
+namespaces
+devops-system
+db operator
--- a/environments.yaml
+++ b/environments.yaml
+---
+environments:
+  internal:
+    kubeContext: etersoftProd
+  test:
+    kubeContext: etersoftTest
+  s3:
+    kubeContext: etersoftS3
--- a/helmfile.yaml
+++ b/helmfile.yaml
+---
+repositories:
+### argocd namespace
+  - name: argo
+    url: https://argoproj.github.io/argo-helm
+### database-system namespace
+  - name: bitnami
+    url: registry-1.docker.io/bitnamicharts
+    oci: true
+  - name: influxdb
+    url: https://helm.influxdata.com/
+### devops-system namespace
+  - name: db-operator
+    url: https://db-operator.github.io/charts
+### kube-system namespace
+  - name: jetstack
+    url: "https://charts.jetstack.io"
+  - name: "kubernetes-incubator"
+    url: "https://charts.helm.sh/incubator"
+  - name: metallb
+    url: https://metallb.github.io/metallb
+  - name: openebs
+    url: https://openebs.github.io/openebs
+  - name: traefik
+    url: https://traefik.github.io/charts
+### monitoring-system
+  - name: netdata
+    url: https://netdata.github.io/helmchart/
+### velero namespace
+  - name: vmware-tanzu
+    url: https://vmware-tanzu.github.io/helm-charts/
+bases:
+  - environments.yaml
+releases:
+### argocd namespace
+- name: argo
+  chart: argo/argo-cd
+  namespace: argocd
+  createNamespace: false
+  values:
+    - values/argocd/argocd-values-common
+    - values/argocd/argocd-values-{{.Environment.Name}}.yaml
+  secrets:
+    - values/argocd/argocd-secrets-{{.Environment.Name}}.yaml
+  version: v3.0.0
+  installed: true
+- name: argocd-apps
+  chart: argo/argocd-apps
+  namespace: argocd
+  createNamespace: false
+  values:
+    - values/argocd/vaultwarden-applicationsetvalues.yaml
+  version: 2.0.2
+  installed: true
+### database-service namespace
+- name: influxdb
+  chart: influxdb/influxdb
+  namespace: database-service
+  createNamespace: false
+  values:
+    - values/database-service/influxdb-values-{{.Environment.Name}}.yaml
+  secrets:
+    - values/database-service/influxdb-secrets-{{.Environment.Name}}.yaml
+  version: 1.8.10
+  installed: true
+- name: postgresql
+  chart: bitnami/postgresql
+  namespace: database-service
+  createNamespace: false
+  values:
+    - values/database-service/postgresql-values-common.yaml
+  secrets:
+    - values/database-service/postgresql-secrets-{{.Environment.Name}}.yaml
+  version: 13.4.6
+  installed: true
+- name: redis
+  chart: bitnami/redis
+  namespace: database-service
+  createNamespace: false
+  values:
+    - values/database-service/redis-values-common.yaml
+  secrets:
+    - values/database-service/redis-secrets-{{.Environment.Name}}.yaml
+  version: 18.19.4
+  installed: true
+### devops-system namespace
+- name: db-operator
+  chart: db-operator/db-operator
+  namespace: devops-system
+  createNamespace: false
+  labels:
+    app: db-operator
+  version: 1.18.0
+  installed: true
+- name: db-instances
+  chart: db-operator/db-instances
+  namespace: devops-system
+  createNamespace: false
+  labels:
+    app: db-operator
+  values:
+    - values/devopes-system/db-instances-values-common.yaml
+  secrets:
+    - values/devopes-system/db-instances-secrets-{{.Environment.Name}}.yaml
+  version: 2.4.0
+  installed: true
+### kube-system namespace
+- name: cert-manager
+  chart: jetstack/cert-manager
+  namespace: kube-system
+  createNamespace: false
+  set:
+    - name: installCRDs
+      value: true
+  values:
+    - values/kube-system/cert-manager-values-common.yaml
+  version: v1.12.2
+  installed: true
+- name: cert-manager-issuers
+  chart: kubernetes-incubator/raw
+  namespace: kube-system
+  createNamespace: false
+  needs:
+    - cert-manager
+  values:
+    - values/kube-system/cert-manager-issuers-values-common.yaml
+  version: 0.2.5
+  installed: true
+- name: metallb
+  chart: metallb/metallb
+  namespace: kube-system
+  createNamespace: false
+  values:
+    - values/kube-system/metallb-values-{{.Environment.Name}}.yaml
+  version: 0.14.8
+  installed: true
+- name: openebs
+  chart: openebs/openebs
+  namespace: kube-system
+  createNamespace: false
+  values:
+    - values/kube-system/openebs-values-common.yaml
+  version: 4.1.0
+  installed: true
+- name: traefik
+  chart: traefik/traefik
+  namespace: kube-system
+  createNamespace: false
+  values:
+    - values/kube-system/traefik-values-common.yaml
+    - values/kube-system/traefik-values-{{.Environment.Name}}.yaml
+  version: 27.0.0
+  installed: true
+### monitoring-system namespace
+- name: netdata
+  chart: netdata/netdata
+  namespace: monitoring-system
+  createNamespace: false
+  labels:
+    bunddle: monitoring
+  values:
+    - values/monitoring-system/netdata-values-common.yaml
+    - values/monitoring-system/netdata-values-{{.Environment.Name}}.yaml
+  version: 3.7.118
+  # version: 3.7.116
+  installed: true
+### velero namespace
+- name: velero
+  chart: vmware-tanzu/velero
+  namespace: velero
+  createNamespace: false
+  values:
+    - values/velero/velero-values-common.yaml
+  secrets:
+    - values/velero/velero-secrets-{{.Environment.Name}}.yaml
+  version: 7.2.1
+  installed: true
--- a/manifests/databases.yaml
+++ b/manifests/databases.yaml
+---
+apiVersion: kinda.rocks/v1beta1
+kind: Database
+metadata:
+  name: bitwarden
+  namespace: applications
+spec:
+  secretName: bitwarden-db-creds
+  instance: postgres
+  deletionProtected: false
+  backup:
+    enable: false
+    cron: 0 0 * * *
+---
+apiVersion: kinda.rocks/v1beta1
+kind: Database
+metadata:
+  name: wiki-js-epm
+  namespace: applications
+spec:
+  secretName: wiki-js-epm-creds
+  instance: postgres
+  deletionProtected: false
+  backup:
+    enable: false
+    cron: 0 0 * * *
+---
+apiVersion: kinda.rocks/v1beta1
+kind: Database
+metadata:
+  name: wiki-js-ximper
+  namespace: applications
+spec:
+  secretName: wiki-js-ximper-creds
+  instance: postgres
+  deletionProtected: false
+  backup:
+    enable: false
+    cron: 0 0 * * *
--- a/manifests/namespaces.yaml
+++ b/manifests/namespaces.yaml
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: argocd
+  labels:
+    name: argocd
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: database-service
+  labels:
+    name: database-service
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: devops-system
+  labels:
+    name: devops-system
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kube-system
+  labels:
+    name: kube-system
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: velero
+  labels:
+    name: velero
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: applications
+  labels:
+    name: applications
--- a/values/argocd/argocd-project-applications-values.yaml
+++ b/values/argocd/argocd-project-applications-values.yaml
+---
+projects:
+  vaultwarden:
+    namespace: applications
+    finalizers:
+    - resources-finalizer.argocd.argoproj.io
+    description: Vaultwarden Argo CD project
+    sourceRepos:
+    - '*'
+    destinations:
+    - namespace: applications
+      server: https://kubernetes.default.svc
+    - namespace: vaultwarden-preview-*
+      server: https://kubernetes.default.svc
+    signatureKeys:
+    - keyID: ABCDEF1234567890
+  wiki-js:
+    namespace: applications
+    finalizers:
+    - resources-finalizer.argocd.argoproj.io
+    description: Wiki.js Argo CD project
+    sourceRepos:
+    - '*'
+    destinations:
+    - namespace: applications
+      server: https://kubernetes.default.svc
+    - namespace: wiki-js-preview-*
+      server: https://kubernetes.default.svc
+    signatureKeys:
+    - keyID: ABCDEF1234567890
+  grafana:
+    namespace: applications
+    finalizers:
+    - resources-finalizer.argocd.argoproj.io
+    description: Grafana Argo CD project
+    sourceRepos:
+    - '*'
+    destinations:
+    - namespace: applications
+      server: https://kubernetes.default.svc
+    - namespace: grafana-preview-*
+      server: https://kubernetes.default.svc
+    signatureKeys:
+    - keyID: ABCDEF1234567890
--- a/values/argocd/argocd-project-minio-values.yaml
+++ b/values/argocd/argocd-project-minio-values.yaml
+---
+  minio:
+    namespace: applications
+    finalizers:
+    - resources-finalizer.argocd.argoproj.io
+    description: Minio Argo CD project
+    sourceRepos:
+    - '*'
+    destinations:
+    - namespace: applications
+      server: https://kubernetes.default.svc
+    - namespace: minio-preview-*
+      server: https://kubernetes.default.svc
+    signatureKeys:
+    - keyID: ABCDEF1234567890
--- a/values/argocd/argocd-secrets-internal.yaml
+++ b/values/argocd/argocd-secrets-internal.yaml
+externalRedis:
+  # -- External Redis server host
+  host: ""
+  # -- External Redis username
+  username: ""
+  # -- External Redis password
+  password: ""
+  # -- External Redis server port
+  port: 6379
+  # -- The name of an existing secret with Redis (must contain key `redis-password`. And should contain `redis-username` if username is not `default`) and Sentinel credentials.
+  # When it's set, the `externalRedis.username` and `externalRedis.password` parameters are ignored
+  existingSecret: ""
+  # -- External Redis Secret annotations
+  secretAnnotations: {}
\ No newline at end of file
--- a/values/argocd/argocd-values-common.yaml
+++ b/values/argocd/argocd-values-common.yaml
+---
+controller:
+  resources:
+    limits:
+      memory: 512Mi
+      cpu: 200m
+    requests:
+      cpu: 100m
+      memory: 512Mi
+  metrics:
+    enabled: true
+    applicationLabels:
+      enabled: false
+    service:
+      servicePort: 8082
+      portName: http-metrics
+    serviceMonitor:
+      enabled: false
+      interval: 30s
+      scheme: ""
+    rules:
+      enabled: false
+dex:
+  metrics:
+    enabled: false
+    serviceMonitor:
+      enabled: false
+redis:
+  enabled: false
+repoServer:
+  metrics:
+    enabled: false
+    serviceMonitor:
+      enabled: false
+  imagePullSecrets:
+    - name: regcred
--- a/values/argocd/argocd-values-internal.yaml
+++ b/values/argocd/argocd-values-internal.yaml
+---
+global:
+  domain: argocd.k8s.eterfund.ru
+server:
+  ingress:
+    enabled: true
+    annotations:
+    ingressClassName: traefik
+  metrics:
+    enabled: true
+    serviceMonitor:
+      enabled: false
+  extraArgs:
+    - --insecure
+  servicePort:
+    servicePortHttp: 80
+    servicePortHttps: 80
+  ingressGrpc:
+    ingressClassName: traefik
+    hostname: "argocdgrpc.k8s.eterfund.ru"
+    path: /
+    pathType: Prefix
+configs:
+  params:
+    server.insecure: true
+  credentialTemplates:
+    ssh-creds:
+      url: git@github.com
+  ssh:
+    create: true
+  repositories:
+    vaultwarden:
+      url: git@github.com:jack-lull/vaultwarden.git
+      name: vaultwarden
+      type: git
+      project: default
--- a/values/database-service/influxdb-secrets-internal.yaml
+++ b/values/database-service/influxdb-secrets-internal.yaml
+setDefaultUser:
+    enabled: ENC[AES256_GCM,data:CZ3i9A==,iv:KkImm5QSqVcd7sLpS7cZy0k78+LpR6uapGHiBzg2tQY=,tag:Nm0MzkKy9ErlFeLOKalmHQ==,type:bool]
+    user:
+        username: ENC[AES256_GCM,data:PtQ5New=,iv:fW9a5zrVcuv5cTXp+dv50IS/TVYpqE0nurNoFK0zawo=,tag:qoXB0SkXCI6HzVXfRjNi1A==,type:str]
+        password: ENC[AES256_GCM,data:os3bhQDreJ6RR1URox4BuYd/+Z8=,iv:8JHfwoOeKIcRrOq8J/Kdc5gZV4cd+0axwA/UsHDXvoM=,tag:8Yht99X3SNalrKDkDpKLJA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age15ra3xwq6r3kgz92nalkxplxupd57yd380ulwgs2hmvu0gr9trqhqkxernk
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZ3ExTTVBZEVqTjh2T3Ar
+            Snl3RUFrOE9LTWtyVGVWQTFtb3BYNldXNWljCkgyMmZhWDRDTWlMcFcyT1VpUWNw
+            TFFLbld0amtLRkE5QXRwbWlSdS9IMXMKLS0tIEtyK1RwejBydGdDZHJjMFE2QnV1
+            NXpKM0gvalliMVR5QURWa2RqR3pJb2cK+yzBCkc5yxlO6DqLqiHL7pbqNFHDSkDX
+            M0OqQHPaJYkzNIHiq5Gccj29yco7Q4zBsZ/YEstoNyAzuDlHKiP2Hw==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-06-19T12:31:59Z"
+    mac: ENC[AES256_GCM,data:ilk7B9qt7YaUVMC/7zjpiKD76Z9IVHVOYc+ucYwlvxJU4D/ykJ7DfYCrAznO0+QyNQlleeck9Ze6wihujuZQXkYa/dAeUpEpR4OKGyxNVUEXZIH/QRp8/vKzitqh5hiRS5liXHgQ1dcf4f3okPgbS6QOP872Cbe6qb2HaHILXpY=,iv:5R4XEq3I9OGL/Huu/KAiBrGdYcm9nqf3yKbLhDEA2VA=,tag:hkw8PDwetcPKciSxWEkcBQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.0
--- a/values/database-service/influxdb-values-internal.yaml
+++ b/values/database-service/influxdb-values-internal.yaml
+---
+ingress:
+  enabled: true
+  hosts:
+    - influxdb.k8s.eterfund.ru
+  tls: true
+  secretName: influxdb-tls
+  hostname: influxdb.k8s.eterfund.ru
+  className: traefik
+  provider: traefik
+  pathType: Prefix
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+  path: /
+persistence:
+  enabled: true
+  storageClass: openebs-hostpath
+  accessMode: ReadWriteOnce
+  size: 2Gi
+env:
+  - name: INFLUXDB_DB
+    value: "co2_levels"
+  - name: INFLUXDB_HTTP_AUTH_ENABLED
+config:
+  http:
+    enabled: true
+    bind-address: ":8086"
+    flux-enabled: true
--- a/values/database-service/postgresql-secrets-internal.yaml
+++ b/values/database-service/postgresql-secrets-internal.yaml
+global:
+    postgresql:
+        auth:
+            postgresPassword: ENC[AES256_GCM,data:LM9+M2PGdNH4NFFGaBs2mkjPut695Dal4MDLm5Dagxjyq2OMcugkQfBg/BsTLI8RiSWoazNCdrLVJ/shM6RaBVcQYvMMA4tVqeecgjiqt3EvfOoiGQ3bktbe,iv:HWf7grTGySY9OCNJwbqBEHklmHUSvOzt2EFEj3csiXY=,tag:gPhRBxnfov3z4AOkfzT9nw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age15ra3xwq6r3kgz92nalkxplxupd57yd380ulwgs2hmvu0gr9trqhqkxernk
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4Z2hJWVBqckJnMHlXdGYy
+            Y0szV2JUN3g1cFQwdm1WMnFQY1l0blBBWHowCjlzUkNxbnc2QldwZytNN0dSRzli
+            UkZuNDdvTlJBMFd6QXJVOXIvSVZpdWsKLS0tIGpLRFduRnd6amsxZXU1ODhFVFlS
+            MUlQdmU2a2U0MzBYZzZJTzl0bWNYaWcK5YVtg5uNRTeU5IZkzf0LoLC7AuGIQja9
+            zOBV2Is3B4uGDVWV5dwTc9xTbr1MYjiC7JQoJIupDIhgB5+tMTEX5A==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-06-19T12:32:04Z"
+    mac: ENC[AES256_GCM,data:wZIjI8A39FMiIFhgyguX6XigG1hroqJ0sbTkwqHcYU3RIBqwQSFxP2cCY/DMJDAhQTRaDBtuF4YJlxmgEHMXbUxAjteRUmuaoGXk8+M6MOX3Wu9nmGSOtM8mjAXPOia9uecb/hacg8t3bUn9cv6qvdQjitkCVp6yfqRhcOQDtz0=,iv:0dJcnb3kgYfMydZX2CYI5wQ2nszdTcIhC2JyKExlGqc=,tag:RHFZ4VJLvUXyC77OI0fnOA==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.0
--- a/values/database-service/postgresql-values-common.yaml
+++ b/values/database-service/postgresql-values-common.yaml
+---
+auth:
+  database: postgres
+global:
+  storageClass: openebs-hostpath
+primary:
+  persistence:
+    size: 8Gi
+metrics:
+  enabled: false
--- a/values/database-service/redis-secrets-internal.yaml
+++ b/values/database-service/redis-secrets-internal.yaml
+global:
+    redis:
+        password: ENC[AES256_GCM,data:ukGwAPhd5/HflbBXNYwzWv8HYw4=,iv:TBP6xgSrUWwSSBQsrTSME69Uzjbo2dqpO/fHsD9MUyQ=,tag:trOrXUsGGPs27SQrj8Tjyg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age15ra3xwq6r3kgz92nalkxplxupd57yd380ulwgs2hmvu0gr9trqhqkxernk
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXd2V2M1dTQkYzMDUvUExw
+            ZnBhdW5ONzBna2h5UEs3cDI0NkdsMEcxWkVBCmJVU2ZiajZJTXljMjRuN0RENGF3
+            eUJ0T0pORlBNbStNVkkzRFdac2JKamcKLS0tIEdoNU9MNkpWUGJMMVdiRjZFTC9q
+            bUZiREo5WlJqK0tGWVc3Zi8vOVNBZVUKHpG2tZVPrIVnBpe7DZw+DK+IfLYaicjC
+            /2YVU6FjPdQBJRs6x6/LRame7b2ooNQ7ug5i40F0AYxecxqtbEmu1g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-02-01T19:13:28Z"
+    mac: ENC[AES256_GCM,data:4mpKB2+A95q801cQ6d83nAlqkNnv+nOmOn/kgLwA1ZuJScB4xkb0vT1hnm4NcPOE/2pvYOWc5M5JYi5nFYTg/V0m1wkXwfG9X4OojvhJarewORKJVGZoJJCCUlSRf4L1WL9bN8YkANm1yYCuL4EZKiVPddxGyxySFEm6ULBEj1Y=,iv:X6f1MDPM2KwuL8u4QFBFLg96r0fuvWM+PQDKfuJ/riE=,tag:rz2lTrkLOdCSV8bQnYd2PQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.0
--- a/values/database-service/redis-values-common.yaml
+++ b/values/database-service/redis-values-common.yaml
+---
+metrics:
+  enabled: false
+architecture: standalone
+master:
+  persistence:
+    enabled: false
+secretAnnotations:
+  reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
+  reflector.v1.k8s.emberstack.com/reflection-auto-enabled: "true"
+  reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "gitlab"
--- a/values/devops-system/db-instances-secrets-internal.yaml
+++ b/values/devops-system/db-instances-secrets-internal.yaml
+dbinstances:
+    postgres:
+        secrets:
+            adminUser: ENC[AES256_GCM,data:95GyrUde5lk=,iv:f2DouLZAUoZUmS/esOqkrFW6CeKJKDDt5lP47yKsi60=,tag:u5MW6ecQmzmcLS3WQZECNQ==,type:str]
+            adminPassword: ENC[AES256_GCM,data:kfvjkAzUnWvi8cQ3ED9i4Vqynp1ySFOoTg6uvIu8TzV4yFMGto1p6hjpRX5+v7nOl7RQwQ6k0OgwNaBIDAsI3zb5CNfiFECEvbaIYDhtZUK0zJVSJL/zGq0B,iv:NtOy8x6BqTjCY1TLSmPJJkufk4rOEcRXxPUl83DW+JY=,tag:EyFC7T9GaRBYtdhHhOugsw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age15ra3xwq6r3kgz92nalkxplxupd57yd380ulwgs2hmvu0gr9trqhqkxernk
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXd2V2M1dTQkYzMDUvUExw
+            ZnBhdW5ONzBna2h5UEs3cDI0NkdsMEcxWkVBCmJVU2ZiajZJTXljMjRuN0RENGF3
+            eUJ0T0pORlBNbStNVkkzRFdac2JKamcKLS0tIEdoNU9MNkpWUGJMMVdiRjZFTC9q
+            bUZiREo5WlJqK0tGWVc3Zi8vOVNBZVUKHpG2tZVPrIVnBpe7DZw+DK+IfLYaicjC
+            /2YVU6FjPdQBJRs6x6/LRame7b2ooNQ7ug5i40F0AYxecxqtbEmu1g==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-06-19T11:50:06Z"
+    mac: ENC[AES256_GCM,data:xf1BNniCfNZ9+poD2kBOcHa1xfs2+B30fEz0vkE6ycRhjxrAobMKwrXIt8k+qaf5qu/4HdcG/HNrWipnBvNlRV6PDwyXr2/vZp3H5GMS88ddu6Re7iXx0AQz2w92tDnfi9gMg7H3IxdlnbWGiQUlPzcK/G+OAOq/3xkrEvjapPA=,iv:xHKi9BEcD9MaFjIpTPb0Nlq0ZIal2Zk/9eN8CKg2lsM=,tag:dE5l4Zol0wKkrR8Akw/D4A==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.0
--- a/values/devops-system/db-instances-values-common.yaml
+++ b/values/devops-system/db-instances-values-common.yaml
+---
+dbinstances:
+  postgres:
+    serviceMonitor:
+      enabled: false
+    engine: postgres
+    monitoring:
+      enabled: false
+    generic:
+      host: postgresql.database-service.svc.cluster.local
+      port: 5432
--- a/values/kube-system/cert-manager-issuers-values-common.yaml
+++ b/values/kube-system/cert-manager-issuers-values-common.yaml
+---
+resources:
+  - apiVersion: cert-manager.io/v1
+    kind: ClusterIssuer
+    metadata:
+      name: letsencrypt-prod
+    spec:
+      acme:
+        server: https://acme-v02.api.letsencrypt.org/directory
+        email: jacklull@etersoft.ru
+        privateKeySecretRef:
+          name: letsencrypt-prod
+        solvers:
+          - http01:
+              ingress:
+                class: traefik
--- a/values/kube-system/cert-manager-values-common.yaml
+++ b/values/kube-system/cert-manager-values-common.yaml
+---
+fullnameOverride: cert-manager
+resources:
+  requests:
+    cpu: 10m
+    memory: 32Mi
+ingressShim:
+  resources:
+    requests:
+      cpu: 10m
+      memory: 32Mi
+webhook:
+  enabled: true
--- a/values/kube-system/metallb-values-common.yaml
+++ b/values/kube-system/metallb-values-common.yaml
+---
+metallb:
+  enabled: true
--- a/values/kube-system/metallb-values-internal.yaml
+++ b/values/kube-system/metallb-values-internal.yaml
+---
+metallb:
+  ippools:
+    - name: Solthun
+      addresses: 91.232.225.64
--- a/values/kube-system/metallb-values-s3.yaml
+++ b/values/kube-system/metallb-values-s3.yaml
+---
+metallb:
+  ippools:
+    - name: Nytheris
+      addresses: 10.20.30.36
--- a/values/kube-system/openebs-values-common.yaml
+++ b/values/kube-system/openebs-values-common.yaml
+---
+release:
+  version: "4.1.0"
+openebs-crds:
+  csi:
+    volumeSnapshots:
+      enabled: true
+      keep: true
+localpv-provisioner:
+  rbac:
+    create: true
+zfs-localpv:
+  enabled: false
+lvm-localpv:
+  enabled: false
+mayastor:
+  enabled: false
+preUpgradeHook:
+  image:
+    registry: docker.io
+    repo: bitnami/kubectl
+    tag: "1.25.15"
+    pullPolicy: IfNotPresent
+engines:
+  local:
+    lvm:
+      enabled: false
+    zfs:
+      enabled: false
+  replicated:
+    mayastor:
+      enabled: false
--- a/values/kube-system/traefik-values-common.yaml
+++ b/values/kube-system/traefik-values-common.yaml
+---
+ports:
+  web:
+    redirectTo:
+      port: websecure
+service:
+  spec:
+    externalTrafficPolicy: Local
--- a/values/kube-system/traefik-values-internal.yaml
+++ b/values/kube-system/traefik-values-internal.yaml
+---
+service:
+  externalIPs:
+  - 91.232.225.64
+hostNetwork: true
--- a/values/kube-system/traefik-values-s3.yaml
+++ b/values/kube-system/traefik-values-s3.yaml
+---
+service:
+  externalIPs:
+  - 10.20.30.36
--- a/values/monitoring-system/netdata-values-common.yaml
+++ b/values/monitoring-system/netdata-values-common.yaml
+parent:
+  enabled: true
+  port: 19999
+  resources: {}
+  database:
+    persistence: true
+    storageclass: openebs-hostpath
+    volumesize: 5Gi
+  alarms:
+    persistence: false
+  configs:
+    netdata:
+      enabled: true
+      path: /etc/netdata/netdata.conf
+      data: |
+        [global]
+          hostname = netdata-parent
+        [db]
+          mode = dbengine
+        [ml]
+          enabled = no
+        [plugins]
+          cgroups = no
+          tc = no
+          enable running new plugins = no
+          check for new plugins every = 72000
+          python.d = no
+          charts.d = no
+          go.d = no
+          # node.d = no
+          apps = no
+          proc = no
+          idlejitter = no
+          diskspace = no
+          statsd = no
+          logs-management = no
+          systemd-journal = no
+          timex = no
+          statsd = no
+    kubelet:
+      enabled: false
+    kubeproxy:
+      enabled: false
+child:
+  enabled: true
+  configs:
+    netdata:
+      enabled: true
+      path: /etc/netdata/netdata.conf
+      data: |
+        [global]
+          hostname = netdata-child
+          run as user = netdata
+        [db]
+          mode = ram
+          update every = 1
+        [health]
+          enabled = no
+        [ml]
+          enabled = no
+        [plugins]
+          logs-management = no
+          systemd-journal = no
+        	timex = no
+        	diskspace = no
+        	apps = yes
+        [plugin:proc]
+          /proc/net/stat/conntrack = no
+        	/proc/net/stat/synproxy = no        	
+        	/proc/sys/kernel/random/entropy_avail = no
+        	/proc/net/softnet_stat = no
+        	ipc = no
+        [plugin:proc:diskspace]
+        	exclude space metrics on paths = /proc/* /sys/* /var/run/user/* /run/user/* /snap/* /var/lib/docker/* /host* /dev*
+        [plugin:proc:/proc/stat]
+          processes started = yes
+        	processes running = yes
+        	cpu utilization = yes
+        	per cpu core utilization = no
+        	context switches = yes
+        	keep per core files open = yes
+        	keep cpuidle files open = yes
+        	core_throttle_count = auto
+          cpu interrupts = yes
+        	package_throttle_count = no
+        	cpu frequency = yes
+        	cpu idle states = no
+        [plugin:proc:/proc/vmstat]
+        	disk i/o = yes
+          memory ballooning = no
+        	memory page faults = no
+        	transparent huge pages = no
+        	zswap i/o = no
+        	swap i/o = no
+        	kernel same memory = no
+        [plugin:cgroups]
+        	cgroups to match as systemd services =  !/*
+          update every = 1
+        [plugin:proc:/proc/diskstats]
+        	preferred disk ids = scsi-0QEMU_QEMU_HARDDISK_drive-*
+        	name disks by id = yes
+        [plugin:proc:/proc/net/dev]
+        	compressed packets for all interfaces = no
+        	disable by default interfaces matching = lo fireqos* *-ifb fwpr* fwbr* fwln* veth* flannel* cni*
+        [plugin:proc:/proc/net/wireless]
+        	filename to monitor = /host/proc/net/wireless
+        	status for all interfaces = auto
+        	quality for all interfaces = auto
+        	discarded packets for all interfaces = auto
+        	missed beacon for all interface = auto
+        [plugin:proc:/proc/net/sockstat]
+        	ipv4 UDPLITE sockets = no
+        	ipv4 RAW sockets = no
+        	ipv4 FRAG sockets = no
+        	ipv4 FRAG memory = no
+        [plugin:proc:/proc/net/sockstat6]
+        	ipv6 UDP sockets = no
+          ipv6 UDPLITE sockets = no
+          ipv6 RAW sockets = no
+          ipv6 FRAG sockets = no
+    go.d:
+      enabled: true
+      path: /etc/netdata/go.d.conf
+      data: |
+        modules:
+          pulsar: no
+          prometheus: no
+          chrony: no
+          k8s_state: no
+          k8s_kubeproxy: no
+          k8s_kubelet: no
+    kubelet:
+      enabled: false
+    kubeproxy:
+      enabled: false
+k8sState:
+  enabled: false
+  persistence:
+    enabled: false
+  configs:
+    netdata:
+      enabled: true
+      path: /etc/netdata/netdata.conf
+      data: |
+        [global]
+          hostname = netdata-k8s-state
+        [db]
+          mode = ram
+        [health]
+          enabled = no
+        [ml]
+          enabled = no
+        [plugins]
+        	logs-management = no
+        	systemd-journal = no
+        	netdata monitoring extended = no
+        	idlejitter = no
+        	netdata monitoring = no
+        	profile = no
+        	tc = no
+        	diskspace = no
+        	proc = no
+        	cgroups = no
+        	timex = no
+        	statsd = no
+        	enable running new plugins = yes
+        	check for new plugins every = 60
+        	slabinfo = no
+        	freeipmi = no
+        	apps = no
+        	charts.d = no
+        	debugfs = no
+        	go.d = yes
+        	ioping = no
+        	network-viewer = no
+        	perf = no
+        	python.d = no
+    go.d:
+      enabled: true
+      path: /etc/netdata/go.d.conf
+      data: |
+        modules:
+          pulsar: no
+          prometheus: no
+          chrony: no
+          k8s_state: yes
+          k8s_kubeproxy: yes
+          k8s_kubelet: yes
--- a/values/monitoring-system/netdata-values-internal.yaml
+++ b/values/monitoring-system/netdata-values-internal.yaml
+ingress:
+  enabled: true
+  class: traefik
+  path: /
+  configureCertmanager: false
+  provider: traefik
+  hosts:
+    - netdata.k8s.eterfund.ru
+  tls:
+    - secretName: netdata-tls
+      hosts:
+        - netdata.k8s.eterfund.ru
+  ingressClassName: traefik
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    kubernetes.io/ingress.class: traefik
--- a/values/velero/velero-secrets-internal.yaml
+++ b/values/velero/velero-secrets-internal.yaml
+credentials:
+    useSecret: ENC[AES256_GCM,data:Vz8/fg==,iv:RC6bgKcZxhIwDCs0wmQogpW2d62sC6QM0msuSDEinPA=,tag:TlfxfXzQtlcGM5vVhSKCIQ==,type:bool]
+    name: ENC[AES256_GCM,data:AnSzNWbzuWfoRAX4Ea20,iv:XHkNXTQcDk02SXjB/TI6irHTwTrINFDXaebvUEicozk=,tag:OuXpCXX43SFOVG7yv3Lueg==,type:str]
+    secretContents:
+        data: ENC[AES256_GCM,data:PTZocFs42L6I6EzrtLb5g01RCEPaxAEt1bZaZ47qY3vtYejTmjee2wf3kCFz3Z7S6/SykCNWYce6wbOIgC0LoCJdTC10kKdHJ2QB0/+PrA==,iv:SxWudSOz+MGC1US1GZvw1Lvmwpzw5pSiMKAbHW3dQYM=,tag:YqF7+qgLOPvwWJYrufnlRQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age15ra3xwq6r3kgz92nalkxplxupd57yd380ulwgs2hmvu0gr9trqhqkxernk
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1dDVJdkxlaDRVUHdUMFh1
+            NUw3NGhYOVdsMlRCN1ZzdDkwUDhMS2tlWHlZClRodlJTZ0JXWWJjN0VlK3g1dGJM
+            b1lYaCtnL3M1cC8zb2dncDNmWXYxdU0KLS0tIGNFblNKcWJ4MDl4Z2FpTzFDT2lS
+            WlB3ckg1Uk9VeDVxR01JVUd5UkpEcVkKBNU/peT+vQzVOoRYMI4W/yTjcMyKZKgG
+            l9OFPOL33uZhOPDEMZDG3EHoMNXAW8CqF9Dii76YOhAb0uanUgNJCQ==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-06-19T11:16:43Z"
+    mac: ENC[AES256_GCM,data:JSzeDvQwTh+Fq9WOf2Z1STbs9ZZu2DwoTqxSAic364upEdDh+QcCEwjIpD1ReTumqTeXi5eHf6idDLU/i5J1Qy9+JUdXngeOwoYo/gctASQ1RU7eC3PRdXWigJqFg9bKVG2JxOY8Ju/AsAGb5FV1PVFAaAncB77OyRSm6TPxkUo=,iv:BEKt+e5JcnlkkDFdBDc5ICRIy4KjqcRR2bG7dGyYT3Y=,tag:53XLrfag1i6+Zwhpm9HZhw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.9.0
--- a/values/velero/velero-values-common.yaml
+++ b/values/velero/velero-values-common.yaml
+---
+initContainers:
+  - name: velero-plugin-for-aws
+    image: velero/velero-plugin-for-aws:v1.7.0
+    imagePullPolicy: IfNotPresent
+    volumeMounts:
+      - mountPath: /target
+        name: plugins
+configuration:
+  features: EnableCSI
+  backupStorageLocation:
+  - name: default
+    caCert: Q2VydGlmaWNhdGU6CiAgICBEYXRhOgogICAgICAgIFZlcnNpb246IDMgKDB4MikKICAgICAgICBTZXJpYWwgTnVtYmVyOgogICAgICAgICAgICA0ZTozMDo0NjplMjo2NzpiYjoyZDo3ZDo1YzoyYTo2Zjo2NTpjNjo4Nzo0YzoxMjphZDoxOTo5NDo2ZAogICAgICAgIFNpZ25hdHVyZSBBbGdvcml0aG06IHNoYTI1NldpdGhSU0FFbmNyeXB0aW9uCiAgICAgICAgSXNzdWVyOiBDID0gUlUsIEwgPSBTYWludCBQZXRlcnNidXJnLCBPID0gRXRlcnNvZnQsIENOID0gZXRlcnNvZnQsIGVtYWlsQWRkcmVzcyA9IGluZm9AZXRlcnNvZnQucnUKICAgICAgICBWYWxpZGl0eQogICAgICAgICAgICBOb3QgQmVmb3JlOiBNYXIgIDEgMTI6Mzc6MzggMjAyNCBHTVQKICAgICAgICAgICAgTm90IEFmdGVyIDogTm92ICA4IDEyOjM3OjM4IDIwMzcgR01UCiAgICAgICAgU3ViamVjdDogQyA9IFJVLCBTVCA9IFNhaW50IFBldGVyc2J1cmcsIEwgPSBTYWludCBQZXRlcnNidXJnLCBPID0gRXRlcnNvZnQsIGVtYWlsQWRkcmVzcyA9IGluZm9AZXRlcnNvZnQucnUsIENOID0gczMuZXRlcmZ1bmQucnUKICAgICAgICBTdWJqZWN0IFB1YmxpYyBLZXkgSW5mbzoKICAgICAgICAgICAgUHVibGljIEtleSBBbGdvcml0aG06IHJzYUVuY3J5cHRpb24KICAgICAgICAgICAgICAgIFB1YmxpYy1LZXk6ICgyMDQ4IGJpdCkKICAgICAgICAgICAgICAgIE1vZHVsdXM6CiAgICAgICAgICAgICAgICAgICAgMDA6YmQ6MDc6MDA6Zjc6N2Q6Nzc6YTU6OGM6MWM6NjE6NGU6YTI6YmE6YzE6CiAgICAgICAgICAgICAgICAgICAgOTk6ZDI6MWI6M2U6ZTg6Mjc6ZjY6MmE6YmQ6YzQ6NWI6Yzc6ZWM6ZDQ6ZGM6CiAgICAgICAgICAgICAgICAgICAgM2U6OWI6ODI6ZjI6NTc6ZDE6NzU6Yjk6Y2I6NWY6N2U6YTU6MjA6YTM6NGE6CiAgICAgICAgICAgICAgICAgICAgNWU6MmU6MWU6YjQ6ZWY6OTM6ZTA6NWY6OGI6NmE6ZDg6ZjU6OTI6NmM6N2U6CiAgICAgICAgICAgICAgICAgICAgZDk6MGU6ZjE6NjM6Mjk6NTM6MDg6Mjc6OWI6Y2M6YWQ6M2Q6NTY6M2Y6NTA6CiAgICAgICAgICAgICAgICAgICAgOWE6OTA6MmM6NWM6ZjA6ZTM6ZDE6NjE6ODU6YmM6ZDA6OTc6MjY6OTc6Njk6CiAgICAgICAgICAgICAgICAgICAgNjU6Y2I6MDA6Nzc6NDk6Y2Y6YTM6YWU6NDM6Yzc6Yzg6ZmM6ZWE6M2U6ZGY6CiAgICAgICAgICAgICAgICAgICAgNTU6MmQ6OWM6NjU6NDI6MmM6MzE6ZTk6MjM6MTk6NTY6MDg6Nzk6NGY6YzQ6CiAgICAgICAgICAgICAgICAgICAgYTM6ZTU6Mzc6OWQ6YjU6NTU6ZWI6NDA6M2Y6MTA6MGE6ZTU6MTQ6YzI6MzQ6CiAgICAgICAgICAgICAgICAgICAgNzg6OWY6ZWI6Nzg6MmQ6Nzc6NWU6M2Y6OTA6ZjU6ZmQ6OGE6MmY6Zjc6NzU6CiAgICAgICAgICAgICAgICAgICAgMDY6MzE6MWU6Zjg6OTA6OGU6NDY6YjQ6OTc6ODg6MGM6MWI6ZGQ6NWE6MDA6CiAgICAgICAgICAgICAgICAgICAgNDU6Nzk6OWU6MDY6YmQ6Nzc6N2M6YTk6ZWU6YWY6MTY6MTg6Yjk6Y2I6MDA6CiAgICAgICAgICAgICAgICAgICAgNDA6MTY6YTQ6NTI6YTQ6YTc6ZTk6Y2I6NzU6YTc6NGM6NTM6ZjE6ZWU6MGU6CiAgICAgICAgICAgICAgICAgICAgOGE6N2I6YjA6ZDU6ODc6ZjI6MGE6MjA6YWI6ZmQ6MmU6YTI6MjY6Mjk6MGY6CiAgICAgICAgICAgICAgICAgICAgY2E6ODQ6YWY6OTg6NGU6YjY6OGU6YTU6Mjk6ZDI6ZTM6Zjc6ZWQ6MGM6OWU6CiAgICAgICAgICAgICAgICAgICAgYzA6NGQ6YmM6OWQ6ODY6ZGE6Nzg6NzM6NmE6YmU6ZjQ6MWQ6NGY6NjQ6YjQ6CiAgICAgICAgICAgICAgICAgICAgNTI6ZWY6NDY6YTk6MjQ6YWY6NTg6OGU6Njk6ZWY6ZWM6MjE6Zjc6OGE6NDE6CiAgICAgICAgICAgICAgICAgICAgYTc6MzUKICAgICAgICAgICAgICAgIEV4cG9uZW50OiA2NTUzNyAoMHgxMDAwMSkKICAgICAgICBYNTA5djMgZXh0ZW5zaW9uczoKICAgICAgICAgICAgWDUwOXYzIEF1dGhvcml0eSBLZXkgSWRlbnRpZmllcjogCiAgICAgICAgICAgICAgICAzRDo4Rjo5QjpCQTpCODo0NjpDMDpDRTpGMzpFRTpEMzpCMDpFNjozNjowMjo5Qzo4OToxQTpCQjpERAogICAgICAgICAgICBYNTA5djMgQmFzaWMgQ29uc3RyYWludHM6IAogICAgICAgICAgICAgICAgQ0E6RkFMU0UKICAgICAgICAgICAgWDUwOXYzIEtleSBVc2FnZTogCiAgICAgICAgICAgICAgICBEaWdpdGFsIFNpZ25hdHVyZSwgTm9uIFJlcHVkaWF0aW9uLCBLZXkgRW5jaXBoZXJtZW50LCBEYXRhIEVuY2lwaGVybWVudAogICAgICAgICAgICBYNTA5djMgU3ViamVjdCBBbHRlcm5hdGl2ZSBOYW1lOiAKICAgICAgICAgICAgICAgIEROUzpzMy5ldGVyZnVuZC5ydQogICAgICAgICAgICBYNTA5djMgU3ViamVjdCBLZXkgSWRlbnRpZmllcjogCiAgICAgICAgICAgICAgICA2MDo1RjowNzoyQzoxMzpFMDpEOTpFQzpBMDpDMTo4MTo5MjpGMzo2QTo1QTo0QzpCRjo0MDo5MTowQwogICAgU2lnbmF0dXJlIEFsZ29yaXRobTogc2hhMjU2V2l0aFJTQUVuY3J5cHRpb24KICAgIFNpZ25hdHVyZSBWYWx1ZToKICAgICAgICA5ODozMzo2ZTpmODo2MTpiZDo2NDozMzowMjpjZTo0NDo5NzpmMzpiNTphYjpiOTpkYTpmYToKICAgICAgICA1Nzo0NDphOTpiYjpkMjo4Mzo0ODoyYjphZDo2NzpkYzoyODo1NzpiZTo5MzplZjoyODo5ZDoKICAgICAgICBmYTo1MTo5Mjo3NzowNzpmYzphMzphNTo1Yzo0MDoxODo5NTo2YTpkMTplODo1MzphNjo2YToKICAgICAgICBiYjozNjowODo3YzphYTpkZTo5MDo4YTplZTpkNjoxYTo2Zjo2YTo0ZTplZjpmMzo0YToyZDoKICAgICAgICBkNTpjMjo4ZjpmNzplNTo5MDoxNzpiYjplYTpmMzpiNTozOTpkMDo1MzoyNTpmNzo4NDphMDoKICAgICAgICA5YzpiMzpiYTpjMzpmNjo0MTo3YjphMjozODo0MTpmMjpmYTphMjoxMjowOToxYTowNjo2YzoKICAgICAgICBmMDo2ODpiNzpmNDo2MzphNzo5NjpjOTo2NDphMjoxZDpkMDphMjoxMjpjYTo0NTo1YTowOToKICAgICAgICA5YTo5ZTo0MTpjYzo1NDozNTpjMDphNDoxMjozMTo4ZDpkYTozOTowYjo1ZjpiMjo0ZjoyZjoKICAgICAgICA0MTpiZTo5NDo2NjpjOTpiMTozNDo5ODpjNTphYjoyNjphNzo5MDphZTo5MDozMjowNjoxODoKICAgICAgICBjNjoyMDo5YzoxMDowYjo2Njo1MjphNTplYzo3ZjpmNjoxMDo2OTo2ZjphNjpkOTpkMjpjZDoKICAgICAgICBkNDo4NjoxNjo5NDoxMToyMTpkYTozZDpjNjpiMDpkMDpkNTozNzpkZDo2MDowMjoyZDowMDoKICAgICAgICAwOTo4MDpmNzo0Yjo1NzplZjo5NDo5MzpiNTpmNjowZjpjNjpjZjo5ZToxMDplNDphMjpjNDoKICAgICAgICBmYTo4Yjo5NTpkZjo2ZjpiZTo0Yzo0ZjoxODo0ZDo4MTpkODo0MDplZToxOTpmMzo1MTo0YToKICAgICAgICBjNjo3MzpkNzowNDo2Nzo5MDo3ZDo1Nzo0YzoyODozMTphZDoyMDphOTo1ZjowOTplMjowMzoKICAgICAgICAzOTo2ZTo0Yzo3ZAotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJRUF6Q0NBdXVnQXdJQkFnSVVUakJHNG1lN0xYMWNLbTlseG9kTUVxMFpsRzB3RFFZSktvWklodmNOQVFFTApCUUF3YnpFTE1Ba0dBMVVFQmhNQ1VsVXhHVEFYQmdOVkJBY01FRk5oYVc1MElGQmxkR1Z5YzJKMWNtY3hFVEFQCkJnTlZCQW9NQ0VWMFpYSnpiMlowTVJFd0R3WURWUVFEREFobGRHVnljMjltZERFZk1CMEdDU3FHU0liM0RRRUoKQVJZUWFXNW1iMEJsZEdWeWMyOW1kQzV5ZFRBZUZ3MHlOREF6TURFeE1qTTNNemhhRncwek56RXhNRGd4TWpNMwpNemhhTUlHUU1Rc3dDUVlEVlFRR0V3SlNWVEVaTUJjR0ExVUVDQXdRVTJGcGJuUWdVR1YwWlhKelluVnlaekVaCk1CY0dBMVVFQnd3UVUyRnBiblFnVUdWMFpYSnpZblZ5WnpFUk1BOEdBMVVFQ2d3SVJYUmxjbk52Wm5ReEh6QWQKQmdrcWhraUc5dzBCQ1FFV0VHbHVabTlBWlhSbGNuTnZablF1Y25VeEZ6QVZCZ05WQkFNTURuTXpMbVYwWlhKbQpkVzVrTG5KMU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBdlFjQTkzMTNwWXdjCllVNml1c0daMGhzKzZDZjJLcjNFVzhmczFOdyttNEx5VjlGMXVjdGZmcVVnbzBwZUxoNjA3NVBnWDR0cTJQV1MKYkg3WkR2RmpLVk1JSjV2TXJUMVdQMUNha0N4YzhPUFJZWVc4MEpjbWwybGx5d0IzU2MranJrUEh5UHpxUHQ5VgpMWnhsUWl3eDZTTVpWZ2g1VDhTajVUZWR0VlhyUUQ4UUN1VVV3alI0bit0NExYZGVQNUQxL1lvdjkzVUdNUjc0CmtJNUd0SmVJREJ2ZFdnQkZlWjRHdlhkOHFlNnZGaGk1eXdCQUZxUlNwS2ZweTNXblRGUHg3ZzZLZTdEVmgvSUsKSUt2OUxxSW1LUS9LaEsrWVRyYU9wU25TNC9mdERKN0FUYnlkaHRwNGMycSs5QjFQWkxSUzcwYXBKSzlZam1udgo3Q0gzaWtHbk5RSURBUUFCbzNVd2N6QWZCZ05WSFNNRUdEQVdnQlE5ajV1NnVFYkF6dlB1MDdEbU5nS2NpUnE3CjNUQUpCZ05WSFJNRUFqQUFNQXNHQTFVZER3UUVBd0lFOERBWkJnTlZIUkVFRWpBUWdnNXpNeTVsZEdWeVpuVnUKWkM1eWRUQWRCZ05WSFE0RUZnUVVZRjhITEJQZzJleWd3WUdTODJwYVRMOUFrUXd3RFFZSktvWklodmNOQVFFTApCUUFEZ2dFQkFKZ3pidmhodldRekFzNUVsL08xcTduYStsZEVxYnZTZzBncnJXZmNLRmUrays4b25mcFJrbmNICi9LT2xYRUFZbFdyUjZGT21hcnMyQ0h5cTNwQ0s3dFlhYjJwTzcvTktMZFhDai9mbGtCZTc2dk8xT2RCVEpmZUUKb0p5enVzUDJRWHVpT0VIeStxSVNDUm9HYlBCb3QvUmpwNWJKWktJZDBLSVN5a1ZhQ1pxZVFjeFVOY0NrRWpHTgoyamtMWDdKUEwwRytsR2JKc1RTWXhhc21wNUN1a0RJR0dNWWduQkFMWmxLbDdILzJFR2x2cHRuU3pkU0dGcFFSCklkbzl4ckRRMVRmZFlBSXRBQW1BOTB0WDc1U1R0ZllQeHMrZUVPU2l4UHFMbGQ5dnZreFBHRTJCMkVEdUdmTlIKU3NaejF3Um5rSDFYVENneHJTQ3BYd25pQXpsdVRIMD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+    provider: aws
+    plugin: velero/velero-plugin-for-aws:v1.2.1
+    bucket: velero-test
+    accessMode: ReadWrite
+    credential:
+      name: velero-s3-creds
+      key: data
+    config:
+      region: us-east-1
+      s3ForcePathStyle: true
+      s3Url: https://s3.eterfund.ru:443
+      publicUrl: https://minio.eterfund.ru:443
+  volumeSnapshotLocation:
+  - name: aws
+    provider: aws
+    config:
+      region: us-east-1
+deployNodeAgent: true
+schedules:
+  daily:
+    disabled: false
+    labels:
+      backups: daily
+    schedule: "0 0 * * *"
+    useOwnerReferencesInBackup: true
+    paused: false
+    template:
+      defaultVolumesToFsBackup: true
+      ttl: "240h"
+      storageLocation: default
+      includedNamespaces:
+        - bitwarden
+        - minio
+        - database-service
+        - monitoring-system
+  weekly:
+    disabled: false
+    labels:
+      backups: weekly
+    schedule: "0 1 * * 0"
+    useOwnerReferencesInBackup: true
+    paused: false
+    template:
+      defaultVolumesToFsBackup: true
+      ttl: "672h"
+      storageLocation: default
+      includedNamespaces:
+        - bitwarden
+        - minio
+        - database-service
+        - monitoring-system
+  montly:
+    disabled: false
+    labels:
+      backups: monthly
+    schedule: "0 3 1 * *"
+    useOwnerReferencesInBackup: true
+    paused: false
+    template:
+      defaultVolumesToFsBackup: true
+      ttl: "1344h"
+      storageLocation: default
+      includedNamespaces:
+        - bitwarden
+        - minio
+        - database-service
+        - monitoring-system
+  regular:
+    disabled: false
+    labels:
+      backups: regular
+    schedule: "0 */3 * * *"
+    useOwnerReferencesInBackup: true
+    paused: false
+    template:
+      defaultVolumesToFsBackup: true
+      ttl: "24h"
+      storageLocation: default
+      includedNamespaces:
+        - bitwarden
+        - minio
+        - database-service
+        - monitoring-system