Merge pull request #194 from meysamhadeli/develop

chore: Update kubernetes configs
2026-04-29 09:18:13 +08:00 · 2023-02-21 22:20:31 +03:30 · 2023-02-21 22:20:31 +03:30 · 8df1cbed4d
commit 8df1cbed4d
parent 3d256980b5 20795825a3
33 changed files with 1288 additions and 187 deletions
--- a/.github/actions/docker-build-publish/action.yml
+++ b/.github/actions/docker-build-publish/action.yml
@ -43,11 +43,11 @@ runs:
      if: ${{ github.ref == 'refs/heads/main' && success() }}
      shell: bash
      run: |
-        docker build -t ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.5.9 -f "${{ github.workspace }}/${{ inputs.dockerfile-path }}" .
+        docker build -t ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.0 -f "${{ github.workspace }}/${{ inputs.dockerfile-path }}" .
    - name: Publish Docker Image
      if: ${{ github.ref == 'refs/heads/main' && success() }}
      shell: bash
      run: |
-        docker push ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.5.9
+        docker push ${{ inputs.registry-username }}/${{ inputs.image-name }}:v1.6.0
--- a/deployments/docker-compose/infrastracture.yaml
+++ b/deployments/docker-compose/infrastracture.yaml
@ -1,9 +1,9 @@
 version: "3.3"
 services:
-  #   #######################################################
+  #######################################################
-  #   #  Rabbitmq
+  #  Rabbitmq
-  #   #######################################################
+  #######################################################
  rabbitmq:
    container_name: rabbitmq
    image: rabbitmq:3-management
--- a/deployments/kubernetes/booking.yml
+++ b/deployments/kubernetes/booking.yml
@ -15,7 +15,7 @@ spec:
        app: booking
    spec:
      containers:
-        - image: meysamh66/booking-microservices-booking:v1.5.2
+        - image: meysamh66/booking-microservices-booking:v1.5.7
          name: booking
          ports:
            - containerPort: 80
@ -24,6 +24,18 @@ spec:
            value: "docker"
          - name: ASPNETCORE_URLS
            value: "http://+"
          # - name: "RabbitMqOptions__HostName"
          #   value: "localhost"     
          # - name: "RabbitMqOptions__ExchangeName"
          #   value: "booking" 
          # - name: "RabbitMqOptions__UserName"
          #   value: "guest" 
          # - name: "RabbitMqOptions__Password"
          #   value: "guest"  
          # - name: "RabbitMqOptions__Port"
          #   value: "5672"
          - name: "EventStore__ConnectionString"
            value: "esdb://eventstore:2113?tls=false"                                       
          volumeMounts:
          - name: appsettings-volume
            mountPath: /app/Settings
@ -41,6 +53,7 @@ spec:
    app: booking
  ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: 80
  type: ClusterIP  
--- a/deployments/k8s/certificate.yml
+++ b/deployments/k8s/certificate.yml
@ -0,0 +1,12 @@
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
  name: booking-microservices-cert
  namespace: default
 spec:
    secretName: booking-tls-secret
    issuerRef:
      name: booking-microservices-issuer
      kind: Issuer
    dnsNames:
     - booking-microservices.com
--- a/deployments/k8s/certs/booking-cert/booking-secret.yml
+++ b/deployments/k8s/certs/booking-cert/booking-secret.yml
@ -0,0 +1,9 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: booking-tls
  namespace: default
 type: kubernetes.io/tls
 data:
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGS1RDQ0F4R2dBd0lCQWdJVUZhOWxoMTc2enQxK3pSb013TEpoVWI5YUVHc3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3SkRFaU1DQUdBMVVFQXd3WlltOXZhMmx1WnkxdGFXTnliM05sY25acFkyVnpMbU52YlRBZUZ3MHlNekF5DQpNakV4TVRRM01UQmFGdzB5TkRBeU1qRXhNVFEzTVRCYU1DUXhJakFnQmdOVkJBTU1HV0p2YjJ0cGJtY3RiV2xqDQpjbTl6WlhKMmFXTmxjeTVqYjIwd2dnSWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUNEd0F3Z2dJS0FvSUNBUURVDQpqZ01vWHh0YXZzTVhVb0h2YTBXVWZSeWJKTVVnR1NQbml3ZWF3eW41RmlnVVR4Nmd2NlZ2T3pxU21HWjE4NVA0DQpVSWJXQ3VkOVdqRUNFU0pVSkI0cVpiUmlEWUlNQWQyMzM2Y2k1d0RzbkRGVXpuWHRNOWc1VUZmS3dPd2VPVmN2DQpqc1N0WWY2Szl3ZC8xaXRMb3JIeDV0eEVQblBkVGRGR0ZqOVlVT2t1MmM1VllIMk9LaUk3ampDaDAwc3RaZHo4DQp0NWkvL0t2MjdQRHQ2REc3L3VuMHlnVEcxa21NVU1QcnBSQmVIbFFNWWZ0N09xTTNHSHJEZml1SDdjNVpGNWM2DQphRGdQeWt5dzJSM2dMYkJqeUhiamE5VkZKcytkTUViUE1sa0RLeklWK2dndWdWR3d1UWRvRDUvSnZrem8zcVhUDQpjWkp3R0U3Mk9FRmlKbi9Wd1dPSDBXamxYS2pIQkFqaFNuOW42M05GamhzM1NHS3RkaW9xSEJPaVpDeEI2NjZyDQpNSEdaeTE1a0R5emdEVVNGNU9JK0svbWIza3dHRDhTNXV6ZW1PNmRXeFdRd0w3ek5ScHhNaUg0YjhEOENGQlV1DQpyQ0lDSWt1NWhTRC9MTnZ0K05PVnRDUllUalNMT01kWmFjdEg3MFAxRXdxckpHUzJzSms4RERpMmg1bzJDaG5JDQpXL2t4TU95WnIzYk9EQUJaTGlhTndIWXZFSEJISHdndWVYR0hiaVlVRGg3czlzTWZKUVpyR1pEbmQ3R0h5STdIDQplbWRzYkIwMnN2ekRQckFFOUxRZjRXQi9kcWFOUmxJMmZ0SnIzSEo1YTlnWUJvSkRLWnU2OVI0N0c2MGozbXJrDQp4SHVYR1JDYzh4QW1PcUk0VWNla3RXb0RaR1prTEUxVXdIeFlQRVJ4WndJREFRQUJvMU13VVRBZEJnTlZIUTRFDQpGZ1FVR3lxY1p6U2NSWWJtcDNOZkhGc1k1NHJaUU5Jd0h3WURWUjBqQkJnd0ZvQVVHeXFjWnpTY1JZYm1wM05mDQpIRnNZNTRyWlFOSXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FnRUFiaU9xDQpYUFowcW9yZmZZOW5YUWtpY2RaQjdmTXFEZjV6WjIybFdCRTRmbER6ZDhmZk82TmVIL0Z0N1UzWXdwS3N0dXpoDQozbkhWYlIrVDM1YnVmVXBMeVBibStKL2dJRzlTSHk1TlRrMmVuKzdseHJvYmVzTlZuNjY5Uy9UQW1yd2ZwbEN5DQpWZXB0WVQ0MkpsMy9TZDY0RHdINExIQVVyUGpzZFVoeVl5V2FXbnRUZ3JxeEF5K3RVb1B4anZyWDE0ZVdDNndIDQpjOHQxb3ZNU2ZTczVlYXBzd1JPUUsyVkFyKzE5cDJwRllQVEVMNzVlcENoeG4yZjI4Z1ZubEVWZ21rQW9rNFBSDQpJV2s0aldkei9IU0duT1BJNU5DbW1vZW9nUkFjdTNUOWp4cE9vRkFHWFlFMU9FdEdxV2kxeUpBRUo0NU9WVHNZDQprQk9pRnhsOC8xZUIySmRWWFBDRVRVaFZ6Uy93bGZIOG5vd1pzenk1OHNRNVF3RzllMXduVXcvMFI3M3NTMUVHDQpxY0hraUJFRDB5Z05DTndNT1ZYTW5hbEREbmlYS0JKd3FaMFk1SytMOVlYek9HaU8raEJNMUxFVFRxeXVHdzdJDQpVM1NwcUR3SVZJU2gzRDhNVzc3WFFXZmdQZXk1TE1Fa0x1SHQ4akt5aTVCMDZKOUE3Rm1XWGdzdmlqZnJjbGFBDQp3ZHBDakJWN2pjY216Qkl4WVV3cEtOUHljY1Q5Mk43UDg2VlEzV2NPQ1BqSGJnUDNtMXRTUlQ2UG9nakRibjdNDQp3VmhUeUNvMGN1cTJRV2I0cUtYN3NIUHZDSmJyS3pJY1Y2ZE9iZm1zUjUzMEt0cTZaU0xNbVQ5RzJkSnFzT0FtDQpsNXlMU1ByU2E5Tjl0UU03Q1lSMzB4N3ZnaTNHZ29GVGxrQ1hGV0E9DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tDQo=
  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tDQpNSUlKUkFJQkFEQU5CZ2txaGtpRzl3MEJBUUVGQUFTQ0NTNHdnZ2txQWdFQUFvSUNBUURVamdNb1h4dGF2c01YDQpVb0h2YTBXVWZSeWJKTVVnR1NQbml3ZWF3eW41RmlnVVR4Nmd2NlZ2T3pxU21HWjE4NVA0VUliV0N1ZDlXakVDDQpFU0pVSkI0cVpiUmlEWUlNQWQyMzM2Y2k1d0RzbkRGVXpuWHRNOWc1VUZmS3dPd2VPVmN2anNTdFlmNks5d2QvDQoxaXRMb3JIeDV0eEVQblBkVGRGR0ZqOVlVT2t1MmM1VllIMk9LaUk3ampDaDAwc3RaZHo4dDVpLy9LdjI3UER0DQo2REc3L3VuMHlnVEcxa21NVU1QcnBSQmVIbFFNWWZ0N09xTTNHSHJEZml1SDdjNVpGNWM2YURnUHlreXcyUjNnDQpMYkJqeUhiamE5VkZKcytkTUViUE1sa0RLeklWK2dndWdWR3d1UWRvRDUvSnZrem8zcVhUY1pKd0dFNzJPRUZpDQpKbi9Wd1dPSDBXamxYS2pIQkFqaFNuOW42M05GamhzM1NHS3RkaW9xSEJPaVpDeEI2NjZyTUhHWnkxNWtEeXpnDQpEVVNGNU9JK0svbWIza3dHRDhTNXV6ZW1PNmRXeFdRd0w3ek5ScHhNaUg0YjhEOENGQlV1ckNJQ0lrdTVoU0QvDQpMTnZ0K05PVnRDUllUalNMT01kWmFjdEg3MFAxRXdxckpHUzJzSms4RERpMmg1bzJDaG5JVy9reE1PeVpyM2JPDQpEQUJaTGlhTndIWXZFSEJISHdndWVYR0hiaVlVRGg3czlzTWZKUVpyR1pEbmQ3R0h5STdIZW1kc2JCMDJzdnpEDQpQckFFOUxRZjRXQi9kcWFOUmxJMmZ0SnIzSEo1YTlnWUJvSkRLWnU2OVI0N0c2MGozbXJreEh1WEdSQ2M4eEFtDQpPcUk0VWNla3RXb0RaR1prTEUxVXdIeFlQRVJ4WndJREFRQUJBb0lDQVFDUEQ1NVVkOTdqYnUzRUxzWkJyTVBDDQpNNHNqYU5ZOHltNytFdmRsVk9KVlFuSnJhTzFHYUhjaXJJeTV5bFY4SWh0LzBFTlFvVG81aHBEaHdVS0h1MStLDQpUYlhoSVJKY25venFpMS9rLy9JQlR3ZHMreUVvSy9MbWNJc0dibDc5NEw0cnhqM2VMTXkwSDV3dWtLbkhXSlBJDQpLd2dwN3BieFpzVHFGV05CUUFRU2dvcDdzRndSYVk1czQwRWNTaWlaUDZ4RGRCY2RjU1VWSjFqcDU1UkI0a3I1DQpkVmROdFVEL2JnVFAvK05LVmNOZ0tqcW5NRXBXZE9WNzJ0blZ2VnRiWDZOcnJtVzlTdjNmTWVNSDFmaVkwSDRrDQpoNW1kMTRkNVZ0cng3Z00zUE1XVFFSeHNvS0dvL29CYnE5aHlZdUZGQTBZOVVIMnRjTThFcmN4a0VXR05MNEthDQoxcjdvOTR5QWlHemRYd2xLbjdoSFBMWHlhc0lyYmF1T3FrSUE1ZUNnRkplQm9McUkrU1UyakJEZ3NPZlVOaHpWDQpNTmIxQzNoNGl3OUp2TER6MXMzaDJPbGxCY080WnBSamF0ODBQY1E4Sm5SK2l4VWUvYWdiS3ZRR056cEVobkovDQpOdWt2V2NWdXJrZUNRY1lQc01rWlMvUGlHK0U1NElSUVlvRHBoakZIUHd1cW12bWZKMTNUMjN2NXAvelVBNXVUDQoxQVFkMWRWL1JrQmtBcG9RWm51c1g3Q1ZCcWpUaGRWREVVem91OVRrK09nR016WkZRd0NjYVNWQllWVlg5OXkwDQpUTVpReFN6MlllUS9hZmZ2M2FDZ3dkZHhyZERFQzNDYm9BUks1bW91ZEhxaUVhSExROEswR3pValdzTDhTVnhGDQpOZ2JHNnFLcW5XWUJyeFIrWkFsOUlRS0NBUUVBK1puaE8zOWNNUnJhdk1EYzdNYjlkdFFoSFBYeFpnR2xaVGZTDQpWMHhrV3RPZEFqZjNHVlJ2RERqRE1oMk9hQUZiakFDSVBYdGoyaWxWV2MxSWIwQmxTbTVnVEdHeERrMVIvVTg3DQo2QUVGa3ZxME8rTWtSZjhQS21LQWpCa1RYY1VhbVo1NjFwQWRaaldSeDVBNi9IbW5lWGxxbzM3VDBhaTg5alRUDQpGMXpKeWZ4SXNwVGZ2YVJDUFQrSndMNWx6TmRFUmpUd0MzZDZRSWhRM2Q2MWhYMFFvVFhjeFpXRmNvMjNCemFwDQpMei9uYjNqOG81TFNnQ2JCNUdDQzd6SGtUYlN2SHNjdnVOOWFySDkwNE5CZ3g4aWJ6b3B6WHdaaFhzK3pxZWp1DQpkSVgxWHhONUFUSVEwak1hK0I3WnI1Tmp3TnU0T1JtdjQwZUpzNlhFOHgza0FXNjdMd0tDQVFFQTJnRC93RHRmDQpsU2l6c0g0cnExK1pFZE96K3AvQ2Fjdk1CK2lxdTczdEJROG8xR1ViVlJ3Q0h0TjkzeHQ0RUEyMGk2NjFobU5LDQoxL2kxNWljeERiVG44akg4SStOd0F2clRVSzJ3eGVkRXNxK3ZWZWtUaWoya0NLOVVJMGh1eFBFSTlkMVdKNnk4DQp1eDhibFFyNTMyUEpYT2FLMlpUOEE0eERBMk8wOThNOFQydUdlTEtlM1phc0ppRjJLTXJuMyt6TlRmWW91ODJVDQpacDdwN2MrbDh0bmRIUC80MUxjQno2dklPQUhDb3lKYTZmeEY0YWhMRThiU3VUaFBGVS8rRGpIZm1nb0xiMTgrDQpyZDJSR09ZU0R5dWZPT1lKN3NBY1hKVGFRK2hjVVpuRHFOcktLZkdBTlhGYzVUSGVEYTlkamRHMkNLaURhVXNHDQpFWEE4SGxvMWRFZS9TUUtDQVFFQXJoYkQzNG12Tlppelk5OW90OFQ2MkR5UWMvQ2VWRFZsdExsQWZoOE1COFY4DQp4eVZkdFU4TXZRdUNLWnd2elI3VlNVcTl1NVFxU3VsMVhGTXY2RmlUelZ3NjBrdDVBSzZ4TnVwaXNDaTJTSk9QDQp6ZzFaS1hFQ2xOOXJKVXdBRS9ENzRwV0V1ODU4a3VOZU1FREt3M25lYzMxYUFYcmVKbWQ0bElpM2lwM3ZLSEJNDQpEREtGODNGenVlQnRKZ0FtWkw3b0ljZWVmWUR4eGJ6T0dsSFJiYStUUDcyZnBEZnJnY0NTSGZmai9NNm5qenBsDQppM2xHVkplenVLUVA3dUZ2aVRzeXdWYlFWRE9FdkxlUlA1UlhURUVCV3dkNS9KY29wc1piVzNEWmtIQTJlZi9NDQo4Q2FKVVBMUUpxcnR6ZVlSTjF5SW0xcnRNS3Fld3F3bU9DTnErZ3pQaFFLQ0FRRUFySUJ4M3hpY0w1ai9acjdQDQpxMUYvKzkwNjR5d2JXRC9NK00wZ25HSlM5TmZrQlB6a1BkcGx5eUtxelNvZFBRYTdRSFJFYTB5U1lvY0kyRTlXDQp2M1BRdlpMVDQwb0t6akRQbVYxM0xZSXNsLy93aTloY2Y5ejZ1V3lTOVVCUmRrRU1TQkNXSmRySGxJR3UvNmFwDQp4aHhkcjhjMVE2cGlLQ1NLdWxuaFR0UU1Hd1FJYWVWZFZCWHZybFIzL1J0aGs0ejdmNTh5NkRocUh6SE1CVU4wDQpHdEJONks2YnBTWVNwdE5WSVF3emlZYWJ6ZDZ6SlRaWUFoUW5saXg2VjNEdXBTak51RVFPZkZndmJzQ09HZGVqDQpucUZ6NGtBVXgvajMrRUpJMjhjM2xkSklRb3F0d2JhNUxwQy9ZeFNza3NPYkVhZEpsVnhTYjdUUDNtaWpDWmwwDQpCc2puRVFLQ0FRQTZDSG5LZTNWNEF5WkRJV1N5UE0xZ2Q4VWVyQWY3V2paLzJ1RU0yWC9Nc1JvN2pHeHh4U0JMDQpUOE5vemtuZ05GbXV2SENnOURpdXRxZ0N0eHV5TXZ6MmJ2MnhXdWxPMm9ZL0NVdUQvVzV6aU44NzlnenBPSStPDQo5T0d4NklUV2xqZ0FKQmt4U1RaYXpYd0NVK05qNDlkY2ZicWhEZGtTQWZ6RW1COGpCRzEzaXprcVZEQTdYU0lBDQoxWDNUdEpkSGwzUmYwNFpoUUN1aCthWEdlRjdHOHQ0QTFhZW1iWWIyUStjM1BPK0s2ZlZZU3doTC9PeEdFdmUzDQpEc2x1aUZ2ZnM1cFIwb3B0ZWR6Y1RQdHhQM29tK0JiSThvUnVHVUdMdkNKbS9GYlNOL0c1TGFZS1U4YlkydHlhDQo1L05QTjR1OTZCcStRYUFsS0hKc24xL01XRWRaTS9ocg0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQ0K
--- a/deployments/k8s/certs/booking-cert/tls.crt
+++ b/deployments/k8s/certs/booking-cert/tls.crt
@ -0,0 +1,30 @@
 -----BEGIN CERTIFICATE-----
 MIIFKTCCAxGgAwIBAgIUFa9lh176zt1+zRoMwLJhUb9aEGswDQYJKoZIhvcNAQEL
 BQAwJDEiMCAGA1UEAwwZYm9va2luZy1taWNyb3NlcnZpY2VzLmNvbTAeFw0yMzAy
 MjExMTQ3MTBaFw0yNDAyMjExMTQ3MTBaMCQxIjAgBgNVBAMMGWJvb2tpbmctbWlj
 cm9zZXJ2aWNlcy5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDU
 jgMoXxtavsMXUoHva0WUfRybJMUgGSPniweawyn5FigUTx6gv6VvOzqSmGZ185P4
 UIbWCud9WjECESJUJB4qZbRiDYIMAd2336ci5wDsnDFUznXtM9g5UFfKwOweOVcv
 jsStYf6K9wd/1itLorHx5txEPnPdTdFGFj9YUOku2c5VYH2OKiI7jjCh00stZdz8
 t5i//Kv27PDt6DG7/un0ygTG1kmMUMPrpRBeHlQMYft7OqM3GHrDfiuH7c5ZF5c6
 aDgPykyw2R3gLbBjyHbja9VFJs+dMEbPMlkDKzIV+ggugVGwuQdoD5/Jvkzo3qXT
 cZJwGE72OEFiJn/VwWOH0WjlXKjHBAjhSn9n63NFjhs3SGKtdioqHBOiZCxB666r
 MHGZy15kDyzgDUSF5OI+K/mb3kwGD8S5uzemO6dWxWQwL7zNRpxMiH4b8D8CFBUu
 rCICIku5hSD/LNvt+NOVtCRYTjSLOMdZactH70P1EwqrJGS2sJk8DDi2h5o2ChnI
 W/kxMOyZr3bODABZLiaNwHYvEHBHHwgueXGHbiYUDh7s9sMfJQZrGZDnd7GHyI7H
 emdsbB02svzDPrAE9LQf4WB/dqaNRlI2ftJr3HJ5a9gYBoJDKZu69R47G60j3mrk
 xHuXGRCc8xAmOqI4UcektWoDZGZkLE1UwHxYPERxZwIDAQABo1MwUTAdBgNVHQ4E
 FgQUGyqcZzScRYbmp3NfHFsY54rZQNIwHwYDVR0jBBgwFoAUGyqcZzScRYbmp3Nf
 HFsY54rZQNIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAbiOq
 XPZ0qorffY9nXQkicdZB7fMqDf5zZ22lWBE4flDzd8ffO6NeH/Ft7U3YwpKstuzh
 3nHVbR+T35bufUpLyPbm+J/gIG9SHy5NTk2en+7lxrobesNVn669S/TAmrwfplCy
 VeptYT42Jl3/Sd64DwH4LHAUrPjsdUhyYyWaWntTgrqxAy+tUoPxjvrX14eWC6wH
 c8t1ovMSfSs5eapswROQK2VAr+19p2pFYPTEL75epChxn2f28gVnlEVgmkAok4PR
 IWk4jWdz/HSGnOPI5NCmmoeogRAcu3T9jxpOoFAGXYE1OEtGqWi1yJAEJ45OVTsY
 kBOiFxl8/1eB2JdVXPCETUhVzS/wlfH8nowZszy58sQ5QwG9e1wnUw/0R73sS1EG
 qcHkiBED0ygNCNwMOVXMnalDDniXKBJwqZ0Y5K+L9YXzOGiO+hBM1LETTqyuGw7I
 U3SpqDwIVISh3D8MW77XQWfgPey5LMEkLuHt8jKyi5B06J9A7FmWXgsvijfrclaA
 wdpCjBV7jccmzBIxYUwpKNPyccT92N7P86VQ3WcOCPjHbgP3m1tSRT6PogjDbn7M
 wVhTyCo0cuq2QWb4qKX7sHPvCJbrKzIcV6dObfmsR530Ktq6ZSLMmT9G2dJqsOAm
 l5yLSPrSa9N9tQM7CYR30x7vgi3GgoFTlkCXFWA=
 -----END CERTIFICATE-----
--- a/deployments/k8s/certs/booking-cert/tls.key
+++ b/deployments/k8s/certs/booking-cert/tls.key
@ -0,0 +1,52 @@
 -----BEGIN PRIVATE KEY-----
 MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDUjgMoXxtavsMX
 UoHva0WUfRybJMUgGSPniweawyn5FigUTx6gv6VvOzqSmGZ185P4UIbWCud9WjEC
 ESJUJB4qZbRiDYIMAd2336ci5wDsnDFUznXtM9g5UFfKwOweOVcvjsStYf6K9wd/
 1itLorHx5txEPnPdTdFGFj9YUOku2c5VYH2OKiI7jjCh00stZdz8t5i//Kv27PDt
 6DG7/un0ygTG1kmMUMPrpRBeHlQMYft7OqM3GHrDfiuH7c5ZF5c6aDgPykyw2R3g
 LbBjyHbja9VFJs+dMEbPMlkDKzIV+ggugVGwuQdoD5/Jvkzo3qXTcZJwGE72OEFi
 Jn/VwWOH0WjlXKjHBAjhSn9n63NFjhs3SGKtdioqHBOiZCxB666rMHGZy15kDyzg
 DUSF5OI+K/mb3kwGD8S5uzemO6dWxWQwL7zNRpxMiH4b8D8CFBUurCICIku5hSD/
 LNvt+NOVtCRYTjSLOMdZactH70P1EwqrJGS2sJk8DDi2h5o2ChnIW/kxMOyZr3bO
 DABZLiaNwHYvEHBHHwgueXGHbiYUDh7s9sMfJQZrGZDnd7GHyI7HemdsbB02svzD
 PrAE9LQf4WB/dqaNRlI2ftJr3HJ5a9gYBoJDKZu69R47G60j3mrkxHuXGRCc8xAm
 OqI4UcektWoDZGZkLE1UwHxYPERxZwIDAQABAoICAQCPD55Ud97jbu3ELsZBrMPC
 M4sjaNY8ym7+EvdlVOJVQnJraO1GaHcirIy5ylV8Iht/0ENQoTo5hpDhwUKHu1+K
 TbXhIRJcnozqi1/k//IBTwds+yEoK/LmcIsGbl794L4rxj3eLMy0H5wukKnHWJPI
 Kwgp7pbxZsTqFWNBQAQSgop7sFwRaY5s40EcSiiZP6xDdBcdcSUVJ1jp55RB4kr5
 dVdNtUD/bgTP/+NKVcNgKjqnMEpWdOV72tnVvVtbX6NrrmW9Sv3fMeMH1fiY0H4k
 h5md14d5Vtrx7gM3PMWTQRxsoKGo/oBbq9hyYuFFA0Y9UH2tcM8ErcxkEWGNL4Ka
 1r7o94yAiGzdXwlKn7hHPLXyasIrbauOqkIA5eCgFJeBoLqI+SU2jBDgsOfUNhzV
 MNb1C3h4iw9JvLDz1s3h2OllBcO4ZpRjat80PcQ8JnR+ixUe/agbKvQGNzpEhnJ/
 NukvWcVurkeCQcYPsMkZS/PiG+E54IRQYoDphjFHPwuqmvmfJ13T23v5p/zUA5uT
 1AQd1dV/RkBkApoQZnusX7CVBqjThdVDEUzou9Tk+OgGMzZFQwCcaSVBYVVX99y0
 TMZQxSz2YeQ/affv3aCgwddxrdDEC3CboARK5moudHqiEaHLQ8K0GzUjWsL8SVxF
 NgbG6qKqnWYBrxR+ZAl9IQKCAQEA+ZnhO39cMRravMDc7Mb9dtQhHPXxZgGlZTfS
 V0xkWtOdAjf3GVRvDDjDMh2OaAFbjACIPXtj2ilVWc1Ib0BlSm5gTGGxDk1R/U87
 6AEFkvq0O+MkRf8PKmKAjBkTXcUamZ561pAdZjWRx5A6/HmneXlqo37T0ai89jTT
 F1zJyfxIspTfvaRCPT+JwL5lzNdERjTwC3d6QIhQ3d61hX0QoTXcxZWFco23Bzap
 Lz/nb3j8o5LSgCbB5GCC7zHkTbSvHscvuN9arH904NBgx8ibzopzXwZhXs+zqeju
 dIX1XxN5ATIQ0jMa+B7Zr5NjwNu4ORmv40eJs6XE8x3kAW67LwKCAQEA2gD/wDtf
 lSizsH4rq1+ZEdOz+p/CacvMB+iqu73tBQ8o1GUbVRwCHtN93xt4EA20i661hmNK
 1/i15icxDbTn8jH8I+NwAvrTUK2wxedEsq+vVekTij2kCK9UI0huxPEI9d1WJ6y8
 ux8blQr532PJXOaK2ZT8A4xDA2O098M8T2uGeLKe3ZasJiF2KMrn3+zNTfYou82U
 Zp7p7c+l8tndHP/41LcBz6vIOAHCoyJa6fxF4ahLE8bSuThPFU/+DjHfmgoLb18+
 rd2RGOYSDyufOOYJ7sAcXJTaQ+hcUZnDqNrKKfGANXFc5THeDa9djdG2CKiDaUsG
 EXA8Hlo1dEe/SQKCAQEArhbD34mvNZizY99ot8T62DyQc/CeVDVltLlAfh8MB8V8
 xyVdtU8MvQuCKZwvzR7VSUq9u5QqSul1XFMv6FiTzVw60kt5AK6xNupisCi2SJOP
 zg1ZKXEClN9rJUwAE/D74pWEu858kuNeMEDKw3nec31aAXreJmd4lIi3ip3vKHBM
 DDKF83FzueBtJgAmZL7oIceefYDxxbzOGlHRba+TP72fpDfrgcCSHffj/M6njzpl
 i3lGVJezuKQP7uFviTsywVbQVDOEvLeRP5RXTEEBWwd5/JcopsZbW3DZkHA2ef/M
 8CaJUPLQJqrtzeYRN1yIm1rtMKqewqwmOCNq+gzPhQKCAQEArIBx3xicL5j/Zr7P
 q1F/+9064ywbWD/M+M0gnGJS9NfkBPzkPdplyyKqzSodPQa7QHREa0ySYocI2E9W
 v3PQvZLT40oKzjDPmV13LYIsl//wi9hcf9z6uWyS9UBRdkEMSBCWJdrHlIGu/6ap
 xhxdr8c1Q6piKCSKulnhTtQMGwQIaeVdVBXvrlR3/Rthk4z7f58y6DhqHzHMBUN0
 GtBN6K6bpSYSptNVIQwziYabzd6zJTZYAhQnlix6V3DupSjNuEQOfFgvbsCOGdej
 nqFz4kAUx/j3+EJI28c3ldJIQoqtwba5LpC/YxSsksObEadJlVxSb7TP3mijCZl0
 BsjnEQKCAQA6CHnKe3V4AyZDIWSyPM1gd8UerAf7WjZ/2uEM2X/MsRo7jGxxxSBL
 T8NozkngNFmuvHCg9DiutqgCtxuyMvz2bv2xWulO2oY/CUuD/W5ziN879gzpOI+O
 9OGx6ITWljgAJBkxSTZazXwCU+Nj49dcfbqhDdkSAfzEmB8jBG13izkqVDA7XSIA
 1X3TtJdHl3Rf04ZhQCuh+aXGeF7G8t4A1aembYb2Q+c3PO+K6fVYSwhL/OxGEve3
 DsluiFvfs5pR0optedzcTPtxP3om+BbI8oRuGUGLvCJm/FbSN/G5LaYKU8bY2tya
 5/NPN4u96Bq+QaAlKHJsn1/MWEdZM/hr
 -----END PRIVATE KEY-----
--- a/deployments/k8s/certs/identity-cert/identity-secret.yml
+++ b/deployments/k8s/certs/identity-cert/identity-secret.yml
@ -0,0 +1,9 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: identity-tls
  namespace: default
 type: kubernetes.io/tls
 data:
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGSHpDQ0F3ZWdBd0lCQWdJVWJ4K1lESEs0cFlrQkM5d2lsVEJBa05NMFNPVXdEUVlKS29aSWh2Y05BUUVMDQpCUUF3SHpFZE1Cc0dBMVVFQXd3VWJYbHBaR1Z1ZEdsMGVYTmxjblpsY2k1amIyMHdIaGNOTWpNd01qSXhNVEUxDQpPRFV3V2hjTk1qUXdNakl4TVRFMU9EVXdXakFmTVIwd0d3WURWUVFEREJSdGVXbGtaVzUwYVhSNWMyVnlkbVZ5DQpMbU52YlRDQ0FpSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnSVBBRENDQWdvQ2dnSUJBTHZDWGU2cy9waW50czc1DQpOcUJmeTFyUkZLREc4Ky9qSFZVaTh0VE1XNU1qbHh3SW9WQ004WXVVSk8vTFNjbVNueFZHdXNBTEk5TkJMeXFKDQo4U2dCY0VXQ1h4aDI0VmRpUmk2d05jSzF1TkNwY0t1VVA0bDZQYVhFaHZtU2YycnBScDgrWGxKeWZOTFBodXhUDQpOUy84MWl3UXRoelc0WGFPbEVGYzhxbFd2ODZjbjdoci9QbDhUNGZIVmp5UHNJdHVrOExTSTBPdmUrQUd5L3F3DQpkL1hQcE12dXVSbndRRFBuWHE1NE56djFHMTMyRDh4eitoWko4eTNlTEtUTXF0U2ZEQm9SdWpoQmVjNVp1ckxKDQplYVJEYmlWdU9LMy9oRm9TVGxkaFYxMTViVDFZcTU3QnNhQlNQeXdSUE1JbldOZ1p0QnhtRUgxVTR2aGJKZmtKDQo0TnAvMkFQYzY2WDFTelp1c0s3aEZ4WHBtVTRJYXZiNXAzcDhpVVZEekNPN0U1OURkT2Z6QzNCYXg1YzZPUXZSDQo5d0FkTXlVSmhCaFU0eW9KOXQ1WTljV1BRcU94U25WT3Z1NXFOVHI5UDBBVFdLcE9NVkZZWklib0VCQW9oWmlwDQpKT3FkYWxVSnFqcEp0TzRxeTVaL3orclZPMjRCdzUzMWJ4SkFoanBWYWQxU1NOZm5xdXI0TFZ4V0JyYXFqUU90DQpPT1VPaHEwd2Y0UUdEc3NIM2NOMkJaK2Z4OVJDY0dmOW1kTkdSTDFoK29IalVHYjVaS2dxcWlOZDNZVWlKWlpSDQpIN1VvQmV2eXlLcVFiYmE4NFVXSXRhVHJPT0kxN3JKSWJ3dlZsdjgrUENGWGZPNjdDMENYN243YWwxM040ZkNlDQoyaWYyT01uQ0pJOWI5VXJSZGZxTDkvbG9wZ0J4QWdNQkFBR2pVekJSTUIwR0ExVWREZ1FXQkJSRzRzTHh2QmxSDQprNmhveXVxdDg0MUE1TTlCVGpBZkJnTlZIU01FR0RBV2dCUkc0c0x4dkJsUms2aG95dXF0ODQxQTVNOUJUakFQDQpCZ05WSFJNQkFmOEVCVEFEQVFIL01BMEdDU3FHU0liM0RRRUJDd1VBQTRJQ0FRQmVJb0xCaUMvNGxaNnhHYzJnDQpWNG5JM0lmQ2YyY3BWVFhaME5zTjFxL0o4TXZrRnBHNENkeUZlRStoZjdPbmpVVjlIQnlVR2JpRDFoZlJCSmJWDQpaNXAxS1BxQ0ltQXlZcm1KVnU4dllEVlJGcXY0bW5kSUN4ZzBRaGNEbWZTU3NCZXl6UXpDUExTd21HUzd2OVk5DQpTTjFTTUU0cE5jMWdBaU5OTWhKS1NBcnowWTV5TmRsWDNNcTRXTHZrd01iZXN0TjlDRFRaZ2VVTDVuRkxCdFFhDQpaZkY2Z0NBTVI1WktITmNaTEp3ejdZcU5ZT0tUN2s1OHRCSXJMV1FWNWFXWTlPSUVqQ1VNMEtneUVBbzE1dDA5DQpwQmorUWVrK25HOFdxNTRxbnNjSnVyeWxaaWVNdXBDOGdYdUhlL1BMb3ZSQksvUkp5VDF0YTZvb1VHWW00VWRzDQpnWWF4RUpWVVFqNUowZXF4U2JMVHg3UUxNR2xNNGc2V1dOUmVUWE9VOE41OG5SSzBtTVRISVBEQ0ZBeVRMNlpKDQo1ZG5aYjhZN3UySDJvNDRJQlRvdFBiQmYrT3h6dTV2dTl0TzluelN1ZWtWd0EvbDhWRkJibnY3SG9CU1oxMDFUDQpFU0ZUVDBmR0NvNGpkbnhhOC8wcElwelo1M0ZDSG5yZGdjUXd2amJrb2tybzV1L0o3dXdFRHNsaE9hM0FkdlIxDQpMTXhIVFRvR01QaDdCT0RTb2FybWRsR2hReVI3TU1lYWwxUzRHOWZHMmZUczZsYXBrcFJ2d3V0RzMxUWJiNXhrDQpKemNTSXIwTWlheGVGdTcyL2J5aWFDTFEwQ2c5SHQ4THlpZ2VMRFhQMFJjeXVRNXk1bUdVYXY1cnBWRTZiMkRGDQpoU1pUZmdOL3ZzUitJdExueU9EVkt0WWJ1dz09DQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tDQo=
  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tDQpNSUlKUXdJQkFEQU5CZ2txaGtpRzl3MEJBUUVGQUFTQ0NTMHdnZ2twQWdFQUFvSUNBUUM3d2wzdXJQNllwN2JPDQorVGFnWDh0YTBSU2d4dlB2NHgxVkl2TFV6RnVUSTVjY0NLRlFqUEdMbENUdnkwbkprcDhWUnJyQUN5UFRRUzhxDQppZkVvQVhCRmdsOFlkdUZYWWtZdXNEWEN0YmpRcVhDcmxEK0plajJseEliNWtuOXE2VWFmUGw1U2NuelN6NGJzDQpVelV2L05Zc0VMWWMxdUYyanBSQlhQS3BWci9PbkorNGEvejVmRStIeDFZOGo3Q0xicFBDMGlORHIzdmdCc3Y2DQpzSGYxejZUTDdya1o4RUF6NTE2dWVEYzc5UnRkOWcvTWMvb1dTZk10M2l5a3pLclVud3dhRWJvNFFYbk9XYnF5DQp5WG1rUTI0bGJqaXQvNFJhRWs1WFlWZGRlVzA5V0t1ZXdiR2dVajhzRVR6Q0oxallHYlFjWmhCOVZPTDRXeVg1DQpDZURhZjlnRDNPdWw5VXMyYnJDdTRSY1Y2WmxPQ0dyMithZDZmSWxGUTh3anV4T2ZRM1RuOHd0d1dzZVhPamtMDQowZmNBSFRNbENZUVlWT01xQ2ZiZVdQWEZqMEtqc1VwMVRyN3VhalU2L1Q5QUUxaXFUakZSV0dTRzZCQVFLSVdZDQpxU1RxbldwVkNhbzZTYlR1S3N1V2Y4L3ExVHR1QWNPZDlXOFNRSVk2VlduZFVralg1NnJxK0MxY1ZnYTJxbzBEDQpyVGpsRG9hdE1IK0VCZzdMQjkzRGRnV2ZuOGZVUW5Cbi9ablRSa1M5WWZxQjQxQm0rV1NvS3FvalhkMkZJaVdXDQpVUisxS0FYcjhzaXFrRzIydk9GRmlMV2s2emppTmU2eVNHOEwxWmIvUGp3aFYzenV1d3RBbCs1KzJwZGR6ZUh3DQpudG9uOWpqSndpU1BXL1ZLMFhYNmkvZjVhS1lBY1FJREFRQUJBb0lDQUE1OE1FTDVsYXF4UmFreUVNVE9ueUdpDQpmN1RucEdvZFcyWDJERVhlZmpJYnpNeWMzZFVaQ29sNkpGOWJqNVc5ZWdocUxINGtYZDh1YURVZjd6cm00WUo3DQpURnJXMFF1c3lUMVEydFRxc0Jkbyt3aEJwNlV6aVE0QTIyamxwRzdiRUZlNHVBNGtSdno4aGF3MXZ5UzBuTkZKDQplTU5BMEtRVTI5c3ZFSWwvNTh4SXlRbXhTeEwwUkM1MWNuRzVwQ1Vkb3NpazdaT0xOa05TUXVwVU11MEQxL0xqDQp0K1FJWk91Y0xmSEgxSHNMcmREUjZ1WWJESEFyeEZjRmpPd3AzZ1FKUVNYQnVGd2VzUWI2WlN6bDNqeU45ekZzDQpEM05kQXhqdjBKdHRKeEJQRGQ1dHVNL0dvYTE4cXVMN2NYU0pGSkdYYWczRzBmN1pUYWxiWHRLWHNJRXEyNzlPDQpoWFNNVkcxODZVNU9GdThQQ1hITVRSSXp1ZGlnaHRvaExSTXE4ZDAvdTdHSWNzRVNiZGdCKzlhT0hBYU42SUtwDQo0REpYQWtzQ3E0NmVyaGlRWEdnaGpKZUd6YjlONzBJV1I0NVpGZGNpUlhlbnp0djRBOENXeUdyZk1lOWFBMjUyDQpWbmNHa1o2bDVrTFZ3aUVLZU1uK1RYV2ZPQUVnMVNZb3F6RTJYanVSOENvUmJ6aFBRQjVxRlVhZEZYMGwwWlpqDQo1YlcxOHNtcG5xM1h5WlpmSVNIOEFYeGZndzEraFEzVldodENlNU9qQkV0dlNoeDIrR1czTVNmRVQxNXVORTFXDQpQR3A1RFBGNjMzaXZXdDRBMUVUckpkbE5UcnVxbVh2b3hZWGlnUWNjdURRM2YvZnkvcmprRDY1eDRDaEpLc1F4DQpEcmZWMHF6MGV3TmxHbTc0U3dBQkFvSUJBUUQwTmFPdngvNFdNdXNLUFhNU1NycFRtVlMyd1ZROUpmbGw2Y0EwDQpKTG9HTk1hdVBIenJsVzIxamFCcXhXTGhlVkY5R1c3MU9lSmxtdjA2SWZwbUJlS0F4c3grR0lnWUZqRG50aVlFDQpUVjRQSkRFVFB2TDQxU3ZLT0NDUWx4eXVwY2tGbUoyLzJYd0Z2REVqdVBPeUJyZ0VrT3dlUXJxSEhnWXI3cWhzDQphM0U4bkliVWhPWVF1QnNpNHpXanFnTGI3eS9XeVhkbm9LbXNJRlp5bHc2OUxjQVAvaW9WQkIrS1h3aXZsTnpYDQpoaGZ0QkY2RXRsLzFkbFN3MmtmUTBIMmlYdkR5ZTEySEFJNlZYZXQ3dXJoSFRzeG5JaW5remx6d0lJcUJFOFduDQpnVXJJcXBhays1OVNGRkpvbjB0RkV5cmVhK2dMQmVpKzhGTitzZVFydytHNmYyVnhBb0lCQVFERTB3U2NqVUV3DQpjM20rUi9VcjhJOWRZZW1ER1Y4OXkwTmI1amd2TDBwc21GNmc4aDFNYWxlMFJiaXI3SVJ0TU9MUjhWV1EyQ281DQo1bGlBTlhPKzIrdHJhaFlDbkY1d0t6Q3dsM01qNVRYMlQ5MHE1Sk9XSVZldTIvZTE0Vkl3UDBITXV3KzZCdTIyDQpvbVdQcjd3cm5weUVISjlnTkcwbWRNL1JHK3ZvVXNWeHdOSThUVHdFNFZ2UzBYYzcrN3VNbEhEcnV6dlRkOThjDQpJTEdMOTVJUVppeWxUdnR0ZVgvT1pyTmNIeUg2Ym5SaXFIZWszSHdQMm1VZkg1ek9oOGwzdmVQSXVET2xaOE5ODQppbloyN1VrMmJxZW8vT3BCTWcwMVo0dE82RzBha2RaSjUraFlBS3hZWUdyWmZBbTZRTTJpTFd1bDliRzVwdG5MDQo0YW5RSEdTQkZzc0JBb0lCQVFESmhtSTNzdkJJM1dmOG9VME9jVUJsc0lpcDc4eFdVYm9Ia2VnY241b3JlTzNqDQo1dUtuZmo1MHJoVU5SeW9jS3dOR0d2RG55UWE5RmpPVi8yZ2xQUUgzaHhaRmtIVHVlNUdNQlZKR0JwcHlJRW1uDQpPakZEaXBhQ1grTHZydVBxYzhENXIwR3VpZ2pBcXRaYVJreEVReXNrQ1h2d1ZOeWNsL2c3MU15RCsvNE1LSmRUDQpWUUNPRjMrOVFJYUpNc2o5T2RyZWdvN1lvMHFoVW1aRVZjZkI4YmttK1hVOHRwUlltYWdQVE9jWnEveWVpUlorDQpxZ2x5QkY1TE96WThhWERqeHpsS3dPY2pleUF1dnJ5TzlEMFNDMEsrY1FEbFlpNXJzazdaeWJrNFM0ZXRKS2tBDQpLTzBHek9KY2wrZURieGZYU0hES2QrdmpkV3RSaC9kazdsYWVrbmJoQW9JQkFRQ2dMUEoxek9hZVhYdFlCUXRiDQpCTnhITEtWeVVUV1cvbElFK2VnRFRrTU0rVHNaVTYvUVBrSzlySGZMUWlITEVwdWtLdmh0ZGQxM1hTUHN3cE05DQpZWS9HeklDNUF6US9xSVpwVC9jZDRTejNGS3R5ZXE0NDRVMlFPZWJ2RnoxaGtqa2tPWjlrenJxcGhLT09PWCt6DQpKOU5NR0ZjRFhlYnVBdVlVME5vOUtROFJzYy9senh6bkE5ZE1TN2J6RTd2ZmZmWWZnVElBdUc3VFh5L2VMazJxDQpGdHlDY3pKZU55QnhnbGE0dzRWTlhwSk1yN2tlYTJoekpsSmc3OE1XdUo2V1dleURycFFwS2JaZzVpdmVRT0R4DQo4VDkwWU03cTI2YXdMV0hMaDQ4eXJqaHIwTlRldVQySWRuNitHeGwzZjhGWkdBbWc5Ny80eS9ZMjI2RHNnZzZ3DQpseklCQW9JQkFHNTdVSVpvL012VXRHelVQWnh0QTJmSmZ4RDhhOE92M25RVTN6akpMd0pYenIrOHp2eVpOUnhvDQp4eCs5ZGlMdWlYQ2hHT3VpU0NUOXVtci9KSWRzVmEwb200TCtQMHA3V01MK1QrYlBhVHFmWjJnY1Z1QitadFg3DQpKR1gzdForTHpkYWtRNkxTYTRaRlFlMmNTYzcxYWF2YnJZMTU0RGpYUmI4c25BQTlkczBENk10U0crTjlhQjZaDQpaRFZEc1MveUk1Z0VLV3FtN1B0RDR1VWhNazViUmFLbkdLS1ZVR0NOak9DN0NETEZVSU1OcDRRSDFhb1lMcTJuDQpCNy9GdHlQb09MNkxDTytCUk9FY2NSZXZYQWJyOTJ0dzhoQzNqaGJGS3dCTThJMUFWdWgxdS9qWFg1ZDgrRGVNDQpQQ0ZNNHlLZnNGb24zTW1sMDR4eXhKU3RqL2Zhc01jPQ0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQ0K
--- a/deployments/k8s/certs/identity-cert/tls.crt
+++ b/deployments/k8s/certs/identity-cert/tls.crt
@ -0,0 +1,30 @@
 -----BEGIN CERTIFICATE-----
 MIIFHzCCAwegAwIBAgIUbx+YDHK4pYkBC9wilTBAkNM0SOUwDQYJKoZIhvcNAQEL
 BQAwHzEdMBsGA1UEAwwUbXlpZGVudGl0eXNlcnZlci5jb20wHhcNMjMwMjIxMTE1
 ODUwWhcNMjQwMjIxMTE1ODUwWjAfMR0wGwYDVQQDDBRteWlkZW50aXR5c2VydmVy
 LmNvbTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALvCXe6s/pints75
 NqBfy1rRFKDG8+/jHVUi8tTMW5MjlxwIoVCM8YuUJO/LScmSnxVGusALI9NBLyqJ
 8SgBcEWCXxh24VdiRi6wNcK1uNCpcKuUP4l6PaXEhvmSf2rpRp8+XlJyfNLPhuxT
 NS/81iwQthzW4XaOlEFc8qlWv86cn7hr/Pl8T4fHVjyPsItuk8LSI0Ove+AGy/qw
 d/XPpMvuuRnwQDPnXq54Nzv1G132D8xz+hZJ8y3eLKTMqtSfDBoRujhBec5ZurLJ
 eaRDbiVuOK3/hFoSTldhV115bT1Yq57BsaBSPywRPMInWNgZtBxmEH1U4vhbJfkJ
 4Np/2APc66X1SzZusK7hFxXpmU4Iavb5p3p8iUVDzCO7E59DdOfzC3Bax5c6OQvR
 9wAdMyUJhBhU4yoJ9t5Y9cWPQqOxSnVOvu5qNTr9P0ATWKpOMVFYZIboEBAohZip
 JOqdalUJqjpJtO4qy5Z/z+rVO24Bw531bxJAhjpVad1SSNfnqur4LVxWBraqjQOt
 OOUOhq0wf4QGDssH3cN2BZ+fx9RCcGf9mdNGRL1h+oHjUGb5ZKgqqiNd3YUiJZZR
 H7UoBevyyKqQbba84UWItaTrOOI17rJIbwvVlv8+PCFXfO67C0CX7n7al13N4fCe
 2if2OMnCJI9b9UrRdfqL9/lopgBxAgMBAAGjUzBRMB0GA1UdDgQWBBRG4sLxvBlR
 k6hoyuqt841A5M9BTjAfBgNVHSMEGDAWgBRG4sLxvBlRk6hoyuqt841A5M9BTjAP
 BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBeIoLBiC/4lZ6xGc2g
 V4nI3IfCf2cpVTXZ0NsN1q/J8MvkFpG4CdyFeE+hf7OnjUV9HByUGbiD1hfRBJbV
 Z5p1KPqCImAyYrmJVu8vYDVRFqv4mndICxg0QhcDmfSSsBeyzQzCPLSwmGS7v9Y9
 SN1SME4pNc1gAiNNMhJKSArz0Y5yNdlX3Mq4WLvkwMbestN9CDTZgeUL5nFLBtQa
 ZfF6gCAMR5ZKHNcZLJwz7YqNYOKT7k58tBIrLWQV5aWY9OIEjCUM0KgyEAo15t09
 pBj+Qek+nG8Wq54qnscJurylZieMupC8gXuHe/PLovRBK/RJyT1ta6ooUGYm4Uds
 gYaxEJVUQj5J0eqxSbLTx7QLMGlM4g6WWNReTXOU8N58nRK0mMTHIPDCFAyTL6ZJ
 5dnZb8Y7u2H2o44IBTotPbBf+Oxzu5vu9tO9nzSuekVwA/l8VFBbnv7HoBSZ101T
 ESFTT0fGCo4jdnxa8/0pIpzZ53FCHnrdgcQwvjbkokro5u/J7uwEDslhOa3AdvR1
 LMxHTToGMPh7BODSoarmdlGhQyR7MMeal1S4G9fG2fTs6lapkpRvwutG31Qbb5xk
 JzcSIr0MiaxeFu72/byiaCLQ0Cg9Ht8LyigeLDXP0RcyuQ5y5mGUav5rpVE6b2DF
 hSZTfgN/vsR+ItLnyODVKtYbuw==
 -----END CERTIFICATE-----
--- a/deployments/k8s/certs/identity-cert/tls.key
+++ b/deployments/k8s/certs/identity-cert/tls.key
@ -0,0 +1,52 @@
 -----BEGIN PRIVATE KEY-----
 MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQC7wl3urP6Yp7bO
 +TagX8ta0RSgxvPv4x1VIvLUzFuTI5ccCKFQjPGLlCTvy0nJkp8VRrrACyPTQS8q
 ifEoAXBFgl8YduFXYkYusDXCtbjQqXCrlD+Jej2lxIb5kn9q6UafPl5ScnzSz4bs
 UzUv/NYsELYc1uF2jpRBXPKpVr/OnJ+4a/z5fE+Hx1Y8j7CLbpPC0iNDr3vgBsv6
 sHf1z6TL7rkZ8EAz516ueDc79Rtd9g/Mc/oWSfMt3iykzKrUnwwaEbo4QXnOWbqy
 yXmkQ24lbjit/4RaEk5XYVddeW09WKuewbGgUj8sETzCJ1jYGbQcZhB9VOL4WyX5
 CeDaf9gD3Oul9Us2brCu4RcV6ZlOCGr2+ad6fIlFQ8wjuxOfQ3Tn8wtwWseXOjkL
 0fcAHTMlCYQYVOMqCfbeWPXFj0KjsUp1Tr7uajU6/T9AE1iqTjFRWGSG6BAQKIWY
 qSTqnWpVCao6SbTuKsuWf8/q1TtuAcOd9W8SQIY6VWndUkjX56rq+C1cVga2qo0D
 rTjlDoatMH+EBg7LB93DdgWfn8fUQnBn/ZnTRkS9YfqB41Bm+WSoKqojXd2FIiWW
 UR+1KAXr8siqkG22vOFFiLWk6zjiNe6ySG8L1Zb/PjwhV3zuuwtAl+5+2pddzeHw
 nton9jjJwiSPW/VK0XX6i/f5aKYAcQIDAQABAoICAA58MEL5laqxRakyEMTOnyGi
 f7TnpGodW2X2DEXefjIbzMyc3dUZCol6JF9bj5W9eghqLH4kXd8uaDUf7zrm4YJ7
 TFrW0QusyT1Q2tTqsBdo+whBp6UziQ4A22jlpG7bEFe4uA4kRvz8haw1vyS0nNFJ
 eMNA0KQU29svEIl/58xIyQmxSxL0RC51cnG5pCUdosik7ZOLNkNSQupUMu0D1/Lj
 t+QIZOucLfHH1HsLrdDR6uYbDHArxFcFjOwp3gQJQSXBuFwesQb6ZSzl3jyN9zFs
 D3NdAxjv0JttJxBPDd5tuM/Goa18quL7cXSJFJGXag3G0f7ZTalbXtKXsIEq279O
 hXSMVG186U5OFu8PCXHMTRIzudightohLRMq8d0/u7GIcsESbdgB+9aOHAaN6IKp
 4DJXAksCq46erhiQXGghjJeGzb9N70IWR45ZFdciRXenztv4A8CWyGrfMe9aA252
 VncGkZ6l5kLVwiEKeMn+TXWfOAEg1SYoqzE2XjuR8CoRbzhPQB5qFUadFX0l0ZZj
 5bW18smpnq3XyZZfISH8AXxfgw1+hQ3VWhtCe5OjBEtvShx2+GW3MSfET15uNE1W
 PGp5DPF633ivWt4A1ETrJdlNTruqmXvoxYXigQccuDQ3f/fy/rjkD65x4ChJKsQx
 DrfV0qz0ewNlGm74SwABAoIBAQD0NaOvx/4WMusKPXMSSrpTmVS2wVQ9Jfll6cA0
 JLoGNMauPHzrlW21jaBqxWLheVF9GW71OeJlmv06IfpmBeKAxsx+GIgYFjDntiYE
 TV4PJDETPvL41SvKOCCQlxyupckFmJ2/2XwFvDEjuPOyBrgEkOweQrqHHgYr7qhs
 a3E8nIbUhOYQuBsi4zWjqgLb7y/WyXdnoKmsIFZylw69LcAP/ioVBB+KXwivlNzX
 hhftBF6Etl/1dlSw2kfQ0H2iXvDye12HAI6VXet7urhHTsxnIinkzlzwIIqBE8Wn
 gUrIqpak+59SFFJon0tFEyrea+gLBei+8FN+seQrw+G6f2VxAoIBAQDE0wScjUEw
 c3m+R/Ur8I9dYemDGV89y0Nb5jgvL0psmF6g8h1Male0Rbir7IRtMOLR8VWQ2Co5
 5liANXO+2+trahYCnF5wKzCwl3Mj5TX2T90q5JOWIVeu2/e14VIwP0HMuw+6Bu22
 omWPr7wrnpyEHJ9gNG0mdM/RG+voUsVxwNI8TTwE4VvS0Xc7+7uMlHDruzvTd98c
 ILGL95IQZiylTvtteX/OZrNcHyH6bnRiqHek3HwP2mUfH5zOh8l3vePIuDOlZ8NN
 inZ27Uk2bqeo/OpBMg01Z4tO6G0akdZJ5+hYAKxYYGrZfAm6QM2iLWul9bG5ptnL
 4anQHGSBFssBAoIBAQDJhmI3svBI3Wf8oU0OcUBlsIip78xWUboHkegcn5oreO3j
 5uKnfj50rhUNRyocKwNGGvDnyQa9FjOV/2glPQH3hxZFkHTue5GMBVJGBppyIEmn
 OjFDipaCX+LvruPqc8D5r0GuigjAqtZaRkxEQyskCXvwVNycl/g71MyD+/4MKJdT
 VQCOF3+9QIaJMsj9Odrego7Yo0qhUmZEVcfB8bkm+XU8tpRYmagPTOcZq/yeiRZ+
 qglyBF5LOzY8aXDjxzlKwOcjeyAuvryO9D0SC0K+cQDlYi5rsk7Zybk4S4etJKkA
 KO0GzOJcl+eDbxfXSHDKd+vjdWtRh/dk7laeknbhAoIBAQCgLPJ1zOaeXXtYBQtb
 BNxHLKVyUTWW/lIE+egDTkMM+TsZU6/QPkK9rHfLQiHLEpukKvhtdd13XSPswpM9
 YY/GzIC5AzQ/qIZpT/cd4Sz3FKtyeq444U2QOebvFz1hkjkkOZ9kzrqphKOOOX+z
 J9NMGFcDXebuAuYU0No9KQ8Rsc/lzxznA9dMS7bzE7vfffYfgTIAuG7TXy/eLk2q
 FtyCczJeNyBxgla4w4VNXpJMr7kea2hzJlJg78MWuJ6WWeyDrpQpKbZg5iveQODx
 8T90YM7q26awLWHLh48yrjhr0NTeuT2Idn6+Gxl3f8FZGAmg97/4y/Y226Dsgg6w
 lzIBAoIBAG57UIZo/MvUtGzUPZxtA2fJfxD8a8Ov3nQU3zjJLwJXzr+8zvyZNRxo
 xx+9diLuiXChGOuiSCT9umr/JIdsVa0om4L+P0p7WML+T+bPaTqfZ2gcVuB+ZtX7
 JGX3tZ+LzdakQ6LSa4ZFQe2cSc71aavbrY154DjXRb8snAA9ds0D6MtSG+N9aB6Z
 ZDVDsS/yI5gEKWqm7PtD4uUhMk5bRaKnGKKVUGCNjOC7CDLFUIMNp4QH1aoYLq2n
 B7/FtyPoOL6LCO+BROEccRevXAbr92tw8hC3jhbFKwBM8I1AVuh1u/jXX5d8+DeM
 PCFM4yKfsFon3Mml04xyxJStj/fasMc=
 -----END PRIVATE KEY-----
--- a/deployments/k8s/certs/tls.txt
+++ b/deployments/k8s/certs/tls.txt
@ -0,0 +1,6 @@
 openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout tls.key -out tls.crt -subj "/CN=booking-microservices.com" -days 365
 kubectl create secret tls booking-tls --key tls.key --cert tls.crt
 openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout tls.key -out tls.crt -subj "/CN=myidentityserver.com" -days 365
 kubectl create secret tls identity-tls --key tls.key --cert tls.crt
--- a/deployments/kubernetes/configmap.yml
+++ b/deployments/kubernetes/configmap.yml
@ -7,3 +7,4 @@ data:
    {
      .Files.Get "settings/appsettings.docker.json"
    }
 #ref: https://www.mrjamiebowman.com/software-development/dotnet/kubernetes-configmaps-with-net-core/    
--- a/deployments/k8s/flight.yml
+++ b/deployments/k8s/flight.yml
@ -0,0 +1,70 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: flight-deployment
  labels:
    app: flight
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: flight
  template:
    metadata:
      labels:
        app: flight
    spec:
      containers:
        - image: meysamh66/booking-microservices-flight:v1.5.9
          name: flight
          ports:
            - containerPort: 80
          env:
          - name: "ASPNETCORE_ENVIRONMENT"
            value: "docker"                
          - name: ASPNETCORE_URLS
            value: "http://+"
          - name: "RabbitMqOptions__HostName"
            value: "rabbitmq"     
          - name: "RabbitMqOptions__ExchangeName"
            value: "flight" 
          - name: "RabbitMqOptions__UserName"
            value: "guest" 
          - name: "RabbitMqOptions__Password"
            value: "guest"  
          - name: "RabbitMqOptions__Port"
            value: "5672"
          - name: "MongoOptions__ConnectionString"
            value: "mongodb://mongo:27017"      
          - name: "MongoOptions__DatabaseName"
            value: "flight-db"
          - name: "Jwt__Authority"
            value: "http://127.0.0.1:13872"
          - name: "Jwt__Audience"
            value: "flight-api"
          - name: "Jwt__RequireHttpsMetadata"
            value: "false"                                    
          # - name: "HealthOptions__Enabled"
          #   value: "true"                                                                    
          volumeMounts:
          - name: appsettings-volume
            mountPath: /app/Settings
      volumes:
      - name: appsettings-volume
        configMap:
          name: appsettings
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: flight-service
 spec:
  selector:
    app: flight
  ports:
  - name: http
    protocol: TCP
    port: 80
    # targetPort: 80
    nodePort: 30444
  type: NodePort
--- a/deployments/kubernetes/identity.yml
+++ b/deployments/kubernetes/identity.yml
@ -15,7 +15,7 @@ spec:
        app: identity
    spec:
      containers:
-        - image: meysamh66/booking-microservices-identity:v1.5.8
+        - image: meysamh66/booking-microservices-identity:v1.5.9
          name: identity
          ports:
            - containerPort: 80
@ -41,6 +41,8 @@ spec:
    app: identity
  ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: 80
-  type: ClusterIP
+    nodePort: 30443
  type: NodePort  
--- a/deployments/kubernetes/infrastructure.yml
+++ b/deployments/kubernetes/infrastructure.yml
@ -24,8 +24,8 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  annotations:
-    kompose.cmd: C:\ProgramData\chocolatey\lib\kubernetes-kompose\tools\kompose.exe -f infrastracture.yaml convert
+    kompose.cmd: kompose convert -f infrastracture.yaml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.version: 1.26.0 (40646f47)
  creationTimestamp: null
  labels:
    io.kompose.service: elasticsearch
@ -40,8 +40,8 @@ spec:
  template:
    metadata:
      annotations:
-        kompose.cmd: C:\ProgramData\chocolatey\lib\kubernetes-kompose\tools\kompose.exe -f infrastracture.yaml convert
+        kompose.cmd: kompose convert -f infrastracture.yaml
-        kompose.version: 1.28.0 (c4137012e)
+        kompose.version: 1.26.0 (40646f47)
      creationTimestamp: null
      labels:
        io.kompose.network/booking: "true"
@ -76,8 +76,8 @@ apiVersion: v1
 kind: Service
 metadata:
  annotations:
-    kompose.cmd: C:\ProgramData\chocolatey\lib\kubernetes-kompose\tools\kompose.exe -f infrastracture.yaml convert
+    kompose.cmd: kompose convert -f infrastracture.yaml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.version: 1.26.0 (40646f47)
  creationTimestamp: null
  labels:
    io.kompose.service: elasticsearch
@ -114,8 +114,8 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  annotations:
-    kompose.cmd: C:\ProgramData\chocolatey\lib\kubernetes-kompose\tools\kompose.exe -f infrastracture.yaml convert
+    kompose.cmd: kompose convert -f infrastracture.yaml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.version: 1.26.0 (40646f47)
  creationTimestamp: null
  labels:
    io.kompose.service: kibana
@ -129,8 +129,8 @@ spec:
  template:
    metadata:
      annotations:
-        kompose.cmd: C:\ProgramData\chocolatey\lib\kubernetes-kompose\tools\kompose.exe -f infrastracture.yaml convert
+        kompose.cmd: kompose convert -f infrastracture.yaml
-        kompose.version: 1.28.0 (c4137012e)
+        kompose.version: 1.26.0 (40646f47)
      creationTimestamp: null
      labels:
        io.kompose.network/booking: "true"
@ -139,7 +139,7 @@ spec:
      containers:
        - env:
            - name: ELASTICSEARCH_URL
-              value: http://localhost:9200
+              value: elasticsearch:9200
          image: kibana:7.17.9
          name: kibana
          ports:
@ -152,8 +152,8 @@ apiVersion: v1
 kind: Service
 metadata:
  annotations:
-    kompose.cmd: C:\ProgramData\chocolatey\lib\kubernetes-kompose\tools\kompose.exe -f infrastracture.yaml convert
+    kompose.cmd: kompose convert -f infrastracture.yaml
-    kompose.version: 1.28.0 (c4137012e)
+    kompose.version: 1.26.0 (40646f47)
  creationTimestamp: null
  labels:
    io.kompose.service: kibana
--- a/deployments/k8s/ingress.yml
+++ b/deployments/k8s/ingress.yml
@ -0,0 +1,57 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: booking-microservies
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
    nginx.ingress.kubernetes.io/proxy-buffers: "4 256k"
    nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "256k"
    nginx.ingress.kubernetes.io/client-header-buffer-size: "64k"
    nginx.ingress.kubernetes.io/http2-max-field-size: "16k"
    nginx.ingress.kubernetes.io/http2-max-header-size: "128k"
    nginx.ingress.kubernetes.io/large-client-header-buffers: "8 64k"    
 spec:
  ingressClassName: nginx
  # tls:
  # - hosts:
  #     - myidentityserver.com
  #   secretName: identity-tls
  # - hosts:
  #     - booking-microservices.com
  #   secretName: booking-tls        
  rules:
    # - host: myidentityserver.com
    #   http:
    #     paths:
    #       - path: /
    #         pathType: Prefix
    #         backend:
    #           service:
    #             name: identity-service
    #             port:
    #               number: 80
    - host: booking-microservices.com
      http:
        paths:
          - path: /flight
            pathType: Prefix
            backend:
              service:
                name: flight-service
                port:
                  number: 80
          - path: /passenger
            pathType: Prefix
            backend:
              service:
                name: passenger-service
                port:
                  number: 80
          - path: /booking
            pathType: Prefix
            backend:
              service:
                name: booking-service
                port:
                  number: 80                                                                
--- a/deployments/k8s/ip-address-pool.yml
+++ b/deployments/k8s/ip-address-pool.yml
@ -0,0 +1,9 @@
 apiVersion: metallb.io/v1beta1
 kind: IPAddressPool
 metadata:
  name: first-pool
  namespace: metallb-system
 spec:
  addresses:
  - 192.168.49.220-192.168.49.230
  # renge ip address base on cluster ip
--- a/deployments/k8s/issuer.yml
+++ b/deployments/k8s/issuer.yml
@ -0,0 +1,8 @@
 apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
  name: booking-microservices-issuer
  namespace: default
 spec:
  ca:
    secretName: booking-microservices-secret
--- a/deployments/k8s/l2-advertisement.yml
+++ b/deployments/k8s/l2-advertisement.yml
@ -0,0 +1,8 @@
 apiVersion: metallb.io/v1beta1
 kind: L2Advertisement
 metadata:
  name: example
  namespace: metallb-system
 spec:
  ipAddressPools:
  - first-pool
--- a/deployments/kubernetes/passenger.yml
+++ b/deployments/kubernetes/passenger.yml
@ -15,7 +15,7 @@ spec:
        app: passenger
    spec:
      containers:
-        - image: meysamh66/booking-microservices-passenger:v1.5.2
+        - image: meysamh66/booking-microservices-passenger:v1.5.7
          name: passenger
          ports:
            - containerPort: 80
@ -41,6 +41,7 @@ spec:
    app: passenger
  ports:
  - name: http
    protocol: TCP
    port: 80
    targetPort: 80
  type: ClusterIP  
--- a/deployments/k8s/traefik-values.yml
+++ b/deployments/k8s/traefik-values.yml
@ -0,0 +1,872 @@
 # Default values for Traefik
 image:
  repository: traefik
  # defaults to appVersion
  tag: ""
  pullPolicy: IfNotPresent
 #
 # Configure integration with Traefik Hub
 #
 hub:
  ## Enabling Hub will:
  # * enable Traefik Hub integration on Traefik
  # * add `traefikhub-tunl` endpoint
  # * enable Prometheus metrics with addRoutersLabels
  # * enable allowExternalNameServices on KubernetesIngress provider
  # * enable allowCrossNamespace on KubernetesCRD provider
  # * add an internal (ClusterIP) Service, dedicated for Traefik Hub
  enabled: false
  ## Default port can be changed
  # tunnelPort: 9901
  ## TLS is optional. Insecure is mutually exclusive with any other options
  # tls:
  #   insecure: false
  #   ca: "/path/to/ca.pem"
  #   cert: "/path/to/cert.pem"
  #   key: "/path/to/key.pem"
 #
 # Configure the deployment
 #
 deployment:
  enabled: true
  # Can be either Deployment or DaemonSet
  kind: Deployment
  # Number of pods of the deployment (only applies when kind == Deployment)
  replicas: 1
  # Number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10)
  # revisionHistoryLimit: 1
  # Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if Traefik does not shut down
  terminationGracePeriodSeconds: 60
  # The minimum number of seconds Traefik needs to be up and running before the DaemonSet/Deployment controller considers it available
  minReadySeconds: 0
  # Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
  annotations: {}
  # Additional deployment labels (e.g. for filtering deployment by custom labels)
  labels: {}
  # Additional pod annotations (e.g. for mesh injection or prometheus scraping)
  podAnnotations: {}
  # Additional Pod labels (e.g. for filtering Pod by custom labels)
  podLabels: {}
  # Additional containers (e.g. for metric offloading sidecars)
  additionalContainers: []
    # https://docs.datadoghq.com/developers/dogstatsd/unix_socket/?tab=host
    # - name: socat-proxy
    # image: alpine/socat:1.0.5
    # args: ["-s", "-u", "udp-recv:8125", "unix-sendto:/socket/socket"]
    # volumeMounts:
    #   - name: dsdsocket
    #     mountPath: /socket
  # Additional volumes available for use with initContainers and additionalContainers
  additionalVolumes: []
    # - name: dsdsocket
    #   hostPath:
    #     path: /var/run/statsd-exporter
  # Additional initContainers (e.g. for setting file permission as shown below)
  initContainers: []
    # The "volume-permissions" init container is required if you run into permission issues.
    # Related issue: https://github.com/traefik/traefik/issues/6825
    # - name: volume-permissions
    #   image: busybox:1.35
    #   command: ["sh", "-c", "touch /data/acme.json && chmod -Rv 600 /data/* && chown 65532:65532 /data/acme.json"]
    #   volumeMounts:
    #     - name: data
    #       mountPath: /data
  # Use process namespace sharing
  shareProcessNamespace: false
  # Custom pod DNS policy. Apply if `hostNetwork: true`
  # dnsPolicy: ClusterFirstWithHostNet
  # Additional imagePullSecrets
  imagePullSecrets: []
    # - name: myRegistryKeySecretName
  # Pod lifecycle actions
  lifecycle: {}
    # preStop:
    #   exec:
    #     command: ["/bin/sh", "-c", "sleep 40"]
    # postStart:
    #   httpGet:
    #     path: /ping
    #     port: 9000
    #     host: localhost
    #     scheme: HTTP
 # Pod disruption budget
 podDisruptionBudget:
  enabled: false
  # maxUnavailable: 1
  # maxUnavailable: 33%
  # minAvailable: 0
  # minAvailable: 25%
 # Create a default IngressClass for Traefik
 ingressClass:
  enabled: true
  isDefaultClass: true
 # Enable experimental features
 experimental:
  v3:
    enabled: false
  plugins:
    enabled: false
  kubernetesGateway:
    enabled: false
    gateway:
      enabled: true
    # certificate:
    #   group: "core"
    #   kind: "Secret"
    #   name: "mysecret"
    # By default, Gateway would be created to the Namespace you are deploying Traefik to.
    # You may create that Gateway in another namespace, setting its name below:
    # namespace: default
    # Additional gateway annotations (e.g. for cert-manager.io/issuer)
    # annotations:
    #   cert-manager.io/issuer: letsencrypt
 # Create an IngressRoute for the dashboard
 ingressRoute:
  dashboard:
    enabled: true
    # Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
    annotations: {}
    # Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
    labels: {}
    # The router match rule used for the dashboard ingressRoute
    matchRule: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
    # Specify the allowed entrypoints to use for the dashboard ingress route, (e.g. traefik, web, websecure).
    # By default, it's using traefik entrypoint, which is not exposed.
    # /!\ Do not expose your dashboard without any protection over the internet /!\
    entryPoints: ["traefik"]
    # Additional ingressRoute middlewares (e.g. for authentication)
    middlewares: []
    # TLS options (e.g. secret containing certificate)
    tls: {}
 # Customize updateStrategy of traefik pods
 updateStrategy:
  type: RollingUpdate
  rollingUpdate:
    maxUnavailable: 0
    maxSurge: 1
 # Customize liveness and readiness probe values.
 readinessProbe:
  failureThreshold: 1
  initialDelaySeconds: 2
  periodSeconds: 10
  successThreshold: 1
  timeoutSeconds: 2
 livenessProbe:
  failureThreshold: 3
  initialDelaySeconds: 2
  periodSeconds: 10
  successThreshold: 1
  timeoutSeconds: 2
 #
 # Configure providers
 #
 providers:
  kubernetesCRD:
    enabled: true
    allowCrossNamespace: false
    allowExternalNameServices: false
    allowEmptyServices: false
    # ingressClass: traefik-internal
    # labelSelector: environment=production,method=traefik
    namespaces: []
      # - "default"
  kubernetesIngress:
    enabled: true
    allowExternalNameServices: false
    allowEmptyServices: false
    # ingressClass: traefik-internal
    # labelSelector: environment=production,method=traefik
    namespaces: []
      # - "default"
    # IP used for Kubernetes Ingress endpoints
    publishedService:
      enabled: false
      # Published Kubernetes Service to copy status from. Format: namespace/servicename
      # By default this Traefik service
      # pathOverride: ""
 #
 # Add volumes to the traefik pod. The volume name will be passed to tpl.
 # This can be used to mount a cert pair or a configmap that holds a config.toml file.
 # After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
 # additionalArguments:
 # - "--providers.file.filename=/config/dynamic.toml"
 # - "--ping"
 # - "--ping.entrypoint=web"
 volumes: []
 # - name: public-cert
 #   mountPath: "/certs"
 #   type: secret
 # - name: '{{ printf "%s-configs" .Release.Name }}'
 #   mountPath: "/config"
 #   type: configMap
 # Additional volumeMounts to add to the Traefik container
 additionalVolumeMounts: []
  # For instance when using a logshipper for access logs
  # - name: traefik-logs
  #   mountPath: /var/log/traefik
 ## Logs
 ## https://docs.traefik.io/observability/logs/
 logs:
  ## Traefik logs concern everything that happens to Traefik itself (startup, configuration, events, shutdown, and so on).
  general:
    # By default, the logs use a text format (common), but you can
    # also ask for the json format in the format option
    # format: json
    # By default, the level is set to ERROR.
    # Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
    level: ERROR
  access:
    # To enable access logs
    enabled: false
    ## By default, logs are written using the Common Log Format (CLF) on stdout.
    ## To write logs in JSON, use json in the format option.
    ## If the given format is unsupported, the default (CLF) is used instead.
    # format: json
    # filePath: "/var/log/traefik/access.log
    ## To write the logs in an asynchronous fashion, specify a bufferingSize option.
    ## This option represents the number of log lines Traefik will keep in memory before writing
    ## them to the selected output. In some cases, this option can greatly help performances.
    # bufferingSize: 100
    ## Filtering https://docs.traefik.io/observability/access-logs/#filtering
    filters: {}
      # statuscodes: "200,300-302"
      # retryattempts: true
      # minduration: 10ms
    ## Fields
    ## https://docs.traefik.io/observability/access-logs/#limiting-the-fieldsincluding-headers
    fields:
      general:
        defaultmode: keep
        names: {}
          ## Examples:
          # ClientUsername: drop
      headers:
        defaultmode: drop
        names: {}
          ## Examples:
          # User-Agent: redact
          # Authorization: drop
          # Content-Type: keep
 metrics:
  ## Prometheus is enabled by default.
  ## It can be disabled by setting "prometheus: null"
  prometheus:
    ## Entry point used to expose metrics.
    entryPoint: metrics
    ## Enable metrics on entry points. Default=true
    # addEntryPointsLabels: false
    ## Enable metrics on routers. Default=false
    # addRoutersLabels: true
    ## Enable metrics on services. Default=true
    # addServicesLabels: false
    ## Buckets for latency metrics. Default="0.1,0.3,1.2,5.0"
    # buckets: "0.5,1.0,2.5"
    ## When manualRouting is true, it disables the default internal router in
    ## order to allow creating a custom router for prometheus@internal service.
    # manualRouting: true
 #  datadog:
 #    ## Address instructs exporter to send metrics to datadog-agent at this address.
 #    address: "127.0.0.1:8125"
 #    ## The interval used by the exporter to push metrics to datadog-agent. Default=10s
 #    # pushInterval: 30s
 #    ## The prefix to use for metrics collection. Default="traefik"
 #    # prefix: traefik
 #    ## Enable metrics on entry points. Default=true
 #    # addEntryPointsLabels: false
 #    ## Enable metrics on routers. Default=false
 #    # addRoutersLabels: true
 #    ## Enable metrics on services. Default=true
 #    # addServicesLabels: false
 #  influxdb:
 #    ## Address instructs exporter to send metrics to influxdb at this address.
 #    address: localhost:8089
 #    ## InfluxDB's address protocol (udp or http). Default="udp"
 #    protocol: udp
 #    ## InfluxDB database used when protocol is http. Default=""
 #    # database: ""
 #    ## InfluxDB retention policy used when protocol is http. Default=""
 #    # retentionPolicy: ""
 #    ## InfluxDB username (only with http). Default=""
 #    # username: ""
 #    ## InfluxDB password (only with http). Default=""
 #    # password: ""
 #    ## The interval used by the exporter to push metrics to influxdb. Default=10s
 #    # pushInterval: 30s
 #    ## Additional labels (influxdb tags) on all metrics.
 #    # additionalLabels:
 #    #   env: production
 #    #   foo: bar
 #    ## Enable metrics on entry points. Default=true
 #    # addEntryPointsLabels: false
 #    ## Enable metrics on routers. Default=false
 #    # addRoutersLabels: true
 #    ## Enable metrics on services. Default=true
 #    # addServicesLabels: false
 #  influxdb2:
 #    ## Address instructs exporter to send metrics to influxdb v2 at this address.
 #    address: localhost:8086
 #    ## Token with which to connect to InfluxDB v2.
 #    token: xxx
 #    ## Organisation where metrics will be stored.
 #    org: ""
 #    ## Bucket where metrics will be stored.
 #    bucket: ""
 #    ## The interval used by the exporter to push metrics to influxdb. Default=10s
 #    # pushInterval: 30s
 #    ## Additional labels (influxdb tags) on all metrics.
 #    # additionalLabels:
 #    #   env: production
 #    #   foo: bar
 #    ## Enable metrics on entry points. Default=true
 #    # addEntryPointsLabels: false
 #    ## Enable metrics on routers. Default=false
 #    # addRoutersLabels: true
 #    ## Enable metrics on services. Default=true
 #    # addServicesLabels: false
 #  statsd:
 #    ## Address instructs exporter to send metrics to statsd at this address.
 #    address: localhost:8125
 #    ## The interval used by the exporter to push metrics to influxdb. Default=10s
 #    # pushInterval: 30s
 #    ## The prefix to use for metrics collection. Default="traefik"
 #    # prefix: traefik
 #    ## Enable metrics on entry points. Default=true
 #    # addEntryPointsLabels: false
 #    ## Enable metrics on routers. Default=false
 #    # addRoutersLabels: true
 #    ## Enable metrics on services. Default=true
 #    # addServicesLabels: false
 #  openTelemetry:
 #    ## Address of the OpenTelemetry Collector to send metrics to.
 #    address: "localhost:4318"
 #    ## Enable metrics on entry points.
 #    addEntryPointsLabels: true
 #    ## Enable metrics on routers.
 #    addRoutersLabels: true
 #    ## Enable metrics on services.
 #    addServicesLabels: true
 #    ## Explicit boundaries for Histogram data points.
 #    explicitBoundaries:
 #      - "0.1"
 #      - "0.3"
 #      - "1.2"
 #      - "5.0"
 #    ## Additional headers sent with metrics by the reporter to the OpenTelemetry Collector.
 #    headers:
 #      foo: bar
 #      test: test
 #    ## Allows reporter to send metrics to the OpenTelemetry Collector without using a secured protocol.
 #    insecure: true
 #    ## Interval at which metrics are sent to the OpenTelemetry Collector.
 #    pushInterval: 10s
 #    ## Allows to override the default URL path used for sending metrics. This option has no effect when using gRPC transport.
 #    path: /foo/v1/traces
 #    ## Defines the TLS configuration used by the reporter to send metrics to the OpenTelemetry Collector.
 #    tls:
 #      ## The path to the certificate authority, it defaults to the system bundle.
 #      ca: path/to/ca.crt
 #      ## The path to the public certificate. When using this option, setting the key option is required.
 #      cert: path/to/foo.cert
 #      ## The path to the private key. When using this option, setting the cert option is required.
 #      key: path/to/key.key
 #      ## If set to true, the TLS connection accepts any certificate presented by the server regardless of the hostnames it covers.
 #      insecureSkipVerify: true
 #    ## This instructs the reporter to send metrics to the OpenTelemetry Collector using gRPC.
 #    grpc: true
 ##
 ##  enable optional CRDs for Prometheus Operator
 ##
  ## Create a dedicated metrics service for use with ServiceMonitor
  ## When hub.enabled is set to true, it's not needed: it will use hub service.
  #  service:
  #    enabled: false
  #    labels: {}
  #    annotations: {}
  ## When set to true, it won't check if Prometheus Operator CRDs are deployed
  #  disableAPICheck: false
  #  serviceMonitor:
  #    metricRelabelings: []
  #      - sourceLabels: [__name__]
  #        separator: ;
  #        regex: ^fluentd_output_status_buffer_(oldest|newest)_.+
  #        replacement: $1
  #        action: drop
  #    relabelings: []
  #      - sourceLabels: [__meta_kubernetes_pod_node_name]
  #        separator: ;
  #        regex: ^(.*)$
  #        targetLabel: nodename
  #        replacement: $1
  #        action: replace
  #    jobLabel: traefik
  #    interval: 30s
  #    honorLabels: true
  #    # (Optional)
  #    # scrapeTimeout: 5s
  #    # honorTimestamps: true
  #    # enableHttp2: true
  #    # followRedirects: true
  #    # additionalLabels:
  #    #   foo: bar
  #    # namespace: "another-namespace"
  #    # namespaceSelector: {}
  #  prometheusRule:
  #    additionalLabels: {}
  #    namespace: "another-namespace"
  #    rules:
  #      - alert: TraefikDown
  #        expr: up{job="traefik"} == 0
  #        for: 5m
  #        labels:
  #          context: traefik
  #          severity: warning
  #        annotations:
  #          summary: "Traefik Down"
  #          description: "{{ $labels.pod }} on {{ $labels.nodename }} is down"
 tracing: {}
  # instana:
  #   localAgentHost: 127.0.0.1
  #   localAgentPort: 42699
  #   logLevel: info
  #   enableAutoProfile: true
  # datadog:
  #   localAgentHostPort: 127.0.0.1:8126
  #   debug: false
  #   globalTag: ""
  #   prioritySampling: false
  # jaeger:
  #   samplingServerURL: http://localhost:5778/sampling
  #   samplingType: const
  #   samplingParam: 1.0
  #   localAgentHostPort: 127.0.0.1:6831
  #   gen128Bit: false
  #   propagation: jaeger
  #   traceContextHeaderName: uber-trace-id
  #   disableAttemptReconnecting: true
  #   collector:
  #      endpoint: ""
  #      user: ""
  #      password: ""
  # zipkin:
  #   httpEndpoint: http://localhost:9411/api/v2/spans
  #   sameSpan: false
  #   id128Bit: true
  #   sampleRate: 1.0
  # haystack:
  #   localAgentHost: 127.0.0.1
  #   localAgentPort: 35000
  #   globalTag: ""
  #   traceIDHeaderName: ""
  #   parentIDHeaderName: ""
  #   spanIDHeaderName: ""
  #   baggagePrefixHeaderName: ""
  # elastic:
  #   serverURL: http://localhost:8200
  #   secretToken: ""
  #   serviceEnvironment: ""
 globalArguments:
  - "--global.checknewversion"
  - "--global.sendanonymoususage"
 #
 # Configure Traefik static configuration
 # Additional arguments to be passed at Traefik's binary
 # All available options available on https://docs.traefik.io/reference/static-configuration/cli/
 ## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
 additionalArguments: []
 #  - "--providers.kubernetesingress.ingressclass=traefik-internal"
 #  - "--log.level=DEBUG"
 # Environment variables to be passed to Traefik's binary
 env: []
 # - name: SOME_VAR
 #   value: some-var-value
 # - name: SOME_VAR_FROM_CONFIG_MAP
 #   valueFrom:
 #     configMapRef:
 #       name: configmap-name
 #       key: config-key
 # - name: SOME_SECRET
 #   valueFrom:
 #     secretKeyRef:
 #       name: secret-name
 #       key: secret-key
 envFrom: []
 # - configMapRef:
 #     name: config-map-name
 # - secretRef:
 #     name: secret-name
 # Configure ports
 ports:
  # The name of this one can't be changed as it is used for the readiness and
  # liveness probes, but you can adjust its config to your liking
  traefik:
    port: 9000
    # Use hostPort if set.
    # hostPort: 9000
    #
    # Use hostIP if set. If not set, Kubernetes will default to 0.0.0.0, which
    # means it's listening on all your interfaces and all your IPs. You may want
    # to set this value if you need traefik to listen on specific interface
    # only.
    # hostIP: 192.168.100.10
    # Override the liveness/readiness port. This is useful to integrate traefik
    # with an external Load Balancer that performs healthchecks.
    # Default: ports.traefik.port
    # healthchecksPort: 9000
    # Override the liveness/readiness scheme. Useful for getting ping to
    # respond on websecure entryPoint.
    # healthchecksScheme: HTTPS
    # Defines whether the port is exposed if service.type is LoadBalancer or
    # NodePort.
    #
    # You SHOULD NOT expose the traefik port on production deployments.
    # If you want to access it from outside of your cluster,
    # use `kubectl port-forward` or create a secure ingress
    expose: false
    # The exposed port for this service
    exposedPort: 9000
    # The port protocol (TCP/UDP)
    protocol: TCP
  web:
    ## Enable this entrypoint as a default entrypoint. When a service doesn't explicity set an entrypoint it will only use this entrypoint.
    # asDefault: true
    port: 8000
    # hostPort: 8000
    expose: true
    exposedPort: 80
    # The port protocol (TCP/UDP)
    protocol: TCP
    # Use nodeport if set. This is useful if you have configured Traefik in a
    # LoadBalancer.
    # nodePort: 32080
    # Port Redirections
    # Added in 2.2, you can make permanent redirects via entrypoints.
    # https://docs.traefik.io/routing/entrypoints/#redirection
    # redirectTo: websecure
    #
    # Trust forwarded  headers information (X-Forwarded-*).
    # forwardedHeaders:
    #   trustedIPs: []
    #   insecure: false
    #
    # Enable the Proxy Protocol header parsing for the entry point
    # proxyProtocol:
    #   trustedIPs: []
    #   insecure: false
  websecure:
    ## Enable this entrypoint as a default entrypoint. When a service doesn't explicity set an entrypoint it will only use this entrypoint.
    # asDefault: true
    port: 8443
    # hostPort: 8443
    expose: true
    exposedPort: 443
    ## The port protocol (TCP/UDP)
    protocol: TCP
    # nodePort: 32443
    #
    ## Enable HTTP/3 on the entrypoint
    ## Enabling it will also enable http3 experimental feature
    ## https://doc.traefik.io/traefik/routing/entrypoints/#http3
    ## There are known limitations when trying to listen on same ports for
    ## TCP & UDP (Http3). There is a workaround in this chart using dual Service.
    ## https://github.com/kubernetes/kubernetes/issues/47249#issuecomment-587960741
    http3:
      enabled: false
    # advertisedPort: 4443
    #
    ## Trust forwarded  headers information (X-Forwarded-*).
    #forwardedHeaders:
    #  trustedIPs: []
    #  insecure: false
    #
    ## Enable the Proxy Protocol header parsing for the entry point
    #proxyProtocol:
    #  trustedIPs: []
    #  insecure: false
    #
    ## Set TLS at the entrypoint
    ## https://doc.traefik.io/traefik/routing/entrypoints/#tls
    tls:
      enabled: true
      # this is the name of a TLSOption definition
      options: ""
      certResolver: ""
      domains: []
      # - main: example.com
      #   sans:
      #     - foo.example.com
      #     - bar.example.com
    #
    # One can apply Middlewares on an entrypoint
    # https://doc.traefik.io/traefik/middlewares/overview/
    # https://doc.traefik.io/traefik/routing/entrypoints/#middlewares
    # /!\ It introduces here a link between your static configuration and your dynamic configuration /!\
    # It follows the provider naming convention: https://doc.traefik.io/traefik/providers/overview/#provider-namespace
    # middlewares:
    #   - namespace-name1@kubernetescrd
    #   - namespace-name2@kubernetescrd
    middlewares: []
  metrics:
    # When using hostNetwork, use another port to avoid conflict with node exporter:
    # https://github.com/prometheus/prometheus/wiki/Default-port-allocations
    port: 9100
    # hostPort: 9100
    # Defines whether the port is exposed if service.type is LoadBalancer or
    # NodePort.
    #
    # You may not want to expose the metrics port on production deployments.
    # If you want to access it from outside of your cluster,
    # use `kubectl port-forward` or create a secure ingress
    expose: false
    # The exposed port for this service
    exposedPort: 9100
    # The port protocol (TCP/UDP)
    protocol: TCP
 # TLS Options are created as TLSOption CRDs
 # https://doc.traefik.io/traefik/https/tls/#tls-options
 # Example:
 # tlsOptions:
 #   default:
 #     sniStrict: true
 #     preferServerCipherSuites: true
 #   foobar:
 #     curvePreferences:
 #       - CurveP521
 #       - CurveP384
 tlsOptions: {}
 # TLS Store are created as TLSStore CRDs. This is useful if you want to set a default certificate
 # https://doc.traefik.io/traefik/https/tls/#default-certificate
 # Example:
 # tlsStore:
 #   default:
 #     defaultCertificate:
 #       secretName: tls-cert
 tlsStore: {}
 # Options for the main traefik service, where the entrypoints traffic comes
 # from.
 service:
  enabled: true
  ## Single service is using `MixedProtocolLBService` feature gate.
  ## When set to false, it will create two Service, one for TCP and one for UDP.
  single: true
  type: LoadBalancer
  # Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config)
  annotations: {}
  # Additional annotations for TCP service only
  annotationsTCP: {}
  # Additional annotations for UDP service only
  annotationsUDP: {}
  # Additional service labels (e.g. for filtering Service by custom labels)
  labels: {}
  # Additional entries here will be added to the service spec.
  # Cannot contain type, selector or ports entries.
  spec: {}
    # externalTrafficPolicy: Cluster
    # loadBalancerIP: "1.2.3.4"
    # clusterIP: "2.3.4.5"
  loadBalancerSourceRanges: []
    # - 192.168.0.1/32
    # - 172.16.0.0/16
  externalIPs: []
    # - 1.2.3.4
  ## One of SingleStack, PreferDualStack, or RequireDualStack.
  # ipFamilyPolicy: SingleStack
  ## List of IP families (e.g. IPv4 and/or IPv6).
  ## ref: https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services
  # ipFamilies:
  #   - IPv4
  #   - IPv6
  ##
  ## An additionnal and optional internal Service.
  ## Same parameters as external Service
  # internal:
  #   type: ClusterIP
  #   # labels: {}
  #   # annotations: {}
  #   # spec: {}
  #   # loadBalancerSourceRanges: []
  #   # externalIPs: []
  #   # ipFamilies: [ "IPv4","IPv6" ]
 ## Create HorizontalPodAutoscaler object.
 ##
 autoscaling:
  enabled: false
 #   minReplicas: 1
 #   maxReplicas: 10
 #   metrics:
 #   - type: Resource
 #     resource:
 #       name: cpu
 #       target:
 #         type: Utilization
 #         averageUtilization: 60
 #   - type: Resource
 #     resource:
 #       name: memory
 #       target:
 #         type: Utilization
 #         averageUtilization: 60
 #   behavior:
 #     scaleDown:
 #       stabilizationWindowSeconds: 300
 #       policies:
 #       - type: Pods
 #         value: 1
 #         periodSeconds: 60
 # Enable persistence using Persistent Volume Claims
 # ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
 # It can be used to store TLS certificates, see `storage` in certResolvers
 persistence:
  enabled: true
  name: data
 #  existingClaim: ""
  accessMode: ReadWriteOnce
  size: 128Mi
  # storageClass: ""
  # volumeName: ""
  path: /data
  annotations: {}
  # subPath: "" # only mount a subpath of the Volume into the pod
 certResolvers: {}
 #   letsencrypt:
 #     # for challenge options cf. https://doc.traefik.io/traefik/https/acme/
 #     email: email@example.com
 #     dnsChallenge:
 #       # also add the provider's required configuration under env
 #       # or expand then from secrets/configmaps with envfrom
 #       # cf. https://doc.traefik.io/traefik/https/acme/#providers
 #       provider: digitalocean
 #       # add futher options for the dns challenge as needed
 #       # cf. https://doc.traefik.io/traefik/https/acme/#dnschallenge
 #       delayBeforeCheck: 30
 #       resolvers:
 #         - 1.1.1.1
 #         - 8.8.8.8
 #     tlsChallenge: true
 #     httpChallenge:
 #       entryPoint: "web"
 #     # It has to match the path with a persistent volume
 #     storage: /data/acme.json
 # If hostNetwork is true, runs traefik in the host network namespace
 # To prevent unschedulabel pods due to port collisions, if hostNetwork=true
 # and replicas>1, a pod anti-affinity is recommended and will be set if the
 # affinity is left as default.
 hostNetwork: false
 # Whether Role Based Access Control objects like roles and rolebindings should be created
 rbac:
  enabled: true
  # If set to false, installs ClusterRole and ClusterRoleBinding so Traefik can be used across namespaces.
  # If set to true, installs Role and RoleBinding. Providers will only watch target namespace.
  namespaced: false
  # Enable user-facing roles
  # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles
  # aggregateTo: [ "admin" ]
 # Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding
 podSecurityPolicy:
  enabled: false
 # The service account the pods will use to interact with the Kubernetes API
 serviceAccount:
  # If set, an existing service account is used
  # If not set, a service account is created automatically using the fullname template
  name: ""
 # Additional serviceAccount annotations (e.g. for oidc authentication)
 serviceAccountAnnotations: {}
 resources: {}
  # requests:
  #   cpu: "100m"
  #   memory: "50Mi"
  # limits:
  #   cpu: "300m"
  #   memory: "150Mi"
 # This example pod anti-affinity forces the scheduler to put traefik pods
 # on nodes where no other traefik pods are scheduled.
 # It should be used when hostNetwork: true to prevent port conflicts
 affinity: {}
 #  podAntiAffinity:
 #    requiredDuringSchedulingIgnoredDuringExecution:
 #      - labelSelector:
 #          matchLabels:
 #            app.kubernetes.io/name: '{{ template "traefik.name" . }}'
 #            app.kubernetes.io/instance: '{{ .Release.Name }}-{{ .Release.Namespace }}'
 #        topologyKey: kubernetes.io/hostname
 nodeSelector: {}
 tolerations: []
 topologySpreadConstraints: []
 # # This example topologySpreadConstraints forces the scheduler to put traefik pods
 # # on nodes where no other traefik pods are scheduled.
 #  - labelSelector:
 #      matchLabels:
 #        app: '{{ template "traefik.name" . }}'
 #    maxSkew: 1
 #    topologyKey: kubernetes.io/hostname
 #    whenUnsatisfiable: DoNotSchedule
 # Pods can have priority.
 # Priority indicates the importance of a Pod relative to other Pods.
 priorityClassName: ""
 # Set the container security context
 # To run the container with ports below 1024 this will need to be adjust to run as root
 securityContext:
  capabilities:
    drop: [ALL]
  readOnlyRootFilesystem: true
  runAsGroup: 65532
  runAsNonRoot: true
  runAsUser: 65532
 podSecurityContext:
  fsGroup: 65532
 #
 # Extra objects to deploy (value evaluated as a template)
 #
 # In some cases, it can avoid the need for additional, extended or adhoc deployments.
 # See #595 for more details and traefik/tests/values/extra.yaml for example.
 extraObjects: []
 # This will override the default Release Namespace for Helm.
 # It will not affect optional CRDs such as `ServiceMonitor` and `PrometheusRules`
 # namespaceOverride: traefik
 #
 ## This will override the default app.kubernetes.io/instance label for all Objects.
 # instanceLabelOverride: traefik
--- a/deployments/kubernetes/flight.yml
+++ b/deployments/kubernetes/flight.yml
@ -1,46 +0,0 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: flight-deployment
  labels:
    app: flight
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: flight
  template:
    metadata:
      labels:
        app: flight
    spec:
      containers:
        - image: meysamh66/booking-microservices-flight:v1.5.8
          name: flight
          ports:
            - containerPort: 80
          env:
          - name: "ASPNETCORE_ENVIRONMENT"
            value: "docker"                
          - name: ASPNETCORE_URLS
            value: "http://+"                 
          volumeMounts:
          - name: appsettings-volume
            mountPath: /app/Settings
      volumes:
      - name: appsettings-volume
        configMap:
          name: appsettings
 ---
 apiVersion: v1
 kind: Service
 metadata:
  name: flight-service
 spec:
  selector:
    app: flight
  ports:
  - name: http
    port: 80
    targetPort: 80
  type: ClusterIP
--- a/deployments/kubernetes/ingress.yml
+++ b/deployments/kubernetes/ingress.yml
@ -1,56 +0,0 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: booking-microservices
  namespace: default
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/proxy-buffers: "4 256k"
    nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "256k"
    nginx.ingress.kubernetes.io/client-header-buffer-size: "64k"
    nginx.ingress.kubernetes.io/http2-max-field-size: "16k"
    nginx.ingress.kubernetes.io/http2-max-header-size: "128k"
    nginx.ingress.kubernetes.io/large-client-header-buffers: "8 64k"
 spec:
  ingressClassName: nginx
  tls:
  - hosts:
      - myidentityserver.com
      - booking-microservices.com
    secretName: nginx-tls-secret  
  rules:
  - host: booking-microservices.com
    http:
      paths:
      - path: /flight
        pathType: Exact
        backend:
          service:
            name: flight-service
            port:
              name: http
      - path: /passenger
        pathType: Exact
        backend:
          service:
            name: passenger-service
            port:
              name: http
      - path: /booking
        pathType: Exact
        backend:
          service:
            name: booking-service
            port:
              name: http
  - host: myidentityserver.com
    http:
      paths:                                      
      - path: /
        pathType: Prefix
        backend:
          service:
            name: identity-service
            port:
              name: http    
--- a/src/BuildingBlocks/MassTransit/Extensions.cs
+++ b/src/BuildingBlocks/MassTransit/Extensions.cs
@ -13,12 +13,6 @@ using Exception;
 public static class Extensions
 {
    private static bool? _isRunningInContainer;
    private static bool IsRunningInContainer => _isRunningInContainer ??=
        bool.TryParse(Environment.GetEnvironmentVariable("DOTNET_RUNNING_IN_CONTAINER"), out var inContainer) &&
        inContainer;
    public static IServiceCollection AddCustomMassTransit(this IServiceCollection services,
        IWebHostEnvironment env, Assembly assembly)
    {
@ -48,9 +42,8 @@ public static class Extensions
        {
            var rabbitMqOptions = services.GetOptions<RabbitMqOptions>(nameof(RabbitMqOptions));
            var host = IsRunningInContainer ? "rabbitmq" : rabbitMqOptions.HostName;
-            configurator.Host(host, rabbitMqOptions?.Port ?? 5672, "/", h =>
+            configurator.Host(rabbitMqOptions?.HostName, rabbitMqOptions?.Port ?? 5672, "/", h =>
            {
                h.Username(rabbitMqOptions?.UserName);
                h.Password(rabbitMqOptions?.Password);
--- a/src/Services/Flight/src/Flight.Api/appsettings.docker.json
+++ b/src/Services/Flight/src/Flight.Api/appsettings.docker.json
@ -27,7 +27,7 @@
    "Audience": "flight-api",
    "RequireHttpsMetadata": false
  },
-  "RabbitMq": {
+  "RabbitMqOptions": {
    "HostName": "rabbitmq",
    "ExchangeName": "flight",
    "UserName": "guest",
--- a/src/Services/Flight/src/Flight.Api/appsettings.json
+++ b/src/Services/Flight/src/Flight.Api/appsettings.json
@ -31,7 +31,7 @@
  "Jwt": {
    "Authority": "https://localhost:5005",
    "Audience": "flight-api",
-    "RequireHttpsMetadata": true
+    "RequireHttpsMetadata": false
  },
  "RabbitMqOptions": {
    "HostName": "localhost",
--- a/src/Services/Flight/src/Flight/Extensions/Infrastructure/InfrastructureExtensions.cs
+++ b/src/Services/Flight/src/Flight/Extensions/Infrastructure/InfrastructureExtensions.cs
@ -1,8 +1,5 @@
 using System;
 using System.Collections.Generic;
 using System.Reflection;
 using System.Threading.RateLimiting;
 using BuildingBlocks.Caching;
 using BuildingBlocks.Core;
 using BuildingBlocks.EFCore;
 using BuildingBlocks.Exception;
@ -90,6 +87,8 @@ public static class InfrastructureExtensions
        builder.Services.AddEasyCaching(options => { options.UseInMemory(configuration, "mem"); });
        Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
        return builder;
    }
--- a/src/Services/Flight/tests/IntegrationTest/Fakes/FakeCreateAircraftCommand.cs
+++ b/src/Services/Flight/tests/IntegrationTest/Fakes/FakeCreateAircraftCommand.cs
@ -1,6 +1,5 @@
 using AutoBogus;
 using BuildingBlocks.IdsGenerator;
 using Flight.Aircrafts.Features.CreateAircraft;
 using Flight.Aircrafts.Features.CreateAircraft.Commands.V1;
 namespace Integration.Test.Fakes;
--- a/src/Services/Flight/tests/IntegrationTest/Fakes/FakeCreateAirportCommand.cs
+++ b/src/Services/Flight/tests/IntegrationTest/Fakes/FakeCreateAirportCommand.cs
@ -1,6 +1,5 @@
 using AutoBogus;
 using BuildingBlocks.IdsGenerator;
 using Flight.Airports.Features.CreateAirport;
 using Flight.Airports.Features.CreateAirport.Commands.V1;
 namespace Integration.Test.Fakes;
--- a/src/Services/Flight/tests/IntegrationTest/Fakes/FakeFlightCreated.cs
+++ b/src/Services/Flight/tests/IntegrationTest/Fakes/FakeFlightCreated.cs
@ -1,14 +0,0 @@
 using Flight.Flights.Features.CreateFlight.Commands.V1;
 namespace Integration.Test.Fakes;
 public static class FakeFlightCreated
 {
    public static global::Flight.Flights.Models.Flight Generate(CreateFlightCommand command)
    {
        return global::Flight.Flights.Models.Flight.Create(command.Id, command.FlightNumber,
            command.AircraftId, command.DepartureAirportId, command.DepartureDate,
            command.ArriveDate, command.ArriveAirportId, command.DurationMinutes,
            command.FlightDate, command.Status, command.Price);
    }
 }
--- a/src/Services/Flight/tests/IntegrationTest/Fakes/FakeSeatCreated.cs
+++ b/src/Services/Flight/tests/IntegrationTest/Fakes/FakeSeatCreated.cs
@ -1,14 +0,0 @@
 using Flight.Seats.Features.CreateSeat;
 using Flight.Seats.Features.CreateSeat.Commands.V1;
 using Flight.Seats.Models;
 namespace Integration.Test.Fakes;
 public static class FakeSeatCreated
 {
    public static global::Flight.Seats.Models.Seat Generate(CreateSeatCommand command)
    {
        return global::Flight.Seats.Models.Seat.Create(command.Id, command.SeatNumber, command.Type, command.Class, command.FlightId);
    }
 }
--- a/src/Services/Identity/src/Identity.Api/keys/is-signing-key-DCE5098F8B9D1301447CC90AB1307BB1.json
+++ b/src/Services/Identity/src/Identity.Api/keys/is-signing-key-DCE5098F8B9D1301447CC90AB1307BB1.json
@ -0,0 +1 @@
 {"Version":1,"Id":"DCE5098F8B9D1301447CC90AB1307BB1","Created":"2023-02-21T14:52:03.5423989Z","Algorithm":"RS256","IsX509Certificate":false,"Data":"CfDJ8Pno3caweVxDrMdMtoqjLU-zkq97hfMbqd_a71uRzwCkfuVDrGVJuTHsecFn6xm9QskMBE5i1dNJ4l-EBrrflUZ0_ZiqESp5NGi4Uw7SaU-kijgI8566Ll_A6uy2dYsA6plpZ_1L2KFJuaCwGdMs68NXgZj8-8shIngrOBjTkvNeH0j1BUmvj7iHu1dheRQHBamrlh4L-pdPNAx9lR-yeOWoyJCUSNCviC9P-hLsd9nJzfn77gU4Kc4i8pfDyPf-pN3_IFSMU1T-PiVUwBobxXxEDj8oS5hSUDRVi49n4u5oluz68chky3NhxWjYNyfmjOS8CD0-GsL7VPxApDP8z33pOW8hSwSF-PWsQczitlvFqSf45kGpYBCs8JmwU1yqAgeKKho6tICk1CK4Zad1-0WMok6HMUHixqaB9MfEBWUqdeLjQcwLZo-iJ5LGLzAhL5o7JgtufV_c1RgYPXH1umXdIKD2IK_vWtDUv3Y7GHOiSyYBIJCaBxhVrk9ruztu-BWno4E_U-Jej_t18P7QBwAT9FQsO2lryGOEtG6f-zf_JwwHeJE9CtFxofXzkIKtc5fqliCYTp8JAfgzZ_8MKxLfs-ZD_iZPiLX8clAbFokJ86fqsL2s3EmTGTVxcc2nP7xmYm_5D9R_7QqBZPM5az0vIayvAbkjGFII6P6WyfB1j2nl1BwamMb8EdCuM7FOvD_bnstXETFpYC8oYhJYQNruRhWjY_tv7F1cVPCWD-pX5IARvRgsJEbE_WdgvicWcwLpz0MWu89GrI4qP7WSoLGorlFmss_Ubf5feu7KYbpPrdGVLJbaaipYFTQgxaZ0GB9CjjMe8LPmU_9P-5wbkZ69LDyzIVIEpCuTF1fZr7SWr-C8NIVEvIyCTQoJmaFbvfdejVTxm2eOyolJLTGedHOkuaDg90hBFDtyQ78DVgzihZX3uZ0BwkCkkkiBB1boY3B0IWKDR3OWsG2lDqIn61FcLaAHgAqQF7JdMSmjEIGOVKUAEcnDf7NyVbWjZtPhpMLhmwu3OmPPrIqu-8_2e2RjlRuvXClhNpLyo-H4HipVztSUkP7ujukuZsRwJFj4p-VV2O7lyB7ogocAHF-AEMvw7ywmMPysYY_-_EU3U2vtRYIisKOV_VrsaMujNhMbrZUCq-ZIIsA-8GdLA2dqargOfd4f7jodpAtrBm6a5O8vWyAehdKfGj9i29tgfAQd2VnRqtN0eArruLGuIopP9FcEK_lNmHPjrpDaHZzA7AnfYBJsnOVKRehZSAmZGQUdlXV0rDzmLxgMZSN4P68eTLFCil8RwJFHzdExHk7VWd6xMo1m-EG_BioFcpazqEJYPjwCt9Rx_9_NMuvu1IiTiP_U2GO65dvZh2-iDPMGyTfeFJBuiIHW9fGg2BH5dw6Q9swMNXBmO174dGhQSA9BWTXnDFW3PsKEhFj5avEbV2Tkp4QQAiTkLaRbDSVfFH7NiKImy4Py4l1W52ftVBt5yPUDJi2GHHk-zxhgqBmY2k-duV9eeiNvXklDHySo0dOZShzUTqYmg0tUgdrthytN8TMp6BSAZtO0YFZgELPkeFKoE9Rz_BwazdwK1OphzQ8dvECEVO5nJRil8_6iwvu04aQ_s_fFMmwa2xrft3DY1uGXswukhOcw_he_nnwAfY7ExA__BbLiEc0NNgG8ZDd6hKdiR_RZeY-4FHMl0J59TwSgc2KNnWEqsUHLXN4Y6VC1TA4eVf9zcku4CPNQCMZPFAE7hgYdttLzrRyEPnsfGTWBYt_wVN7EszCbidkGLIvHr3ZNd0Oz49W7KNRZzVydOMila9AytE1tRegU3e3HSoFFqF9Gqr1mKAQ_B4N5UBxYB39ta5cPwVXGHTsvrak3XggzuHOIqsGyLxEYZka2-ykx0gKMCIWqf_w63Mu_IYkSOQT4HQ3yheBchqeUZPqAAZASp00SvWIt_Cirj1O1XKxQyNVWiv-Im_i6xy4V5dl1RQSwmxQYe_7oiPS6dqewVR1WJZsmnptq521SsJLZQffHK-CDtxT69fE218ZIaNOzkDERp6c422B8wqZK5rf1zn6lO1I4MwTjkETMY_jFtFZw3_Yo9zYMLmC2kIzkupXjhrzT1vCWIaU6UYegi72Ikbx9fvmDHV6g9Kiy_KPBR8ECe89Skqz8DklPIhm3tqy5eaQ5iqcyW8Gxyq1K2DN1BMoCAqIya5d-RddpLvRv-W_cTf-DfJOxmGpKlYCcp4d6pel32a2ykGlNQSWJ9_8hk5jcypkosDWN8M8OROkBxLo9qtP0FWLnITuw1aXC-c03ypfeGJeE2HN9vwT3Rxk4i_rlGUXgIDgSk9XfyQghfKXBTpuOvrbf1VoEcsS_E6qaNJmpGpz9Ok7Ks4UDb3DtnadbABdyhZQLGg49QAywXqj4qFdgLBnDmVTHLm8eyIDDeVC0SiD061DhZ7qtzI9U7wYbWpp1oRNTuPZDlypBaZpE","DataProtected":true}
--- a/src/Services/Identity/src/Identity/Extensions/Infrastructure/InfrastructureExtensions.cs
+++ b/src/Services/Identity/src/Identity/Extensions/Infrastructure/InfrastructureExtensions.cs
@ -26,9 +26,6 @@ using Serilog;
 namespace Identity.Extensions.Infrastructure;
 using Duende.IdentityServer.Extensions;
 using Microsoft.AspNetCore.HttpOverrides;
 public static class InfrastructureExtensions
 {
    public static WebApplicationBuilder AddInfrastructure(this WebApplicationBuilder builder)
@ -81,11 +78,13 @@ public static class InfrastructureExtensions
        //ref: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-7.0&viewFallbackFrom=aspnetcore-2.2
        //ref: https://medium.com/@christopherlenard/identity-server-and-nginx-ingress-controller-in-kubernetes-7146c22a2466
-        builder.Services.Configure<ForwardedHeadersOptions>(options =>
+        // builder.Services.Configure<ForwardedHeadersOptions>(options =>
-        {
+        // {
-            options.ForwardedHeaders =
+        //     options.ForwardedHeaders =
-                ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
+        //         ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
-        });
+        // });
        Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
        return builder;
    }
@ -98,7 +97,7 @@ public static class InfrastructureExtensions
        //ref: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-7.0&viewFallbackFrom=aspnetcore-2.2
        //ref: https://medium.com/@christopherlenard/identity-server-and-nginx-ingress-controller-in-kubernetes-7146c22a2466
-        app.UseForwardedHeaders();
+        // app.UseForwardedHeaders();
        app.UseProblemDetails();
        app.UseSerilogRequestLogging(options =>
@ -114,12 +113,12 @@ public static class InfrastructureExtensions
        app.MapMetrics();
        app.MapGet("/", x => x.Response.WriteAsync(appOptions.Name));
-
+        //
-        app.Use((httpContext, next) =>
+        // app.Use((httpContext, next) =>
-        {
+        // {
-            httpContext.Request.Scheme = "https";
+        //     httpContext.Request.Scheme = "https";
-            return next();
+        //     return next();
-        });
+        // });
        if (env.IsDevelopment())
        {
		`@ -0,0 +1 @@`
							{"Version":1,"Id":"DCE5098F8B9D1301447CC90AB1307BB1","Created":"2023-02-21T14:52:03.5423989Z","Algorithm":"RS256","IsX509Certificate":false,"Data":"CfDJ8Pno3caweVxDrMdMtoqjLU-zkq97hfMbqd_a71uRzwCkfuVDrGVJuTHsecFn6xm9QskMBE5i1dNJ4l-EBrrflUZ0_ZiqESp5NGi4Uw7SaU-kijgI8566Ll_A6uy2dYsA6plpZ_1L2KFJuaCwGdMs68NXgZj8-8shIngrOBjTkvNeH0j1BUmvj7iHu1dheRQHBamrlh4L-pdPNAx9lR-yeOWoyJCUSNCviC9P-hLsd9nJzfn77gU4Kc4i8pfDyPf-pN3_IFSMU1T-PiVUwBobxXxEDj8oS5hSUDRVi49n4u5oluz68chky3NhxWjYNyfmjOS8CD0-GsL7VPxApDP8z33pOW8hSwSF-PWsQczitlvFqSf45kGpYBCs8JmwU1yqAgeKKho6tICk1CK4Zad1-0WMok6HMUHixqaB9MfEBWUqdeLjQcwLZo-iJ5LGLzAhL5o7JgtufV_c1RgYPXH1umXdIKD2IK_vWtDUv3Y7GHOiSyYBIJCaBxhVrk9ruztu-BWno4E_U-Jej_t18P7QBwAT9FQsO2lryGOEtG6f-zf_JwwHeJE9CtFxofXzkIKtc5fqliCYTp8JAfgzZ_8MKxLfs-ZD_iZPiLX8clAbFokJ86fqsL2s3EmTGTVxcc2nP7xmYm_5D9R_7QqBZPM5az0vIayvAbkjGFII6P6WyfB1j2nl1BwamMb8EdCuM7FOvD_bnstXETFpYC8oYhJYQNruRhWjY_tv7F1cVPCWD-pX5IARvRgsJEbE_WdgvicWcwLpz0MWu89GrI4qP7WSoLGorlFmss_Ubf5feu7KYbpPrdGVLJbaaipYFTQgxaZ0GB9CjjMe8LPmU_9P-5wbkZ69LDyzIVIEpCuTF1fZr7SWr-C8NIVEvIyCTQoJmaFbvfdejVTxm2eOyolJLTGedHOkuaDg90hBFDtyQ78DVgzihZX3uZ0BwkCkkkiBB1boY3B0IWKDR3OWsG2lDqIn61FcLaAHgAqQF7JdMSmjEIGOVKUAEcnDf7NyVbWjZtPhpMLhmwu3OmPPrIqu-8_2e2RjlRuvXClhNpLyo-H4HipVztSUkP7ujukuZsRwJFj4p-VV2O7lyB7ogocAHF-AEMvw7ywmMPysYY_-_EU3U2vtRYIisKOV_VrsaMujNhMbrZUCq-ZIIsA-8GdLA2dqargOfd4f7jodpAtrBm6a5O8vWyAehdKfGj9i29tgfAQd2VnRqtN0eArruLGuIopP9FcEK_lNmHPjrpDaHZzA7AnfYBJsnOVKRehZSAmZGQUdlXV0rDzmLxgMZSN4P68eTLFCil8RwJFHzdExHk7VWd6xMo1m-EG_BioFcpazqEJYPjwCt9Rx_9_NMuvu1IiTiP_U2GO65dvZh2-iDPMGyTfeFJBuiIHW9fGg2BH5dw6Q9swMNXBmO174dGhQSA9BWTXnDFW3PsKEhFj5avEbV2Tkp4QQAiTkLaRbDSVfFH7NiKImy4Py4l1W52ftVBt5yPUDJi2GHHk-zxhgqBmY2k-duV9eeiNvXklDHySo0dOZShzUTqYmg0tUgdrthytN8TMp6BSAZtO0YFZgELPkeFKoE9Rz_BwazdwK1OphzQ8dvECEVO5nJRil8_6iwvu04aQ_s_fFMmwa2xrft3DY1uGXswukhOcw_he_nnwAfY7ExA__BbLiEc0NNgG8ZDd6hKdiR_RZeY-4FHMl0J59TwSgc2KNnWEqsUHLXN4Y6VC1TA4eVf9zcku4CPNQCMZPFAE7hgYdttLzrRyEPnsfGTWBYt_wVN7EszCbidkGLIvHr3ZNd0Oz49W7KNRZzVydOMila9AytE1tRegU3e3HSoFFqF9Gqr1mKAQ_B4N5UBxYB39ta5cPwVXGHTsvrak3XggzuHOIqsGyLxEYZka2-ykx0gKMCIWqf_w63Mu_IYkSOQT4HQ3yheBchqeUZPqAAZASp00SvWIt_Cirj1O1XKxQyNVWiv-Im_i6xy4V5dl1RQSwmxQYe_7oiPS6dqewVR1WJZsmnptq521SsJLZQffHK-CDtxT69fE218ZIaNOzkDERp6c422B8wqZK5rf1zn6lO1I4MwTjkETMY_jFtFZw3_Yo9zYMLmC2kIzkupXjhrzT1vCWIaU6UYegi72Ikbx9fvmDHV6g9Kiy_KPBR8ECe89Skqz8DklPIhm3tqy5eaQ5iqcyW8Gxyq1K2DN1BMoCAqIya5d-RddpLvRv-W_cTf-DfJOxmGpKlYCcp4d6pel32a2ykGlNQSWJ9_8hk5jcypkosDWN8M8OROkBxLo9qtP0FWLnITuw1aXC-c03ypfeGJeE2HN9vwT3Rxk4i_rlGUXgIDgSk9XfyQghfKXBTpuOvrbf1VoEcsS_E6qaNJmpGpz9Ok7Ks4UDb3DtnadbABdyhZQLGg49QAywXqj4qFdgLBnDmVTHLm8eyIDDeVC0SiD061DhZ7qtzI9U7wYbWpp1oRNTuPZDlypBaZpE","DataProtected":true}