CHANGELOG.md

@@ -3,6 +3,14 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ---
+## [2.43.0]
+	
+- [!2.43.0](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=2.43.0); List of merge requests in this release.
+
+## [2.42.0]
+	
+- [!2.42.0](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=2.42.0); List of merge requests in this release.
+
 ## [2.41.0]
 	
 - [!2.41.0](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=2.41.0); List of merge requests in this release.

base/gitrepository.yaml

@@ -11,4 +11,4 @@ spec:
   interval: 10m
   url: https://repo1.dso.mil/big-bang/bigbang.git
   ref:
-    tag: 2.41.0
+    tag: 2.43.0

blog/.pages

 nav:
+  - Big Bang 2.42 Release and Team Updates: 2-42-Release.md
+  - Big Bang 2.41 Release and Team Updates: 2-41-Release.md
   - Introducing Headlamp a UI for your k8s Cluster management: UI-for-your-K8s-Cluster.md
   - Cypress Testing In Depth: cypress-testing.md
   - BigBang.mil Domain & dev Certificate: dev-bigbang-mil-certificate.md

blog/2-41-Release.md

+---
+revision_date: Last edited December 09, 2024
+tags:
+  - blog
+---
+
+# Big Bang Release 2.41.0: A Milestone in Enterprise Platform Development
+
+We are thrilled to announce the release of Big Bang 2.41.0, marking another significant step forward in our enterprise platform development journey. This incremental release brings substantial improvements to stability, security, and core functionality across our component ecosystem.
+
+## Release Highlights
+
+The latest release includes comprehensive updates to critical components including GitLab, Istio, Kiali, and Kyverno. Our development teams have worked diligently to ensure these updates enhance both performance and security while maintaining seamless integration within the Big Bang ecosystem.
+
+## Release Notes
+We always encourage consumers to view the [Release notes](https://repo1.dso.mil/big-bang/bigbang/-/releases/2.41.0) for additional information.
+
+## Team Achievements and Progress
+
+### Storage and Collaboration Enhancements
+
+- Comprehensive updates to Minio, Vault, Confluence, and External Secrets
+- Implementation of ESO cluster secret functionality to allow for centralized secret management, dynamic secret injection, and cloud native integration. 
+
+### Security and Compliance Advancement
+
+- Completed renovate updates for Anchore Enterprise and Neuvector
+- Internal testing of KubeScape project
+- Refined Kyverno policy implementation
+- Progress toward multi-cluster Twistlock deployment support
+
+### Observability Improvements
+
+- Successfully implemented Prometheus remote-write metrics to Mimir over Istio
+- Completed updates to core monitoring tools including Loki, Grafana, and Fluentbit
+- Advanced CI tracing tools integration with Alloy, Tempo, and Loki
+
+### Service Mesh Developments
+
+- Resolution of Tetrate image enabling in Sandbox Istio Gateway
+- Advanced templating for public and passthrough gateway implementation
+- Near completion of the Kiali labeling epic with only 13 remaining issues
+
+### Repo Sync
+
+- Updates and improvements to the Repo Sync utility which enables us to receive and accept community contributions [Further information on the current status can be found within the epic ](https://repo1.dso.mil/groups/big-bang/-/epics/400)
+
+### Edge Computing Innovation
+
+- Advancement of initiatives toward the anticipated 1.0 release
+
+## Community Engagement
+
+We extend our gratitude to Daniel Dides and the entire Big Bang team for their valued contributions to this release. The success of Big Bang relies heavily on the engagement of our community, and we request feedback through the following methods:
+- [Issue](https://repo1.dso.mil/big-bang/bigbang/-/issues/new) reporting on our platform
+- Consulting our [comprehensive documentation](https://docs-bigbang.dso.mil/latest/) for implementation guidance
+- Providing [feedback](https://join.slack.com/t/bigbanguniver-ft39451/shared_invite/zt-2mrtefxg6-5WJr85JD3NPbreMuAcQR0A) on new features and improvements
+
+## Looking Forward
+
+As we continue to evolve Big Bang, our focus remains on delivering robust, secure, and scalable solutions for enterprise deployment. The progress demonstrated in this release reflects our commitment to excellence and continuous improvement across all aspects of the platform.
+
+For detailed information about the upgrade process and known issues, please consult the release notes in our documentation. We look forward to your feedback and continued collaboration in making Big Bang even better.
+
+*Stay tuned for more updates as we continue to enhance and expand the capabilities of Big Bang.*

blog/2-42-Release.md

+---
+revision_date: Last edited December 19, 2024
+tags:
+  - blog
+---
+
+# Big Bang Release 2.42.0: Engineering Progress and Strategic Innovations
+
+We are thrilled to announce the release of Big Bang 2.42.0, marking another significant step forward in our enterprise platform development journey. This incremental release brings substantial improvements to stability, security, and core functionality across our component ecosystem.
+
+## Release Highlights
+
+The latest release includes comprehensive updates to critical components including GitLab, Istio, and Kyverno. Our development teams have worked diligently to ensure these updates enhance both performance and security while maintaining seamless integration within the Big Bang ecosystem.
+
+## Release Notes
+We always encourage consumers to view the [Release notes](https://repo1.dso.mil/big-bang/bigbang/-/releases/2.42.0) for additional information.
+
+## Team Achievements and Progress
+
+### Security and Compliance Enhancement
+
+- Successfully completed renovations for Kyverno and associated policies
+- Enhanced Anchore Enterprise configurations
+- Strengthened security measures for Fluentbit and Gitlab Runner
+- Upgraded Tetragon chart to version 1.2.1
+- Launched the initial phase of our Compliance Dashboard
+
+### Observability Platform Evolution
+
+- Near completion of Mimir integration with comprehensive network security implementation
+- Successful collaboration with IronBank for enterprise container optimization
+- Implementation of community contributions for elasticsearch-kibana package
+- Completion of Alloy and Loki renovations
+
+### Storage and Collaboration Improvements
+
+- Successful renovation of Confluence, Vault, and Jira systems
+- Resolution of critical Confluence installation issues
+- Implementation of external secrets key versioning in ESO
+
+### Development and Operations Progress
+
+- Gitlab-CI-Pipelines-Exporter is in a stable and maintained status.
+- Resolution of ArgoCD CI stability issues
+- Successful implementation of various renovations including Nexus, Fortify, and Gitlab
+- Enhancement of Harbor OIDC SSO configuration
+
+### Edge Computing and Strategic Partnerships
+
+- Substantial progress on Release 1.0, with particular emphasis on Crossplane integration and comprehensive testing frameworks
+
+### Tooling and Automation Achievements
+
+- Enhancement of bbctl pipeline functionality
+- Improvements to Repo-sync capabilities
+- Implementation of comprehensive testing frameworks
+
+## Community Engagement
+
+We extend our gratitude to Darrien Lee and the entire Big Bang team for their valued contributions to this release. The success of Big Bang relies heavily on the engagement of our community, and we request feedback through the following methods:
+- [Issue](https://repo1.dso.mil/big-bang/bigbang/-/issues/new) reporting on our platform
+- Consulting our [comprehensive documentation](https://docs-bigbang.dso.mil/latest/) for implementation guidance
+- Providing [feedback](https://join.slack.com/t/bigbanguniver-ft39451/shared_invite/zt-2mrtefxg6-5WJr85JD3NPbreMuAcQR0A) on new features and improvements
+
+## Looking Forward
+
+As we continue to evolve Big Bang, our focus remains on delivering robust, secure, and scalable solutions for enterprise deployment. The progress demonstrated in this release reflects our commitment to excellence and continuous improvement across all aspects of the platform.
+
+For detailed information about the upgrade process and known issues, please consult the release notes in our documentation. We look forward to your feedback and continued collaboration in making Big Bang even better.
+
+*Stay tuned for more updates as we continue to enhance and expand the capabilities of Big Bang.*
\ No newline at end of file

chart/Chart.yaml

 apiVersion: v2
 name: bigbang
-version: 2.41.0
+version: 2.43.0
 kubeVersion: '>=1.29.0-0'
 description: Big Bang is a declarative, continuous delivery tool for core DoD hardened and approved packages into a Kubernetes cluster.
 type: application

chart/templates/istio/values.yaml

@@ -121,11 +121,11 @@ gateways:
         number: 8443
         protocol: HTTPS
       {{- end }}
-      {{- if eq $servervalues.port.protocol "HTTPS"}}
+      {{- if or (eq $servervalues.port.protocol "HTTPS") (eq $servervalues.port.protocol "TLS") }}
       tls:
         {{- $tlsMode := (dig "tls" "mode" "SIMPLE" $servervalues) }}
         mode: {{ $tlsMode }}
-        {{- if or (eq $tlsMode "SIMPLE") (eq $tlsMode "MUTUAL") }}
+        {{- if or (eq $tlsMode "SIMPLE") (eq $tlsMode "MUTUAL") (eq $tlsMode "OPTIONAL_MUTUAL") }}
         credentialName: {{ $index }}-{{ $name }}-cert
         {{- end }}
         {{- $tlsMinVersion := (dig "tls" "minProtocolVersion" "" $values) }}
@@ -148,7 +148,7 @@ gateways:
       tls:
         {{- $tlsMode := (dig "tls" "mode" "SIMPLE" $values) }}
         mode: {{ $tlsMode }}
-        {{- if or (eq $tlsMode "SIMPLE") (eq $tlsMode "MUTUAL") }}
+        {{- if or (eq $tlsMode "SIMPLE") (eq $tlsMode "MUTUAL") (eq $tlsMode "OPTIONAL_MUTUAL") }}
         credentialName: {{ $name }}-cert
         {{- end }}
         {{- $tlsMinVersion := (dig "tls" "minProtocolVersion" "" $values) }}
@@ -171,7 +171,7 @@ gateways:
       tls:
         {{- $tlsMode := (dig "tls" "mode" "SIMPLE" $values) }}
         mode: {{ $tlsMode }}
-        {{- if or (eq $tlsMode "SIMPLE") (eq $tlsMode "MUTUAL") }}
+        {{- if or (eq $tlsMode "SIMPLE") (eq $tlsMode "MUTUAL") (eq $tlsMode "OPTIONAL_MUTUAL") }}
         credentialName: {{ $name }}-cert
         {{- end }}
         {{- $tlsMinVersion := (dig "tls" "minProtocolVersion" "" $values) }}

chart/templates/minio/gitrepository.yaml

-{{- if and (eq .Values.addons.minio.sourceType "git") (not .Values.offline) .Values.addons.minio.enabled }}
+{{- if and (eq .Values.addons.minio.sourceType "git") (not .Values.offline) (or .Values.addons.minioOperator.enabled .Values.addons.minio.enabled) }}
 {{- $gitCredsDict := dict
   "name" "minio"
   "packageGitScope" .Values.addons.minio.git

chart/templates/nexus-repository-manager/values.yaml

@@ -65,6 +65,8 @@ nexus:
   {{- end }}
 
 license_key: "{{ $nexusValues.license_key }}"
+realms:
+  - "NexusAuthenticatingRealm"
 
 {{- if $nexusValues.sso.enabled }}
 sso:
@@ -83,9 +85,7 @@ sso:
     validateResponseSignature: "true"
     validateAssertionSignature: "true"
     idpMetadata: '{{ default (dig "saml" "metadata" "" .Values.sso) (dig "sso" "idp_data" "idpMetadata" "" $nexusValues) }}'
-  realm:
-    - "NexusAuthenticatingRealm"
-    - "SamlRealm"
+
   role:
     {{- range $nexusValues.sso.role }}
     - id: {{ .id | quote }}

chart/templates/wrapper/helmrelease.yaml

@@ -24,6 +24,7 @@ metadata:
     {{- end }}
 spec:
   releaseName: {{ $pkg }}-wrapper
+  targetNamespace: {{ dig "namespace" "name" $pkg $vals }}
   chart:
     spec:
       {{- if (eq $.Values.wrapper.sourceType "git") }}

chart/values.yaml

@@ -457,11 +457,11 @@ gatekeeper:
   git:
     repo: https://repo1.dso.mil/big-bang/product/packages/policy.git
     path: "./chart"
-    tag: "3.17.1-bb.2"
+    tag: "3.18.1-bb.0"
   helmRepo:
     repoName: "registry1"
     chartName: "gatekeeper"
-    tag: "3.17.1-bb.2"
+    tag: "3.18.1-bb.0"
 
   # -- Flux reconciliation overrides specifically for the OPA Gatekeeper Package
   flux:
@@ -570,11 +570,11 @@ elasticsearchKibana:
   git:
     repo: https://repo1.dso.mil/big-bang/product/packages/elasticsearch-kibana.git
     path: "./chart"
-    tag: "1.23.0-bb.0"
+    tag: "1.24.0-bb.1"
   helmRepo:
     repoName: "registry1"
     chartName: "elasticsearch-kibana"
-    tag: "1.23.0-bb.0"
+    tag: "1.24.0-bb.1"
 
   # -- Flux reconciliation overrides specifically for the Logging (EFK) Package
   flux:
@@ -701,11 +701,11 @@ loki:
   git:
     repo: https://repo1.dso.mil/big-bang/product/packages/loki.git
     path: "./chart"
-    tag: "6.23.0-bb.0"
+    tag: "6.23.0-bb.1"
   helmRepo:
     repoName: "registry1"
     chartName: "loki"
-    tag: "6.23.0-bb.0"
+    tag: "6.23.0-bb.1"
 
   # -- Flux reconciliation overrides specifically for the Loki Package
   flux: {}
@@ -1031,11 +1031,11 @@ addons:
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/argocd.git
       path: "./chart"
-      tag: "7.7.5-bb.0"
+      tag: "7.7.5-bb.1"
     helmRepo:
       repoName: "registry1"
       chartName: "argocd"
-      tag: "7.7.5-bb.0"
+      tag: "7.7.5-bb.1"
 
     # -- Flux reconciliation overrides specifically for the ArgoCD Package
     flux: {}
@@ -1148,11 +1148,11 @@ addons:
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/minio.git
       path: "./chart"
-      tag: "6.0.4-bb.4"
+      tag: "6.0.4-bb.5"
     helmRepo:
       repoName: "registry1"
       chartName: "minio-instance"
-      tag: "6.0.4-bb.4"
+      tag: "6.0.4-bb.5"
 
     # -- Flux reconciliation overrides specifically for the Minio Package
     flux: {}
@@ -1188,11 +1188,11 @@ addons:
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/gitlab.git
       path: "./chart"
-      tag: "8.6.1-bb.0"
+      tag: "8.6.2-bb.0"
     helmRepo:
       repoName: "registry1"
       chartName: "gitlab"
-      tag: "8.6.1-bb.0"
+      tag: "8.6.2-bb.0"
 
     # -- Flux reconciliation overrides specifically for the Gitlab Package
     flux: {}
@@ -1302,12 +1302,12 @@ addons:
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/gitlab-runner.git
       path: "./chart"
-      tag: "0.68.1-bb.2"
+      tag: "0.70.4-bb.0"
 
     helmRepo:
       repoName: "registry1"
       chartName: "gitlab-runner"
-      tag: "0.68.1-bb.2"
+      tag: "0.70.4-bb.0"
 
 
     # -- Flux reconciliation overrides specifically for the Gitlab Runner Package
@@ -1329,11 +1329,11 @@ addons:
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/nexus.git
       path: "./chart"
-      tag: "74.0.0-bb.0"
+      tag: "75.0.0-bb.1"
     helmRepo:
       repoName: "registry1"
       chartName: "nexus-repository-manager"
-      tag: "74.0.0-bb.0"
+      tag: "75.0.0-bb.1"
 
     # -- Base64 encoded license file.
     license_key: ""
@@ -1398,11 +1398,11 @@ addons:
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/sonarqube.git
       path: "./chart"
-      tag: "10.6.1-bb.2"
+      tag: "10.6.1-bb.3"
     helmRepo:
       repoName: "registry1"
       chartName: "sonarqube"
-      tag: "10.6.1-bb.2"
+      tag: "10.6.1-bb.3"
 
     # -- Flux reconciliation overrides specifically for the Sonarqube Package
     flux: {}
@@ -1531,11 +1531,11 @@ addons:
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/anchore-enterprise.git
       path: "./chart"
-      tag: "3.1.1-bb.3"
+      tag: "3.2.0-bb.1"
     helmRepo:
       repoName: "registry1"
       chartName: "anchore"
-      tag: "3.1.1-bb.3"
+      tag: "3.2.0-bb.1"
 
     # -- Flux reconciliation overrides specifically for the Anchore Package
     flux:
@@ -1648,11 +1648,11 @@ addons:
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/mattermost.git
       path: "./chart"
-      tag: "10.2.0-bb.0"
+      tag: "10.2.0-bb.1"
     helmRepo:
       repoName: "registry1"
       chartName: "mattermost"
-      tag: "10.2.0-bb.0"
+      tag: "10.2.0-bb.1"
 
     # -- Flux reconciliation overrides specifically for the Mattermost Package
     flux: {}
@@ -1835,11 +1835,11 @@ addons:
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/vault.git
       path: "./chart"
-      tag: "0.29.1-bb.0"
+      tag: "0.29.1-bb.2"
     helmRepo:
       repoName: "registry1"
       chartName: "vault"
-      tag: "0.29.1-bb.0"
+      tag: "0.29.1-bb.2"
 
     # -- Flux reconciliation overrides specifically for the Vault Package
     flux: {}
@@ -2075,12 +2075,12 @@ addons:
 
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/external-secrets.git
-      tag: "0.11.0-bb.0"
+      tag: "0.11.0-bb.2"
       path: "./chart"
     helmRepo:
       repoName: "registry1"
       chartName: "external-secrets"
-      tag: "0.11.0-bb.0"
+      tag: "0.11.0-bb.2"
 
     # -- Override flux settings for this package
     flux: {}

docs/assets/configs/example/dev-sso-values.yaml

@@ -7,107 +7,124 @@ sso:
   certificateAuthority:
     cert: |
       -----BEGIN CERTIFICATE-----
-      MIIISDCCBzCgAwIBAgIQdZv/Au9ZnyVbSBy7CVQgeTANBgkqhkiG9w0BAQsFADCB
-      ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT
-      H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy
-      MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG
-      A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y
-      MzEyMDQyMzAyMDRaFw0yNTAxMDQyMzAyMDNaMG0xCzAJBgNVBAYTAlVTMREwDwYD
-      VQQIEwhDb2xvcmFkbzEZMBcGA1UEBxMQQ29sb3JhZG8gU3ByaW5nczEeMBwGA1UE
-      ChMVRGVwYXJ0bWVudCBvZiBEZWZlbnNlMRAwDgYDVQQDEwdkc28ubWlsMIICIjAN
-      BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAoJo7RwhlbAORp1VDB0TvC3Tl3cPM
-      ujc+vo93KT668fx9cpcBZNnqfLsMY93yG3oY9aHhvflCw3SXaS/xSiGAia5hHCah
-      HQApT/PeeaBKqG6AhZ1s4oreE31gjPJHbK2yVNXiPRqHxt0eTcfn8gkiAonHJk0h
-      +EzR0UizKxVD/IzXJt64z1WC/ThIOSS9q5KZ+27uiM5ZKp/r7bdijVvvznWN6TLs
-      C/7QHH+l1d1KUwTOVTOiariVL/bd3RP2M0Ginl6p57HG1B15USv6gPhL8ph3gdk7
-      PKiAuBWJQ7OsWePbbkgze+Bf0i1aeD3mjaPI+xqGOJJpYq84J0jpMdYWENYKKtbh
-      o37qtnKVxp3G9thuN/IiXhBARiZtC9P2QKLwJw7K2pDoTOEH2kryeRBU7bZfx7Lk
-      gsJw1oTFq9VECWQmmieRS2kx0afKCFQwvls1iVZa5gbSYcPwWTqdHkrGrp4CzW0b
-      idk6H3PTlPNpTV6hURpdxQ2nVumNLFmOabz7BBRn67j9EBQzt8CIL+O0v4XtLsBa
-      2hOerXhBoY+AExpcjzOkPjv4nITlCfL3MhHfcgniKB3mRywUAZp3bh1YLHNG9eVa
-      vgqNPcGK2/f22kLWtJmwXT7NazL7wPsyVqyfzGQtidB92vN24iohLU2Dsc5E5VA+
-      y6ebzgf9yBaHGTECAwEAAaOCA5QwggOQMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYE
-      FPGHpZq/OFeRdtSYgjOVRE7aVMJSMB8GA1UdIwQYMBaAFIKicHTdvFM/z3vU981/
-      p2DGCky/MGgGCCsGAQUFBwEBBFwwWjAjBggrBgEFBQcwAYYXaHR0cDovL29jc3Au
-      ZW50cnVzdC5uZXQwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9haWEuZW50cnVzdC5uZXQv
-      bDFrLWNoYWluMjU2LmNlcjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3JsLmVu
-      dHJ1c3QubmV0L2xldmVsMWsuY3JsMIHYBgNVHREEgdAwgc2CB2Rzby5taWyCCSou
-      ZHNvLm1pbIINKi5pbDIuZHNvLm1pbIINKi5pbDQuZHNvLm1pbIINKi5pbDUuZHNv
-      Lm1pbIIOKi5hcHBzLmRzby5taWyCESouc3RhZ2luZy5kc28ubWlsgg8qLmFkbWlu
-      LmRzby5taWyCESoucHJlcHJvZC5kc28ubWlsghIqLnBhcnR5YnVzLmRzby5taWyC
-      Giouc3RhZ2luZy5wYXJ0eWJ1cy5kc28ubWlsghMqLmFkbWluLmlsNS5kc28ubWls
-      MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
-      EwYDVR0gBAwwCjAIBgZngQwBAgIwggGABgorBgEEAdZ5AgQCBIIBcASCAWwBagB3
-      AObSMWNAd4zBEEEG13G5zsHSQPaWhIb7uocyHf0eN45QAAABjDcROjUAAAQDAEgw
-      RgIhANdpufrvDSUkYRmQcKJwY89BJfJq5JWJPbtTVrNykeHWAiEA9KDnNOb1HGRT
-      bPpT+u6ChMDJ2Dy/j/EUvN1MzWPaGZ8AdwA/F0tP1yJHWJQdZRyEvg0S7ZA3fx+F
-      auvBvyiF7PhkbgAAAYw3ETpFAAAEAwBIMEYCIQCr3EBgrdpse6wvq0FG5jCFp5Zs
-      7HNrA9Y0Xw8EiTTCegIhAMt5/9RSc1B89QtIXofVlF5+foXoapIKT4L4RAkHs602
-      AHYATnWjJ1yaEMM4W2zU3z9S6x3w4I4bjWnAsfpksWKaOd8AAAGMNxE6fgAABAMA
-      RzBFAiEA4+KV6GfS8FYZqPdgP0/iw7vXvl8U8TodZGIeb7zz1tkCIFbhvXSnOzlI
-      xfP7nZqAWDNKV/gHCoZyJmTcK5lcrFx7MA0GCSqGSIb3DQEBCwUAA4IBAQCCCokH
-      Zr+Dhs8Cs5Qq3JIKAT1G0SkghwIkUb5BLVkWtRvTz+B72SdSP6cePL2qLNEQgQxi
-      qE/En1EZjbv681IRCMpC2c/boGR0TiMzx195LlXuih2ct525LPIJXYCUnUAV7gyA
-      F8NXjeVSbvNcrhL4L3TsCu1RFNJ1PtTZe65RJK6OMV+SSmreHLz3Akn9Txvzoqe3
-      jKIjOIvNMmrMrd3JksjXRYdi3vjPxsrQZO0ojn3uFNeVYvKZiUlTG9WY4PBq4L4h
-      KJZru2DOOJ6iUHtgECSl9GznpjbJktSEOGKT4Bpv0okyIJ978ImpLAZsTWuYuAoX
-      BVP6MtMXxjCRsd3T
+      MIII9DCCBtygAwIBAgIQcDdmU10lewJL420LUmSlqzANBgkqhkiG9w0BAQsFADBR
+      MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSgwJgYDVQQD
+      DB9FbnRydXN0IE9WIFRMUyBJc3N1aW5nIFJTQSBDQSAxMB4XDTI0MTIwMzE0MDMx
+      NFoXDTI1MTIwMzA2MDAwMFowbTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCENvbG9y
+      YWRvMRkwFwYDVQQHDBBDb2xvcmFkbyBTcHJpbmdzMR4wHAYDVQQKDBVEZXBhcnRt
+      ZW50IG9mIERlZmVuc2UxEDAOBgNVBAMMB2Rzby5taWwwggIiMA0GCSqGSIb3DQEB
+      AQUAA4ICDwAwggIKAoICAQCgmjtHCGVsA5GnVUMHRO8LdOXdw8y6Nz6+j3cpPrrx
+      /H1ylwFk2ep8uwxj3fIbehj1oeG9+ULDdJdpL/FKIYCJrmEcJqEdAClP8955oEqo
+      boCFnWziit4TfWCM8kdsrbJU1eI9GofG3R5Nx+fyCSICiccmTSH4TNHRSLMrFUP8
+      jNcm3rjPVYL9OEg5JL2rkpn7bu6Izlkqn+vtt2KNW+/OdY3pMuwL/tAcf6XV3UpT
+      BM5VM6JquJUv9t3dE/YzQaKeXqnnscbUHXlRK/qA+EvymHeB2Ts8qIC4FYlDs6xZ
+      49tuSDN74F/SLVp4PeaNo8j7GoY4kmlirzgnSOkx1hYQ1goq1uGjfuq2cpXGncb2
+      2G438iJeEEBGJm0L0/ZAovAnDsrakOhM4QfaSvJ5EFTttl/HsuSCwnDWhMWr1UQJ
+      ZCaaJ5FLaTHRp8oIVDC+WzWJVlrmBtJhw/BZOp0eSsaungLNbRuJ2Tofc9OU82lN
+      XqFRGl3FDadW6Y0sWY5pvPsEFGfruP0QFDO3wIgv47S/he0uwFraE56teEGhj4AT
+      GlyPM6Q+O/ichOUJ8vcyEd9yCeIoHeZHLBQBmnduHVgsc0b15Vq+Co09wYrb9/ba
+      Qta0mbBdPs1rMvvA+zJWrJ/MZC2J0H3a83biKiEtTYOxzkTlUD7Lp5vOB/3IFocZ
+      MQIDAQABo4IDqjCCA6YwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBRoDUXKNcLn
+      mhvws4Td1dp/C4nBETBoBggrBgEFBQcBAQRcMFowNgYIKwYBBQUHMAKGKmh0dHA6
+      Ly9jZXJ0LnNzbC5jb20vRW50cnVzdC1PVlRMUy1JLVIxLmNlcjAgBggrBgEFBQcw
+      AYYUaHR0cDovL29jc3BzLnNzbC5jb20wgdgGA1UdEQSB0DCBzYIHZHNvLm1pbIIJ
+      Ki5kc28ubWlsgg0qLmlsMi5kc28ubWlsgg0qLmlsNC5kc28ubWlsgg0qLmlsNS5k
+      c28ubWlsgg4qLmFwcHMuZHNvLm1pbIIRKi5zdGFnaW5nLmRzby5taWyCDyouYWRt
+      aW4uZHNvLm1pbIIRKi5wcmVwcm9kLmRzby5taWyCEioucGFydHlidXMuZHNvLm1p
+      bIIaKi5zdGFnaW5nLnBhcnR5YnVzLmRzby5taWyCEyouYWRtaW4uaWw1LmRzby5t
+      aWwwIwYDVR0gBBwwGjAIBgZngQwBAgIwDgYMKwYBBAGCqTABAwECMB0GA1UdJQQW
+      MBQGCCsGAQUFBwMCBggrBgEFBQcDATA7BgNVHR8ENDAyMDCgLqAshipodHRwOi8v
+      Y3Jscy5zc2wuY29tL0VudHJ1c3QtT1ZUTFMtSS1SMS5jcmwwHQYDVR0OBBYEFPGH
+      pZq/OFeRdtSYgjOVRE7aVMJSMA4GA1UdDwEB/wQEAwIFoDCCAX4GCisGAQQB1nkC
+      BAIEggFuBIIBagFoAHYADeHyMCvTDcFAYhIJ6lUu/Ed0fLHX6TDvDkIetH5OqjQA
+      AAGTjN4/JgAABAMARzBFAiAxkZx3K+1Hx05hRiEqSHiKQR6MZBm07LEi+fV++CQ8
+      HQIhAPtLwyKZQr3G4lPnRXMn/H9NFTXcrF7elq3bLn0EvWseAHUAzPsPaoVxCWX+
+      lZtTzumyfCLphVwNl422qX5UwP5MDbAAAAGTjN4/FQAABAMARjBEAiBOBZUgjBHx
+      4j1UYkDqCx/06cI6V/QPpS7b6ATlUTaGTwIgR3iZnsN2mWYyDBHEa9FJzLLQDdrs
+      j2QJTm9HW/yMmS0AdwAS8U40vVNyTIQGGcOPP3oT+Oe1YoeInG0wBYTr5YYmOgAA
+      AZOM3j7QAAAEAwBIMEYCIQDHT+NqmdIg0NxvjKw7Mtbdrz272LFquQLha2KCdzHl
+      tgIhAPm2CevtO+Iv49S0JeERtw5JIGTQ343VQ+CDyjgMIrQqMA0GCSqGSIb3DQEB
+      CwUAA4ICAQAKc7xdwZeA1thWzsDBAhFG7XwjgfNrPhHPm98pB+smkeP1gKsdb+FV
+      IsBr+6iercGBQSXn9GrZkb0RdUlqy5X6HVxMNZ7E7mJhkq3HT1Sw7y7ZQGJpvmZh
+      7tWgZ4ajoutvuAFq4AVWvIK0MjXmOKR9xBUe+SMetw30jdNMzc8fJJhKcJxuitC2
+      Xglij9X1uqGXmXaFdFXAPAY6uWn+jp9XnHKqwHYYq8WIPGRRXzR62QhvScGO79yN
+      BMe8Wc5Q1lkEZNSv45d44GqHcpjfAS2Hpt8SzM5DoqUvgJst56nnsENKfGDPzass
+      +VSL4ESBa8Lhm8K9m/KMQNaxIJ5HDu7NFfvp+0yXIpr5l/li5IZ/ah9746dmvyvJ
+      RX4lgAyWiZXFC51lSYvafXF7Tm6BN48LvSCJTD5E5uZvhR3hBiM1dcEu2VsmFzS5
+      HWq2ypRZwDk4jRGN8is3kY8nBdHWr0joyQC4OYRSpoU13oP8m+eYbtXcu8gAo72M
+      4eVjq0PSqYYyoburXTwP+jFy7vkcUu/9t9/L5sNYVoQIWoFtK0gwBUl70cBPWYoK
+      ZQb50ftfJ4pXNyrC1jPN5Ci7jRZHySGsRHkoHLLQdfk/LNUrwioWrDl0v7lJGnsx
+      xZ9PISLI7RmnJj1omDtq6DGyAq5HE1Al47TKroeGuwqjpsKmDuyEQw==
       -----END CERTIFICATE-----
       -----BEGIN CERTIFICATE-----
-      MIIFDjCCA/agAwIBAgIMDulMwwAAAABR03eFMA0GCSqGSIb3DQEBCwUAMIG+MQsw
-      CQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2Vl
-      IHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkg
-      RW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQD
-      EylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjAeFw0x
-      NTEwMDUxOTEzNTZaFw0zMDEyMDUxOTQzNTZaMIG6MQswCQYDVQQGEwJVUzEWMBQG
-      A1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5l
-      dC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5jLiAt
-      IGZvciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRp
-      ZmljYXRpb24gQXV0aG9yaXR5IC0gTDFLMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-      MIIBCgKCAQEA2j+W0E25L0Tn2zlem1DuXKVh2kFnUwmqAJqOV38pa9vH4SEkqjrQ
-      jUcj0u1yFvCRIdJdt7hLqIOPt5EyaM/OJZMssn2XyP7BtBe6CZ4DkJN7fEmDImiK
-      m95HwzGYei59QAvS7z7Tsoyqj0ip/wDoKVgG97aTWpRzJiatWA7lQrjV6nN5ZGhT
-      JbiEz5R6rgZFDKNrTdDGvuoYpDbwkrK6HIiPOlJ/915tgxyd8B/lw9bdpXiSPbBt
-      LOrJz5RBGXFEaLpHPATpXbo+8DX3Fbae8i4VHj9HyMg4p3NFXU2wO7GOFyk36t0F
-      ASK7lDYqjVs1/lMZLwhGwSqzGmIdTivZGwIDAQABo4IBDDCCAQgwDgYDVR0PAQH/
-      BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsG
-      AQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAwBgNVHR8EKTAnMCWgI6Ah
-      hh9odHRwOi8vY3JsLmVudHJ1c3QubmV0L2cyY2EuY3JsMDsGA1UdIAQ0MDIwMAYE
-      VR0gADAoMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAd
-      BgNVHQ4EFgQUgqJwdN28Uz/Pe9T3zX+nYMYKTL8wHwYDVR0jBBgwFoAUanImetAe
-      733nO2lR1GyNn5ASZqswDQYJKoZIhvcNAQELBQADggEBADnVjpiDYcgsY9NwHRkw
-      y/YJrMxp1cncN0HyMg/vdMNY9ngnCTQIlZIv19+4o/0OgemknNM/TWgrFTEKFcxS
-      BJPok1DD2bHi4Wi3Ogl08TRYCj93mEC45mj/XeTIRsXsgdfJghhcg85x2Ly/rJkC
-      k9uUmITSnKa1/ly78EqvIazCP0kkZ9Yujs+szGQVGHLlbHfTUqi53Y2sAEo1GdRv
-      c6N172tkw+CNgxKhiucOhk3YtCAbvmqljEtoZuMrx1gL+1YQ1JH7HdMxWBCMRON1
-      exCdtTix9qrKgWRs6PLigVWXUX/hwidQosk8WwBD9lu51aX8/wdQQGcHsFXwt35u
-      Lcw=
+      MIIGVjCCBD6gAwIBAgIQb+Y+3l/BwDr7bXqFvToVbTANBgkqhkiG9w0BAQsFADBO
+      MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQD
+      DBxTU0wuY29tIFRMUyBSU0EgUm9vdCBDQSAyMDIyMB4XDTI0MDgyMjE3NTMzOFoX
+      DTI3MDgyMjE3NTMzN1owUTELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jw
+      b3JhdGlvbjEoMCYGA1UEAwwfRW50cnVzdCBPViBUTFMgSXNzdWluZyBSU0EgQ0Eg
+      MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKCL+NvDMIL3efFuNaQc
+      aYwzFpZQd/B6gkTd0s+Cu5jFu3Iw5qxis7xsRQWf739+ohRm42PYEiH7IjErxQAw
+      +jbLstW7HP7UaTDoYSN/IZ5mG0wHF/QLlAyXsGz9hNPPE31CN8xfA4JFH8jaQftN
+      QJJnRgWKFys3LK/U2YWbOkx4M50XHFsEDkAuwkt11vEzveJkglfd2O9srAhMsz21
+      YciZed5VQRncdFbY0hh/hbs9n9eRkmg/ItDOmvKbWiljXP7Pigl9mMJWfnqEJaUd
+      tt4FzpiizghGgTwGytDAUH7GxtiLdf3F/Vs5UhRUdEQEnm5Y1OVdjLb3CZpTc3vw
+      XViwO/jG7b64Ancehrrpagbj8yVXGk4Vh8Rj4nf99whmGGP+z9+9T5DXaWTF2xt9
+      PCbviJaIotT3XO7J2VGZyxnV85us4WVY7/vpCQgUEajsglaFW53UCD3uzuBUR3lW
+      YDWZvd7wiPg5wWhA6DXL//MKVQ0dvUJ03AI+zxUvYCDyhBPOEx9ojRgF7HOvq+wG
+      EvX6kV34e5ZLaeR0Wr8iaUq8Wl9oPB0vxuZdJMT4ewNHjLB6IFJY4cszBQBPmxMx
+      jnRkaDb7B/dlS/I2sjTyxB/n+CwbHbuiwkKqVVQpbYws7cmrkUjLQklqFO1xJrVI
+      Me3bAHHqOZeMfUYCo5gxrPCLAgMBAAGjggErMIIBJzASBgNVHRMBAf8ECDAGAQH/
+      AgEAMB8GA1UdIwQYMBaAFPsuN+7jhHonLs0ZNbEzfP/UREK5MEwGCCsGAQUFBwEB
+      BEAwPjA8BggrBgEFBQcwAoYwaHR0cDovL2NlcnQuc3NsLmNvbS9TU0xjb20tVExT
+      LVJvb3QtMjAyMi1SU0EuY2VyMBEGA1UdIAQKMAgwBgYEVR0gADAdBgNVHSUEFjAU
+      BggrBgEFBQcDAgYIKwYBBQUHAwEwQQYDVR0fBDowODA2oDSgMoYwaHR0cDovL2Ny
+      bHMuc3NsLmNvbS9TU0xjb20tVExTLVJvb3QtMjAyMi1SU0EuY3JsMB0GA1UdDgQW
+      BBRoDUXKNcLnmhvws4Td1dp/C4nBETAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcN
+      AQELBQADggIBABNdeusuCgNkxuATfOU8MHWeX7BYQA77yRx/fdV5rEMOdIRMRH/J
+      Ar7qQ+RH9SY4tqAwkfsKBNhgqZnjzeYOMmOVRTlOQpKJwMwZbX5M1IvuF45EF5BO
+      dwRBIMAqSxLzFV4CAS1LUEptuA6SGMC6thY4TdQoHN1YR5A/tFmPj9ASDxlqE7Wc
+      7ZkeL1R8NAKNbcYGPEUXAy9NMiIwwnTqJqQSQXAquf8rhOiOfqWoghMU1xUQ4VgO
+      aPPCbHCanTLWLLo6MEcHuVNdYvtTUmxixuTcqU2E+XfzUH0qoOskiwxAXncRaM+H
+      7diEROecsP9PQFui/ll7QmiEE4goazA72Mvk1IsL7+2gI9BrUgWGxGLOoCcJqvUg
+      Z/8K6N5UJZKXnjOL+tjQVk8qCcF818vuOtOvSAQUeOjSdb1QjaM18Fc62qyclga8
+      FIxqs4UPJg7ozHrCkPBUXb1MlUu0yf0Y9i8R9woh6S0k4TZGZKKKdxmS7QnF4D6M
+      Rr60DDCwdUKP5dMmqPsWd2qaBxlaS3wacNqjhdt0DbXmEOz18BRiKbRxaZ4sDxn9
+      O8XngqHUi9j5bulLTfQSqxDXuMwG0WjkqgkJaCujQ1zIZ7sSIcfGzBevRSy1R32Y
+      Wp1i1vr3oWsj+Cw9gr8FPEw/pPcW7GWfoJvpiHVQ99u7+vUqjQQ13ieL
       -----END CERTIFICATE-----
       -----BEGIN CERTIFICATE-----
-      MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC
-      VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50
-      cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs
-      IEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz
-      dCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy
-      NTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu
-      dHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt
-      dGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0
-      aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj
-      YXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-      AoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T
-      RU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN
-      cCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW
-      wcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1
-      U1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0
-      jaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP
-      BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN
-      BgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/
-      jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ
-      Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v
-      1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R
-      nAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH
-      VHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g==
+      MIIFiTCCA3GgAwIBAgIQb77arXO9CEDii02+1PdbkTANBgkqhkiG9w0BAQsFADBO
+      MQswCQYDVQQGEwJVUzEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMSUwIwYDVQQD
+      DBxTU0wuY29tIFRMUyBSU0EgUm9vdCBDQSAyMDIyMB4XDTIyMDgyNTE2MzQyMloX
+      DTQ2MDgxOTE2MzQyMVowTjELMAkGA1UEBhMCVVMxGDAWBgNVBAoMD1NTTCBDb3Jw
+      b3JhdGlvbjElMCMGA1UEAwwcU1NMLmNvbSBUTFMgUlNBIFJvb3QgQ0EgMjAyMjCC
+      AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANCkCXJPQIgSYT41I57u9nTP
+      L3tYPc48DRAokC+X94xI2KDYJbFMsBFMF3NQ0CJKY7uB0ylu1bUJPiYYf7ISf5OY
+      t6/wNr/y7hienDtSxUcZXXTzZGbVXcdotL8bHAajvI9AI7YexoS9UcQbOcGV0ins
+      S657Lb85/bRi3pZ7QcacoOAGcvvwB5cJOYF0r/c0WRFXCsJbwST0MXMwgsadugL3
+      PnxEX4MN8/HdIGkWCVDi1FW24IBydm5MR7d1VVm0U3TZlMZBrViKMWYPHqIbKUBO
+      L9975hYsLfy/7PO0+r4Y9ptJ1O4Fbtk085zx7AGL0SDGD6C1vBdOSHtRwvzpXGk3
+      R2azaPgVKPC506QVzFpPulJwoxJF3ca6TvvC0PeoUidtbnm1jPx7jMEWTO6Af77w
+      dr5BUxIzrlo4QqvXDz5BjXYHMtWrifZOZ9mxQnUjbvPNQrL8VfVThxc7wDNY8VLS
+      +YCk8OjwO4s4zKTGkH8PnP2L0aPP2oOnaclQNtVcBdIKQXTbYxE3waWglksejBYS
+      d66UNHsef8JmAOSqg+qKkK3ONkRN0VHpvB/zagX9wHQfJRlAUW7qglFA35u5CCoG
+      AtUjHBPW6dvbxrB6y3snm/vg1UYk7RBLY0ulBY+6uB0rpvqR4pJSvezrZ5dtmi2f
+      gTIFZzL7SAg/2SW4BCUvAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0j
+      BBgwFoAU+y437uOEeicuzRk1sTN8/9REQrkwHQYDVR0OBBYEFPsuN+7jhHonLs0Z
+      NbEzfP/UREK5MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAjYlt
+      hEUY8U+zoO9opMAdrDC8Z2awms22qyIZZtM7QbUQnRC6cm4pJCAcAZli05bg4vsM
+      QtfhWsSWTVTNj8pDU/0quOr4ZcoBwq1gaAafORpR2eCNJvkLTqVTJXojpBzOCBvf
+      R4iyrT7gJ4eLSYwfqUdYe5byiB0YrrPRpgqU+tvT5TgKa3kSM/tKWTcWQA673vWJ
+      DPFs0/dRa1419dvAJuoSc06pkZCmF8NsLzjUo3KUQyxi4U5cMj29TH0ZR6LDSeeW
+      P4+a0zvkEdiLA9z2tmBVGKaBUfPhqBVq6+AL8BQx1rmMRTqoENjwuSfr98t67wVy
+      lrXEj5ZzxOhWc5y8aVFjvO9nHEMaX3cZHxj4HCUp+UmZKbaSPaKDN7EgkaibMOlq
+      bLQjk2UEqxHzDh1TJElTHaE/nUiSEeJ9DU/1172iWD54nR4fK/4huxoTtrEoZP2w
+      AgDHbICivRZQIA9ygV/MlP+7mea6kMvq+cYMwq7FGc4zoWtcu358NFcXrfA/rs3q
+      r5nsLFR+jM4uElZI7xc7P0peYNLcdDa8pUNjyw9bowJWCZ4kLOGGgYz+qxcs+sji
+      Mho6/4UIyYOf8kpIEFR3N+2ivEC+5BB09+Rbu7nzifmPQdjH5FCQNYA+HLhNkNPU
+      98OwoX6EyneSMSy4kLGCenROmxMmtNVQZlR4rmA=
       -----END CERTIFICATE-----
+        
 
     # # LetsEncrypt certificate authority for keycloak.dev.bigbang.mil
     # # Use this CA if you deployed Keycloak with *.dev.bigbang.mil certificate using docs/assets/configs/example/keycloak-dev-values.yaml

docs/assets/scripts/developer/k3d-dev.sh

@@ -55,7 +55,7 @@ function getDefaultAmi() {
 
 function update_ec2_security_group
 {
-  # Lookup the security group created to get the ID
+  # Look up the security group created to get the ID
   echo -n Retrieving ID for security group ${SGname} ...
   #### SecurityGroupId=$(aws ec2 describe-security-groups --output json --no-cli-pager --group-names ${SGname} --query "SecurityGroups[0].GroupId" --output text)
   SecurityGroupId=$(aws ec2 describe-security-groups --filter Name=vpc-id,Values=$VPC_ID Name=group-name,Values=$SGname --query 'SecurityGroups[*].[GroupId]' --output text)
@@ -349,7 +349,7 @@ EOF
     echo "Waiting for instance ${InstId} to be ready ..."
     aws ec2 wait instance-running --output json --no-cli-pager --instance-ids ${InstId} &> /dev/null
 
-    # allow some extra seconds for the instance to be fully initiallized
+    # allow some extra seconds for the instance to be fully initialized
     echo "Almost there, 15 seconds to go..."
     sleep 15
 
@@ -852,6 +852,7 @@ for tooldependency in "${tooldependencies[@]}"
   done
 sed_gsed="sed"
 # verify sed version if mac
+# alias prohibited, symlinks permitted
 uname="$(uname -s)"
 if [[ "${uname}" == "Darwin" ]]; then
   if [[ $(command -v gsed) ]]; then
@@ -867,7 +868,7 @@ if [[ "${missingtool}" == 1 ]]; then
   exit 1
 fi
 
-# getting AWs user name
+# getting AWS user name
 AWSUSERNAME=$( aws sts get-caller-identity --query Arn --output text | cut -f 2 -d '/' )
 
 # check for aws username environment variable. If not found then terminate script
@@ -880,7 +881,7 @@ else
 fi
 
 
-####Configure Environment
+#### Configure Environment
 # Identify which VPC to create the spot instance in
 VPC="${VPC_ID}"  # default VPC
 RESET_K3D=false

renovate.json

@@ -6,7 +6,7 @@
     "dependencyDashboardTitle": "Renovate: Update Dependencies",
     "draftPR": true,
     "enabledManagers": ["helm-values","regex"],
-    "labels": ["renovate","kind::maintenance"],
+    "labels": ["renovate","kind::maintenance","kind::Tools & Automation"],
     "packageRules": [
         {
             "matchDatasources": ["docker"],

tests/package-mapping.yaml

@@ -76,6 +76,14 @@ mattermost:
     - "mattermostOperator"
     - "minioOperator"
     - "elasticsearchKibana"
+  bigbang_ci:
+    rds:
+      enabled: true
+      database: ".addons.mattermost.database.database"
+      host: ".addons.mattermost.database.host"
+      port: ".addons.mattermost.database.port"
+      username: ".addons.mattermost.database.username"
+      password: ".addons.mattermost.database.password"
 velero:
   dependencies:
     - "minio"

tests/rke2-test-values.yaml

@@ -288,6 +288,8 @@ addons:
               cpu: 20m
             limits: null
       postgresql:
+        install: false
+        ssl_mode: require
         persistence:
           size: 256Mi
         metrics:

tests/test-values.yaml

@@ -1878,6 +1878,8 @@ addons:
 
   mattermost:
     enabled: false
+    database:
+      ssl_mode: require
     sso:
       enabled: false
       client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_mattermost
@@ -1885,6 +1887,20 @@ addons:
     elasticsearch:
       enabled: true
     values:
+      networkPolicies:
+        enabled: true
+        additionalPolicies:
+          - name: postgresql-egress
+            spec: 
+              podSelector: {}
+              policyTypes:
+                - Egress
+              egress:
+                - to: 
+                  ports:
+                    - protocol: TCP 
+                      port: 5432
+                      endPort: 5432
       enterprise:
         enabled: true
       monitoring:
@@ -1892,6 +1908,17 @@ addons:
       istio:
         hardened:
           customServiceEntries:
+            - name: "postgresql-service-entries"
+              enabled: true 
+              spec:
+                hosts:
+                  - "cirds.cqkqilzbp4x2.us-gov-west-1.rds.amazonaws.com"
+                location: MESH_EXTERNAL
+                ports:
+                  - number: 5432
+                    protocol: TCP
+                    name: postgresql
+                resolution: DNS
             - name: "cypress-service-entries-mattermost"
               enabled: true
               spec:
@@ -1911,6 +1938,8 @@ addons:
                 resolution: DNS
 
       postgresql:
+        install: false
+        ssl_mode: require
         persistence:
           size: 256Mi
       resources: