From b6eceffc1750a220d16f1ddcfd8d060fc8790470 Mon Sep 17 00:00:00 2001
From: LordMathis <matus@namesny.com>
Date: Fri, 8 Aug 2025 21:17:24 +0200
Subject: [PATCH] Consolidate chat-ui and llamactl resources into single YAML
 files, add openhands

---
 apps/prod/homelab-proxy/chatui-ingress.yaml   | 14 -----
 apps/prod/homelab-proxy/chatui-service.yaml   | 13 -----
 apps/prod/homelab-proxy/chatui.yaml           | 29 +++++++++++
 apps/prod/homelab-proxy/kustomization.yaml    |  7 ++-
 apps/prod/homelab-proxy/llamactl-ingress.yaml | 31 -----------
 apps/prod/homelab-proxy/llamactl-service.yaml | 13 -----
 apps/prod/homelab-proxy/llamactl.yaml         | 46 +++++++++++++++++
 apps/prod/homelab-proxy/openhands.yaml        | 31 +++++++++++
 cluster-vars/prod/secret.enc.yaml             | 51 ++++++++++---------
 9 files changed, 136 insertions(+), 99 deletions(-)
 delete mode 100644 apps/prod/homelab-proxy/chatui-ingress.yaml
 delete mode 100644 apps/prod/homelab-proxy/chatui-service.yaml
 create mode 100644 apps/prod/homelab-proxy/chatui.yaml
 delete mode 100644 apps/prod/homelab-proxy/llamactl-ingress.yaml
 delete mode 100644 apps/prod/homelab-proxy/llamactl-service.yaml
 create mode 100644 apps/prod/homelab-proxy/llamactl.yaml
 create mode 100644 apps/prod/homelab-proxy/openhands.yaml

diff --git a/apps/prod/homelab-proxy/chatui-ingress.yaml b/apps/prod/homelab-proxy/chatui-ingress.yaml
deleted file mode 100644
index 6bec019..0000000
--- a/apps/prod/homelab-proxy/chatui-ingress.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: chat-ui-ingress
-  namespace: chat-ui
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`${CHATUI_DOMAIN}`)
-    kind: Rule
-    services:
-    - name: chat-ui-proxy
-      port: ${CHATUI_INTERNAL_PORT}
\ No newline at end of file
diff --git a/apps/prod/homelab-proxy/chatui-service.yaml b/apps/prod/homelab-proxy/chatui-service.yaml
deleted file mode 100644
index 39542a8..0000000
--- a/apps/prod/homelab-proxy/chatui-service.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: chat-ui-proxy
-  namespace: chat-ui
-  annotations:
-    tailscale.com/tailnet-fqdn: ${CHATUI_TAILNET_FQDN}
-spec:
-  type: ExternalName
-  externalName: placeholder
-  ports:
-  - port: ${CHATUI_INTERNAL_PORT}
-    name: http
diff --git a/apps/prod/homelab-proxy/chatui.yaml b/apps/prod/homelab-proxy/chatui.yaml
new file mode 100644
index 0000000..36ad241
--- /dev/null
+++ b/apps/prod/homelab-proxy/chatui.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: chat-ui-proxy
+  namespace: homelab-proxy
+  annotations:
+    tailscale.com/tailnet-fqdn: ${CHATUI_TAILNET_FQDN}
+spec:
+  type: ExternalName
+  externalName: placeholder
+  ports:
+    - port: ${CHATUI_INTERNAL_PORT}
+      name: http
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: chat-ui-ingress
+  namespace: homelab-proxy
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`${CHATUI_DOMAIN}`)
+      kind: Rule
+      services:
+        - name: chat-ui-proxy
+          port: ${CHATUI_INTERNAL_PORT}
diff --git a/apps/prod/homelab-proxy/kustomization.yaml b/apps/prod/homelab-proxy/kustomization.yaml
index 7f87045..b77e8b5 100644
--- a/apps/prod/homelab-proxy/kustomization.yaml
+++ b/apps/prod/homelab-proxy/kustomization.yaml
@@ -4,7 +4,6 @@ namespace: homelab-proxy
 
 resources:
   - ../../base/homelab-proxy
-  - chatui-ingress.yaml
-  - chatui-service.yaml
-  - llamactl-ingress.yaml
-  - llamactl-service.yaml
\ No newline at end of file
+  - llamactl.yaml
+  - chatui.yaml
+  - openhands.yaml
\ No newline at end of file
diff --git a/apps/prod/homelab-proxy/llamactl-ingress.yaml b/apps/prod/homelab-proxy/llamactl-ingress.yaml
deleted file mode 100644
index 4dd63d6..0000000
--- a/apps/prod/homelab-proxy/llamactl-ingress.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: IngressRoute
-metadata:
-  name: llamactl-ingress
-  namespace: llamactl
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  # Protected route for internal management API
-  - match: Host(`${LLAMACTL_DOMAIN}`) && PathPrefix(`/api/v1`)
-    kind: Rule
-    services:
-    - name: llamactl-proxy
-      port: ${LLAMACTL_INTERNAL_PORT}
-    middlewares:
-      - name: "auth-authelia@kubernetescrd"
-  # Unprotected route for OpenAI compatible API (uses API keys)
-  - match: Host(`${LLAMACTL_DOMAIN}`) && PathPrefix(`/v1`)
-    kind: Rule
-    services:
-    - name: llamactl-proxy
-      port: ${LLAMACTL_INTERNAL_PORT}
-  # Catch-all route
-  - match: Host(`${LLAMACTL_DOMAIN}`)
-    kind: Rule
-    services:
-    - name: llamactl-proxy
-      port: ${LLAMACTL_INTERNAL_PORT}
-    middlewares:
-      - name: "auth-authelia@kubernetescrd"
\ No newline at end of file
diff --git a/apps/prod/homelab-proxy/llamactl-service.yaml b/apps/prod/homelab-proxy/llamactl-service.yaml
deleted file mode 100644
index 76cac83..0000000
--- a/apps/prod/homelab-proxy/llamactl-service.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: llamactl-proxy
-  namespace: llamactl
-  annotations:
-    tailscale.com/tailnet-fqdn: ${LLAMACTL_TAILNET_FQDN}
-spec:
-  type: ExternalName
-  externalName: placeholder
-  ports:
-  - port: ${LLAMACTL_INTERNAL_PORT}
-    name: http
\ No newline at end of file
diff --git a/apps/prod/homelab-proxy/llamactl.yaml b/apps/prod/homelab-proxy/llamactl.yaml
new file mode 100644
index 0000000..1827119
--- /dev/null
+++ b/apps/prod/homelab-proxy/llamactl.yaml
@@ -0,0 +1,46 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: llamactl-proxy
+  namespace: homelab-proxy
+  annotations:
+    tailscale.com/tailnet-fqdn: ${LLAMACTL_TAILNET_FQDN}
+spec:
+  type: ExternalName
+  externalName: placeholder
+  ports:
+    - port: ${LLAMACTL_INTERNAL_PORT}
+      name: http
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: llamactl-ingress
+  namespace: homelab-proxy
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    # Protected route for internal management API
+    - match: Host(`${LLAMACTL_DOMAIN}`) && PathPrefix(`/api/v1`)
+      kind: Rule
+      services:
+        - name: llamactl-proxy
+          port: ${LLAMACTL_INTERNAL_PORT}
+      middlewares:
+        - name: "auth-authelia@kubernetescrd"
+    # Unprotected route for OpenAI compatible API (uses API keys)
+    - match: Host(`${LLAMACTL_DOMAIN}`) && PathPrefix(`/v1`)
+      kind: Rule
+      services:
+        - name: llamactl-proxy
+          port: ${LLAMACTL_INTERNAL_PORT}
+    # Catch-all route
+    - match: Host(`${LLAMACTL_DOMAIN}`)
+      kind: Rule
+      services:
+        - name: llamactl-proxy
+          port: ${LLAMACTL_INTERNAL_PORT}
+      middlewares:
+        - name: "auth-authelia@kubernetescrd"
diff --git a/apps/prod/homelab-proxy/openhands.yaml b/apps/prod/homelab-proxy/openhands.yaml
new file mode 100644
index 0000000..4665897
--- /dev/null
+++ b/apps/prod/homelab-proxy/openhands.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: openhands-proxy
+  namespace: homelab-proxy
+  annotations:
+    tailscale.com/tailnet-fqdn: ${OPENHANDS_TAILNET_FQDN}
+spec:
+  type: ExternalName
+  externalName: placeholder
+  ports:
+    - port: ${OPENHANDS_INTERNAL_PORT}
+      name: http
+
+---
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: openhands-ingress
+  namespace: homelab-proxy
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`${OPENHANDS_DOMAIN}`)
+      kind: Rule
+      services:
+        - name: openhands-proxy
+          port: ${OPENHANDS_INTERNAL_PORT}
+      middlewares:
+        - name: "auth-authelia@kubernetescrd"
diff --git a/cluster-vars/prod/secret.enc.yaml b/cluster-vars/prod/secret.enc.yaml
index 28aaf2b..849cfc9 100644
--- a/cluster-vars/prod/secret.enc.yaml
+++ b/cluster-vars/prod/secret.enc.yaml
@@ -4,35 +4,38 @@ metadata:
     name: cluster-vars-prod
     namespace: flux-system
 stringData:
-    DOMAIN: ENC[AES256_GCM,data:F5I4/i5CBIFY,iv:kLcjtpyP1Oe3VJKguhlPD1eTOf989IynVWBTsr0KlQA=,tag:5faKXjFiSXQJnf6cEZG+RQ==,type:str]
-    DOMAIN2: ENC[AES256_GCM,data:uppAjEaD5orHuA==,iv:n93YNxjreexK3+mtEl+NyKxFNq6+B52Ola1z6gMNTb8=,tag:DpKSrf+RpfCOHI+WcIG+dA==,type:str]
-    GITEA_DOMAIN: ENC[AES256_GCM,data:ZaMGK0y8de8yJVV7LA==,iv:fwpfsjwxwX62xfCDDatg68RFnCCwkhEwKELZhGe7QAQ=,tag:L33jAv93SPaUgNSraN3L7Q==,type:str]
-    AUTHELIA_DOMAIN: ENC[AES256_GCM,data:o6Va1c2AzDw/alpz3BM=,iv:16+45Qf1G0bVzlZbu6Rmhipxq/LMXCNCeVU4azg1e4w=,tag:2v5EgfmOhgRTXx2wtujYMg==,type:str]
-    TRAEFIK_DOMAIN: ENC[AES256_GCM,data:wsCJ8/4ykY+Ikdm6YYo1BwY=,iv:ksoig3LOp2rpKCkAPOeTvuncZLsn3I0Uz5bQpeXuaBE=,tag:HPa3aHpSTu/lIVq32Gfh9Q==,type:str]
-    LEMMA_DOMAIN: ENC[AES256_GCM,data:kKMDB+hTIRO3BDBSm3si,iv:H+w2usI6WhMfYHg3HMysRUQMsPDb/t1v05hZpMX+ZEI=,tag:qOtT3VHW65yj8uzFLcLedw==,type:str]
-    GHOST_DOMAIN: ENC[AES256_GCM,data:MWFNSWb0JPRb/IsYXFiSmw==,iv:OBbvUkdl9FieQ7hR5S3CfRhidhar+sdgSAt2C9J+di8=,tag:ggCESRLOGwyIQ35U2NvaKg==,type:str]
-    K8S_DASHBOARD_DOMAIN: ENC[AES256_GCM,data:YnTczrMV4mVt3aNxGg==,iv:DyiJTWLHJGbDhODauSsJUB+HEPjqebRQ/DCoOncpow0=,tag:NOD78zxdBhcrS+yC9tpWng==,type:str]
-    LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:mEPcyTaKzcm9vH2fai0zPianh9JzOhw=,iv:q6bcTWyWKGZMpj/1R/O/jfRhijvRzYt9+B8EgJJMrvg=,tag:5SRuQYmDCARXCAZVCHq+QQ==,type:str]
-    GITEA_ADMIN_EMAIL: ENC[AES256_GCM,data:+DhiTZREwHVeZ938bH2mpcU=,iv:hFKUv+IpV/E10mDYsrgAeaWko7KojJaCTiA6ElJHlg0=,tag:McyU/F9uFzI/XXEF8h+OoQ==,type:str]
-    GHOST_ADMIN_EMAIL: ENC[AES256_GCM,data:+8wJ86UCUTQwOhaXABxQWAA=,iv:WPxsPyn3BfqIWlmONWiErN0T6lM76TbU/yMlcNOwjyk=,tag:Ryzx+BeQjL7yz8xuhqKOdw==,type:str]
-    LLAMACTL_DOMAIN: ENC[AES256_GCM,data:mA7wjyvwdbvG6bwVxFhni+ZX,iv:WOABZBxZAqjtq19hX4hrFsUnkWBEHSb7VC96ja/eFho=,tag:rWl7Uy2rdJ8VIIkp48I89A==,type:str]
-    LLAMACTL_TAILNET_FQDN: ENC[AES256_GCM,data:yrO30vZ4m0PbapDfZfYKsPOuH8AW8j6Eo1arWjk=,iv:XORKCxmMMj5VzlfpjVh7a+e6ylq3kwdrEjt+0YM9UHs=,tag:ALYXRPuoEH68vjTRxQpeNw==,type:str]
-    LLAMACTL_INTERNAL_PORT: ENC[AES256_GCM,data:wmyG4A==,iv:d3T5J0kXL58oLdQFFnju3kpddbCuSdBxUK9TGesMkTo=,tag:XVPE5BjpT87eQc42CzMDvg==,type:str]
-    CHATUI_DOMAIN: ENC[AES256_GCM,data:N0137+/BldXgZgFY1Vk=,iv:+JvLqcsJYHmpdh931ozQJw/it5X/kn1ffZH40OoashI=,tag:aoK230kVeMY1+QVLROVBAA==,type:str]
-    CHATUI_TAILNET_FQDN: ENC[AES256_GCM,data:eTXrtIEgkfuuiifCdntrvCofCDVMjT2/qXuvfSM=,iv:8YQPVqxw3PsFqNzHDp5JSFCf4Wb6nYiNGMxYtIfcPqg=,tag:sIvQIz35VGljvscOVMfcqg==,type:str]
-    CHATUI_INTERNAL_PORT: ENC[AES256_GCM,data:L6lZKQ==,iv:ScWMlDv1XeVYiaHghv4TysLMApPtUjx9DqNl9GJ/0g4=,tag:cId8v5+C8UvNqu1H5xZ1Sw==,type:str]
+    DOMAIN: ENC[AES256_GCM,data:gxx/eRadtMMy,iv:iPgQ8MmeIWyldHE8+uiP/P9dSBHxOyjM6pi3cCJc7Es=,tag:i+XCfuQzMveStJ+Hb1hQPA==,type:str]
+    DOMAIN2: ENC[AES256_GCM,data:x0aIwS+l7Ahm6A==,iv:SXdgFKGLDNY0+wsVT4lrmKDgsPMG1uaB9lryjSupxYg=,tag:hyAFPsIMojUXNNe2TiynyA==,type:str]
+    GITEA_DOMAIN: ENC[AES256_GCM,data:MGgYfgTvm9RqnJOk8w==,iv:SurMX4g4QZ+tS8OejamYQVySeHN35T9aJ8KJyGJ3qr0=,tag:OvlLpmWHYPteTrBX9oNjgw==,type:str]
+    AUTHELIA_DOMAIN: ENC[AES256_GCM,data:TTlTobpYtSareFSJzt4=,iv:2SnQKnY1i74fIAPIET5vGBZeZ0Xj4UK2fKpuPxpaTFw=,tag:5Qscpz8DCuDT3keZ/AHkBg==,type:str]
+    TRAEFIK_DOMAIN: ENC[AES256_GCM,data:OoaRRTwvhJN2DiOzzP4KBlw=,iv:wIgeCCmg32G3C7UbxKu39ahQTy4rbHihHUfYYa8iPMo=,tag:hkQFWyVSaKUPtPgKW84IeA==,type:str]
+    LEMMA_DOMAIN: ENC[AES256_GCM,data:letOZq2G9u9MFWOJQWN4,iv:boPPWZtrleIMBVowNiPH5qUiO7p8TAkxQIYVo1ew5c8=,tag:sRE+HsrdO7bOV6WbxI/g1w==,type:str]
+    GHOST_DOMAIN: ENC[AES256_GCM,data:J8UBhKisZncviv2/1JeTxQ==,iv:cM9MN9CZPlS9vua0zj+am5cHY8yq1DzUWpugMHUglHM=,tag:5v3HJPHHDdDmZcLUZZGx4w==,type:str]
+    K8S_DASHBOARD_DOMAIN: ENC[AES256_GCM,data:H4K7C+3QQP0y3QEyWw==,iv:/QysmIX89uz4jmBkWhoXd1a5vFk1vCu5DbTpuInVJUY=,tag:Idf8VC2o7K8CZAeKBBy6qQ==,type:str]
+    LETSENCRYPT_EMAIL: ENC[AES256_GCM,data:utoQOqRKVqHSV3itXSm80bk//lRZKSE=,iv:GjcqeTaoCal9mAreyDXkWfquIG61YH2tzshsZ43zoPA=,tag:0exMvC0rA1CcqB+Sl6MlRg==,type:str]
+    GITEA_ADMIN_EMAIL: ENC[AES256_GCM,data:OgcvSqOkNdkO5GBTYL9jZKk=,iv:adndCFN7risZV5aqAs10bMC2d9UgbES3qeQcp92jr0s=,tag:3n5rsZQ2cKbbCpv6bePpAg==,type:str]
+    GHOST_ADMIN_EMAIL: ENC[AES256_GCM,data:VQ4xtfZvLsYP1o6PnX07GVI=,iv:7hwd1kECTWF5OMiqpFVCu0gdxvz8e7w+mw9N4gpCGlA=,tag:ZYoPG6WAl3GU6p5KPvT8nw==,type:str]
+    LLAMACTL_DOMAIN: ENC[AES256_GCM,data:+cGhZrHlwCnqv0qfcwyXrFX7,iv:Eu7/6H6Y/ND26eJr7DK7prT3R12apjMHmbUMe0Z/Hlw=,tag:bE10OKIcSK1KUE0jCFcJcw==,type:str]
+    LLAMACTL_TAILNET_FQDN: ENC[AES256_GCM,data:Z2rnGhV5+6/BlhcFErUObmkHOXww0Tw2vGt9W40=,iv:5BdRV4nP+EerZgJAUFoBiyND02TEkJvwf+Q6VzPfidE=,tag:5KZxHi3aEXNyIJHcXksvew==,type:str]
+    LLAMACTL_INTERNAL_PORT: ENC[AES256_GCM,data:A+qtIA==,iv:I9MRL8YC+k9S7Nam76JfMeeQKkr3PfzVHUyTN/xkTKY=,tag:/v6Ll/n23tu1L3caDJDKMg==,type:str]
+    CHATUI_DOMAIN: ENC[AES256_GCM,data:4u5sE930VQwKpju5iLY=,iv:3DEu7K2Cj5h5mSvB5/tUE/EPtswFIvPvjtk8OrATPaU=,tag:+NFko4s5fKuwHhdM86PmqQ==,type:str]
+    CHATUI_TAILNET_FQDN: ENC[AES256_GCM,data:TBzNp8VWauSTzXQmtWGCbIca3+wCSvf+Yv9nzcU=,iv:QLbfvtr/GyEgYltweprmVeiANzUivkJjDy+NXjfS5yM=,tag:9zoJO9Foi3GVBAkNWbnd2Q==,type:str]
+    CHATUI_INTERNAL_PORT: ENC[AES256_GCM,data:TVYLLA==,iv:rxffY5kx1Ne23m8jfGxnFRNz1QlTUz1F/XZHMKk+AeA=,tag:X30MZuTB0xFajEVKZf7qcQ==,type:str]
+    OPENHANDS_DOMAIN: ENC[AES256_GCM,data:7c2KTI9GDYujV0NAKo+V,iv:KoKJESoDYE9pdr63bbay5SbhTMdnCe0hYqo6Wvn+N0c=,tag:nASNU2U50FBRFtaIzpIHrg==,type:str]
+    OPENHANDS_TAILNET_FQDN: ENC[AES256_GCM,data:ni+ixc3QiIo6L2zY9vlLmLdDWkaPdMGimpsl+28=,iv:nefgurOqkyoOwOAF4bHMh+wIegcP5leFpIZiiDknsbo=,tag:LhIVcgLzObRbEi5mt5VqJg==,type:str]
+    OPENHANDS_INTERNAL_PORT: ENC[AES256_GCM,data:5CIdLw==,iv:liqZprX0stxw4XtSwQxKc67kI4aV0fpWxENCCKYfmkw=,tag:erSxpmv66wpVgwtGW8c5qg==,type:str]
 sops:
     age:
         - recipient: age1jk99rtxq3ep2xj2w886cchddf7jypqpwkr3dszg5dzq93gn8cy9qyc786m
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1ZTRta2ZYcmZ4ZjB5R0c0
-            cEthZnlBQU1SbHFyL25UZmVBeE5lQzE0U1J3Cm5GSlQ3TGYxZ3VWVE0rc2xDd0F5
-            REI2VHNkZGdlbUJUMTlQQjBVRHdxQTQKLS0tIEthajZQbGRRVWNYS2ZUVDRTa0xq
-            QVZhVnNzanNNeFBhQ0o4ODRJZmpaaG8KAxH3jmNwSsrfCsfIsGSWfdzfxsinnoN0
-            p/QrAAm7NijAE5ivOAG7QjNgm0g7AeXWLMgcqLM7R/qtBZ2HMMmEfA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2WU01VFkrYXVjS0FBenJo
+            UHdFU1ZUek5FRHdtaEFyTTI5ZCtWYmM4UGtzCnd2STM4ZWVUa290Q1NrTElwd1hm
+            ZjJ4ak56SFF0TXpnM3RuQzVqalVqNlkKLS0tIEdEUy9nWk9ZUFh1T0xPZGVrWDR0
+            OEV0eklMZDhrRnVHNTFtdjNsMFpSYzgKB0+6aS6BS36PV9xkSZOPZEGIuqqPYJpd
+            ygN2S5XBjpFMbY9zsCUTstzn87TJk1Gx5+s9L6EhM9kDX5E1eIKlGA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-31T20:31:23Z"
-    mac: ENC[AES256_GCM,data:C8ykDHxyobBTIWmzgJvAeFkbst4XGIB+U3V8cVfsaGtdri0EbZsNbIhyLFb3rWJsH04rFwkA+U6pdRA55jyqSUqd1KzL+9IojEct/sEB90BZWwXg/Cl3ufj6xjlOlAvnoRXDy46lC4LhFHjh/UVhmpRFm4mCrsnRZAWPgBMlYt8=,iv:8H3TzwYQbAHSG20vyzEn702niUy2YXS9L+eg2Mcb2hw=,tag:Fwda6wRJcZTPUGjd7KEvYw==,type:str]
+    lastmodified: "2025-08-08T19:10:43Z"
+    mac: ENC[AES256_GCM,data:Yddp7gQWeSwrhTy7+6IQLlac0etLIPrxomjuodQWZNEIm82RuTqpVFE46YG7o4IMoBgxLlRU7fvEjKFg0NAC9Xd5yIM0HhIIqaCJ7mskNMy8mRM36asdfd6bjlpLebMjWZt7IgnxPVsdq85LiB3z+47d2iSouI/MJUmy3GdFags=,iv:teYUoK5lhacfiBK3MSX73zsvq9aqoAFfhMrPzzdxqA0=,tag:6ijah7ep80xTGRkZRP0/lQ==,type:str]
     unencrypted_regex: ^(apiVersion|metadata|kind|type)$
     version: 3.10.2