Merge branch 'master' into fluxcd-2022

2025-06-06 17:01:30 +00:00 · 2023-03-13 08:47:50 +11:00 · 2023-03-13 08:47:50 +11:00 · 26fb40dce6
commit 26fb40dce6
parent 48eace7204 baf786af7b
77 changed files with 2739 additions and 397 deletions
--- a/argo/argo-cd/README.md
+++ b/argo/argo-cd/README.md
@ -0,0 +1,3 @@
 # Introduction to Argo CD
 <a href="https://youtu.be/2WSJF7d8dUg" title="argo"><img src="https://i.ytimg.com/vi/2WSJF7d8dUg/hqdefault.jpg" width="20%" alt="introduction to argo cd" /></a> 
--- a/deno/README.md
+++ b/deno/README.md
@ -0,0 +1,3 @@
 # Introduction to Deno with Docker
 <a href="https://youtu.be/4EfnECkCx8E" title="Kubernetes"><img src="https://i.ytimg.com/vi/4EfnECkCx8E/hqdefault.jpg" width="20%" alt="introduction to deno" /></a> 
--- a/drone-ci/README.md
+++ b/drone-ci/README.md
@ -0,0 +1,3 @@
 # Introduction to Drone CI
 <a href="https://youtu.be/myCcJJ_Fk10" title="drone ci"><img src="https://i.ytimg.com/vi/myCcJJ_Fk10/hqdefault.jpg" width="20%" alt="introduction to drone ci" /></a> 
--- a/github/actions/self-hosted-runner/README.md
+++ b/github/actions/self-hosted-runner/README.md
@ -0,0 +1,3 @@
 # Introduction to GitHub Actions: Self hosted runners
 <a href="https://youtu.be/d3isYUrPN7s" title="githubactions"><img src="https://i.ytimg.com/vi/d3isYUrPN7s/hqdefault.jpg" width="20%" alt="introduction to github actions runners" /></a> 
--- a/golang/introduction/part-2.json/readme.md
+++ b/golang/introduction/part-2.json/readme.md
@ -1,5 +1,7 @@
 # Introduction to Go: JSON
 <a href="https://youtu.be/_ok29xwZ11k" title="golang-part-2"><img src="https://i.ytimg.com/vi/_ok29xwZ11k/hqdefault.jpg" width="20%" alt="introduction to Go part 2" /></a>
 In programming languages, you will very often deal with data structures internally. <br/>
 Sometimes, you need to pass data outside of your application or read data from another application, or even a file. <br/>
--- a/golang/introduction/part-3.http/readme.md
+++ b/golang/introduction/part-3.http/readme.md
@ -1,5 +1,7 @@
 # Introduction to Go: HTTP
 <a href="https://youtu.be/MKkokYpGyTU" title="golang-part-3"><img src="https://i.ytimg.com/vi/MKkokYpGyTU/hqdefault.jpg" width="20%" alt="introduction to Go part 3" /></a>
 HTTP is a fundamental part of Microservices and Web distributed systems <br/>
 Go has a built in HTTP web server package. The package can be found [here](https://golang.org/pkg/net/http/) <br/>
--- a/golang/introduction/part-4.commandline/readme.md
+++ b/golang/introduction/part-4.commandline/readme.md
@ -1,5 +1,7 @@
 # Introduction to Go: Command Line
 <a href="https://youtu.be/CODqM_rzwtk" title="golang-part-4"><img src="https://i.ytimg.com/vi/CODqM_rzwtk/hqdefault.jpg" width="20%" alt="introduction to Go part 4" /></a>
 Command line apps are a fundamental part of software development <br/>
 Go has a built in Commandline parser package. The package can be found [here](https://golang.org/pkg/flag/) <br/>
--- a/golang/introduction/part-5.database.redis/readme.md
+++ b/golang/introduction/part-5.database.redis/readme.md
@ -1,5 +1,7 @@
 # Introduction to Go: Storing data in Redis Database
 <a href="https://youtu.be/6lJCyKwoQaQ" title="golang-part-5"><img src="https://i.ytimg.com/vi/6lJCyKwoQaQ/hqdefault.jpg" width="20%" alt="introduction to Go part 5" /></a>
 Up until now, we've learned the fundamentals of Go and built a small web microservice that handles our video data.
 Our service has a `/` `GET` endpoint for returning all videos, as well as a simple `/update` endpoint for updating our list of videos.
--- a/golang/introduction/readme.md
+++ b/golang/introduction/readme.md
@ -1,5 +1,7 @@
 # Introduction to Learning Go
 <a href="https://youtu.be/jpKysZwllVw" title="golang-part-1"><img src="https://i.ytimg.com/vi/jpKysZwllVw/hqdefault.jpg" width="20%" alt="introduction to Go part 1" /></a>
 Go can be downloaded from [golang.org](https://golang.org/doc/install) <br/>
 Test your `go` installation:
--- a/hashicorp/vault-2022/readme.md
+++ b/hashicorp/vault-2022/readme.md
@ -1,5 +1,7 @@
 # Hashicorp Vault Guide
 <a href="https://youtu.be/2Owo4Ioo9tQ" title="hashicorp-vault"><img src="https://i.ytimg.com/vi/2Owo4Ioo9tQ/hqdefault.jpg" width="20%" alt="introduction hashicorp vault" /></a>
 Requirements:
 * Kubernetes 1.21
--- a/hashicorp/vault/readme.md
+++ b/hashicorp/vault/readme.md
@ -1,5 +1,7 @@
 # Hashicorp Vault Guide - Deprecated
 <a href="https://www.youtube.com/playlist?list=PLHq1uqvAteVtq-NRX3yd1ziA_wJSBu3Oj" title="vault"><img src="https://i.ytimg.com/vi/L_o_CG_AGKA/hqdefault.jpg" width="20%" alt="introduction to vault" /></a>
 # Vault
 For this tutorial, I use Kubernetes 1.17
--- a/hashicorp/vault/tls/ssl_generate_self_signed.txt
+++ b/hashicorp/vault/tls/ssl_generate_self_signed.txt
@ -4,8 +4,8 @@ cd ./hashicorp/vault/tls/
 docker run -it --rm -v ${PWD}:/work -w /work debian:buster bash
 apt-get update && apt-get install -y curl &&
-curl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl && \
+curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl && \
-curl https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson && \
+curl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson && \
 chmod +x /usr/local/bin/cfssl && \
 chmod +x /usr/local/bin/cfssljson
--- a/jenkins/amazon-eks/readme.md
+++ b/jenkins/amazon-eks/readme.md
@ -1,5 +1,7 @@
 # Jenkins on Amazon Kubernetes 
 <a href="https://youtu.be/eqOCdNO2Nmk" title="jenkins eks"><img src="https://i.ytimg.com/vi/eqOCdNO2Nmk/hqdefault.jpg" width="20%" alt="jenkins eks" /></a> 
 ## Create a cluster
 Follow my Introduction to Amazon EKS for beginners guide, to create a cluster <br/>
--- a/jenkins/readme.md
+++ b/jenkins/readme.md
@ -5,6 +5,8 @@ For running Jenkins on AMAZON, start [here](./amazon-eks/readme.md)
 # Jenkins on Local (Docker Windows \ Minikube \ etc)
 <a href="https://youtu.be/eRWIJGF3Y2g" title="jenkins"><img src="https://i.ytimg.com/vi/eRWIJGF3Y2g/hqdefault.jpg" width="20%" alt="jenkins" /></a> 
 For running Jenkins on Local Docker for Windows or Minikube <br/>
 Watch the [video](https://youtu.be/eRWIJGF3Y2g)
--- a/kubernetes/admissioncontrollers/introduction/README.md
+++ b/kubernetes/admissioncontrollers/introduction/README.md
@ -2,6 +2,8 @@
 [Admission Webhook](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#what-are-admission-webhooks)
 <a href="https://youtu.be/1mNYSn2KMZk" title="Kubernetes"><img src="https://i.ytimg.com/vi/1mNYSn2KMZk/hqdefault.jpg" width="20%" alt="Kubernetes Admission Controllers" /></a> 
 <hr/>
 ## Installation (local)
--- a/kubernetes/autoscaling/readme.md
+++ b/kubernetes/autoscaling/readme.md
@ -6,10 +6,14 @@ Cluster autoscaler allows us to scale cluster nodes when they become full <br/>
 I would recommend to learn about scaling your cluster nodes before scaling pods. <br/>
 Video [here](https://youtu.be/jM36M39MA3I)
 <a href="https://youtu.be/jM36M39MA3I" title="Kubernetes"><img src="https://i.ytimg.com/vi/jM36M39MA3I/hqdefault.jpg" width="20%" alt="Kubernetes cluster auto scaling" /></a> 
 ## Horizontal Pod Autoscaling
 HPA allows us to scale pods when their resource utilisation goes over a threshold <br/>
 <a href="https://youtu.be/FfDI08sgrYY" title="Kubernetes"><img src="https://i.ytimg.com/vi/FfDI08sgrYY/hqdefault.jpg" width="20%" alt="Pod auto scaling" /></a> 
 ## Requirements
 ### A Cluster 
--- a/kubernetes/autoscaling/vertical-pod-autoscaling/readme.md
+++ b/kubernetes/autoscaling/vertical-pod-autoscaling/readme.md
@ -1,5 +1,7 @@
 # Vertical Pod Autoscaling
 <a href="https://youtu.be/jcHQ5SKKTLM" title="Kubernetes"><img src="https://i.ytimg.com/vi/jcHQ5SKKTLM/hqdefault.jpg" width="20%" alt="vertical auto scaling" /></a> 
 ## We need a Kubernetes cluster
 Lets create a Kubernetes cluster to play with using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/)
--- a/kubernetes/cert-manager/README.md
+++ b/kubernetes/cert-manager/README.md
@ -1,5 +1,7 @@
 # Introduction to cert-manager for Kubernetes
 <a href="https://youtu.be/hoLUigg4V18" title="certmanager"><img src="https://i.ytimg.com/vi/hoLUigg4V18/hqdefault.jpg" width="20%" alt="introduction to certmanager" /></a>
 ## We need a Kubernetes cluster
 Lets create a Kubernetes cluster to play with using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/)
--- a/kubernetes/cloud/amazon/getting-started.md
+++ b/kubernetes/cloud/amazon/getting-started.md
@ -1,5 +1,7 @@
 # Getting Started with EKS
 <a href="https://youtu.be/QThadS3Soig" title="k8s-eks"><img src="https://i.ytimg.com/vi/QThadS3Soig/hqdefault.jpg" width="20%" alt="k8s-eks" /></a> 
 ## Amazon CLI
 ```
--- a/kubernetes/cloud/azure/getting-started.md
+++ b/kubernetes/cloud/azure/getting-started.md
@ -1,5 +1,7 @@
 # Getting Started with AKS
 <a href="https://youtu.be/eyvLwK5C2dw" title="k8s-aks"><img src="https://i.ytimg.com/vi/eyvLwK5C2dw/hqdefault.jpg" width="20%" alt="k8s-aks" /></a> 
 ## Azure CLI
 ```
--- a/kubernetes/cloud/digitalocean/getting-started.md
+++ b/kubernetes/cloud/digitalocean/getting-started.md
@ -1,5 +1,7 @@
 # Getting Started with DGO
 <a href="https://youtu.be/PvfBCE-xgBY" title="k8s-do"><img src="https://i.ytimg.com/vi/PvfBCE-xgBY/hqdefault.jpg" width="20%" alt="k8s-do" /></a> 
 ## Trial Account
 Coupon Link to get $100 credit for 60 days: <br/>
--- a/kubernetes/cloud/google/getting-started.md
+++ b/kubernetes/cloud/google/getting-started.md
@ -1,5 +1,7 @@
 # Getting Started with GKE
 <a href="https://youtu.be/-fbH5Qs3QXU" title="k8s-gke"><img src="https://i.ytimg.com/vi/-fbH5Qs3QXU/hqdefault.jpg" width="20%" alt="k8s-gke" /></a> 
 ## Google Cloud CLI
 https://hub.docker.com/r/google/cloud-sdk/
--- a/kubernetes/cloud/linode/getting-started.md
+++ b/kubernetes/cloud/linode/getting-started.md
@ -1,5 +1,7 @@
 # Getting Started with Linode
 <a href="https://youtu.be/VSPUWEtqtnY" title="k8s-linode"><img src="https://i.ytimg.com/vi/VSPUWEtqtnY/hqdefault.jpg" width="20%" alt="k8s-linode" /></a> 
 ## Trial Account
 Promo Link to get $20 credit to try out Linode: <br/>
--- a/kubernetes/configmaps/README.md
+++ b/kubernetes/configmaps/README.md
@ -0,0 +1,3 @@
 # Introduction to Kubernetes: Configmaps
 <a href="https://youtu.be/o-gXx7r7Rz4" title="k8s-cm"><img src="https://i.ytimg.com/vi/o-gXx7r7Rz4/hqdefault.jpg" width="20%" alt="k8s-cm" /></a> 
--- a/kubernetes/daemonsets/README.md
+++ b/kubernetes/daemonsets/README.md
@ -1,5 +1,7 @@
 # Kubernetes Daemonsets
 <a href="https://youtu.be/RGSeeN-o-kQ" title="k8s-daemonset"><img src="https://i.ytimg.com/vi/RGSeeN-o-kQ/hqdefault.jpg" width="20%" alt="k8s-daemonset" /></a> 
 ## We need a Kubernetes cluster
 Lets create a Kubernetes cluster to play with using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/) </br>
--- a/kubernetes/datree/README-2023.md
+++ b/kubernetes/datree/README-2023.md
@ -0,0 +1,263 @@
 # Whats new 👉🏽 Datree in 2023
 <a href="https://youtu.be/iwoIjzS33qE" title="Kubernetes"><img src="https://i.ytimg.com/vi/iwoIjzS33qE/hqdefault.jpg" width="20%" alt="Kubernetes Guide" /></a> 
 ## Create a Kubernetes cluster
 Let's start by creating a local `kind` [cluster](https://kind.sigs.k8s.io/)
 Note that we create a Kubernetes 1.23 cluster. </br>
 So we want to use `datree` to validate and ensure our manifests comply with that version of Kubernetes. <br/>
 ```
 kind create cluster --name datree --image kindest/node:v1.23.6
 ```
 ## Installation 
 Best place to start is the [documentation](https://hub.datree.io/)
 I like to start all my work inside a docker container. </br>
 Let's run a small Alpine linux container
 ```
 docker run -it -v ${PWD}:/work -v ${HOME}/.kube/:/root/.kube/ -w /work --net host alpine sh 
 ```
 ### Install Kubectl
 Let's install `kubectl` in our container </br>
 ```
 apk add curl jq
 curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.23.6/bin/linux/amd64/kubectl
 chmod +x ./kubectl
 mv ./kubectl /usr/local/bin/kubectl
 ```
 ### Install Helm
 Let's install `helm` in our container </br>
 ```
 curl -L https://get.helm.sh/helm-v3.5.4-linux-amd64.tar.gz -o /tmp/helm.tar.gz && \
 tar -xzf /tmp/helm.tar.gz -C /tmp && \
 chmod +x /tmp/linux-amd64/helm && \
 mv /tmp/linux-amd64/helm /usr/local/bin/helm
 ```
 ## Install Datree on our cluster
 Add the Helm repo:
 ```
 helm repo add datree-webhook https://datreeio.github.io/admission-webhook-datree
 helm search repo datree-webhook --versions
 ```
 Grab the manifest:
 ```
 CHART_VERSION="0.3.22"
 APP_VERSION="0.1.46"
 DATREE_TOKEN=""
 mkdir ./kubernetes/datree/manifests/
 helm template datree-webhook datree-webhook/datree-admission-webhook \
 --create-namespace \
 --set datree.token=${DATREE_TOKEN} \
 --set datree.clusterName=$(kubectl config current-context) \
 --version ${CHART_VERSION} \
 --namespace datree \
 > ./kubernetes/datree/manifests/datree.${APP_VERSION}.yaml
 ```
 Apply the manifests:
 ```
 kubectl create namespace datree
 kubectl apply -n datree -f kubernetes/datree/manifests/
 ```
 Check the install
 ```
 kubectl -n datree get pods
 ```
 ## View our Cluster Score
 Now with Datree installed in our cluster, we can review it's current scoring in the Datree [Dashboard](https://app.datree.io/overview) </br>
 As we are running a test cluster or if you run in the cloud, there may be some cloud components in namespaces that you may want to ignore. </br>
 We can do this by labeling a namespace which is [documented here](https://hub.datree.io/configuration/behavior#ignore-a-namespace) </br>
 </p>
 OR </br>
 We can do this by using the [configuration file](https://hub.datree.io/configuration/behavior#ignore-a-namespace) for datree
 ```
 # skip namespace using label
 kubectl label namespaces local-path-storage "admission.datree/validate=skip"
 # skip namespace using configmap
 kubectl -n datree apply -f kubernetes/datree/configuration/config.yaml
 kubectl rollout restart deployment -n datree
 ```
 According to the dashboard, we still have a `D` score, let's rerun the scan:
 ```
 kubectl get job "scan-job" -n datree -o json | jq 'del(.spec.selector)' | jq 'del(.spec.template.metadata.labels)' | kubectl replace --force -f -
 ```
 Now we can see that we have an `A` score. </br>
 ## Deploy some workloads to our cluster
 For most companies and larger teams, it's extremely difficult to fix policy issues. </br>
 Let's walk through what this may look like. </br>
 Deploy some sample workloads: 
 ```
 kubectl create namespace cms
 kubectl -n cms create configmap mysql \
 --from-literal MYSQL_RANDOM_ROOT_PASSWORD=1
 kubectl -n cms create secret generic wordpress \
 --from-literal WORDPRESS_DB_HOST=mysql \
 --from-literal WORDPRESS_DB_USER=exampleuser \
 --from-literal WORDPRESS_DB_PASSWORD=examplepassword \
 --from-literal WORDPRESS_DB_NAME=exampledb
 kubectl -n cms create secret generic mysql \
 --from-literal MYSQL_USER=exampleuser \
 --from-literal MYSQL_PASSWORD=examplepassword \
 --from-literal MYSQL_DATABASE=exampledb
 kubectl -n cms apply -f kubernetes/datree/example/cms/
 ```
 Check out workloads 
 ```
 kubectl -n cms get all
 ```
 Rerun our scan:
 ```
 kubectl get job "scan-job" -n datree -o json | jq 'del(.spec.selector)' | jq 'del(.spec.template.metadata.labels)' | kubectl replace --force -f -
 ```
 Now we can follow the dashboard, to check our `namespace` for policy issues and start fixing them. </br>
 Summary of our fixes:
 ```
 spec:
  containers:
    - name: wordpress
      image: wordpress:5.9-apache
 kind: Deployment
 spec:
  template:
    spec:
      containers:
        - name: wordpress
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
          resources:
            limits:
              memory: "500Mi"
            requests:
              memory: "500Mi"
 spec:
  containers:
    - name: wordpress
      livenessProbe:
        httpGet:
          path: /
          port: 80
      readinessProbe:
        httpGet:
          path: /
          port: 80
 kind: Deployment
 spec:
  template:
    spec:
      containers:
      - name: wordpress
        volumeMounts:
        - mountPath: /tmp
          name: temp
        - mountPath: /var/run/apache2/
          name: apache
      volumes:
      - emptyDir: {}
        name: temp
      - emptyDir: {}
        name: apache
 kubectl -n cms apply -f kubernetes/datree/example/cms/
 ```
 ## Datree CLI : Testing our YAML locally
 We can install the latest version of Datree with the command advertised:
 ```
 apk add unzip
 curl https://get.datree.io | /bin/sh
 ```
 ### Policy check
 Let's test my example manifests under our datree folder `kubernetes\datree\example`
 ```
 datree test ./kubernetes/datree/example/cms/*.yaml
 ```
 # CI/CD examples
 The tools as well as the dashboards help us solve these policy issues locally. </br>
 Once we have sorted out our policy issues, we can add Datree to our CI/CD pipeline. </br>
 Checkout the [CI/CD integrations](https://hub.datree.io/cicd-examples) page. </br>
 # Enforcing Policies
 Configure Datree to enforce policies. </br>
 We can use `helm upgrade` with the `--set` flag and set enforce to true like:
 ```
 --set datree.enforce=true 
 ```
 Let's apply it to a new manifest and deploy it to our cluster:
 ```
 helm template datree-webhook datree-webhook/datree-admission-webhook \
 --create-namespace \
 --set datree.enforce=true \
 --set datree.token=${DATREE_TOKEN} \
 --set datree.clusterName=$(kubectl config current-context) \
 --version ${CHART_VERSION} \
 --namespace datree \
 > ./kubernetes/datree/manifests/datree.${APP_VERSION}-enforce.yaml
 kubectl apply -n datree -f kubernetes/datree/manifests/datree.0.1.46-enforce.yaml
 ```
 Try to apply our Wordpress MySQL which violates policies :
 ```
 kubectl -n cms apply -f kubernetes/datree/example/cms/statefulset.yaml
 ```
--- a/kubernetes/datree/README.md
+++ b/kubernetes/datree/README.md
@ -1,6 +1,8 @@
 # Introduction to Datree
 <a href="https://youtu.be/aqiOyXPPadk" title="Kubernetes"><img src="https://i.ytimg.com/vi/aqiOyXPPadk/hqdefault.jpg" width="20%" alt="Kubernetes Guide" /></a> 
 ## Installation 
 Best place to start is the [documentation](https://hub.datree.io/)
--- a/kubernetes/datree/configuration/config.yaml
+++ b/kubernetes/datree/configuration/config.yaml
@ -0,0 +1,8 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: webhook-scanning-filters
  namespace: datree
 data:
  skiplist: |
    - local-path-storage;(.*);(.*)
--- a/kubernetes/datree/example/cms/deploy.yaml
+++ b/kubernetes/datree/example/cms/deploy.yaml
@ -0,0 +1,42 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: wordpress-deployment
  labels:
    app: wordpress
 spec:
  replicas: 2
  selector:
    matchLabels:
      app: wordpress
  template:
    metadata:
      labels:
        app: wordpress
    spec:
      containers:
      - name: wordpress
        image: wordpress
        ports:
        - containerPort: 80
        env:
        - name: WORDPRESS_DB_HOST
          valueFrom:
            secretKeyRef:
              name: wordpress
              key: WORDPRESS_DB_HOST
        - name: WORDPRESS_DB_USER
          valueFrom:
            secretKeyRef:
              name: wordpress
              key: WORDPRESS_DB_USER
        - name: WORDPRESS_DB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: wordpress
              key: WORDPRESS_DB_PASSWORD
        - name: WORDPRESS_DB_NAME
          valueFrom:
            secretKeyRef:
              name: wordpress
              key: WORDPRESS_DB_NAME
--- a/kubernetes/datree/example/cms/ingress.yaml
+++ b/kubernetes/datree/example/cms/ingress.yaml
@ -0,0 +1,18 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  name: wordpress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
 spec:
  ingressClassName: nginx
  rules:
  - http:    
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: wordpress
            port:
              number: 80
--- a/kubernetes/datree/example/cms/service.yaml
+++ b/kubernetes/datree/example/cms/service.yaml
@ -0,0 +1,14 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: wordpress
  labels:
    app: wordpress
 spec:
  ports:
  - port: 80
    name: wordpress
    targetPort: 80
  type: ClusterIP
  selector:
    app: wordpress
--- a/kubernetes/datree/example/cms/statefulset.yaml
+++ b/kubernetes/datree/example/cms/statefulset.yaml
@ -0,0 +1,69 @@
 apiVersion: v1
 kind: Service
 metadata:
  name: mysql
  labels:
    app: mysql
 spec:
  ports:
  - port: 3306
    name: db
  type: ClusterIP
  selector:
    app: mysql
 ---
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
  name: mysql
 spec:
  selector:
    matchLabels:
      app: mysql # has to match .spec.template.metadata.labels
  serviceName: "mysql"
  replicas: 1
  template:
    metadata:
      labels:
        app: mysql # has to match .spec.selector.matchLabels
    spec:
      terminationGracePeriodSeconds: 10
      containers:
      - name: mysql
        image: aimvector/mysql-example
        ports:
        - containerPort: 3306
          name: db
        env:
        - name: MYSQL_DATABASE
          valueFrom:
            secretKeyRef:
              name: mysql
              key: MYSQL_DATABASE
        - name: MYSQL_USER
          valueFrom:
            secretKeyRef:
              name: mysql
              key: MYSQL_USER
        - name: MYSQL_PASSWORD
          valueFrom:
            secretKeyRef:
              name: mysql
              key: MYSQL_PASSWORD
        - name: MYSQL_RANDOM_ROOT_PASSWORD
          valueFrom:
            configMapKeyRef:
              name: mysql
              key: MYSQL_RANDOM_ROOT_PASSWORD
        volumeMounts:
        - name: db
          mountPath: /var/lib/mysql
  volumeClaimTemplates:
  - metadata:
      name: db
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: "standard"
      resources:
        requests:
          storage: 500Mi
--- a/kubernetes/datree/github-actions/datree.yaml
+++ b/kubernetes/datree/github-actions/datree.yaml
@ -1,13 +1,9 @@
 on:
  workflow_dispatch:
  push:
-    branches: [ datree ]
+    branches: [ datree-scoring ]
  pull_request:
    branches: [ datree ]
 env:
  DATREE_TOKEN: ${{ secrets.DATREE_TOKEN }} 
 jobs:
  k8sPolicyCheck:
    runs-on: ubuntu-latest
--- a/kubernetes/datree/manifests/datree.0.1.46-enforce.yaml
+++ b/kubernetes/datree/manifests/datree.0.1.46-enforce.yaml
@ -0,0 +1,718 @@
 ---
 # Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: cluster-scan-job-service-account
  namespace: datree
 ---
 # Source: datree-admission-webhook/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: datree-webhook-server
  namespace: datree
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 ---
 # Source: datree-admission-webhook/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: datree-label-namespaces-hook-post-install
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 ---
 # Source: datree-admission-webhook/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: datree-cleanup-namespaces-hook-pre-delete
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 ---
 # Source: datree-admission-webhook/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: datree-wait-server-ready-hook-post-install
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 ---
 # Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml
 apiVersion: v1
 kind: Secret
 metadata:
  name: datree-ca-tls
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
  namespace: datree
 type: kubernetes.io/tls
 data:
  tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBM3gydlg4YzdlanZpb0dyZWJmeGNSaDA5WWk2bmFxU3YvQXlEQ0lnVW9LSnFIZ1NBCmNUbU1FVXY0R3F2YUFGdWk5QmVFY0lZUXNhektZSWRTUkUxdmw3bm94K2hLSmRmRVZ4Y1lVaHZaOExaQ0tDNzEKRTdsZGZmUmQyM0kveHhrRE1rZCtTN1FNV1IxaXd5U05nRDU3cktBbVNxQlNVWStkSVpwQWNyQ0EwVStaY2ZteAprNUtRQXRodk9GYzZXWndtVjNpSjhOdzk0Q3ppVkIyRTNIVDZDZDlYcG9IdWlhN3pPWFZKamlCT0RubVRlZ0Y1Cmg5ZStZekx6cThxbUFLb3RkU08xNUQvSVhqSUNIYXdGMUFYeHNDQXlFUm1iN2FvZmo5a3N0M3BiTVJZeG0zTVUKbnY2aUJ6MGxKOXExcTBoNUJleXVmdk5JWTVXY3l5cEd2SGQrd1FJREFRQUJBb0lCQUVpMzlDRFRYcDlJUldUagpiL3VJOU1vbFhZeFNpRjVKcnRJSGdlMlY3S011VEVmY1Q4Q1hjUDl5TXpyK0o5OVYvcFp2MDhxWTUzZ0JTVFNNCjVsTThxZEpaMVhUU1VOaGtxcWwzN1lWVmJvTDE1RG9Vayt3SnpsN3U5bWcvcEduUHpTcm1BbFBLS3Z3Z2g3L3kKZWV3Q2NXeWlCZGpzeCtldFZ4bE1uUlRFVWpmbGpkbzhJdHJ4ajBEem5zUmgxZDVJaC9NZjJ6ekRQTXN0UGMyZgpxUDBGNGFNVkFLN2p6Qnp6cjNMNC81d1lwUXR2RUowSDcrViswTjZYOTFJUE85YWtaVE5UMmJXNDR1MXN6UmhFCkJ3dDJINmJUQ1VoTjVMUmszYTRnNEozTVd0cEhZSThHRVRVeGdaeElBeFhMRiszak1zU3JGb3NyN05EUTZhUWQKL1BDVWJRRUNnWUVBOURmcGxNdkNMVnhQRUF6RDdhcDQvNGRxYloyTXU5SGVwcFpkbUViRTVoWE9zNXVRZzN1dQp1U203OVB4dXQ0QTlhK3Z2NWNIditXWVdQc005MnAyWXA5Z2k3OVJQeHJFclhTdlFHU3E0UGh4MVlKV0VnY2R3ClIra1NiYm9rdTNLeGZKYlJta21SR2dMQ2tyOE9WSjBMWENnamEvaEJUQmkvZ0svUDZQZHRlWDBDZ1lFQTZlRW8KZ0RnaDgvbUl6TUxkOXBVVHZIQVUxNFlsTk11ay9qOW8rajFNd3gxbjJMcnM0RFlVeWMxR0RTeFlaK2l5VTRQTgppZ1lwRlY0SmRiTDRaYThBc21TRVcxUXNUckFZN1Y2UzN6Nkc1NVNZQmtYTnRSQnhQSHREbU5oY2JIYlhEdUNBCkc5cEpBK3ZSY21sbFBVZlRRTkt3bElaSU90aGgrQy80djJTUlBaVUNnWUErdnRiT21nTkxzRG5ILzkrZkFudVAKKzNUR3NRSGxoNmhTMkxNM1dvZGdMaDRyV3o2bjZYRWN0YkpLNFVoNDhRUFc1SW1BV0hHVmZEc2U2UDdOV2t4TQpZMldtaEwveVpyYWplNHc5eXhJSE16eWRFZzAzWXN4Z1RXdWtzWHlhaEg5QmFXWjA0NDNhUnZkQ3lMK2YwYkdICmZmQ0wzdjYzMUd2dlhqeG11SnR4NlFLQmdDNDRxV0J0dDRnWUVNa20yZWNabjBUbWdiZjJjdlAwS3k5MEtMTUwKMmxmVlAraTlTSU1uTFFTVTVQdEZnRk5JMGJWZm53ZGdJRTV3dnozYm1PdS9va3VmUWVrcXdYYnJwb0dDNTFQbgpiNUhrOUFhSlZSWXJvYlZxUnZtMkNNNEd6b25LSklkY3BJRjU0WExURVljQzR1VTB2bUVjQ0xwWWVVUXJkdVdjClluZmhBb0dBSkttM0RIYmlTU3MyaXZQa1FJNVFDNGZtLzBLV0IyZmpkVkZwTitLSzFrdDBBVUxWbTQ0OWhwTFcKWmVWMndGM29qUkxhamRmZnFGNjJCekYrU2pyY25Ed1g2SXFsT0F6b0xvaFdMc3hRYUlNL0xQRk9OakxlQW1YTAp2UUt6UXdJRElIaCtnekFDUy9jdEFzVXpuS0tIRTRqWmxFVnRnUko0WWxVSDdwd0FaZTQ9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUs4TTRaaDl3TzJicFJieUY5VVR1UU13RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNekF4TVRnd09EVTFNRFphRncweU9EQXhNVGt3T0RVMU1EWmFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURmSGE5Znh6dDZPK0tnYXQ1dC9GeEdIVDFpTHFkcQpwSy84RElNSWlCU2dvbW9lQklCeE9Zd1JTL2dhcTlvQVc2TDBGNFJ3aGhDeHJNcGdoMUpFVFcrWHVlakg2RW9sCjE4UlhGeGhTRzlud3RrSW9MdlVUdVYxOTlGM2Jjai9IR1FNeVIzNUx0QXhaSFdMREpJMkFQbnVzb0NaS29GSlIKajUwaG1rQnlzSURSVDVseCtiR1RrcEFDMkc4NFZ6cFpuQ1pYZUludzNEM2dMT0pVSFlUY2RQb0ozMWVtZ2U2Sgpydk01ZFVtT0lFNE9lWk42QVhtSDE3NWpNdk9yeXFZQXFpMTFJN1hrUDhoZU1nSWRyQVhVQmZHd0lESVJHWnZ0CnFoK1AyU3kzZWxzeEZqR2JjeFNlL3FJSFBTVW4ycldyU0hrRjdLNSs4MGhqbFp6TEtrYThkMzdCQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVV0MvNUp3bTNQZ1BXYW9TanNpelE2aHJCCm82Y3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBS2lEdDZoVkZVN1RTekkvQWV4bXd0b3I3eUo4Qmg4L2Y1ZVIKTWJCSGN3dFRrTUpIazFuVUV2WG5GQS9xK1BDdzd3eXdUaHp0T0hwUkM1N3QvWkMwYkF5WUtRV1JJVEx5NWpDVwpUbDJRL1l5UkdKVlJjT0xQUWhWT1krcW1BdzluVklVTGRROWs0SEtPeUM0T1g2TmRCUktOazdjdlBzakpOc1M5CjRreUtCVUQyelArUGpGdDVEZUFFZXpRSmRwR2xiNXVyQnNHUldCZC8zODNYa01pOG5sSWhtbUFxVVlpcjFsc3cKRlNEWS9saDc5RDg0bTUzdFlVc0R2UjdwZ0pKbUtCOWRBUGJxOG1jQzdRUm5jd0tQSjdhUUJjTlpvNU1IZ3FFNAptelRlMnNybGhqbXcvSEFnMGdiM0RnME5hQzNzYlpTUytzeUhyVllyWVdQSHRWdDk2ZXc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
 ---
 # Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml
 apiVersion: v1
 kind: Secret
 metadata:
  name: webhook-server-tls
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
  namespace: datree
  annotations:
    self-signed-cert: "true"
 type: kubernetes.io/tls
 data:
  tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeDV5WmFMaWFaMFdrQXFWMFBSejRFR0plYldyYkJ2bFl0RGxwbDZxa241U3FXdUE0ClR1amdLVW8zNFYvcjQ4N3JWR3c5eHBaN3FoWkxCQzRBYndjZWJuRGI3UFdHZzc5TXNUTjl3M0tzUEY2YkthcUcKWkdUOUk3WVZGc2QycUJleGVnSEtFSVFQc3NXelNteVFHUWRGZXlsSDlPRkN5a1ZKUDJpdTM2T1dWc3NwbHpCSgp3RW56MjYzQ2JIQXIvWFZ3QUE0MXlBaXRIUDJrWmYyL2ZaWGRKU0JCQ0JnSjdGb1YzTVZVbmRhVzhXRWVYRDdhCjQ1MkJKWkpLQzJORCs2WFEwdHluaFFVeFlYSzA3eTdTSHZiSDlOTWQ4bWd5S3NHVWdTRFdNV3lBV2srMElYTlcKZVFpbVNkd1I3czFyMkFJNUNteUVWSmMwMTk3VFR0ZGluNzBQSFFJREFRQUJBb0lCQUdvdDNkaTdvYjVmWi8vVQpYUUdKSUZjdXpFWHR1alo2ZW5uYnRGUnQvQVc3QWVjM01CeWhlV1BkUzk1QnRPdklESndxdTYyZ0xJWHNOOWt3ClV5QzhLNjdacjlMYlE4TmZCZitZZ1VSdkFqbFdwYmpETVp2RHNIZkhpbTVFaWRTZVRkUzFrUE82RzlPZm9HQnQKWVRVL0RmR1dvdVVhMGZsZ1k3Y3NDeUdCRmg1eUlKOUhHRUl5d1NBNUNQd2tnR3RtYks5M085MXNWcG13YjcvVAo1aTJOUGRVOThHaHFORjJMQjg3cTBBYVI3ekhPMGNkQ29OZitZUTQzR0JKM0hvRFpSNHJCQ2xvY3dacXJrN2FPClF6Mlp3SDQ2U084cHlkTWdTUE1IckpOdVlqZ01peWdZQ2ZXT0VqcHVwVThUWVZ6T3V6TmQ0TWQyU3doSVVYUm8KVWNRNHAwMENnWUVBN0lLODAraXpNYTNDZkFyM05UangzWnhFUjFodXdUTGJXUHg3VmNQdktoYkJNajRpVUVHVQptY1BKeWdscmF2TUlEMm9tdzBlTzhJSDdWTDU5Tm9rcGFSV0RZbU84eFFrRyt1TVFUcGtpaTYvOWJxNVg5eEQrClRNaUZWcGxFNGZBQThwcFhxSVRIUHFrQTlOeFhHWXROMjJOaEtBUWJuYTFPSHNXVzVrbFdnZE1DZ1lFQTJBOTMKaGsrMG92b3JKM0VGdWZVT0tDTmpLRXBIeFN1Ym5xMTJBS1Q3enFSVlpYZm9NV0hBcWpVZVBWTG9jK3l0NzkvOQpVVGJpY2ZmcDFaS1VTSS90Yk9iZkkrM2MvM3VqZjFmRHBieWw0Q05iaUZIOUZpbnBCbUpXM3BMaDZQWjVTNGt2ClZJZFFzQ2ZwQkVEWWdBeEZ2bm1saHlWdldHZXBBYkllcnJscXBVOENnWUVBeHFBWmN5SW5jOTVJeWlIdmNNd3QKRy85RHZHTkJTSkdzY3pRL1pFelR5NVltbEVwb1NOeDZyeFFsb0w1K2J1aEI2YWd0ZTZ6YUY1UWgvZzZvVzZlZgpsbmdSeWd5WEdTYTJyUGNLMStkMWdyaS9iemVOK3BsVDZDb3pDUUpaUGlKd3VVM3p0andrbExRY2NJZW53blVpCll0QTRaUUhtSzJyRGc4WlBMNEdCM0M4Q2dZRUFwTU0rdWF6a3FuZ3VHbmpGRGljRE1iYXlzaEhiSTAvNjc0bUYKK0QzWVRKL2pBMnJxSldaUEh6MDhuelV2VU4vSFVLcTJLWTI2SjRFUHo2OWs1dVRqQU80YWNmSzlXaEsxL3JFMQo0Smk0d2ZFVXB5TW01aFQxdjhtVVIwMHBlNWNocm1taUwwcTFUSEJTOE14bWpWZE9oRStOM0Q2KzUySzliaTZmCjJVeEtPRjhDZ1lBLzlBc3hmRHVYRHdlb044eDZRODZlaTM1VTQxNE1NK1ZZK0l1ZWRlMU1MN1p1UCtSMTlvVEQKSjdYTERXaHZpUWMxMThYcWNRb2l6czdmcXB3YlRPM2gwNDBxMFV5Zk9TalQxb2VZcjVua1pIR2VrT0tINldGMQpXcFhCMWZSWDZ2SUxPVVloSGtEUWtCMTI2cWJIRmRXVUkrMENhOVRxeDFlNWN3YVNOOHo4cVE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlekNDQW1PZ0F3SUJBZ0lRRXN2eFdLU3hJTnVtMUlhOTdmK1RNakFOQmdrcWhraUc5dzBCQVFzRkFEQXoKTVRFd0x3WURWUVFERXlndlEwNDlRV1J0YVhOemFXOXVJRU52Ym5SeWIyeHNaWElnVjJWaWFHOXZheUJFWlcxdgpJRU5CTUI0WERUSXpNREV4T0RBNE5UVXdObG9YRFRJNE1ERXhPVEE0TlRVd05sb3dMekV0TUNzR0ExVUVBeE1rCkwwTk9QV1JoZEhKbFpTMTNaV0pvYjI5ckxYTmxjblpsY2k1a1lYUnlaV1V1YzNaak1JSUJJakFOQmdrcWhraUcKOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXg1eVphTGlhWjBXa0FxVjBQUno0RUdKZWJXcmJCdmxZdERscApsNnFrbjVTcVd1QTRUdWpnS1VvMzRWL3I0ODdyVkd3OXhwWjdxaFpMQkM0QWJ3Y2VibkRiN1BXR2c3OU1zVE45CnczS3NQRjZiS2FxR1pHVDlJN1lWRnNkMnFCZXhlZ0hLRUlRUHNzV3pTbXlRR1FkRmV5bEg5T0ZDeWtWSlAyaXUKMzZPV1Zzc3BsekJKd0VuejI2M0NiSEFyL1hWd0FBNDF5QWl0SFAya1pmMi9mWlhkSlNCQkNCZ0o3Rm9WM01WVQpuZGFXOFdFZVhEN2E0NTJCSlpKS0MyTkQrNlhRMHR5bmhRVXhZWEswN3k3U0h2Ykg5Tk1kOG1neUtzR1VnU0RXCk1XeUFXayswSVhOV2VRaW1TZHdSN3MxcjJBSTVDbXlFVkpjMDE5N1RUdGRpbjcwUEhRSURBUUFCbzRHT01JR0wKTUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJdwpEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCUllML2tuQ2JjK0E5WnFoS095TE5EcUdzR2pwekFyCkJnTlZIUkVFSkRBaWdpQmtZWFJ5WldVdGQyVmlhRzl2YXkxelpYSjJaWEl1WkdGMGNtVmxMbk4yWXpBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FRRUFLU2E3TXowSG9xMEprT3h5UjI3Um9rQVM3MVVuVDFZTG5QS2tFSVpZaHVncAowSU5yZFpTVjVDa0FPWitCWkJHRElia2lVVzdnM3lNNUJjRDM3NmV0cFpXWlNnL1JyZ1FvRkxrY2t5dnczWHVDCk43QjU1Y3gvMFozemFOVXg5d1BlSXFJd0FwZjgxQUVqSlEwNllLSFhvbE5aakNTRTdNSlQyc2VpY054MTJUMGgKUVUvdHhLRm03MEhYSlN6L0YzVWxaaUxEeGswZnd3a2FvVVk0ZDlHL0tuRlRRaDEybW05QlNHQVNIdW5zUHdMSwpNcUF3SngzU2lpSURpQk82cVNWdlB0dWhlUHp3S2MxNDYzSHk2dUs4RkVnaktqSGlUd2pMSjNlZTBUZTFOVEtCCmlWTk5VSmxKNHhBa1Fqd1dGbUYvUkdqS1dBRmtwRFAzWUZlMnYwSG1XQT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
 ---
 # Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: cluster-scan-job-role
 rules:
  - apiGroups:
      - "*"
    resources:
      - "*"
    verbs:
      - "get"
      - "list"
 ---
 # Source: datree-admission-webhook/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: datree-webhook-server-read
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 rules:
  - apiGroups:
      - ""
    resources:
      - "nodes"
      - "namespaces"
    verbs:
      - "get"
      - "list"
 ---
 # Source: datree-admission-webhook/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: datree-namespaces-update
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 rules:
  - apiGroups:
      - ""
    resources:
      - namespaces
    verbs:
      - get
      - update
      - patch
    resourceNames:
      - kube-system
      - datree
 ---
 # Source: datree-admission-webhook/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: datree-validationwebhook-delete
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 rules:
  - apiGroups:
      - "admissionregistration.k8s.io"
    resources:
      - validatingwebhookconfigurations
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch
    resourceNames:
      - datree-webhook
 ---
 # Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: cluster-scan-job-rolebinding
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-scan-job-role
 subjects:
  - kind: ServiceAccount
    name: cluster-scan-job-service-account
    namespace: datree
 ---
 # Source: datree-admission-webhook/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: datree-webhook-server-read 
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: datree-webhook-server-read # datree-webhook-server-read
 subjects:
  - kind: ServiceAccount
    name: datree-webhook-server # datree-webhook-server
    namespace: datree
 ---
 # Source: datree-admission-webhook/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: datree-namespaces-update
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: datree-namespaces-update
 subjects:
  - kind: ServiceAccount
    name: "datree-label-namespaces-hook-post-install"
    namespace: "datree"
  - kind: ServiceAccount
    name: "datree-cleanup-namespaces-hook-pre-delete"
    namespace: "datree"
 ---
 # Source: datree-admission-webhook/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: datree-validationwebhook-delete
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: datree-validationwebhook-delete
 subjects:
  - kind: ServiceAccount
    name: "datree-cleanup-namespaces-hook-pre-delete"
    namespace: "datree"
 ---
 # Source: datree-admission-webhook/templates/role.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: datree-pods-reader
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 rules:
  - apiGroups:
      - ""
    resources:
      - "pods"
      - "jobs"
    verbs:
      - "get"
      - "list"
      - "watch"
 ---
 # Source: datree-admission-webhook/templates/rolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: datree-pods-reader
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: datree-pods-reader
 subjects:
  - kind: ServiceAccount
    name: datree-wait-server-ready-hook-post-install
    namespace: "datree"
 ---
 # Source: datree-admission-webhook/templates/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
  name: datree-webhook-server
  namespace: datree
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 spec:
  selector:
    app: "datree-webhook-server"
  ports:
    - port: 443
      targetPort: webhook-api
 ---
 # Source: datree-admission-webhook/templates/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: datree-webhook-server
  namespace: datree
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
    owner: datree
    app: "datree-webhook-server"
 spec:
  replicas: 2
  selector:
    matchLabels: 
      app: "datree-webhook-server"
  template:
    metadata:
      labels: 
        app.kubernetes.io/name: datree-admission-webhook
        app.kubernetes.io/managed-by: "Helm"
        app.kubernetes.io/instance: "datree-webhook"
        app.kubernetes.io/version: 0.1.41
        app.kubernetes.io/part-of: "datree"
        meta.helm.sh/release-name: "datree-admission-webhook"
        meta.helm.sh/release-namespace: "datree" 
        helm.sh/chart: datree-admission-webhook-0.3.22
        app: "datree-webhook-server"
    spec:
      serviceAccountName: datree-webhook-server
      containers:
        - name: server
          # caution: don't change the order of the environment variables
          # changing the order will harm resource patching
          env:
            - name: DATREE_TOKEN
              value: "ef7088eb-3096-4533-97d8-f16fb3a5b0c1"
            - name: DATREE_POLICY
              value: Starter
            - name: DATREE_VERBOSE
              value: ""
            - name: DATREE_OUTPUT
              value: ""
            - name: DATREE_NO_RECORD
              value: ""
            - name: DATREE_ENFORCE
              value: "true"
          securityContext: 
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: 25000
          livenessProbe:
            httpGet:
              path: /health
              port: 8443
              scheme: HTTPS
            initialDelaySeconds: 5
            periodSeconds: 10
          readinessProbe:
            httpGet:
              path: /ready
              port: 8443
              scheme: HTTPS
            initialDelaySeconds: 5
            periodSeconds: 10
          resources:
            {}
          image: "datree/admission-webhook:0.1.41"
          imagePullPolicy: Always
          ports:
            - containerPort: 8443
              name: webhook-api
          volumeMounts:
            - name: webhook-tls-certs
              mountPath: /run/secrets/tls
              readOnly: true
            - name: webhook-config
              mountPath: /config
              readOnly: true
      volumes:
        - name: webhook-tls-certs
          secret:
            secretName: webhook-server-tls
        - name: webhook-config
          configMap:
            name: webhook-scanning-filters
            optional: true
 ---
 # Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: scan-job
  namespace: datree
 spec:
  backoffLimit: 4
  template:
    spec:
      serviceAccountName: cluster-scan-job-service-account
      restartPolicy: Never
      containers:
        - name: scan-job
          env:
            - name: DATREE_TOKEN
              value: ef7088eb-3096-4533-97d8-f16fb3a5b0c1
            - name: DATREE_POLICY
              value: Starter
            - name: CLUSTER_NAME
              value: kind-datree
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: 25000
            seccompProfile:
              type: RuntimeDefault
          image: "datree/scan-job:0.0.13"
          imagePullPolicy: Always
          resources:
            {}
          volumeMounts:
            - name: webhook-config
              mountPath: /config
              readOnly: true
      volumes:
        - name: webhook-config
          configMap:
            name: webhook-scanning-filters
            optional: true
 ---
 # Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
 apiVersion: batch/v1beta1
 kind: CronJob
 metadata:
  name: scan-cronjob
  namespace: datree
 spec:
  # get the current time, subtract 5 minutes, extract the minutes and inject it into the cron expression
  # if helm installation was done at 13:35, the cron expression will be 30 * * * *, which means the job will run at 14:30, 15:30, 16:30, etc.
  schedule: "50 * * * *" # every hour, starting 55 minutes after helm installation
  jobTemplate: 
    spec:
      backoffLimit: 4
      template:
        spec:
          serviceAccountName: cluster-scan-job-service-account
          restartPolicy: Never
          containers:
            - name: scan-job
              env:
                - name: DATREE_TOKEN
                  value: ef7088eb-3096-4533-97d8-f16fb3a5b0c1
                - name: DATREE_POLICY
                  value: Starter
                - name: CLUSTER_NAME
                  value: kind-datree
              securityContext:
                allowPrivilegeEscalation: false
                readOnlyRootFilesystem: true
                runAsNonRoot: true
                runAsUser: 25000
                seccompProfile:
                  type: RuntimeDefault
              image: "datree/scan-job:0.0.13"
              imagePullPolicy: Always
              resources:
                {}
              volumeMounts:
                - name: webhook-config
                  mountPath: /config
                  readOnly: true
          volumes:
            - name: webhook-config
              configMap:
                name: webhook-scanning-filters
                optional: true
 ---
 # Source: datree-admission-webhook/templates/namespace-post-delete.yaml
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: datree-cleanup-namespaces-hook-pre-delete
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
  namespace: datree
  annotations: 
    "helm.sh/hook": pre-delete, pre-upgrade
    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
 spec:
  template:
    metadata:
      labels: 
        app.kubernetes.io/name: datree-admission-webhook
        app.kubernetes.io/managed-by: "Helm"
        app.kubernetes.io/instance: "datree-webhook"
        app.kubernetes.io/version: 0.1.41
        app.kubernetes.io/part-of: "datree"
        meta.helm.sh/release-name: "datree-admission-webhook"
        meta.helm.sh/release-namespace: "datree" 
        helm.sh/chart: datree-admission-webhook-0.3.22
    spec:
      restartPolicy: OnFailure
      serviceAccount: datree-cleanup-namespaces-hook-pre-delete
      nodeSelector:
        kubernetes.io/os: linux
      containers:
        - name: kubectl-label
          image: "clastix/kubectl:v1.25"
          imagePullPolicy: IfNotPresent
          command:
            - sh
            - "-c"
            - >-
              kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io datree-webhook -n datree;
              kubectl label ns kube-system datree datree.io/skip-;
 ---
 # Source: datree-admission-webhook/templates/namespace-post-install.yaml
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: datree-label-namespaces-hook-post-install
  namespace: datree
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
  annotations:
    "helm.sh/hook": post-install, post-upgrade
    "helm.sh/hook-weight": "-5"
    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
 spec:
  template:
    metadata:
      labels: 
        app.kubernetes.io/name: datree-admission-webhook
        app.kubernetes.io/managed-by: "Helm"
        app.kubernetes.io/instance: "datree-webhook"
        app.kubernetes.io/version: 0.1.41
        app.kubernetes.io/part-of: "datree"
        meta.helm.sh/release-name: "datree-admission-webhook"
        meta.helm.sh/release-namespace: "datree" 
        helm.sh/chart: datree-admission-webhook-0.3.22
    spec:
      serviceAccount: datree-label-namespaces-hook-post-install
      restartPolicy: OnFailure
      nodeSelector:
        kubernetes.io/os: linux
      containers:
        - name: kubectl-label
          image: "clastix/kubectl:v1.25"
          imagePullPolicy: IfNotPresent
          args:
            - label
            - ns
            - kube-system
            - datree
            - admission.datree/validate=skip
            - --overwrite
 ---
 # Source: datree-admission-webhook/templates/wait-server-ready-post-install.yaml
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: datree-wait-server-ready-hook-post-install
  namespace: datree
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
  annotations:
    "helm.sh/hook": post-install, post-upgrade
    "helm.sh/hook-weight": "-5"
    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
 spec:
  template:
    metadata:
      name: datree-wait-server-ready-hook-post-install
      labels: 
        app.kubernetes.io/name: datree-admission-webhook
        app.kubernetes.io/managed-by: "Helm"
        app.kubernetes.io/instance: "datree-webhook"
        app.kubernetes.io/version: 0.1.41
        app.kubernetes.io/part-of: "datree"
        meta.helm.sh/release-name: "datree-admission-webhook"
        meta.helm.sh/release-namespace: "datree" 
        helm.sh/chart: datree-admission-webhook-0.3.22
    spec:
      serviceAccountName: datree-wait-server-ready-hook-post-install
      restartPolicy: Never
      containers:
      - name: kubectl-client
        image: "clastix/kubectl:v1.25"
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - "-c"
          - >-
            kubectl wait --for=condition=ready pod -l app=datree-webhook-server --timeout="180s"
 ---
 # Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
  name: datree-webhook
  annotations:
    "helm.sh/hook": post-install, post-upgrade
    "helm.sh/hook-weight": "-5"
 webhooks:
  - name: webhook-server.datree.svc
    sideEffects: None
    timeoutSeconds: 30
    failurePolicy: Ignore
    admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      service:
        name: datree-webhook-server
        namespace: datree
        path: "/validate"
      caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUs4TTRaaDl3TzJicFJieUY5VVR1UU13RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNekF4TVRnd09EVTFNRFphRncweU9EQXhNVGt3T0RVMU1EWmFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURmSGE5Znh6dDZPK0tnYXQ1dC9GeEdIVDFpTHFkcQpwSy84RElNSWlCU2dvbW9lQklCeE9Zd1JTL2dhcTlvQVc2TDBGNFJ3aGhDeHJNcGdoMUpFVFcrWHVlakg2RW9sCjE4UlhGeGhTRzlud3RrSW9MdlVUdVYxOTlGM2Jjai9IR1FNeVIzNUx0QXhaSFdMREpJMkFQbnVzb0NaS29GSlIKajUwaG1rQnlzSURSVDVseCtiR1RrcEFDMkc4NFZ6cFpuQ1pYZUludzNEM2dMT0pVSFlUY2RQb0ozMWVtZ2U2Sgpydk01ZFVtT0lFNE9lWk42QVhtSDE3NWpNdk9yeXFZQXFpMTFJN1hrUDhoZU1nSWRyQVhVQmZHd0lESVJHWnZ0CnFoK1AyU3kzZWxzeEZqR2JjeFNlL3FJSFBTVW4ycldyU0hrRjdLNSs4MGhqbFp6TEtrYThkMzdCQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVV0MvNUp3bTNQZ1BXYW9TanNpelE2aHJCCm82Y3dEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBS2lEdDZoVkZVN1RTekkvQWV4bXd0b3I3eUo4Qmg4L2Y1ZVIKTWJCSGN3dFRrTUpIazFuVUV2WG5GQS9xK1BDdzd3eXdUaHp0T0hwUkM1N3QvWkMwYkF5WUtRV1JJVEx5NWpDVwpUbDJRL1l5UkdKVlJjT0xQUWhWT1krcW1BdzluVklVTGRROWs0SEtPeUM0T1g2TmRCUktOazdjdlBzakpOc1M5CjRreUtCVUQyelArUGpGdDVEZUFFZXpRSmRwR2xiNXVyQnNHUldCZC8zODNYa01pOG5sSWhtbUFxVVlpcjFsc3cKRlNEWS9saDc5RDg0bTUzdFlVc0R2UjdwZ0pKbUtCOWRBUGJxOG1jQzdRUm5jd0tQSjdhUUJjTlpvNU1IZ3FFNAptelRlMnNybGhqbXcvSEFnMGdiM0RnME5hQzNzYlpTUytzeUhyVllyWVdQSHRWdDk2ZXc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    namespaceSelector:
      matchExpressions:
        - key: admission.datree/validate
          operator: DoesNotExist
    rules:
      - operations: ["CREATE", "UPDATE"]
        apiGroups: ["*"]
        apiVersions: ["*"]
        resources: ["*"]
--- a/kubernetes/datree/manifests/datree.0.1.46.yaml
+++ b/kubernetes/datree/manifests/datree.0.1.46.yaml
@ -0,0 +1,718 @@
 ---
 # Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: cluster-scan-job-service-account
  namespace: datree
 ---
 # Source: datree-admission-webhook/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: datree-webhook-server
  namespace: datree
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 ---
 # Source: datree-admission-webhook/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: datree-label-namespaces-hook-post-install
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 ---
 # Source: datree-admission-webhook/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: datree-cleanup-namespaces-hook-pre-delete
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 ---
 # Source: datree-admission-webhook/templates/serviceaccount.yaml
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: datree-wait-server-ready-hook-post-install
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 ---
 # Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml
 apiVersion: v1
 kind: Secret
 metadata:
  name: datree-ca-tls
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
  namespace: datree
 type: kubernetes.io/tls
 data:
  tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBbjBET0hhcklRU1A3Skc1Y1dEZWFmSmFVSHM2YklMTEFtMEF4Q1RFbVpud29BUTlHCmFEM01uNklqd3BGaVV4UGJMcEtqTUtRZm5jYTVLdWhleHZ2LzlNOGN4TFVCK0RGZnhlYkZvaGdoZHhFam94NnEKS0JmcVVqaURhY2xLMUJGWEtnQnZHZjFWczIxbWZwLzA2QnI1alRSTEJZdVZrWmEwNjZJK0drSkpVQ1c1MGpwcApYREdtdVhUaEYwQVhNT01RQS9Nb0tQTlBrYVA1UUZ6bUtyUFkxencxQ0xzVTk3eXRzK2d4N01ZM1dsVHRDWnVVCjYxNnRhNE1qSmNMRXF2ZVNVblhsUUNFMTBJYnJpNTl5eEtZTzRhUHNRUlpBaUd0WWhjWXVhNHdWdXpJK0xTZlcKN202NHlNOWNpN1Z4UlVjemNqRlM5NWR6R1hKWk9VVVB3YUduMndJREFRQUJBb0lCQVFDVHBjaXpWcmh0TklmTwpnZ2RadnN1YlFSdzQ1OEtKY1ZFRFgyTlhLMXQzM3hwVHlTNjB6TDhmTFh0TUUvQitKOFdwaTBpRGUxYll0L3JMCkhqOW82eENtanpNVDZPSFhreWRCV3pEV2xOcktBbmp3N2loQ0hkSWd3c2FMMkpWb3dsNzIwUW93cFdERWh1UmsKOTdaZlQwc1pNR2R4ejdVdkV2UFFGMDdPbDdCUy9nQzc0dnlaYTR4VmptdXBKNld5Y1VOTlR0WG42MUVxLzVjVwpTL3ZzRFNxdzlCaXIvRUUrL3N3K3lSdnlXeXIzMC9iZm44ZVY0blZnZmJic2U1Z1B3dmVNYlJOR2R3cjNzL1hzClcycW5tZ3NLWFg4b3lmUjlWUy82alozNnNzY0NLckx3bFhNQTRlcUhEWXJtOFZDZk5sc0ZFMnFhOVpOd21ublUKeHV6T2V4R3hBb0dCQU1nRllSakRyK283NDNFL3RlUXJLcTViN25XcktRbjdxdWpIVXg5b1pQYzFvajdDSUdndApITVQyaTM4eU1tbEw1ZXZ0cTd5NjNUcXA1ZGdIVlZaRjZqTENrZnBBTlhLaDBHL3FlaFFkMTNnMlZYTVBWTFRSCnUvUWdha2kxdEYwWkkyOTEzZU1zazdscVJOVGJxOGVTbmpPdkF6NXFtTXY3TU9DZ2JuQTJEbVhUQW9HQkFNdlMKbHFhc3E3RlNIMUVDNXE0b1pURTlYVFUxTkNRM09oSGtwTTBkMjJURmp0bGVWVnFPZ0c1Y0cwMHlTN2dyTGtZRwowbGV6Tm1TSVhFZ1VqYjZSRjg3aTlieXFIeFQ2cXNlNEU3LzlYNDM3NWkxTHlnSkxNY0xEMGo2aUpxdUJQZ01WCjBMT1BFdUZNczdmL3FyY2ozSHpyTlVMT1pFZEdYOTBOVGtGaHpralpBb0dBVkhWNUIzVHgzZzFGdjdjd1BkVkEKWTNsc0dvR1loWitnRGtURVE1bllNRTZVWUwybDQzZFJFNVlyVngxQ0RoWS9Vcno3N0doWExBTTdpMW1sWGhXTgppN3QrMmxXc2UrZjUxSmdFem1PL2JRSThXS1pibFRLT2s4bndOeDJLdUZqNkRvR05uUFJndUVVNEpVMVFucWU1Clo0ZDU3aXdpc3RjeFQxaE82ZERaaVlNQ2dZQkl4eXdsM1pmODIrNzB0VTE3T0U5UnNyQ2FkQ0huSUpVcW1ITEUKRHZvczFHSDZlYldPZlQyY3FtVFJQcmxNekpaY1NNbElxV1F0cDRjVDhjcmZGZDNqY0tVQU5kcWRXaGdxOGk2VApLank1YlEyMmRNNXYzVHVxYU5Pa3E2K1ZJN1BwMUJ0T1VqTVNvWm0yaEtNSGU5V2FBVDVtV1YzekdVelhtSTJ0CnlPZW9tUUtCZ0NtYUJadUdpaEYyTlJORjBRUkhaRmdXRWdwRk1rWFFVcHFSOHVFNlRTTlFJUWVSSEYzaXFhbzMKSmsvYjgzbzZlTUlTMTN0RDNWN0JMY1J2ckhQK0pBcG5sNk5BeXUrUVMzOVpkOVp4d0RGOUZueVJxRVg4ZE9uZApZWkVoMXNFTEdyRlVNa1hkRVZUNFFsQUN1Q01sUmQ0NGNaZ3lPSFZzMWlIZDZyUUJubjUyCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUxKTmg1YnVYN1A0V1ZkcndXWWQzRG93RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNekF4TVRnd05URXhNVGxhRncweU9EQXhNVGt3TlRFeE1UbGFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUNmUU00ZHFzaEJJL3NrYmx4WU41cDhscFFlenBzZwpzc0NiUURFSk1TWm1mQ2dCRDBab1BjeWZvaVBDa1dKVEU5c3VrcU13cEIrZHhya3E2RjdHKy8vMHp4ekV0UUg0Ck1WL0Y1c1dpR0NGM0VTT2pIcW9vRitwU09JTnB5VXJVRVZjcUFHOFovVld6YldaK24vVG9Hdm1OTkVzRmk1V1IKbHJUcm9qNGFRa2xRSmJuU09tbGNNYWE1ZE9FWFFCY3c0eEFEOHlnbzgwK1JvL2xBWE9ZcXM5alhQRFVJdXhUMwp2SzJ6NkRIc3hqZGFWTzBKbTVUclhxMXJneU1sd3NTcTk1SlNkZVZBSVRYUWh1dUxuM0xFcGc3aG8reEJGa0NJCmExaUZ4aTVyakJXN01qNHRKOWJ1YnJqSXoxeUx0WEZGUnpOeU1WTDNsM01aY2xrNVJRL0JvYWZiQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVeG82MXp0eEUrbEdia2JGcGpUOU0wTWVnCkgzWXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQ2lWSVhqREJPcXU5elR0d1FUMkFpZkJ2eFlXTWM4bXJoVnUKcWMzMnJUT0VRQ05vUkpQYkxZM01KeUFwZjJtOUxJNEN2SU1SMTIwc0ttYzRQTXE5ZzRCb291Yng0aWNsOFl1OAp1bmRuVWhmODAwSUp5YUthMittZjgzZjJmcmZXSlF1NzVMMnRrYys4WWtFWFZnR2cyazdxVXZkeThzdzRUTEZICmlPMktvVm5Xeit4R2FQb25BK09OK01lSUxDOGgrNlVNdjM5a2pTb29TV1M3amFHVDZXS2Z3aFExa1JJM2JIZS8KL05ZZHpjVkJibXJ0eFg1K1RvcmxNOSswcnoybnBwNkN5MlFSZHpuM3hKWHNGVk4wTml6V3pVZWErLzVEVndwSQpBeE1uSXBJNmpzME02cVJ4VUdZVHFOdTk1YkJSanVwQTFwVDJDZGFhYnp5NU0xK2VTaTg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
 ---
 # Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml
 apiVersion: v1
 kind: Secret
 metadata:
  name: webhook-server-tls
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
  namespace: datree
  annotations:
    self-signed-cert: "true"
 type: kubernetes.io/tls
 data:
  tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcDk2Yzc2eTREMlVybGtVNlZDMmZzZytaWS9VWFVmL1NvZFZyVlBFbU5zMUpNbGp0CmZOYSt2RVZXNllqQ3cyQnc2RExBZURGeWw2SWsvYjR1TGpHOEYwSEhhK3RjMk5Mc2tnLzJhUTQrM1NnWkxsM3UKOXJmaFNDMWUwMkVNWHh0bnIyZU82RW1EVlE1SjFCSzVWSG1Qa1VYMHI5Mm84TXVSOGZERytPYjFPUW82TWtocgo1WHZNWW0wMmVURnlwLzc3alNzN1JLZEZnOXF0Z1VVcHhYejVOVnhLNDlRaVpleWIvSklUbnc4T0R6Qk5ac0FZCjJScStiZjhFUU95MktFNDZmNWhSN2Vhb1VsRFp3RnFYRzRkRkhzRmNkRlNhYzh5SXJJUXlNejFxVEZSanFyYjQKU2JWVjNzY0RFZ3lwUVh0Z3NHcjFVbUFwcDJCVXRVSDhHUm1BZFFJREFRQUJBb0lCQUFxTHBJWTE3blloSCtUWAp3bnRKUm0vMEpPbXZtdUJ1MXJlTjVhazNZUFF1WHp2SGRGdlVUYlVjRWdLbnNieCtVWGwwdnJ5T05xbXA2UEw3CndJRHNaT2w5RzE3L01SejUyeHl0M2dmcGVpK0FkbHlBVUNPMWwzUm1UVCt3S0F2TmQrei83MjFPT083ZDcrdGYKcGI3VnlCd1RMZlRpVXR1Vm5qeDVxTFk0SkEyS0tkdVJnZXg4R0lVcXNtQncrcms0T04xRVJFOWZKQjVveHV6bgo1VmhnU2VhaVVWVXRrYmFtYjBLNDBpTVRKSUh2bWlMTGwyTkxaeTVkSkg3MFlaQkh6bEtLaFpqY3huaXBVOURECkVpSmp2TllkUXVlMisyNlB4bENpNC8rdDNtQ015T01LcjFqZzJ0TnZrQzNMNjBzb1BCQUZ6S2VMSW41dVZLcWsKS2RmY3BrRUNnWUVBMmdVanlTa2M2dXhlQ1R5cXV2WWtudGRLRlV1eEF4TTk2SGlNZG1Sb2tQSmkzUjdvQk5SRgpuZEVLV3pGcEFBc2RnZzlEdFprK3lYTkowWGxtZUV4WEU2QnFBemtOZ1Fic0NTMG5TV1ovazFDdjdCNUdYbFRJCkxMNk5SaS9wK2NMaWxtS1d1SlE0aW5mQi9nZ3QvbXVLVDIrWDRKVFVMK2haNTlqaHZqRlBQOUVDZ1lFQXhSejAKQ3FRZVpnUGhrR2dud2JHTG9ySXo0Q3BlTWkwbStrZm9vSFdQWW12Z1AxbnFJZWh5dERvVFUzUFpjVUNSbzdVbAowZkJubGhyMXNHRWVuWlBBQlpWUnZmeWs5blNDRW9zdnBDd3RYTUFTUHZjOGZSRVRXam1nVTRKZTBMU0dxdWdGClBQQWNubDE3VC9ITXNQeWwwSUd3Sjc4ZFNtd1dGcjNiQlFJUDQyVUNnWUJjcWhpV3RHbTlFKyszLzFnVmxPN2wKc0YybGhZRmI3RDdBNHhQWWNqN2JkSm8rbjVkQURqVDBxZGU4QU5rL0VucGRRRDJvSHRWSDdEOXcwQ2VVYytZQwp5b2lrakFoSVVmZmF3cDFUSGtTVkNaTnNTVVhoYkNtVWt2MGEydHlZc3BONkZiYzRCbyt0a3M4YU9NSEx4RXVLCkRjVkF5Q0VUcDY4bTB0REg5TTlaTVFLQmdRQ2lYK1o5T1pNOUVHZHBFUlBuRUgzcHlZaklXYjU4OFFzUjA5akQKRGZUTzYvU3Yyejd2TGRBSHZXdWNMR3ZzU25kdTkxT3ZiSzI0VG44a0MrMHZlNzRNRzJSWjhGeG9GYlBzMkxHbgpPU2twSmFRaU1JS291RDlMN1Bxd3NFMncrWFdTSmszaVZCNFBLd3pnMzF4eVU3MjRWSTByUU5rOUxHckoweDR3Ck12R3ByUUtCZ0JYejVhVUIrQk8wQVBna1ZZZFo2TElIRHJod3lnc0Y4T0VYcFEzbHdkM0pIS1Y0VVpOUVQya0wKZXhZK3g3Z0FadytKTVczdmpkaVVpVzV6cjBESUlNMDF1QitQcGFRemZ3QkM2Qy8vSVUrZy9Sa1R0TlJ3NzRkaAp3QWN1azRMRWxiNTVNT1VjRlJ2d2EvWXY3NWpRK3BGOUYwa3JNS1U2bDhReEQyaFhCcjJUCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURlekNDQW1PZ0F3SUJBZ0lRYzlNU2dBY1VhcWpMdG9vYUYrdlVxREFOQmdrcWhraUc5dzBCQVFzRkFEQXoKTVRFd0x3WURWUVFERXlndlEwNDlRV1J0YVhOemFXOXVJRU52Ym5SeWIyeHNaWElnVjJWaWFHOXZheUJFWlcxdgpJRU5CTUI0WERUSXpNREV4T0RBMU1URXhPVm9YRFRJNE1ERXhPVEExTVRFeE9Wb3dMekV0TUNzR0ExVUVBeE1rCkwwTk9QV1JoZEhKbFpTMTNaV0pvYjI5ckxYTmxjblpsY2k1a1lYUnlaV1V1YzNaak1JSUJJakFOQmdrcWhraUcKOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXA5NmM3Nnk0RDJVcmxrVTZWQzJmc2crWlkvVVhVZi9Tb2RWcgpWUEVtTnMxSk1sanRmTmErdkVWVzZZakN3MkJ3NkRMQWVERnlsNklrL2I0dUxqRzhGMEhIYSt0YzJOTHNrZy8yCmFRNCszU2daTGwzdTlyZmhTQzFlMDJFTVh4dG5yMmVPNkVtRFZRNUoxQks1VkhtUGtVWDByOTJvOE11UjhmREcKK09iMU9RbzZNa2hyNVh2TVltMDJlVEZ5cC83N2pTczdSS2RGZzlxdGdVVXB4WHo1TlZ4SzQ5UWlaZXliL0pJVApudzhPRHpCTlpzQVkyUnErYmY4RVFPeTJLRTQ2ZjVoUjdlYW9VbERad0ZxWEc0ZEZIc0ZjZEZTYWM4eUlySVF5Ck16MXFURlJqcXJiNFNiVlYzc2NERWd5cFFYdGdzR3IxVW1BcHAyQlV0VUg4R1JtQWRRSURBUUFCbzRHT01JR0wKTUE0R0ExVWREd0VCL3dRRUF3SUZvREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJdwpEQVlEVlIwVEFRSC9CQUl3QURBZkJnTlZIU01FR0RBV2dCVEdqclhPM0VUNlVadVJzV21OUDB6UXg2QWZkakFyCkJnTlZIUkVFSkRBaWdpQmtZWFJ5WldVdGQyVmlhRzl2YXkxelpYSjJaWEl1WkdGMGNtVmxMbk4yWXpBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FRRUFDSThNc1hMejcyRThwOUE2MGdqVzZWdkcrdlN3ZzczQys3TDgxYUIvd0IzTwpxVnVYaVRHQmgrZmI2UlJLbzQxS25Pa0RkRlNCM0lWTHFJaHQvOU5uVHl0eWlVSFRmcEhvVGUwak1meFRXeGQ0CndVMnhLeWNRVmVBcFkzSlFpMWU4MEhZU3NFQ3NMVDBlRloxNmcyVmE0bUhvUnpHOWswTk5LL2tVc0xRL3lUMlcKUk5vWjcwV0NNdEV0MlE0eUU3NXBDdXBnc3B5b1J2SUNScjczTiszOVBVVDA2SndZSnZnaTBVQ3RjMlhVK2I5SQpVYU5TK3JSQzRFVm5qM003VVgrZVZXKzJFNXdpT3NKU1g0Z0M3S0kxcTNTcnlveXNlbVJJYXNaZjBkaENmNjI0CkE2ZmtZdGRVMmN3SzBrMVhnVC9oaHVZS2FpRDc1TjlTSWYxTGZtZklrUT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
 ---
 # Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: cluster-scan-job-role
 rules:
  - apiGroups:
      - "*"
    resources:
      - "*"
    verbs:
      - "get"
      - "list"
 ---
 # Source: datree-admission-webhook/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: datree-webhook-server-read
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 rules:
  - apiGroups:
      - ""
    resources:
      - "nodes"
      - "namespaces"
    verbs:
      - "get"
      - "list"
 ---
 # Source: datree-admission-webhook/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: datree-namespaces-update
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 rules:
  - apiGroups:
      - ""
    resources:
      - namespaces
    verbs:
      - get
      - update
      - patch
    resourceNames:
      - kube-system
      - datree
 ---
 # Source: datree-admission-webhook/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
  name: datree-validationwebhook-delete
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 rules:
  - apiGroups:
      - "admissionregistration.k8s.io"
    resources:
      - validatingwebhookconfigurations
    verbs:
      - create
      - delete
      - get
      - list
      - patch
      - update
      - watch
    resourceNames:
      - datree-webhook
 ---
 # Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: cluster-scan-job-rolebinding
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-scan-job-role
 subjects:
  - kind: ServiceAccount
    name: cluster-scan-job-service-account
    namespace: datree
 ---
 # Source: datree-admission-webhook/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: datree-webhook-server-read 
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: datree-webhook-server-read # datree-webhook-server-read
 subjects:
  - kind: ServiceAccount
    name: datree-webhook-server # datree-webhook-server
    namespace: datree
 ---
 # Source: datree-admission-webhook/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: datree-namespaces-update
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: datree-namespaces-update
 subjects:
  - kind: ServiceAccount
    name: "datree-label-namespaces-hook-post-install"
    namespace: "datree"
  - kind: ServiceAccount
    name: "datree-cleanup-namespaces-hook-pre-delete"
    namespace: "datree"
 ---
 # Source: datree-admission-webhook/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
  name: datree-validationwebhook-delete
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: datree-validationwebhook-delete
 subjects:
  - kind: ServiceAccount
    name: "datree-cleanup-namespaces-hook-pre-delete"
    namespace: "datree"
 ---
 # Source: datree-admission-webhook/templates/role.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
  name: datree-pods-reader
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 rules:
  - apiGroups:
      - ""
    resources:
      - "pods"
      - "jobs"
    verbs:
      - "get"
      - "list"
      - "watch"
 ---
 # Source: datree-admission-webhook/templates/rolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
  name: datree-pods-reader
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: datree-pods-reader
 subjects:
  - kind: ServiceAccount
    name: datree-wait-server-ready-hook-post-install
    namespace: "datree"
 ---
 # Source: datree-admission-webhook/templates/service.yaml
 apiVersion: v1
 kind: Service
 metadata:
  name: datree-webhook-server
  namespace: datree
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
 spec:
  selector:
    app: "datree-webhook-server"
  ports:
    - port: 443
      targetPort: webhook-api
 ---
 # Source: datree-admission-webhook/templates/deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: datree-webhook-server
  namespace: datree
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
    owner: datree
    app: "datree-webhook-server"
 spec:
  replicas: 2
  selector:
    matchLabels: 
      app: "datree-webhook-server"
  template:
    metadata:
      labels: 
        app.kubernetes.io/name: datree-admission-webhook
        app.kubernetes.io/managed-by: "Helm"
        app.kubernetes.io/instance: "datree-webhook"
        app.kubernetes.io/version: 0.1.41
        app.kubernetes.io/part-of: "datree"
        meta.helm.sh/release-name: "datree-admission-webhook"
        meta.helm.sh/release-namespace: "datree" 
        helm.sh/chart: datree-admission-webhook-0.3.22
        app: "datree-webhook-server"
    spec:
      serviceAccountName: datree-webhook-server
      containers:
        - name: server
          # caution: don't change the order of the environment variables
          # changing the order will harm resource patching
          env:
            - name: DATREE_TOKEN
              value: "ef7088eb-3096-4533-97d8-f16fb3a5b0c1"
            - name: DATREE_POLICY
              value: Starter
            - name: DATREE_VERBOSE
              value: ""
            - name: DATREE_OUTPUT
              value: ""
            - name: DATREE_NO_RECORD
              value: ""
            - name: DATREE_ENFORCE
              value: ""
          securityContext: 
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: 25000
          livenessProbe:
            httpGet:
              path: /health
              port: 8443
              scheme: HTTPS
            initialDelaySeconds: 5
            periodSeconds: 10
          readinessProbe:
            httpGet:
              path: /ready
              port: 8443
              scheme: HTTPS
            initialDelaySeconds: 5
            periodSeconds: 10
          resources:
            {}
          image: "datree/admission-webhook:0.1.41"
          imagePullPolicy: Always
          ports:
            - containerPort: 8443
              name: webhook-api
          volumeMounts:
            - name: webhook-tls-certs
              mountPath: /run/secrets/tls
              readOnly: true
            - name: webhook-config
              mountPath: /config
              readOnly: true
      volumes:
        - name: webhook-tls-certs
          secret:
            secretName: webhook-server-tls
        - name: webhook-config
          configMap:
            name: webhook-scanning-filters
            optional: true
 ---
 # Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: scan-job
  namespace: datree
 spec:
  backoffLimit: 4
  template:
    spec:
      serviceAccountName: cluster-scan-job-service-account
      restartPolicy: Never
      containers:
        - name: scan-job
          env:
            - name: DATREE_TOKEN
              value: ef7088eb-3096-4533-97d8-f16fb3a5b0c1
            - name: DATREE_POLICY
              value: Starter
            - name: CLUSTER_NAME
              value: kind-datree
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsNonRoot: true
            runAsUser: 25000
            seccompProfile:
              type: RuntimeDefault
          image: "datree/scan-job:0.0.13"
          imagePullPolicy: Always
          resources:
            {}
          volumeMounts:
            - name: webhook-config
              mountPath: /config
              readOnly: true
      volumes:
        - name: webhook-config
          configMap:
            name: webhook-scanning-filters
            optional: true
 ---
 # Source: datree-admission-webhook/templates/cluster-scan-cronjob.yaml
 apiVersion: batch/v1beta1
 kind: CronJob
 metadata:
  name: scan-cronjob
  namespace: datree
 spec:
  # get the current time, subtract 5 minutes, extract the minutes and inject it into the cron expression
  # if helm installation was done at 13:35, the cron expression will be 30 * * * *, which means the job will run at 14:30, 15:30, 16:30, etc.
  schedule: "06 * * * *" # every hour, starting 55 minutes after helm installation
  jobTemplate: 
    spec:
      backoffLimit: 4
      template:
        spec:
          serviceAccountName: cluster-scan-job-service-account
          restartPolicy: Never
          containers:
            - name: scan-job
              env:
                - name: DATREE_TOKEN
                  value: ef7088eb-3096-4533-97d8-f16fb3a5b0c1
                - name: DATREE_POLICY
                  value: Starter
                - name: CLUSTER_NAME
                  value: kind-datree
              securityContext:
                allowPrivilegeEscalation: false
                readOnlyRootFilesystem: true
                runAsNonRoot: true
                runAsUser: 25000
                seccompProfile:
                  type: RuntimeDefault
              image: "datree/scan-job:0.0.13"
              imagePullPolicy: Always
              resources:
                {}
              volumeMounts:
                - name: webhook-config
                  mountPath: /config
                  readOnly: true
          volumes:
            - name: webhook-config
              configMap:
                name: webhook-scanning-filters
                optional: true
 ---
 # Source: datree-admission-webhook/templates/namespace-post-delete.yaml
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: datree-cleanup-namespaces-hook-pre-delete
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
  namespace: datree
  annotations: 
    "helm.sh/hook": pre-delete, pre-upgrade
    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
 spec:
  template:
    metadata:
      labels: 
        app.kubernetes.io/name: datree-admission-webhook
        app.kubernetes.io/managed-by: "Helm"
        app.kubernetes.io/instance: "datree-webhook"
        app.kubernetes.io/version: 0.1.41
        app.kubernetes.io/part-of: "datree"
        meta.helm.sh/release-name: "datree-admission-webhook"
        meta.helm.sh/release-namespace: "datree" 
        helm.sh/chart: datree-admission-webhook-0.3.22
    spec:
      restartPolicy: OnFailure
      serviceAccount: datree-cleanup-namespaces-hook-pre-delete
      nodeSelector:
        kubernetes.io/os: linux
      containers:
        - name: kubectl-label
          image: "clastix/kubectl:v1.25"
          imagePullPolicy: IfNotPresent
          command:
            - sh
            - "-c"
            - >-
              kubectl delete validatingwebhookconfigurations.admissionregistration.k8s.io datree-webhook -n datree;
              kubectl label ns kube-system datree datree.io/skip-;
 ---
 # Source: datree-admission-webhook/templates/namespace-post-install.yaml
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: datree-label-namespaces-hook-post-install
  namespace: datree
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
  annotations:
    "helm.sh/hook": post-install, post-upgrade
    "helm.sh/hook-weight": "-5"
    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
 spec:
  template:
    metadata:
      labels: 
        app.kubernetes.io/name: datree-admission-webhook
        app.kubernetes.io/managed-by: "Helm"
        app.kubernetes.io/instance: "datree-webhook"
        app.kubernetes.io/version: 0.1.41
        app.kubernetes.io/part-of: "datree"
        meta.helm.sh/release-name: "datree-admission-webhook"
        meta.helm.sh/release-namespace: "datree" 
        helm.sh/chart: datree-admission-webhook-0.3.22
    spec:
      serviceAccount: datree-label-namespaces-hook-post-install
      restartPolicy: OnFailure
      nodeSelector:
        kubernetes.io/os: linux
      containers:
        - name: kubectl-label
          image: "clastix/kubectl:v1.25"
          imagePullPolicy: IfNotPresent
          args:
            - label
            - ns
            - kube-system
            - datree
            - admission.datree/validate=skip
            - --overwrite
 ---
 # Source: datree-admission-webhook/templates/wait-server-ready-post-install.yaml
 apiVersion: batch/v1
 kind: Job
 metadata:
  name: datree-wait-server-ready-hook-post-install
  namespace: datree
  labels: 
    app.kubernetes.io/name: datree-admission-webhook
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "datree-webhook"
    app.kubernetes.io/version: 0.1.41
    app.kubernetes.io/part-of: "datree"
    meta.helm.sh/release-name: "datree-admission-webhook"
    meta.helm.sh/release-namespace: "datree" 
    helm.sh/chart: datree-admission-webhook-0.3.22
  annotations:
    "helm.sh/hook": post-install, post-upgrade
    "helm.sh/hook-weight": "-5"
    "helm.sh/hook-delete-policy": hook-succeeded, hook-failed
 spec:
  template:
    metadata:
      name: datree-wait-server-ready-hook-post-install
      labels: 
        app.kubernetes.io/name: datree-admission-webhook
        app.kubernetes.io/managed-by: "Helm"
        app.kubernetes.io/instance: "datree-webhook"
        app.kubernetes.io/version: 0.1.41
        app.kubernetes.io/part-of: "datree"
        meta.helm.sh/release-name: "datree-admission-webhook"
        meta.helm.sh/release-namespace: "datree" 
        helm.sh/chart: datree-admission-webhook-0.3.22
    spec:
      serviceAccountName: datree-wait-server-ready-hook-post-install
      restartPolicy: Never
      containers:
      - name: kubectl-client
        image: "clastix/kubectl:v1.25"
        imagePullPolicy: IfNotPresent
        command:
          - sh
          - "-c"
          - >-
            kubectl wait --for=condition=ready pod -l app=datree-webhook-server --timeout="180s"
 ---
 # Source: datree-admission-webhook/templates/webhook-with-cert-secrets.yaml
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
  name: datree-webhook
  annotations:
    "helm.sh/hook": post-install, post-upgrade
    "helm.sh/hook-weight": "-5"
 webhooks:
  - name: webhook-server.datree.svc
    sideEffects: None
    timeoutSeconds: 30
    failurePolicy: Ignore
    admissionReviewVersions:
      - v1
      - v1beta1
    clientConfig:
      service:
        name: datree-webhook-server
        namespace: datree
        path: "/validate"
      caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVakNDQWpxZ0F3SUJBZ0lSQUxKTmg1YnVYN1A0V1ZkcndXWWQzRG93RFFZSktvWklodmNOQVFFTEJRQXcKTXpFeE1DOEdBMVVFQXhNb0wwTk9QVUZrYldsemMybHZiaUJEYjI1MGNtOXNiR1Z5SUZkbFltaHZiMnNnUkdWdApieUJEUVRBZUZ3MHlNekF4TVRnd05URXhNVGxhRncweU9EQXhNVGt3TlRFeE1UbGFNRE14TVRBdkJnTlZCQU1UCktDOURUajFCWkcxcGMzTnBiMjRnUTI5dWRISnZiR3hsY2lCWFpXSm9iMjlySUVSbGJXOGdRMEV3Z2dFaU1BMEcKQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUNmUU00ZHFzaEJJL3NrYmx4WU41cDhscFFlenBzZwpzc0NiUURFSk1TWm1mQ2dCRDBab1BjeWZvaVBDa1dKVEU5c3VrcU13cEIrZHhya3E2RjdHKy8vMHp4ekV0UUg0Ck1WL0Y1c1dpR0NGM0VTT2pIcW9vRitwU09JTnB5VXJVRVZjcUFHOFovVld6YldaK24vVG9Hdm1OTkVzRmk1V1IKbHJUcm9qNGFRa2xRSmJuU09tbGNNYWE1ZE9FWFFCY3c0eEFEOHlnbzgwK1JvL2xBWE9ZcXM5alhQRFVJdXhUMwp2SzJ6NkRIc3hqZGFWTzBKbTVUclhxMXJneU1sd3NTcTk1SlNkZVZBSVRYUWh1dUxuM0xFcGc3aG8reEJGa0NJCmExaUZ4aTVyakJXN01qNHRKOWJ1YnJqSXoxeUx0WEZGUnpOeU1WTDNsM01aY2xrNVJRL0JvYWZiQWdNQkFBR2oKWVRCZk1BNEdBMVVkRHdFQi93UUVBd0lDcERBZEJnTlZIU1VFRmpBVUJnZ3JCZ0VGQlFjREFRWUlLd1lCQlFVSApBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVeG82MXp0eEUrbEdia2JGcGpUOU0wTWVnCkgzWXdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQ2lWSVhqREJPcXU5elR0d1FUMkFpZkJ2eFlXTWM4bXJoVnUKcWMzMnJUT0VRQ05vUkpQYkxZM01KeUFwZjJtOUxJNEN2SU1SMTIwc0ttYzRQTXE5ZzRCb291Yng0aWNsOFl1OAp1bmRuVWhmODAwSUp5YUthMittZjgzZjJmcmZXSlF1NzVMMnRrYys4WWtFWFZnR2cyazdxVXZkeThzdzRUTEZICmlPMktvVm5Xeit4R2FQb25BK09OK01lSUxDOGgrNlVNdjM5a2pTb29TV1M3amFHVDZXS2Z3aFExa1JJM2JIZS8KL05ZZHpjVkJibXJ0eFg1K1RvcmxNOSswcnoybnBwNkN5MlFSZHpuM3hKWHNGVk4wTml6V3pVZWErLzVEVndwSQpBeE1uSXBJNmpzME02cVJ4VUdZVHFOdTk1YkJSanVwQTFwVDJDZGFhYnp5NU0xK2VTaTg9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
    namespaceSelector:
      matchExpressions:
        - key: admission.datree/validate
          operator: DoesNotExist
    rules:
      - operations: ["CREATE", "UPDATE"]
        apiGroups: ["*"]
        apiVersions: ["*"]
        resources: ["*"]
--- a/kubernetes/deployments/readme.md
+++ b/kubernetes/deployments/readme.md
@ -1,4 +1,6 @@
-# Deployments
+# Introduction to Kubernetes: Deployments
 <a href="https://youtu.be/DMpEZEakYVc" title="k8s-deployments"><img src="https://i.ytimg.com/vi/DMpEZEakYVc/hqdefault.jpg" width="20%" alt="k8s-deployments" /></a> 
 Build an example app:
--- a/kubernetes/fluxcd/flux-v1-readme.md
+++ b/kubernetes/fluxcd/flux-v1-readme.md
@ -1,5 +1,7 @@
 # Flux Getting Started Guide (old v1)
 <a href="https://youtu.be/OFgziggbCOg" title="flux cd"><img src="https://i.ytimg.com/vi/OFgziggbCOg/hqdefault.jpg" width="20%" alt="introduction to flux cd" /></a> 
 # 1 - Kubernetes
 Get a Kubernetes Cluster. In this video, I use Docker for Windows.
--- a/kubernetes/helm/README.md
+++ b/kubernetes/helm/README.md
@ -1,5 +1,7 @@
 # Introduction to Helm
 <a href="https://youtu.be/5_J7RWLLVeQ" title="k8s-helm"><img src="https://i.ytimg.com/vi/5_J7RWLLVeQ/hqdefault.jpg" width="20%" alt="k8s-helm" /></a> 
 ## We need a Kubernetes cluster
 Lets create a Kubernetes cluster to play with using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/)
--- a/kubernetes/kubectl/README.md
+++ b/kubernetes/kubectl/README.md
@ -1,5 +1,7 @@
 # Introduction to KUBECTL
 <a href="https://youtu.be/1zcXudjSVUs" title="k8s-kubectl"><img src="https://i.ytimg.com/vi/1zcXudjSVUs/hqdefault.jpg" width="20%" alt="k8s-kubectl" /></a> 
 To start off this tutorial, we will be using [kind](https://kind.sigs.k8s.io/) to create our test cluster. </br>
 You can use `minikube` or any Kubernetes cluster. </br>
--- a/kubernetes/kustomize/readme.md
+++ b/kubernetes/kustomize/readme.md
@ -1,5 +1,8 @@
 # The Basics
 <a href="https://youtu.be/5gsHYdiD6v8" title="k8s-kustomize"><img src="https://i.ytimg.com/vi/5gsHYdiD6v8/hqdefault.jpg" width="20%" alt="k8s-kustomize" /></a> 
 ```
 kubectl apply -f kubernetes/kustomize/application/namespace.yaml
--- a/kubernetes/persistentvolume/readme.md
+++ b/kubernetes/persistentvolume/readme.md
@ -1,5 +1,7 @@
 # Persistent Volumes Demo
 <a href="https://youtu.be/ZxC6FwEc9WQ" title="k8s-pv"><img src="https://i.ytimg.com/vi/ZxC6FwEc9WQ/hqdefault.jpg" width="20%" alt="k8s-pv" /></a> 
 ## Container Storage
 By default containers store their data on the file system like any other process.
--- a/kubernetes/portainer/README.md
+++ b/kubernetes/portainer/README.md
@ -1,5 +1,7 @@
 # Introduction to Portainer
 <a href="https://youtu.be/FC8pABzxZVU" title="k8s-portainer"><img src="https://i.ytimg.com/vi/FC8pABzxZVU/hqdefault.jpg" width="20%" alt="k8s-portainer" /></a> 
 Start here 👉🏽[https://www.portainer.io/](https://www.portainer.io/) </br>
 Documentation 👉🏽[https://docs.portainer.io/](https://docs.portainer.io/)
--- a/kubernetes/rancher/README.md
+++ b/kubernetes/rancher/README.md
@ -1,5 +1,7 @@
 # Introduction to Rancher: On-prem Kubernetes
 <a href="https://youtu.be/1j5lhDzlFUM" title="k8s-rancher"><img src="https://i.ytimg.com/vi/1j5lhDzlFUM/hqdefault.jpg" width="20%" alt="k8s-rancher" /></a> 
 This guide follows the general instructions of running a [manual rancher install](https://rancher.com/docs/rancher/v2.5/en/quick-start-guide/deployment/quickstart-manual-setup/) and running our own infrastructure on Hyper-v
 # Hyper-V : Prepare our infrastructure
--- a/kubernetes/rbac/README.md
+++ b/kubernetes/rbac/README.md
@ -1,7 +1,8 @@
 # Introduction to Kubernetes: RBAC
-## Create Kubernetes cluster
+<a href="https://youtu.be/jvhKOAyD8S8" title="k8s-rbac"><img src="https://i.ytimg.com/vi/jvhKOAyD8S8/hqdefault.jpg" width="20%" alt="k8s-rbac" /></a> 
 ## Create Kubernetes cluster
 ```
 kind create cluster --name rbac --image kindest/node:v1.20.2
--- a/kubernetes/secrets/README.md
+++ b/kubernetes/secrets/README.md
@ -0,0 +1,3 @@
 # Introduction to Kubernetes: Secrets
 <a href="https://youtu.be/o36yTfGDmZ0" title="k8s-secrets"><img src="https://i.ytimg.com/vi/o36yTfGDmZ0/hqdefault.jpg" width="20%" alt="k8s-secrets" /></a> 
--- a/kubernetes/secrets/sealed-secrets/README.md
+++ b/kubernetes/secrets/sealed-secrets/README.md
@ -1,5 +1,7 @@
 # Introduction to Sealed Secrets 
 <a href="https://youtu.be/u0qtgUMLua0" title="k8s-sealedsecrets"><img src="https://i.ytimg.com/vi/u0qtgUMLua0/hqdefault.jpg" width="20%" alt="k8s-sealedsecrets" /></a> 
 Checkout the [Sealed Secrets GitHub Repo](https://github.com/bitnami-labs/sealed-secrets) </br>
 There are a number of use-cases where this is a really great concept. </br>
--- a/kubernetes/servicemonitors/README.md
+++ b/kubernetes/servicemonitors/README.md
@ -1,5 +1,7 @@
 # Introduction to Service Monitors
 <a href="https://youtu.be/_NtRkBipepg" title="k8s-servicemonitors"><img src="https://i.ytimg.com/vi/_NtRkBipepg/hqdefault.jpg" width="20%" alt="k8s-servicemonitors" /></a> 
 In order to understand service monitors, we will need to understand how to monitor 
 kubernetes environment. </br>
 You will need a base understanding of Kubernetes and have a basic understanding of the `kube-prometheus` monitoring stack. </br>
--- a/kubernetes/services/README.md
+++ b/kubernetes/services/README.md
@ -0,0 +1,3 @@
 # Introduction to Kubernetes: Services
 <a href="https://youtu.be/xhva6DeKqVU" title="k8s-services"><img src="https://i.ytimg.com/vi/xhva6DeKqVU/hqdefault.jpg" width="20%" alt="k8s-services" /></a> 
--- a/kubernetes/shipa/README.md
+++ b/kubernetes/shipa/README.md
@ -1,5 +1,7 @@
 # Introduction to Shipa
 <a href="https://youtu.be/PW44JaAlI_8" title="shipa"><img src="https://i.ytimg.com/vi/PW44JaAlI_8/hqdefault.jpg" width="20%" alt="shipa" /></a> 
 ## We need a Kubernetes cluster
 To get the most out of Shipa, I'll be using real Cloud Provider Kubernetes as well as a local <br/>
--- a/kubernetes/statefulsets/notes.md
+++ b/kubernetes/statefulsets/notes.md
@ -1,4 +1,6 @@
 <a href="https://youtu.be/zj6r_EEhv6s" title="k8s-sts"><img src="https://i.ytimg.com/vi/zj6r_EEhv6s/hqdefault.jpg" width="20%" alt="k8s-sts" /></a> 
 # Create a namespace
 ```
--- a/kubernetes/velero/README.md
+++ b/kubernetes/velero/README.md
@ -1,5 +1,7 @@
 # Introduction to Velero
 <a href="https://youtu.be/zybLTQER0yY" title="k8s-velero"><img src="https://i.ytimg.com/vi/zybLTQER0yY/hqdefault.jpg" width="20%" alt="k8s-velero" /></a> 
 ## We need a Kubernetes cluster
 Lets create a Kubernetes cluster to play with using [kind](https://kind.sigs.k8s.io/docs/user/quick-start/)
--- a/messaging/kafka/README.md
+++ b/messaging/kafka/README.md
@ -1,5 +1,7 @@
 # Introduction to Kafka
 <a href="https://youtu.be/heR3I3Wxgro" title="kafka-intro"><img src="https://i.ytimg.com/vi/heR3I3Wxgro/hqdefault.jpg" width="20%" alt="kafka-intro" /></a> 
 Official [Docs](https://kafka.apache.org/)
 ## Building a Docker file
--- a/messaging/rabbitmq/applications/consumer/dockerfile
+++ b/messaging/rabbitmq/applications/consumer/dockerfile
@ -1,17 +1,18 @@
-FROM golang:1.14-alpine as build
+FROM golang:1.16-alpine as build
 RUN apk add --no-cache git
 WORKDIR /src 
-RUN go get github.com/sirupsen/logrus
+COPY go.mod ./
-RUN go get github.com/streadway/amqp
+COPY go.sum ./
-COPY consumer.go /src 
+RUN go mod download
 COPY consumer.go ./
 RUN go build consumer.go
 FROM alpine as runtime
 COPY --from=build /src/consumer /app/consumer
--- a/messaging/rabbitmq/applications/consumer/go.mod
+++ b/messaging/rabbitmq/applications/consumer/go.mod
@ -0,0 +1,8 @@
 module consumerMod
 go 1.16
 require (
 	github.com/sirupsen/logrus v1.6.0
 	github.com/streadway/amqp v1.0.0
 )
--- a/messaging/rabbitmq/applications/consumer/go.sum
+++ b/messaging/rabbitmq/applications/consumer/go.sum
@ -0,0 +1,14 @@
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/streadway/amqp v1.0.0 h1:kuuDrUJFZL1QYL9hUNuCxNObNzB0bV/ZG5jV3RWAQgo=
 github.com/streadway/amqp v1.0.0/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
 github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894 h1:Cz4ceDQGXuKRnVBDTS23GTn/pU5OE2C0WrNTOYK1Uuc=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
--- a/messaging/rabbitmq/applications/publisher/dockerfile
+++ b/messaging/rabbitmq/applications/publisher/dockerfile
@ -1,14 +1,15 @@
-FROM golang:1.14-alpine as build
+FROM golang:1.16-alpine as build
 RUN apk add --no-cache git
 WORKDIR /src 
-RUN go get github.com/julienschmidt/httprouter
+COPY go.mod ./
-RUN go get github.com/sirupsen/logrus
+COPY go.sum ./
 RUN go get github.com/streadway/amqp
-COPY publisher.go /src 
+RUN go mod download
 COPY publisher.go ./
 RUN go build publisher.go
--- a/messaging/rabbitmq/applications/publisher/go.mod
+++ b/messaging/rabbitmq/applications/publisher/go.mod
@ -0,0 +1,9 @@
 module publisherMod
 go 1.16
 require (
 	github.com/julienschmidt/httprouter v1.3.0
 	github.com/sirupsen/logrus v1.6.0
 	github.com/streadway/amqp v1.0.0
 )
--- a/messaging/rabbitmq/applications/publisher/go.sum
+++ b/messaging/rabbitmq/applications/publisher/go.sum
@ -0,0 +1,16 @@
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U=
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8=
 github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/sirupsen/logrus v1.6.0 h1:UBcNElsrwanuuMsnGSlYmtmgbb23qDR5dG+6X6Oo89I=
 github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/streadway/amqp v1.0.0 h1:kuuDrUJFZL1QYL9hUNuCxNObNzB0bV/ZG5jV3RWAQgo=
 github.com/streadway/amqp v1.0.0/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
 github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894 h1:Cz4ceDQGXuKRnVBDTS23GTn/pU5OE2C0WrNTOYK1Uuc=
 golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
--- a/messaging/rabbitmq/kubernetes/readme.md
+++ b/messaging/rabbitmq/kubernetes/readme.md
@ -1,5 +1,7 @@
 # RabbitMQ on Kubernetes
 <a href="https://youtu.be/_lpDfMkxccc" title="rabbitmq-k8s"><img src="https://i.ytimg.com/vi/_lpDfMkxccc/hqdefault.jpg" width="20%" alt="rabbitmq-k8s" /></a> 
 Create a cluster with [kind](https://kind.sigs.k8s.io/docs/user/quick-start/)
 ```
--- a/messaging/rabbitmq/readme.md
+++ b/messaging/rabbitmq/readme.md
@ -1,5 +1,7 @@
 # RabbitMQ
 <a href="https://youtu.be/hfUIWe1tK8E" title="rabbitmq-intro"><img src="https://i.ytimg.com/vi/hfUIWe1tK8E/hqdefault.jpg" width="20%" alt="rabbitmq-intro" /></a> 
 Docker image over [here](https://hub.docker.com/_/rabbitmq)
 ```
 # run a standalone instance
--- a/monitoring/logging/fluentd/basic-demo/readme.md
+++ b/monitoring/logging/fluentd/basic-demo/readme.md
@ -1,5 +1,7 @@
 # Fluentd basic demo
 <a href="https://youtu.be/MMVdkzeQ848" title="fluentd-intro"><img src="https://i.ytimg.com/vi/MMVdkzeQ848/hqdefault.jpg" width="20%" alt="fluentd-intro" /></a> 
 Check out the [video](https://youtu.be/MMVdkzeQ848)
 In my video: Introduction to logging <br/>
 I run fluentd locally <br/>
--- a/monitoring/logging/fluentd/introduction/readme.md
+++ b/monitoring/logging/fluentd/introduction/readme.md
@ -1,5 +1,7 @@
 # Introduction to Fluentd
 <a href="https://youtu.be/Gp0-7oVOtPw" title="fluentd-intro"><img src="https://i.ytimg.com/vi/Gp0-7oVOtPw/hqdefault.jpg" width="20%" alt="fluentd-intro" /></a> 
 ## Collecting logs from files
 Reading logs from a file we need an application that writes logs to a file. <br/>
--- a/monitoring/logging/fluentd/kubernetes/README.md
+++ b/monitoring/logging/fluentd/kubernetes/README.md
@ -1,5 +1,7 @@
 # Introduction to Fluentd on Kubernetes
 <a href="https://youtu.be/6kmHvXdAzIM" title="fluentd-k8s"><img src="https://i.ytimg.com/vi/6kmHvXdAzIM/hqdefault.jpg" width="20%" alt="fluentd-k8s" /></a> 
 ## Prerequisites 
 You will need a basic understanding of Fluentd before you attempt to run it on Kubernetes.<br/> 
--- a/monitoring/logging/fluentd/kubernetes/counter-err.yaml
+++ b/monitoring/logging/fluentd/kubernetes/counter-err.yaml
@ -0,0 +1,14 @@
 ---
 apiVersion: v1
 kind: Pod
 metadata:
  name: counter-err
  labels:
    app: counter-err
    version: v1.2
 spec:
  containers:
  - name: count
    image: busybox
    args: [/bin/sh, -c,
            'i=0; RANDOM=$$; while true; do R=$(($RANDOM%100)); echo "loop:$i  value:$R"; if [ $R -gt 80 ]; then echo "Warning:$R too high" 1>&2; fi; i=$((i+1)); sleep 1; done']
--- a/monitoring/logging/fluentd/kubernetes/dockerfiles/dockerfile
+++ b/monitoring/logging/fluentd/kubernetes/dockerfiles/dockerfile
@ -33,10 +33,12 @@ RUN touch /fluentd/etc/disable.conf
 # Copy plugins
 COPY plugins /fluentd/plugins/
 COPY entrypoint.sh /fluentd/entrypoint.sh
 # chmod needed in full Linux env :)
 RUN chmod 755 /fluentd/entrypoint.sh
 # Environment variables
 ENV FLUENTD_OPT=""
 ENV FLUENTD_CONF="fluent.conf"
 # Overwrite ENTRYPOINT to run fluentd as root for /var/log / /var/lib
-ENTRYPOINT ["tini", "--", "/fluentd/entrypoint.sh"]
+ENTRYPOINT ["tini", "--", "/fluentd/entrypoint.sh"]
--- a/monitoring/logging/fluentd/kubernetes/fluentd-configmap.yaml
+++ b/monitoring/logging/fluentd/kubernetes/fluentd-configmap.yaml
@ -51,7 +51,7 @@ data:
      <parse>
        @type kubernetes
        @type "#{ENV['FLUENT_CONTAINER_TAIL_PARSER_TYPE'] || 'json'}"
-        time_format %Y-%m-%dT%H:%M:%S.%NZ
+        time_format "%Y-%m-%dT%H:%M:%S.%NZ"
      </parse>
    </source>
@ -78,4 +78,5 @@ data:
      port "#{ENV['FLUENT_ELASTICSEARCH_PORT'] || '9200'}"
      index_name fluentd-k8s
      type_name fluentd
-    </match>
+      include_timestamp true
    </match>
--- a/monitoring/logging/readme.md
+++ b/monitoring/logging/readme.md
@ -2,6 +2,8 @@
 ## Logging Basics
 <a href="https://youtu.be/MMVdkzeQ848" title="logging-intro"><img src="https://i.ytimg.com/vi/MMVdkzeQ848/hqdefault.jpg" width="20%" alt="logging-intro" /></a> 
 * Standardised Logging
 * Centralised Logging 
@ -9,6 +11,8 @@
 ## Introduction to Fluentd
 <a href="https://youtu.be/Gp0-7oVOtPw" title="fluentd-intro"><img src="https://i.ytimg.com/vi/Gp0-7oVOtPw/hqdefault.jpg" width="20%" alt="fluentd-intro" /></a> 
 * What is fluentd
 * Configuration
 * Plugins
--- a/monitoring/prometheus/nodejs-application/src/package-lock.json
+++ b/monitoring/prometheus/nodejs-application/src/package-lock.json
@ -1,374 +1,395 @@
-{
+{
-  "name": "docker_web_app",
+  "name": "docker_web_app",
-  "version": "1.0.0",
+  "version": "1.0.0",
-  "lockfileVersion": 1,
+  "lockfileVersion": 1,
-  "requires": true,
+  "requires": true,
-  "dependencies": {
+  "dependencies": {
-    "accepts": {
+    "accepts": {
-      "version": "1.3.7",
+      "version": "1.3.8",
-      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.7.tgz",
+      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz",
-      "integrity": "sha512-Il80Qs2WjYlJIBNzNkK6KYqlVMTbZLXgHx2oT0pU/fjRHyEp+PEfEPY0R3WCwAGVOtauxh1hOxNgIf5bv7dQpA==",
+      "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==",
-      "requires": {
+      "requires": {
-        "mime-types": "~2.1.24",
+        "mime-types": "~2.1.34",
-        "negotiator": "0.6.2"
+        "negotiator": "0.6.3"
-      }
+      }
-    },
+    },
-    "array-flatten": {
+    "array-flatten": {
-      "version": "1.1.1",
+      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
+      "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
-      "integrity": "sha1-ml9pkFGx5wczKPKgCJaLZOopVdI="
+      "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg=="
-    },
+    },
-    "body-parser": {
+    "bintrees": {
-      "version": "1.19.0",
+      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.19.0.tgz",
+      "resolved": "https://registry.npmjs.org/bintrees/-/bintrees-1.0.2.tgz",
-      "integrity": "sha512-dhEPs72UPbDnAQJ9ZKMNTP6ptJaionhP5cBb541nXPlW60Jepo9RV/a4fX4XWW9CuFNK22krhrj1+rgzifNCsw==",
+      "integrity": "sha512-VOMgTMwjAaUG580SXn3LacVgjurrbMme7ZZNYGSSV7mmtY6QQRh0Eg3pwIcntQ77DErK1L0NxkbetjcoXzVwKw=="
-      "requires": {
+    },
-        "bytes": "3.1.0",
+    "body-parser": {
-        "content-type": "~1.0.4",
+      "version": "1.19.2",
-        "debug": "2.6.9",
+      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.19.2.tgz",
-        "depd": "~1.1.2",
+      "integrity": "sha512-SAAwOxgoCKMGs9uUAUFHygfLAyaniaoun6I8mFY9pRAJL9+Kec34aU+oIjDhTycub1jozEfEwx1W1IuOYxVSFw==",
-        "http-errors": "1.7.2",
+      "requires": {
-        "iconv-lite": "0.4.24",
+        "bytes": "3.1.2",
-        "on-finished": "~2.3.0",
+        "content-type": "~1.0.4",
-        "qs": "6.7.0",
+        "debug": "2.6.9",
-        "raw-body": "2.4.0",
+        "depd": "~1.1.2",
-        "type-is": "~1.6.17"
+        "http-errors": "1.8.1",
-      }
+        "iconv-lite": "0.4.24",
-    },
+        "on-finished": "~2.3.0",
-    "bytes": {
+        "qs": "6.9.7",
-      "version": "3.1.0",
+        "raw-body": "2.4.3",
-      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.0.tgz",
+        "type-is": "~1.6.18"
-      "integrity": "sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg=="
+      }
-    },
+    },
-    "content-disposition": {
+    "bytes": {
-      "version": "0.5.3",
+      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.3.tgz",
+      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
-      "integrity": "sha512-ExO0774ikEObIAEV9kDo50o+79VCUdEB6n6lzKgGwupcVeRlhrj3qGAfwq8G6uBJjkqLrhT0qEYFcWng8z1z0g==",
+      "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg=="
-      "requires": {
+    },
-        "safe-buffer": "5.1.2"
+    "content-disposition": {
-      }
+      "version": "0.5.4",
-    },
+      "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz",
-    "content-type": {
+      "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==",
-      "version": "1.0.4",
+      "requires": {
-      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
+        "safe-buffer": "5.2.1"
-      "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA=="
+      }
-    },
+    },
-    "cookie": {
+    "content-type": {
-      "version": "0.4.0",
+      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.0.tgz",
+      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
-      "integrity": "sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg=="
+      "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA=="
-    },
+    },
-    "cookie-signature": {
+    "cookie": {
-      "version": "1.0.6",
+      "version": "0.4.2",
-      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
+      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.2.tgz",
-      "integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw="
+      "integrity": "sha512-aSWTXFzaKWkvHO1Ny/s+ePFpvKsPnjc551iI41v3ny/ow6tBG5Vd+FuqGNhh1LxOmVzOlGUriIlOaokOvhaStA=="
-    },
+    },
-    "debug": {
+    "cookie-signature": {
-      "version": "2.6.9",
+      "version": "1.0.6",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
-      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+      "integrity": "sha512-QADzlaHc8icV8I7vbaJXJwod9HWYp8uCqf1xa4OfNu1T7JVxQIrUgOWtHdNDtPiywmFbiS12VjotIXLrKM3orQ=="
-      "requires": {
+    },
-        "ms": "2.0.0"
+    "debug": {
-      }
+      "version": "2.6.9",
-    },
+      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
-    "depd": {
+      "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
-      "version": "1.1.2",
+      "requires": {
-      "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz",
+        "ms": "2.0.0"
-      "integrity": "sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak="
+      }
-    },
+    },
-    "destroy": {
+    "depd": {
-      "version": "1.0.4",
+      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz",
+      "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz",
-      "integrity": "sha1-l4hXRCxEdJ5CBmE+N5RiBYJqvYA="
+      "integrity": "sha512-7emPTl6Dpo6JRXOXjLRxck+FlLRX5847cLKEn00PLAgc3g2hTZZgr+e4c2v6QpSmLeFP3n5yUo7ft6avBK/5jQ=="
-    },
+    },
-    "ee-first": {
+    "destroy": {
-      "version": "1.1.1",
+      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
+      "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz",
-      "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0="
+      "integrity": "sha512-3NdhDuEXnfun/z7x9GOElY49LoqVHoGScmOKwmxhsS8N5Y+Z8KyPPDnaSzqWgYt/ji4mqwfTS34Htrk0zPIXVg=="
-    },
+    },
-    "encodeurl": {
+    "ee-first": {
-      "version": "1.0.2",
+      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
+      "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
-      "integrity": "sha1-rT/0yG7C0CkyL1oCw6mmBslbP1k="
+      "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow=="
-    },
+    },
-    "escape-html": {
+    "encodeurl": {
-      "version": "1.0.3",
+      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
+      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
-      "integrity": "sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg="
+      "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w=="
-    },
+    },
-    "etag": {
+    "escape-html": {
-      "version": "1.8.1",
+      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
+      "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
-      "integrity": "sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc="
+      "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow=="
-    },
+    },
-    "express": {
+    "etag": {
-      "version": "4.17.1",
+      "version": "1.8.1",
-      "resolved": "https://registry.npmjs.org/express/-/express-4.17.1.tgz",
+      "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
-      "integrity": "sha512-mHJ9O79RqluphRrcw2X/GTh3k9tVv8YcoyY4Kkh4WDMUYKRZUq0h1o0w2rrrxBqM7VoeUVqgb27xlEMXTnYt4g==",
+      "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg=="
-      "requires": {
+    },
-        "accepts": "~1.3.7",
+    "express": {
-        "array-flatten": "1.1.1",
+      "version": "4.17.3",
-        "body-parser": "1.19.0",
+      "resolved": "https://registry.npmjs.org/express/-/express-4.17.3.tgz",
-        "content-disposition": "0.5.3",
+      "integrity": "sha512-yuSQpz5I+Ch7gFrPCk4/c+dIBKlQUxtgwqzph132bsT6qhuzss6I8cLJQz7B3rFblzd6wtcI0ZbGltH/C4LjUg==",
-        "content-type": "~1.0.4",
+      "requires": {
-        "cookie": "0.4.0",
+        "accepts": "~1.3.8",
-        "cookie-signature": "1.0.6",
+        "array-flatten": "1.1.1",
-        "debug": "2.6.9",
+        "body-parser": "1.19.2",
-        "depd": "~1.1.2",
+        "content-disposition": "0.5.4",
-        "encodeurl": "~1.0.2",
+        "content-type": "~1.0.4",
-        "escape-html": "~1.0.3",
+        "cookie": "0.4.2",
-        "etag": "~1.8.1",
+        "cookie-signature": "1.0.6",
-        "finalhandler": "~1.1.2",
+        "debug": "2.6.9",
-        "fresh": "0.5.2",
+        "depd": "~1.1.2",
-        "merge-descriptors": "1.0.1",
+        "encodeurl": "~1.0.2",
-        "methods": "~1.1.2",
+        "escape-html": "~1.0.3",
-        "on-finished": "~2.3.0",
+        "etag": "~1.8.1",
-        "parseurl": "~1.3.3",
+        "finalhandler": "~1.1.2",
-        "path-to-regexp": "0.1.7",
+        "fresh": "0.5.2",
-        "proxy-addr": "~2.0.5",
+        "merge-descriptors": "1.0.1",
-        "qs": "6.7.0",
+        "methods": "~1.1.2",
-        "range-parser": "~1.2.1",
+        "on-finished": "~2.3.0",
-        "safe-buffer": "5.1.2",
+        "parseurl": "~1.3.3",
-        "send": "0.17.1",
+        "path-to-regexp": "0.1.7",
-        "serve-static": "1.14.1",
+        "proxy-addr": "~2.0.7",
-        "setprototypeof": "1.1.1",
+        "qs": "6.9.7",
-        "statuses": "~1.5.0",
+        "range-parser": "~1.2.1",
-        "type-is": "~1.6.18",
+        "safe-buffer": "5.2.1",
-        "utils-merge": "1.0.1",
+        "send": "0.17.2",
-        "vary": "~1.1.2"
+        "serve-static": "1.14.2",
-      }
+        "setprototypeof": "1.2.0",
-    },
+        "statuses": "~1.5.0",
-    "finalhandler": {
+        "type-is": "~1.6.18",
-      "version": "1.1.2",
+        "utils-merge": "1.0.1",
-      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.2.tgz",
+        "vary": "~1.1.2"
-      "integrity": "sha512-aAWcW57uxVNrQZqFXjITpW3sIUQmHGG3qSb9mUah9MgMC4NeWhNOlNjXEYq3HjRAvL6arUviZGGJsBg6z0zsWA==",
+      }
-      "requires": {
+    },
-        "debug": "2.6.9",
+    "finalhandler": {
-        "encodeurl": "~1.0.2",
+      "version": "1.1.2",
-        "escape-html": "~1.0.3",
+      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.2.tgz",
-        "on-finished": "~2.3.0",
+      "integrity": "sha512-aAWcW57uxVNrQZqFXjITpW3sIUQmHGG3qSb9mUah9MgMC4NeWhNOlNjXEYq3HjRAvL6arUviZGGJsBg6z0zsWA==",
-        "parseurl": "~1.3.3",
+      "requires": {
-        "statuses": "~1.5.0",
+        "debug": "2.6.9",
-        "unpipe": "~1.0.0"
+        "encodeurl": "~1.0.2",
-      }
+        "escape-html": "~1.0.3",
-    },
+        "on-finished": "~2.3.0",
-    "forwarded": {
+        "parseurl": "~1.3.3",
-      "version": "0.1.2",
+        "statuses": "~1.5.0",
-      "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.1.2.tgz",
+        "unpipe": "~1.0.0"
-      "integrity": "sha1-mMI9qxF1ZXuMBXPozszZGw/xjIQ="
+      }
-    },
+    },
-    "fresh": {
+    "forwarded": {
-      "version": "0.5.2",
+      "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
+      "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz",
-      "integrity": "sha1-PYyt2Q2XZWn6g1qx+OSyOhBWBac="
+      "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow=="
-    },
+    },
-    "http-errors": {
+    "fresh": {
-      "version": "1.7.2",
+      "version": "0.5.2",
-      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.7.2.tgz",
+      "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
-      "integrity": "sha512-uUQBt3H/cSIVfch6i1EuPNy/YsRSOUBXTVfZ+yR7Zjez3qjBz6i9+i4zjNaoqcoFVI4lQJ5plg63TvGfRSDCRg==",
+      "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q=="
-      "requires": {
+    },
-        "depd": "~1.1.2",
+    "http-errors": {
-        "inherits": "2.0.3",
+      "version": "1.8.1",
-        "setprototypeof": "1.1.1",
+      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.8.1.tgz",
-        "statuses": ">= 1.5.0 < 2",
+      "integrity": "sha512-Kpk9Sm7NmI+RHhnj6OIWDI1d6fIoFAtFt9RLaTMRlg/8w49juAStsrBgp0Dp4OdxdVbRIeKhtCUvoi/RuAhO4g==",
-        "toidentifier": "1.0.0"
+      "requires": {
-      }
+        "depd": "~1.1.2",
-    },
+        "inherits": "2.0.4",
-    "iconv-lite": {
+        "setprototypeof": "1.2.0",
-      "version": "0.4.24",
+        "statuses": ">= 1.5.0 < 2",
-      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
+        "toidentifier": "1.0.1"
-      "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
+      }
-      "requires": {
+    },
-        "safer-buffer": ">= 2.1.2 < 3"
+    "iconv-lite": {
-      }
+      "version": "0.4.24",
-    },
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
-    "inherits": {
+      "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
-      "version": "2.0.3",
+      "requires": {
-      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
+        "safer-buffer": ">= 2.1.2 < 3"
-      "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4="
+      }
-    },
+    },
-    "ipaddr.js": {
+    "inherits": {
-      "version": "1.9.0",
+      "version": "2.0.4",
-      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.0.tgz",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
-      "integrity": "sha512-M4Sjn6N/+O6/IXSJseKqHoFc+5FdGJ22sXqnjTpdZweHK64MzEPAyQZyEU3R/KRv2GLoa7nNtg/C2Ev6m7z+eA=="
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ=="
-    },
+    },
-    "media-typer": {
+    "ipaddr.js": {
-      "version": "0.3.0",
+      "version": "1.9.1",
-      "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
+      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
-      "integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g="
+      "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g=="
-    },
+    },
-    "merge-descriptors": {
+    "media-typer": {
-      "version": "1.0.1",
+      "version": "0.3.0",
-      "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz",
+      "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
-      "integrity": "sha1-sAqqVW3YtEVoFQ7J0blT8/kMu2E="
+      "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ=="
-    },
+    },
-    "methods": {
+    "merge-descriptors": {
-      "version": "1.1.2",
+      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
+      "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz",
-      "integrity": "sha1-VSmk1nZUE07cxSZmVoNbD4Ua/O4="
+      "integrity": "sha512-cCi6g3/Zr1iqQi6ySbseM1Xvooa98N0w31jzUYrXPX2xqObmFGHJ0tQ5u74H3mVh7wLouTseZyYIq39g8cNp1w=="
-    },
+    },
-    "mime": {
+    "methods": {
-      "version": "1.6.0",
+      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
+      "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
-      "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg=="
+      "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w=="
-    },
+    },
-    "mime-db": {
+    "mime": {
-      "version": "1.40.0",
+      "version": "1.6.0",
-      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.40.0.tgz",
+      "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
-      "integrity": "sha512-jYdeOMPy9vnxEqFRRo6ZvTZ8d9oPb+k18PKoYNYUe2stVEBPPwsln/qWzdbmaIvnhZ9v2P+CuecK+fpUfsV2mA=="
+      "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg=="
-    },
+    },
-    "mime-types": {
+    "mime-db": {
-      "version": "2.1.24",
+      "version": "1.52.0",
-      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.24.tgz",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz",
-      "integrity": "sha512-WaFHS3MCl5fapm3oLxU4eYDw77IQM2ACcxQ9RIxfaC3ooc6PFuBMGZZsYpvoXS5D5QTWPieo1jjLdAm3TBP3cQ==",
+      "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg=="
-      "requires": {
+    },
-        "mime-db": "1.40.0"
+    "mime-types": {
-      }
+      "version": "2.1.35",
-    },
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz",
-    "ms": {
+      "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==",
-      "version": "2.0.0",
+      "requires": {
-      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+        "mime-db": "1.52.0"
-      "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
+      }
-    },
+    },
-    "negotiator": {
+    "ms": {
-      "version": "0.6.2",
+      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.2.tgz",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
-      "integrity": "sha512-hZXc7K2e+PgeI1eDBe/10Ard4ekbfrrqG8Ep+8Jmf4JID2bNg7NvCPOZN+kfF574pFQI7mum2AUqDidoKqcTOw=="
+      "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
-    },
+    },
-    "on-finished": {
+    "negotiator": {
-      "version": "2.3.0",
+      "version": "0.6.3",
-      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
+      "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz",
-      "integrity": "sha1-IPEzZIGwg811M3mSoWlxqi2QaUc=",
+      "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg=="
-      "requires": {
+    },
-        "ee-first": "1.1.1"
+    "on-finished": {
-      }
+      "version": "2.3.0",
-    },
+      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
-    "parseurl": {
+      "integrity": "sha512-ikqdkGAAyf/X/gPhXGvfgAytDZtDbr+bkNUJ0N9h5MI/dmdgCs3l6hoHrcUv41sRKew3jIwrp4qQDXiK99Utww==",
-      "version": "1.3.3",
+      "requires": {
-      "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
+        "ee-first": "1.1.1"
-      "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ=="
+      }
-    },
+    },
-    "path-to-regexp": {
+    "parseurl": {
-      "version": "0.1.7",
+      "version": "1.3.3",
-      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
+      "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
-      "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w="
+      "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ=="
-    },
+    },
-    "proxy-addr": {
+    "path-to-regexp": {
-      "version": "2.0.5",
+      "version": "0.1.7",
-      "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.5.tgz",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
-      "integrity": "sha512-t/7RxHXPH6cJtP0pRG6smSr9QJidhB+3kXu0KgXnbGYMgzEnUxRQ4/LDdfOwZEMyIh3/xHb8PX3t+lfL9z+YVQ==",
+      "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ=="
-      "requires": {
+    },
-        "forwarded": "~0.1.2",
+    "prom-client": {
-        "ipaddr.js": "1.9.0"
+      "version": "11.5.3",
-      }
+      "resolved": "https://registry.npmjs.org/prom-client/-/prom-client-11.5.3.tgz",
-    },
+      "integrity": "sha512-iz22FmTbtkyL2vt0MdDFY+kWof+S9UB/NACxSn2aJcewtw+EERsen0urSkZ2WrHseNdydsvcxCTAnPcSMZZv4Q==",
-    "qs": {
+      "requires": {
-      "version": "6.7.0",
+        "tdigest": "^0.1.1"
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.7.0.tgz",
+      }
-      "integrity": "sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ=="
+    },
-    },
+    "proxy-addr": {
-    "range-parser": {
+      "version": "2.0.7",
-      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
-      "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
+      "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==",
-      "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg=="
+      "requires": {
-    },
+        "forwarded": "0.2.0",
-    "raw-body": {
+        "ipaddr.js": "1.9.1"
-      "version": "2.4.0",
+      }
-      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.4.0.tgz",
+    },
-      "integrity": "sha512-4Oz8DUIwdvoa5qMJelxipzi/iJIi40O5cGV1wNYp5hvZP8ZN0T+jiNkL0QepXs+EsQ9XJ8ipEDoiH70ySUJP3Q==",
+    "qs": {
-      "requires": {
+      "version": "6.9.7",
-        "bytes": "3.1.0",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.9.7.tgz",
-        "http-errors": "1.7.2",
+      "integrity": "sha512-IhMFgUmuNpyRfxA90umL7ByLlgRXu6tIfKPpF5TmcfRLlLCckfP/g3IQmju6jjpu+Hh8rA+2p6A27ZSPOOHdKw=="
-        "iconv-lite": "0.4.24",
+    },
-        "unpipe": "1.0.0"
+    "range-parser": {
-      }
+      "version": "1.2.1",
-    },
+      "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
-    "safe-buffer": {
+      "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg=="
-      "version": "5.1.2",
+    },
-      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+    "raw-body": {
-      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+      "version": "2.4.3",
-    },
+      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.4.3.tgz",
-    "safer-buffer": {
+      "integrity": "sha512-UlTNLIcu0uzb4D2f4WltY6cVjLi+/jEN4lgEUj3E04tpMDpUlkBo/eSn6zou9hum2VMNpCCUone0O0WeJim07g==",
-      "version": "2.1.2",
+      "requires": {
-      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+        "bytes": "3.1.2",
-      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
+        "http-errors": "1.8.1",
-    },
+        "iconv-lite": "0.4.24",
-    "send": {
+        "unpipe": "1.0.0"
-      "version": "0.17.1",
+      }
-      "resolved": "https://registry.npmjs.org/send/-/send-0.17.1.tgz",
+    },
-      "integrity": "sha512-BsVKsiGcQMFwT8UxypobUKyv7irCNRHk1T0G680vk88yf6LBByGcZJOTJCrTP2xVN6yI+XjPJcNuE3V4fT9sAg==",
+    "safe-buffer": {
-      "requires": {
+      "version": "5.2.1",
-        "debug": "2.6.9",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
-        "depd": "~1.1.2",
+      "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ=="
-        "destroy": "~1.0.4",
+    },
-        "encodeurl": "~1.0.2",
+    "safer-buffer": {
-        "escape-html": "~1.0.3",
+      "version": "2.1.2",
-        "etag": "~1.8.1",
+      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
-        "fresh": "0.5.2",
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
-        "http-errors": "~1.7.2",
+    },
-        "mime": "1.6.0",
+    "send": {
-        "ms": "2.1.1",
+      "version": "0.17.2",
-        "on-finished": "~2.3.0",
+      "resolved": "https://registry.npmjs.org/send/-/send-0.17.2.tgz",
-        "range-parser": "~1.2.1",
+      "integrity": "sha512-UJYB6wFSJE3G00nEivR5rgWp8c2xXvJ3OPWPhmuteU0IKj8nKbG3DrjiOmLwpnHGYWAVwA69zmTm++YG0Hmwww==",
-        "statuses": "~1.5.0"
+      "requires": {
-      },
+        "debug": "2.6.9",
-      "dependencies": {
+        "depd": "~1.1.2",
-        "ms": {
+        "destroy": "~1.0.4",
-          "version": "2.1.1",
+        "encodeurl": "~1.0.2",
-          "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz",
+        "escape-html": "~1.0.3",
-          "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg=="
+        "etag": "~1.8.1",
-        }
+        "fresh": "0.5.2",
-      }
+        "http-errors": "1.8.1",
-    },
+        "mime": "1.6.0",
-    "serve-static": {
+        "ms": "2.1.3",
-      "version": "1.14.1",
+        "on-finished": "~2.3.0",
-      "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.14.1.tgz",
+        "range-parser": "~1.2.1",
-      "integrity": "sha512-JMrvUwE54emCYWlTI+hGrGv5I8dEwmco/00EvkzIIsR7MqrHonbD9pO2MOfFnpFntl7ecpZs+3mW+XbQZu9QCg==",
+        "statuses": "~1.5.0"
-      "requires": {
+      },
-        "encodeurl": "~1.0.2",
+      "dependencies": {
-        "escape-html": "~1.0.3",
+        "ms": {
-        "parseurl": "~1.3.3",
+          "version": "2.1.3",
-        "send": "0.17.1"
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
-      }
+          "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
-    },
+        }
-    "setprototypeof": {
+      }
-      "version": "1.1.1",
+    },
-      "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.1.tgz",
+    "serve-static": {
-      "integrity": "sha512-JvdAWfbXeIGaZ9cILp38HntZSFSo3mWg6xGcJJsd+d4aRMOqauag1C63dJfDw7OaMYwEbHMOxEZ1lqVRYP2OAw=="
+      "version": "1.14.2",
-    },
+      "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.14.2.tgz",
-    "statuses": {
+      "integrity": "sha512-+TMNA9AFxUEGuC0z2mevogSnn9MXKb4fa7ngeRMJaaGv8vTwnIEkKi+QGvPt33HSnf8pRS+WGM0EbMtCJLKMBQ==",
-      "version": "1.5.0",
+      "requires": {
-      "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz",
+        "encodeurl": "~1.0.2",
-      "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow="
+        "escape-html": "~1.0.3",
-    },
+        "parseurl": "~1.3.3",
-    "toidentifier": {
+        "send": "0.17.2"
-      "version": "1.0.0",
+      }
-      "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.0.tgz",
+    },
-      "integrity": "sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw=="
+    "setprototypeof": {
-    },
+      "version": "1.2.0",
-    "type-is": {
+      "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz",
-      "version": "1.6.18",
+      "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw=="
-      "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz",
+    },
-      "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==",
+    "statuses": {
-      "requires": {
+      "version": "1.5.0",
-        "media-typer": "0.3.0",
+      "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz",
-        "mime-types": "~2.1.24"
+      "integrity": "sha512-OpZ3zP+jT1PI7I8nemJX4AKmAX070ZkYPVWV/AaKTJl+tXCTGyVdC1a4SL8RUQYEwk/f34ZX8UTykN68FwrqAA=="
-      }
+    },
-    },
+    "tdigest": {
-    "unpipe": {
+      "version": "0.1.2",
-      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/tdigest/-/tdigest-0.1.2.tgz",
-      "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
+      "integrity": "sha512-+G0LLgjjo9BZX2MfdvPfH+MKLCrxlXSYec5DaPYP1fe6Iyhf0/fSmJ0bFiZ1F8BT6cGXl2LpltQptzjXKWEkKA==",
-      "integrity": "sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw="
+      "requires": {
-    },
+        "bintrees": "1.0.2"
-    "utils-merge": {
+      }
-      "version": "1.0.1",
+    },
-      "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
+    "toidentifier": {
-      "integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM="
+      "version": "1.0.1",
-    },
+      "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz",
-    "vary": {
+      "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA=="
-      "version": "1.1.2",
+    },
-      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
+    "type-is": {
-      "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw="
+      "version": "1.6.18",
-    }
+      "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz",
-  }
+      "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==",
-}
+      "requires": {
        "media-typer": "0.3.0",
        "mime-types": "~2.1.24"
      }
    },
    "unpipe": {
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
      "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ=="
    },
    "utils-merge": {
      "version": "1.0.1",
      "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
      "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA=="
    },
    "vary": {
      "version": "1.1.2",
      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
      "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg=="
    }
  }
 }
--- a/storage/databases/postgresql/2-configuration/README.md
+++ b/storage/databases/postgresql/2-configuration/README.md
@ -0,0 +1,189 @@
 # How to configure PostgreSQL
 This is part 2 of our PostgreSQL series. </br>
 In this chapter, we learn about fundamentals of the Postgres configuration. </br>
 Many people make the mistakes of relying directly on Kubernetes PostgreSQL controllers
 and Helm charts without having any understanding of Databases. </br>
 Let's start where we left off, and review our simple PostgreSQL database:
 ## Run a simple PostgreSQL database (docker)
 ```
 cd storage/databases/postgresql/2-configuration
 docker run -it --rm --name postgres `
  -e POSTGRES_PASSWORD=admin123 `
  -v ${PWD}/pgdata:/var/lib/postgresql/data `
  -p 5000:5432 `
  postgres:15.0
 ```
 ## Environment Variables
 Many settings can be specified using environment variables. </br>
 I generally recommend not relying on default values and set most of the settings 
 possible. </br>
 I personally prefer most or all settings in a configuration file, so it can be committed to source control. </br>
 This is where Environment variables are great because we can inject secrets there
 and keep passwords out of our configuration files and out of source control. </br>
 This will be important in Kubernetes later on. </br>
 We will not learn all or even most of the configurations in this chapter, as PostgreSQL has a lot of depth. So we will only learn what we need, one step at a time. </br>
 Let's take a look at some basic configurations [here](https://hub.docker.com/_/postgres)
 Let's set a few things here:
 | Environment Variable | Meaning |
 |----------------------|---------|
 | POSTGRES_USER        |  Username for the Postgres Admin       |
 | POSTGRES_PASSWORD    |  Password for the Postgres Admin       |
 | POSTGRES_DB          |  Default database for your Postgres Server       |
 | PGDATA               |  Path where data is stored       |
 ## Configuration files
 If we take a look at our `docker` mount that we defined in our `docker run` command: </br>
 `-v ${PWD}/pgdata:/var/lib/postgresql/data ` </br>
 The `{PWD}/pgdata` folder that we have mounted contains not only data, but some default configuration files that we can explore. </br>
 Three files are important here:
 |Configuration file | Meaning |  Documentation
 |----------------------|---------|-------|
 | pg_hba.conf        |  Host Based Authentication file       | [Official Documentation](https://www.postgresql.org/docs/current/auth-pg-hba-conf.html) |
 | pg_ident.conf    |  User Mappings file       |  [Official Documentation](https://www.postgresql.org/docs/current/auth-username-maps.html)
 | postgresql.conf          |  PostgreSQL main configuraiton       |
 ## The pg_hba.conf File
 We'll start this guide with the host based authentication file. </br>
 This file is automatically created in the data directory as we see. </br>
 We should create a copy of this file and configure it ourselves. </br>
 It controls who can access our PostgreSQL server. </br>
 Let's refer to the official documentation as well as walk through the config. </br>
 The config file itself has a great description of the contents. </br>
 As mentioned in the previous chapter, it's always good not to rely on default configurations. So let's create our own `pg_hba.conf` file. </br>
 We can grab the content from the default configuration and we may edit it as we go.
 ```
 # TYPE  DATABASE        USER            ADDRESS                 METHOD
 # "local" is for Unix domain socket connections only
 local   all             all                                     trust
 # IPv4 local connections:
 host    all             all             127.0.0.1/32            trust
 # IPv6 local connections:
 host    all             all             ::1/128                 trust
 # Allow replication connections from localhost, by a user with the
 # replication privilege.
 local   replication     all                                     trust
 host    replication     all             127.0.0.1/32            trust
 host    replication     all             ::1/128                 trust
 host all all all scram-sha-256
 ```
 ## The pg_ident.conf File
 This config file is a mapping file between system users and database users. </br>
 Let's refer to the official documentation and walk through the config. </br>
 This is not a feature that we will need in this series, so we will skip this config for the time being. </br>
 ## The postgresql.conf File
 This configuration file is the main one for PostgreSQL. </br>
 As you can see this is a large file with in-depth tuning and customization capability. </br>
 ### File Locations
 Let's set our data directory locations as well as config file locations </br>
 Our volume mount path in the container is also short and simple. </br>
 Note that we also split config from data so we have separate paths :
 ```
 data_directory = '/data'
 hba_file = '/config/pg_hba.conf'
 ident_file = '/config/pg_ident.conf'
 ```
 ### Connection and Authentication
 The shared_buffers parameter determines how much memory is dedicated to the server for caching data. The value should be set to 15% to 25% of the machine's total RAM. For example: if your machine's RAM size is 32 GB, then the recommended value for shared_buffers is 8 GB </br>
 We will take a look at `WAL` (Write Ahead Log), Archiving, Primary, and Standby configurations in a future chapter on replication </br>
 ```
 port = 5432
 listen_addresses = '*'
 max_connections = 100
 shared_buffers = 128MB
 dynamic_shared_memory_type = posix
 max_wal_size = 1GB
 min_wal_size = 80MB
 log_timezone = 'Etc/UTC'
 datestyle = 'iso, mdy'
 timezone = 'Etc/UTC'
 #locale settings
 lc_messages = 'en_US.utf8'			# locale for system error message
 lc_monetary = 'en_US.utf8'			# locale for monetary formatting
 lc_numeric = 'en_US.utf8'			# locale for number formatting
 lc_time = 'en_US.utf8'				# locale for time formatting
 default_text_search_config = 'pg_catalog.english'
 ```
 We can also include other configurations from other locations with the `include_dir` and `include` options. </br>
 We will skip these for the sake of keeping things simple. </br>
 Nested configurations can over complicate a setup and makes it hard to troubleshoot when issues occur. </br>
 ### Specifying Custom Configuration
 If we run on Linux, we need to ensure that the `postgres` user which has a user ID of `999` by default, should have access to the configuration files. </br>
 ```
 sudo chown 999:999 config/postgresql.conf
 sudo chown 999:999 config/pg_hba.conf
 sudo chown 999:999 config/pg_ident.conf
 ```
 There is another important gotcha here. </br>
 The `PGDATA` variable tells PostgreSQL where our data directory is. </br>
 Similarly, we've learnt that our configuration file also has `data_directory` which tells PostgreSQL the same. </br>
 However, the latter is only read by PostgreSQL after initialization has occurred. </br>
 PostgreSQL's initialization phase sets up directory permissions on the data directory. </br>
 If we leave out `PGDATA`, then we will get errors that the data directory is invalid. </br>
 Hence `PGDATA` is important here. </br>
 ## Running our PostgreSQL
 Finally, we can run our database with our custom configuration files:
 ```
 docker run -it --rm --name postgres `
 -e POSTGRES_USER=postgresadmin `
 -e POSTGRES_PASSWORD=admin123 `
 -e POSTGRES_DB=postgresdb `
 -e PGDATA="/data" `
 -v ${PWD}/pgdata:/data `
 -v ${PWD}/config:/config `
 -p 5000:5432 `
 postgres:15.0 -c 'config_file=/config/postgresql.conf'
 ```
 That's it for chapter two! </br>
 In [chapter 3](../3-replication/README.md), we will take a look at Replication and how to replicate our data to another PostgreSQL instance for better availability.
--- a/storage/databases/postgresql/2-configuration/config/pg_hba.conf
+++ b/storage/databases/postgresql/2-configuration/config/pg_hba.conf
@ -0,0 +1,15 @@
 # TYPE  DATABASE        USER            ADDRESS                 METHOD
 # "local" is for Unix domain socket connections only
 local   all             all                                     trust
 # IPv4 local connections:
 host    all             all             127.0.0.1/32            trust
 # IPv6 local connections:
 host    all             all             ::1/128                 trust
 # Allow replication connections from localhost, by a user with the
 # replication privilege.
 local   replication     all                                     trust
 host    replication     all             127.0.0.1/32            trust
 host    replication     all             ::1/128                 trust
 host all all all scram-sha-256
--- a/storage/databases/postgresql/2-configuration/config/pg_ident.conf
+++ b/storage/databases/postgresql/2-configuration/config/pg_ident.conf
@ -0,0 +1,42 @@
 # PostgreSQL User Name Maps
 # =========================
 #
 # Refer to the PostgreSQL documentation, chapter "Client
 # Authentication" for a complete description.  A short synopsis
 # follows.
 #
 # This file controls PostgreSQL user name mapping.  It maps external
 # user names to their corresponding PostgreSQL user names.  Records
 # are of the form:
 #
 # MAPNAME  SYSTEM-USERNAME  PG-USERNAME
 #
 # (The uppercase quantities must be replaced by actual values.)
 #
 # MAPNAME is the (otherwise freely chosen) map name that was used in
 # pg_hba.conf.  SYSTEM-USERNAME is the detected user name of the
 # client.  PG-USERNAME is the requested PostgreSQL user name.  The
 # existence of a record specifies that SYSTEM-USERNAME may connect as
 # PG-USERNAME.
 #
 # If SYSTEM-USERNAME starts with a slash (/), it will be treated as a
 # regular expression.  Optionally this can contain a capture (a
 # parenthesized subexpression).  The substring matching the capture
 # will be substituted for \1 (backslash-one) if present in
 # PG-USERNAME.
 #
 # Multiple maps may be specified in this file and used by pg_hba.conf.
 #
 # No map names are defined in the default configuration.  If all
 # system user names and PostgreSQL user names are the same, you don't
 # need anything in this file.
 #
 # This file is read on server startup and when the postmaster receives
 # a SIGHUP signal.  If you edit the file on a running system, you have
 # to SIGHUP the postmaster for the changes to take effect.  You can
 # use "pg_ctl reload" to do that.
 # Put your actual configuration here
 # ----------------------------------
 # MAPNAME       SYSTEM-USERNAME         PG-USERNAME
--- a/storage/databases/postgresql/2-configuration/config/postgresql.conf
+++ b/storage/databases/postgresql/2-configuration/config/postgresql.conf
@ -0,0 +1,27 @@
 # -----------------------------
 # PostgreSQL configuration file
 # -----------------------------
 #
 data_directory = '/data'
 hba_file = '/config/pg_hba.conf'
 ident_file = '/config/pg_ident.conf'
 port = 5432
 listen_addresses = '*'
 max_connections = 100
 shared_buffers = 128MB
 dynamic_shared_memory_type = posix
 max_wal_size = 1GB
 min_wal_size = 80MB
 log_timezone = 'Etc/UTC'
 datestyle = 'iso, mdy'
 timezone = 'Etc/UTC'
 #locale settings
 lc_messages = 'en_US.utf8'			# locale for system error message
 lc_monetary = 'en_US.utf8'			# locale for monetary formatting
 lc_numeric = 'en_US.utf8'			# locale for number formatting
 lc_time = 'en_US.utf8'				# locale for time formatting
 default_text_search_config = 'pg_catalog.english'
--- a/storage/databases/postgresql/2-configuration/docker-compose.yaml
+++ b/storage/databases/postgresql/2-configuration/docker-compose.yaml
@ -0,0 +1,21 @@
 version: '3.1'
 services:
  db:
    container_name: postgres
    image: postgres:15.0
    command: "postgres -c config_file=/config/postgresql.conf"
    environment:
      POSTGRES_USER: "postgresadmin"
      POSTGRES_PASSWORD: "admin123"
      POSTGRES_DB: "postgresdb"
      PGDATA: "/data"
    volumes:
    - ./pgdata:/data
    - ./config:/config/
    ports:
    - 5000:5432
  adminer:
    image: adminer
    restart: always
    ports:
      - 8080:8080
--- a/storage/redis/clustering/readme.md
+++ b/storage/redis/clustering/readme.md
@ -1,6 +1,8 @@
 ## Replication
 <a href="https://youtu.be/GEg7s3i6Jak" title="redis-cluster"><img src="https://i.ytimg.com/vi/GEg7s3i6Jak/hqdefault.jpg" width="20%" alt="redis-cluster" /></a> 
 Documentation [here](https://redis.io/topics/replication)
 ### Configuration
--- a/storage/redis/kubernetes/readme.md
+++ b/storage/redis/kubernetes/readme.md
@ -1,5 +1,7 @@
 # Redis on Kubernetes
 <a href="https://youtu.be/JmCn7k0PlV4" title="redis-k8s"><img src="https://i.ytimg.com/vi/JmCn7k0PlV4/hqdefault.jpg" width="20%" alt="redis-k8s" /></a> 
 Create a cluster with [kind](https://kind.sigs.k8s.io/docs/user/quick-start/)
 ```
--- a/storage/redis/readme.md
+++ b/storage/redis/readme.md
@ -1,5 +1,7 @@
 # Redis 
 <a href="https://youtu.be/L3zp347cWNw" title="redis-intro"><img src="https://i.ytimg.com/vi/L3zp347cWNw/hqdefault.jpg" width="20%" alt="redis-intro" /></a> 
 ## Docker 
 Docker image over [here](https://hub.docker.com/_/redis)
--- a/tracing/README.md
+++ b/tracing/README.md
@ -1,5 +1,7 @@
 # Introduction to Distributed Tracing
 <a href="https://youtu.be/idDu_jXqf4E" title="tracing-intro"><img src="https://i.ytimg.com/vi/idDu_jXqf4E/hqdefault.jpg" width="20%" alt="tracing-intro" /></a> 
 In this episode we take a look at distributed tracing.
 We'll take a look at the concept, what distributed tracing is, what problems it solves, how to emit traces and the platform architecture to collect traces.
		`@ -0,0 +1,3 @@`
							`# Introduction to Argo CD`

							`<a href="https://youtu.be/2WSJF7d8dUg" title="argo"><img src="https://i.ytimg.com/vi/2WSJF7d8dUg/hqdefault.jpg" width="20%" alt="introduction to argo cd" /></a>`
		`@ -0,0 +1,3 @@`
							`# Introduction to Deno with Docker`

							`<a href="https://youtu.be/4EfnECkCx8E" title="Kubernetes"><img src="https://i.ytimg.com/vi/4EfnECkCx8E/hqdefault.jpg" width="20%" alt="introduction to deno" /></a>`
		`@ -0,0 +1,3 @@`
							`# Introduction to Drone CI`

							`<a href="https://youtu.be/myCcJJ_Fk10" title="drone ci"><img src="https://i.ytimg.com/vi/myCcJJ_Fk10/hqdefault.jpg" width="20%" alt="introduction to drone ci" /></a>`
		`@ -0,0 +1,3 @@`
							`# Introduction to GitHub Actions: Self hosted runners`

							`<a href="https://youtu.be/d3isYUrPN7s" title="githubactions"><img src="https://i.ytimg.com/vi/d3isYUrPN7s/hqdefault.jpg" width="20%" alt="introduction to github actions runners" /></a>`
		`@ -0,0 +1,3 @@`
							`# Introduction to Kubernetes: Configmaps`

							`<a href="https://youtu.be/o-gXx7r7Rz4" title="k8s-cm"><img src="https://i.ytimg.com/vi/o-gXx7r7Rz4/hqdefault.jpg" width="20%" alt="k8s-cm" /></a>`
		`@ -0,0 +1,3 @@`
							`# Introduction to Kubernetes: Secrets`

							`<a href="https://youtu.be/o36yTfGDmZ0" title="k8s-secrets"><img src="https://i.ytimg.com/vi/o36yTfGDmZ0/hqdefault.jpg" width="20%" alt="k8s-secrets" /></a>`
		`@ -0,0 +1,3 @@`
							`# Introduction to Kubernetes: Services`

							`<a href="https://youtu.be/xhva6DeKqVU" title="k8s-services"><img src="https://i.ytimg.com/vi/xhva6DeKqVU/hqdefault.jpg" width="20%" alt="k8s-services" /></a>`