search

jkroepke / helm-secrets

A helm plugin that help manage secrets with Git workflow and store them anywhere
https://github.com/jkroepke/helm-secrets/wiki
Apache License 2.0
1.53k stars 129 forks source link

[Solved] SOPS + AGE still load gpg key #413

Closed kholisrag closed 1 year ago

kholisrag commented 1 year ago

Current Behavior

As I use ArgoCD, want to decrypt an file with sops + age encrypted file, but its result an error, btw I use the init container method

with logs like below : 

argocd-repo-server-6858c989d8-snpgg repo-server time="2023-10-12T22:06:38Z" level=error msg="finished unary call with code Unknown" error="Manifest generation error (cached): `helm template . --name-template monitoring --namespace monitoring --kube-version 1.27 --values secrets+age-import://helm-secrets-private-keys/key.txt?/live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml --values /tmp/51afb92c-4aac-4534-b6d9-85b1c00ec498 --api-versions admissionregistration.k8s.io/v1 --api-versions admissionregistration.k8s.io/v1/MutatingWebhookConfiguration --api-versions admissionregistration.k8s.io/v1/ValidatingWebhookConfiguration --api-versions apiextensions.k8s.io/v1 --api-versions apiextensions.k8s.io/v1/CustomResourceDefinition --api-versions apiregistration.k8s.io/v1 --api-versions apiregistration.k8s.io/v1/APIService --api-versions apps/v1 --api-versions apps/v1/ControllerRevision --api-versions apps/v1/DaemonSet --api-versions apps/v1/Deployment --api-versions apps/v1/ReplicaSet --api-versions apps/v1/StatefulSet --api-versions argoproj.io/v1alpha1 --api-versions argoproj.io/v1alpha1/AppProject --api-versions argoproj.io/v1alpha1/Application --api-versions argoproj.io/v1alpha1/ApplicationSet --api-versions auto.gke.io/v1 --api-versions auto.gke.io/v1/AllowlistedV2Workload --api-versions auto.gke.io/v1/AllowlistedWorkload --api-versions auto.gke.io/v1alpha1 --api-versions auto.gke.io/v1alpha1/AllowlistedWorkload --api-versions autoscaling.gke.io/v1beta1 --api-versions autoscaling.gke.io/v1beta1/MultidimPodAutoscaler --api-versions autoscaling.k8s.io/v1 --api-versions autoscaling.k8s.io/v1/VerticalPodAutoscaler --api-versions autoscaling.k8s.io/v1beta2 --api-versions autoscaling.k8s.io/v1beta2/VerticalPodAutoscaler --api-versions autoscaling/v1 --api-versions autoscaling/v1/HorizontalPodAutoscaler --api-versions autoscaling/v2 --api-versions autoscaling/v2/HorizontalPodAutoscaler --api-versions batch/v1 --api-versions batch/v1/CronJob --api-versions batch/v1/Job --api-versions certificates.k8s.io/v1 --api-versions certificates.k8s.io/v1/CertificateSigningRequest --api-versions cloud.google.com/v1 --api-versions cloud.google.com/v1/BackendConfig --api-versions cloud.google.com/v1beta1 --api-versions cloud.google.com/v1beta1/BackendConfig --api-versions coordination.k8s.io/v1 --api-versions coordination.k8s.io/v1/Lease --api-versions discovery.k8s.io/v1 --api-versions discovery.k8s.io/v1/EndpointSlice --api-versions events.k8s.io/v1 --api-versions events.k8s.io/v1/Event --api-versions flowcontrol.apiserver.k8s.io/v1beta2 --api-versions flowcontrol.apiserver.k8s.io/v1beta2/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta2/PriorityLevelConfiguration --api-versions flowcontrol.apiserver.k8s.io/v1beta3 --api-versions flowcontrol.apiserver.k8s.io/v1beta3/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta3/PriorityLevelConfiguration --api-versions hub.gke.io/v1 --api-versions hub.gke.io/v1/Membership --api-versions internal.autoscaling.gke.io/v1 --api-versions internal.autoscaling.gke.io/v1/CapacityRequest --api-versions monitoring.googleapis.com/v1 --api-versions monitoring.googleapis.com/v1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1/ClusterRules --api-versions monitoring.googleapis.com/v1/GlobalRules --api-versions monitoring.googleapis.com/v1/OperatorConfig --api-versions monitoring.googleapis.com/v1/PodMonitoring --api-versions monitoring.googleapis.com/v1/Rules --api-versions monitoring.googleapis.com/v1alpha1 --api-versions monitoring.googleapis.com/v1alpha1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/ClusterRules --api-versions monitoring.googleapis.com/v1alpha1/GlobalRules --api-versions monitoring.googleapis.com/v1alpha1/OperatorConfig --api-versions monitoring.googleapis.com/v1alpha1/PodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/Rules --api-versions networking.gke.io/v1 --api-versions networking.gke.io/v1/GKENetworkParamSet --api-versions networking.gke.io/v1/ManagedCertificate --api-versions networking.gke.io/v1/Network --api-versions networking.gke.io/v1/ServiceAttachment --api-versions networking.gke.io/v1beta1 --api-versions networking.gke.io/v1beta1/FrontendConfig --api-versions networking.gke.io/v1beta1/ManagedCertificate --api-versions networking.gke.io/v1beta1/ServiceAttachment --api-versions networking.gke.io/v1beta1/ServiceNetworkEndpointGroup --api-versions networking.gke.io/v1beta2 --api-versions networking.gke.io/v1beta2/ManagedCertificate --api-versions networking.k8s.io/v1 --api-versions networking.k8s.io/v1/Ingress --api-versions networking.k8s.io/v1/IngressClass --api-versions networking.k8s.io/v1/NetworkPolicy --api-versions node.k8s.io/v1 --api-versions node.k8s.io/v1/RuntimeClass --api-versions nodemanagement.gke.io/v1alpha1 --api-versions nodemanagement.gke.io/v1alpha1/UpdateInfo --api-versions operator.victoriametrics.com/v1beta1 --api-versions operator.victoriametrics.com/v1beta1/VMAgent --api-versions operator.victoriametrics.com/v1beta1/VMAlert --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanager --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanagerConfig --api-versions operator.victoriametrics.com/v1beta1/VMAuth --api-versions operator.victoriametrics.com/v1beta1/VMCluster --api-versions operator.victoriametrics.com/v1beta1/VMNodeScrape --api-versions operator.victoriametrics.com/v1beta1/VMPodScrape --api-versions operator.victoriametrics.com/v1beta1/VMProbe --api-versions operator.victoriametrics.com/v1beta1/VMRule --api-versions operator.victoriametrics.com/v1beta1/VMServiceScrape --api-versions operator.victoriametrics.com/v1beta1/VMSingle --api-versions operator.victoriametrics.com/v1beta1/VMStaticScrape --api-versions operator.victoriametrics.com/v1beta1/VMUser --api-versions policy/v1 --api-versions policy/v1/PodDisruptionBudget --api-versions rbac.authorization.k8s.io/v1 --api-versions rbac.authorization.k8s.io/v1/ClusterRole --api-versions rbac.authorization.k8s.io/v1/ClusterRoleBinding --api-versions rbac.authorization.k8s.io/v1/Role --api-versions rbac.authorization.k8s.io/v1/RoleBinding --api-versions scheduling.k8s.io/v1 --api-versions scheduling.k8s.io/v1/PriorityClass --api-versions snapshot.storage.k8s.io/v1 --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotContent --api-versions snapshot.storage.k8s.io/v1beta1 --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotContent --api-versions storage.k8s.io/v1 --api-versions storage.k8s.io/v1/CSIDriver --api-versions storage.k8s.io/v1/CSINode --api-versions storage.k8s.io/v1/CSIStorageCapacity --api-versions storage.k8s.io/v1/StorageClass --api-versions storage.k8s.io/v1/VolumeAttachment --api-versions v1 --api-versions v1/ConfigMap --api-versions v1/Endpoints --api-versions v1/Event --api-versions v1/LimitRange --api-versions v1/Namespace --api-versions v1/Node --api-versions v1/PersistentVolume --api-versions v1/PersistentVolumeClaim --api-versions v1/Pod --api-versions v1/PodTemplate --api-versions v1/ReplicationController --api-versions v1/ResourceQuota --api-versions v1/Secret --api-versions v1/Service --api-versions v1/ServiceAccount --api-versions warden.gke.io/v1 --api-versions warden.gke.io/v1/Audit --include-crds` failed exit status 2: + SCRIPT_DIR=/custom-tools/helm-plugins/helm-secrets/scripts\n+ . /custom-tools/helm-plugins/helm-secrets/scripts/lib/common.sh\n+ set -euf\n+ uname -s\n+ [ -f /proc/version ]\n+ grep -qi microsoft /proc/version\n+ . /custom-tools/helm-plugins/helm-secrets/scripts/lib/expand_vars_strict.sh\n+ set -euf\n+ . /custom-tools/helm-plugins/helm-secrets/scripts/lib/file.sh\n+ set -euf\n+ VALUES_ALLOW_SYMLINKS=false\n+ VALUES_ALLOW_ABSOLUTE_PATH=true\n+ VALUES_ALLOW_PATH_TRAVERSAL=false\n+ . /custom-tools/helm-plugins/helm-secrets/scripts/lib/file/local.sh\n+ set -euf\n+ . /custom-tools/helm-plugins/helm-secrets/scripts/lib/file/http.sh\n+ set -euf\n+ URL_VARIABLE_EXPANSION=false\n+ . /custom-tools/helm-plugins/helm-secrets/scripts/lib/file/custom.sh\n+ set -euf\n+ . /custom-tools/helm-plugins/helm-secrets/scripts/lib/backend.sh\n+ set -euf\n+ ALLOWED_BACKENDS=\n+ . /custom-tools/helm-plugins/helm-secrets/scripts/lib/backends/noop.sh\n+ . /custom-tools/helm-plugins/helm-secrets/scripts/lib/backends/sops.sh\n+ _SOPS=/custom-tools/sops\n+ . /custom-tools/helm-plugins/helm-secrets/scripts/lib/backends/vals.sh\n+ set -euf\n+ _VALS=/custom-tools/vals\n+ . /custom-tools/helm-plugins/helm-secrets/scripts/lib/http.sh\n+ set -euf\n+ HELM_BIN=/usr/local/bin/helm\n+ on_cygwin\n+ false\n+ mktemp -d\n+ TMPDIR=/tmp/tmp.KqEGj3Resz\n+ export TMPDIR\n+ mkdir -p /tmp/tmp.KqEGj3Resz\n+ [ -n  ]\n+ QUIET=false\n+ SECRET_BACKEND=sops\n+ SECRET_BACKEND_ARGS=\n+ DEC_PREFIX=\n+ DEC_SUFFIX=.dec\n+ DEC_DIR=\n+ IGNORE_MISSING_VALUES=false\n+ EVALUATE_TEMPLATES=false\n+ EVALUATE_TEMPLATES_DECODE_SECRETS=false\n+ DECRYPT_SECRETS_IN_TMP_DIR=true\n+ LOAD_GPG_KEYS=/helm-secrets-private-keys/key.txt\n+ trap _trap EXIT\n+ trap trap - EXIT; _trap; exit 1 HUP INT QUIT TERM\n+ load_secret_backend sops\n+ backend=sops\n+ [ sops =  ]\n+ [  !=  ]\n+ [ -f /custom-tools/helm-plugins/helm-secrets/scripts/lib/backends/sops.sh ]\n+ SECRET_BACKEND=sops\n+ return\n+ DEFAULT_SECRET_BACKEND=sops\n+ [ /helm-secrets-private-keys/key.txt != false ]\n+ _gpg_load_keys\n+ _mktemp -d\n+ [ 1 -eq 0 ]\n+ mktemp -d /tmp/tmp.KqEGj3Resz/XXXXXX\n+ _GNUPGHOME=/tmp/tmp.KqEGj3Resz/VFRtRX\n+ touch /tmp/tmp.KqEGj3Resz/VFRtRX/.helm-secrets\n+ export GNUPGHOME=/tmp/tmp.KqEGj3Resz/VFRtRX\n+ [ -d /helm-secrets-private-keys/key.txt ]\n+ gpg --batch --no-permission-warning --quiet --import /helm-secrets-private-keys/key.txt\ngpg: no valid OpenPGP data found.\n+ _trap\n+ command -v _trap_hook\n+ [ -n x ]\n+ [ -f /tmp/tmp.KqEGj3Resz/VFRtRX/.helm-secrets ]\n+ gpgconf --help\n+ gpgconf --kill gpg-agent\n+ rm -rf /tmp/tmp.KqEGj3Resz\nError: plugin \"secrets\" exited with error" grpc.code=Unknown grpc.method=GenerateManifest grpc.service=repository.RepoServerService grpc.start_time="2023-10-12T22:06:36Z" grpc.time_ms=2324.513 span.kind=server system=grpc

Expected Behavior

sops + age should work

Steps To Reproduce

1. GKE, ArgoCD v2.8.4+c279299, helm-secrets, ksops
2. ArgoCD Helm Values

repoServer:
  pdb:
    enabled: true
  serviceAccount:
    create: true
    name: "argocd-repo-server"
  rbac:
    - apiGroups:
        - ""
      resources:
        - secrets
      verbs:
        - get
  env:
    - name: HELM_PLUGINS
      value: /custom-tools/helm-plugins/
    - name: HELM_SECRETS_CURL_PATH
      value: /custom-tools/curl
    - name: HELM_SECRETS_SOPS_PATH
      value: /custom-tools/sops
    - name: HELM_SECRETS_VALS_PATH
      value: /custom-tools/vals
    - name: HELM_SECRETS_KUBECTL_PATH
      value: /custom-tools/kubectl
    - name: HELM_SECRETS_BACKEND
      value: sops
    - name: HELM_SECRETS_VALUES_ALLOW_SYMLINKS
      value: "false"
    - name: HELM_SECRETS_VALUES_ALLOW_ABSOLUTE_PATH
      value: "true"
    - name: HELM_SECRETS_VALUES_ALLOW_PATH_TRAVERSAL
      value: "false"
    - name: HELM_SECRETS_WRAPPER_ENABLED
      value: "true"
    - name: HELM_SECRETS_DECRYPT_SECRETS_IN_TMP_DIR
      value: "true"
    - name: HELM_SECRETS_DEBUG
      value: "false"
    - name: HELM_SECRETS_LOAD_GPG_KEYS
      value: "false"
    - name: HELM_SECRETS_HELM_PATH
      value: /usr/local/bin/helm
  volumes:
    - name: custom-tools
      emptyDir: {}
    - name: helm-secrets-private-keys
      secret:
        secretName: helm-secrets-private-keys
  volumeMounts:
    - mountPath: /custom-tools
      name: custom-tools
    - mountPath: /usr/local/sbin/helm
      subPath: helm
      name: custom-tools
    - mountPath: /usr/local/bin/kustomize
      name: custom-tools
      subPath: kustomize
    - mountPath: /usr/local/bin/ksops
      name: custom-tools
      subPath: ksops
    - mountPath: /helm-secrets-private-keys/
      name: helm-secrets-private-keys
  initContainers:
    - name: helm-secrets
      image: alpine:latest
      imagePullPolicy: IfNotPresent
      command: [sh, -ec]
      env:
        - name: HELM_SECRETS_VERSION
          value: "4.5.1"
        - name: KUBECTL_VERSION
          value: "1.27.3"
        - name: VALS_VERSION
          value: "0.28.0"
        - name: SOPS_VERSION
          value: "3.8.0"
      args:
        - |
          mkdir -pv /custom-tools/helm-plugins
          wget -qO- https://github.com/jkroepke/helm-secrets/releases/download/v$${HELM_SECRETS_VERSION}/helm-secrets.tar.gz | tar -C /custom-tools/helm-plugins -xzf-;
          wget -qO /custom-tools/curl https://github.com/moparisthebest/static-curl/releases/latest/download/curl-amd64
          wget -qO /custom-tools/sops https://github.com/getsops/sops/releases/download/v$${SOPS_VERSION}/sops-v$${SOPS_VERSION}.linux.amd64
          wget -qO /custom-tools/kubectl https://dl.k8s.io/release/v$${KUBECTL_VERSION}/bin/linux/amd64/kubectl
          wget -qO- https://github.com/helmfile/vals/releases/download/v$${VALS_VERSION}/vals_$${VALS_VERSION}_linux_amd64.tar.gz | tar -xzf- -C /custom-tools/ vals;
          cp /custom-tools/helm-plugins/helm-secrets/scripts/wrapper/helm.sh /custom-tools/helm
          chmod +x /custom-tools/*
      volumeMounts:
        - mountPath: /custom-tools
          name: custom-tools
    - name: ksops
      image: viaductoss/ksops:v4.2.3
      command: ["/bin/sh", "-c"]
      args:
        - echo "Installing KSOPS...";
          mv ksops /custom-tools/;
          mv kustomize /custom-tools/;
          echo "Done.";
      volumeMounts:
        - mountPath: /custom-tools
          name: custom-tools

configs:
  cm:
    timeout.reconciliation: 1d
    helm.valuesFileSchemes: |-
      secrets+age-import, secrets+age-import-kubernetes,
      secrets,secrets+literal,
      https, http
    kustomize.buildOptions: "--enable-alpha-plugins --enable-exec"
    resource.customizations: |-
      argoproj.io/Application:
        health.lua: |
          hs = {}
          hs.status = "Progressing"
          hs.message = ""
          if obj.status ~= nil then
            if obj.status.health ~= nil then
              hs.status = obj.status.health.status
              if obj.status.health.message ~= nil then
                hs.message = obj.status.health.message
              end
            end
          end
          return hs

server:
  pdb:
    enabled: true
  service:
    type: LoadBalancer
    annotations:
      cloud.google.com/load-balancer-type: "Internal"
    loadBalancerIP: "10.122.2.100"

Environment

Anything else?

seem like looking at the logs, the gpg load logic still happen, even after I disable it. from Argocd

jkroepke commented 1 year ago

even after I disable it. from Argocd

Did you do a hard-refresh on ArgoCD or restart the redis? By default, ArgoCD caches manifests for 24 hours

kholisrag commented 1 year ago

Did you do a hard-refresh on ArgoCD or restart the redis? By default, ArgoCD caches manifests for 24 hours

didn't touch anything on redis and do hard refresh tho @jkroepke

jkroepke commented 1 year ago

From reading the log (from that single line), I could validate, that HELM_SECRETS_LOAD_GPG_KEYS=/helm-secrets-private-keys/key.txt. I see that the configuration you provide is different. However the logs show something different.

It's exactly this code path (search for LOAD_GPG_KEYS) https://github.com/jkroepke/helm-secrets/blob/9578148f611a48c4952b40c36b08af2e6c8e1794/scripts/run.sh#L69-L79

kholisrag commented 1 year ago

sorry just messed the timeline things I guess

current update : looking at the UI, seem file not exist problems

Failed to load target state: failed to generate manifest for source 1 of 1: rpc error: code = Unknown desc = `helm template . --name-template monitoring --namespace monitoring --kube-version 1.27 --values secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml --api-versions admissionregistration.k8s.io/v1 --api-versions admissionregistration.k8s.io/v1/MutatingWebhookConfiguration --api-versions admissionregistration.k8s.io/v1/ValidatingWebhookConfiguration --api-versions apiextensions.k8s.io/v1 --api-versions apiextensions.k8s.io/v1/CustomResourceDefinition --api-versions apiregistration.k8s.io/v1 --api-versions apiregistration.k8s.io/v1/APIService --api-versions apps/v1 --api-versions apps/v1/ControllerRevision --api-versions apps/v1/DaemonSet --api-versions apps/v1/Deployment --api-versions apps/v1/ReplicaSet --api-versions apps/v1/StatefulSet --api-versions argoproj.io/v1alpha1 --api-versions argoproj.io/v1alpha1/AppProject --api-versions argoproj.io/v1alpha1/Application --api-versions argoproj.io/v1alpha1/ApplicationSet --api-versions auto.gke.io/v1 --api-versions auto.gke.io/v1/AllowlistedV2Workload --api-versions auto.gke.io/v1/AllowlistedWorkload --api-versions auto.gke.io/v1alpha1 --api-versions auto.gke.io/v1alpha1/AllowlistedWorkload --api-versions autoscaling.gke.io/v1beta1 --api-versions autoscaling.gke.io/v1beta1/MultidimPodAutoscaler --api-versions autoscaling.k8s.io/v1 --api-versions autoscaling.k8s.io/v1/VerticalPodAutoscaler --api-versions autoscaling.k8s.io/v1beta2 --api-versions autoscaling.k8s.io/v1beta2/VerticalPodAutoscaler --api-versions autoscaling/v1 --api-versions autoscaling/v1/HorizontalPodAutoscaler --api-versions autoscaling/v2 --api-versions autoscaling/v2/HorizontalPodAutoscaler --api-versions batch/v1 --api-versions batch/v1/CronJob --api-versions batch/v1/Job --api-versions certificates.k8s.io/v1 --api-versions certificates.k8s.io/v1/CertificateSigningRequest --api-versions cloud.google.com/v1 --api-versions cloud.google.com/v1/BackendConfig --api-versions cloud.google.com/v1beta1 --api-versions cloud.google.com/v1beta1/BackendConfig --api-versions coordination.k8s.io/v1 --api-versions coordination.k8s.io/v1/Lease --api-versions discovery.k8s.io/v1 --api-versions discovery.k8s.io/v1/EndpointSlice --api-versions events.k8s.io/v1 --api-versions events.k8s.io/v1/Event --api-versions flowcontrol.apiserver.k8s.io/v1beta2 --api-versions flowcontrol.apiserver.k8s.io/v1beta2/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta2/PriorityLevelConfiguration --api-versions flowcontrol.apiserver.k8s.io/v1beta3 --api-versions flowcontrol.apiserver.k8s.io/v1beta3/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta3/PriorityLevelConfiguration --api-versions hub.gke.io/v1 --api-versions hub.gke.io/v1/Membership --api-versions internal.autoscaling.gke.io/v1 --api-versions internal.autoscaling.gke.io/v1/CapacityRequest --api-versions monitoring.googleapis.com/v1 --api-versions monitoring.googleapis.com/v1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1/ClusterRules --api-versions monitoring.googleapis.com/v1/GlobalRules --api-versions monitoring.googleapis.com/v1/OperatorConfig --api-versions monitoring.googleapis.com/v1/PodMonitoring --api-versions monitoring.googleapis.com/v1/Rules --api-versions monitoring.googleapis.com/v1alpha1 --api-versions monitoring.googleapis.com/v1alpha1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/ClusterRules --api-versions monitoring.googleapis.com/v1alpha1/GlobalRules --api-versions monitoring.googleapis.com/v1alpha1/OperatorConfig --api-versions monitoring.googleapis.com/v1alpha1/PodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/Rules --api-versions networking.gke.io/v1 --api-versions networking.gke.io/v1/GKENetworkParamSet --api-versions networking.gke.io/v1/ManagedCertificate --api-versions networking.gke.io/v1/Network --api-versions networking.gke.io/v1/ServiceAttachment --api-versions networking.gke.io/v1beta1 --api-versions networking.gke.io/v1beta1/FrontendConfig --api-versions networking.gke.io/v1beta1/ManagedCertificate --api-versions networking.gke.io/v1beta1/ServiceAttachment --api-versions networking.gke.io/v1beta1/ServiceNetworkEndpointGroup --api-versions networking.gke.io/v1beta2 --api-versions networking.gke.io/v1beta2/ManagedCertificate --api-versions networking.k8s.io/v1 --api-versions networking.k8s.io/v1/Ingress --api-versions networking.k8s.io/v1/IngressClass --api-versions networking.k8s.io/v1/NetworkPolicy --api-versions node.k8s.io/v1 --api-versions node.k8s.io/v1/RuntimeClass --api-versions nodemanagement.gke.io/v1alpha1 --api-versions nodemanagement.gke.io/v1alpha1/UpdateInfo --api-versions operator.victoriametrics.com/v1beta1 --api-versions operator.victoriametrics.com/v1beta1/VMAgent --api-versions operator.victoriametrics.com/v1beta1/VMAlert --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanager --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanagerConfig --api-versions operator.victoriametrics.com/v1beta1/VMAuth --api-versions operator.victoriametrics.com/v1beta1/VMCluster --api-versions operator.victoriametrics.com/v1beta1/VMNodeScrape --api-versions operator.victoriametrics.com/v1beta1/VMPodScrape --api-versions operator.victoriametrics.com/v1beta1/VMProbe --api-versions operator.victoriametrics.com/v1beta1/VMRule --api-versions operator.victoriametrics.com/v1beta1/VMServiceScrape --api-versions operator.victoriametrics.com/v1beta1/VMSingle --api-versions operator.victoriametrics.com/v1beta1/VMStaticScrape --api-versions operator.victoriametrics.com/v1beta1/VMUser --api-versions policy/v1 --api-versions policy/v1/PodDisruptionBudget --api-versions rbac.authorization.k8s.io/v1 --api-versions rbac.authorization.k8s.io/v1/ClusterRole --api-versions rbac.authorization.k8s.io/v1/ClusterRoleBinding --api-versions rbac.authorization.k8s.io/v1/Role --api-versions rbac.authorization.k8s.io/v1/RoleBinding --api-versions scheduling.k8s.io/v1 --api-versions scheduling.k8s.io/v1/PriorityClass --api-versions snapshot.storage.k8s.io/v1 --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotContent --api-versions snapshot.storage.k8s.io/v1beta1 --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotContent --api-versions storage.k8s.io/v1 --api-versions storage.k8s.io/v1/CSIDriver --api-versions storage.k8s.io/v1/CSINode --api-versions storage.k8s.io/v1/CSIStorageCapacity --api-versions storage.k8s.io/v1/StorageClass --api-versions storage.k8s.io/v1/VolumeAttachment --api-versions v1 --api-versions v1/ConfigMap --api-versions v1/Endpoints --api-versions v1/Event --api-versions v1/LimitRange --api-versions v1/Namespace --api-versions v1/Node --api-versions v1/PersistentVolume --api-versions v1/PersistentVolumeClaim --api-versions v1/Pod --api-versions v1/PodTemplate --api-versions v1/ReplicationController --api-versions v1/ResourceQuota --api-versions v1/Secret --api-versions v1/Service --api-versions v1/ServiceAccount --api-versions warden.gke.io/v1 --api-versions warden.gke.io/v1/Audit --include-crds` failed exit status 1: + SCRIPT_DIR=/custom-tools/helm-plugins/helm-secrets/scripts + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/common.sh + set -euf + uname -s + [ -f /proc/version ] + grep -qi microsoft /proc/version + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/expand_vars_strict.sh + set -euf + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/file.sh + set -euf + VALUES_ALLOW_SYMLINKS=false + VALUES_ALLOW_ABSOLUTE_PATH=true + VALUES_ALLOW_PATH_TRAVERSAL=true + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/file/local.sh + set -euf + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/file/http.sh + set -euf + URL_VARIABLE_EXPANSION=false + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/file/custom.sh + set -euf + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/backend.sh + set -euf + ALLOWED_BACKENDS= + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/backends/noop.sh + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/backends/sops.sh + _SOPS=/custom-tools/sops + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/backends/vals.sh + set -euf + _VALS=/custom-tools/vals + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/http.sh + set -euf + HELM_BIN=/usr/local/bin/helm + on_cygwin + false + mktemp -d + TMPDIR=/tmp/tmp.bo8fFWWxer + export TMPDIR + mkdir -p /tmp/tmp.bo8fFWWxer + [ -n ] + QUIET=false + SECRET_BACKEND=sops + SECRET_BACKEND_ARGS= + DEC_PREFIX= + DEC_SUFFIX=.dec + DEC_DIR= + IGNORE_MISSING_VALUES=false + EVALUATE_TEMPLATES=false + EVALUATE_TEMPLATES_DECODE_SECRETS=false + DECRYPT_SECRETS_IN_TMP_DIR=true + LOAD_GPG_KEYS=false + trap _trap EXIT + trap trap - EXIT; _trap; exit 1 HUP INT QUIT TERM + load_secret_backend sops + backend=sops + [ sops = ] + [ != ] + [ -f /custom-tools/helm-plugins/helm-secrets/scripts/lib/backends/sops.sh ] + SECRET_BACKEND=sops + return + DEFAULT_SECRET_BACKEND=sops + [ false != false ] + [ -n ] + true + . /custom-tools/helm-plugins/helm-secrets/scripts/commands/helm.sh + set -euf + . /custom-tools/helm-plugins/helm-secrets/scripts/commands/decrypt.sh + set -euf + _mktemp + [ 0 -eq 0 ] + mktemp /tmp/tmp.bo8fFWWxer/XXXXXX + decrypted_file_list=/tmp/tmp.bo8fFWWxer/rCROye + helm_command template . --name-template monitoring --kube-version 1.27 --values secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml --api-versions admissionregistration.k8s.io/v1 --api-versions admissionregistration.k8s.io/v1/MutatingWebhookConfiguration --api-versions admissionregistration.k8s.io/v1/ValidatingWebhookConfiguration --api-versions apiextensions.k8s.io/v1 --api-versions apiextensions.k8s.io/v1/CustomResourceDefinition --api-versions apiregistration.k8s.io/v1 --api-versions apiregistration.k8s.io/v1/APIService --api-versions apps/v1 --api-versions apps/v1/ControllerRevision --api-versions apps/v1/DaemonSet --api-versions apps/v1/Deployment --api-versions apps/v1/ReplicaSet --api-versions apps/v1/StatefulSet --api-versions argoproj.io/v1alpha1 --api-versions argoproj.io/v1alpha1/AppProject --api-versions argoproj.io/v1alpha1/Application --api-versions argoproj.io/v1alpha1/ApplicationSet --api-versions auto.gke.io/v1 --api-versions auto.gke.io/v1/AllowlistedV2Workload --api-versions auto.gke.io/v1/AllowlistedWorkload --api-versions auto.gke.io/v1alpha1 --api-versions auto.gke.io/v1alpha1/AllowlistedWorkload --api-versions autoscaling.gke.io/v1beta1 --api-versions autoscaling.gke.io/v1beta1/MultidimPodAutoscaler --api-versions autoscaling.k8s.io/v1 --api-versions autoscaling.k8s.io/v1/VerticalPodAutoscaler --api-versions autoscaling.k8s.io/v1beta2 --api-versions autoscaling.k8s.io/v1beta2/VerticalPodAutoscaler --api-versions autoscaling/v1 --api-versions autoscaling/v1/HorizontalPodAutoscaler --api-versions autoscaling/v2 --api-versions autoscaling/v2/HorizontalPodAutoscaler --api-versions batch/v1 --api-versions batch/v1/CronJob --api-versions batch/v1/Job --api-versions certificates.k8s.io/v1 --api-versions certificates.k8s.io/v1/CertificateSigningRequest --api-versions cloud.google.com/v1 --api-versions cloud.google.com/v1/BackendConfig --api-versions cloud.google.com/v1beta1 --api-versions cloud.google.com/v1beta1/BackendConfig --api-versions coordination.k8s.io/v1 --api-versions coordination.k8s.io/v1/Lease --api-versions discovery.k8s.io/v1 --api-versions discovery.k8s.io/v1/EndpointSlice --api-versions events.k8s.io/v1 --api-versions events.k8s.io/v1/Event --api-versions flowcontrol.apiserver.k8s.io/v1beta2 --api-versions flowcontrol.apiserver.k8s.io/v1beta2/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta2/PriorityLevelConfiguration --api-versions flowcontrol.apiserver.k8s.io/v1beta3 --api-versions flowcontrol.apiserver.k8s.io/v1beta3/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta3/PriorityLevelConfiguration --api-versions hub.gke.io/v1 --api-versions hub.gke.io/v1/Membership --api-versions internal.autoscaling.gke.io/v1 --api-versions internal.autoscaling.gke.io/v1/CapacityRequest --api-versions monitoring.googleapis.com/v1 --api-versions monitoring.googleapis.com/v1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1/ClusterRules --api-versions monitoring.googleapis.com/v1/GlobalRules --api-versions monitoring.googleapis.com/v1/OperatorConfig --api-versions monitoring.googleapis.com/v1/PodMonitoring --api-versions monitoring.googleapis.com/v1/Rules --api-versions monitoring.googleapis.com/v1alpha1 --api-versions monitoring.googleapis.com/v1alpha1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/ClusterRules --api-versions monitoring.googleapis.com/v1alpha1/GlobalRules --api-versions monitoring.googleapis.com/v1alpha1/OperatorConfig --api-versions monitoring.googleapis.com/v1alpha1/PodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/Rules --api-versions networking.gke.io/v1 --api-versions networking.gke.io/v1/GKENetworkParamSet --api-versions networking.gke.io/v1/ManagedCertificate --api-versions networking.gke.io/v1/Network --api-versions networking.gke.io/v1/ServiceAttachment --api-versions networking.gke.io/v1beta1 --api-versions networking.gke.io/v1beta1/FrontendConfig --api-versions networking.gke.io/v1beta1/ManagedCertificate --api-versions networking.gke.io/v1beta1/ServiceAttachment --api-versions networking.gke.io/v1beta1/ServiceNetworkEndpointGroup --api-versions networking.gke.io/v1beta2 --api-versions networking.gke.io/v1beta2/ManagedCertificate --api-versions networking.k8s.io/v1 --api-versions networking.k8s.io/v1/Ingress --api-versions networking.k8s.io/v1/IngressClass --api-versions networking.k8s.io/v1/NetworkPolicy --api-versions node.k8s.io/v1 --api-versions node.k8s.io/v1/RuntimeClass --api-versions nodemanagement.gke.io/v1alpha1 --api-versions nodemanagement.gke.io/v1alpha1/UpdateInfo --api-versions operator.victoriametrics.com/v1beta1 --api-versions operator.victoriametrics.com/v1beta1/VMAgent --api-versions operator.victoriametrics.com/v1beta1/VMAlert --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanager --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanagerConfig --api-versions operator.victoriametrics.com/v1beta1/VMAuth --api-versions operator.victoriametrics.com/v1beta1/VMCluster --api-versions operator.victoriametrics.com/v1beta1/VMNodeScrape --api-versions operator.victoriametrics.com/v1beta1/VMPodScrape --api-versions operator.victoriametrics.com/v1beta1/VMProbe --api-versions operator.victoriametrics.com/v1beta1/VMRule --api-versions operator.victoriametrics.com/v1beta1/VMServiceScrape --api-versions operator.victoriametrics.com/v1beta1/VMSingle --api-versions operator.victoriametrics.com/v1beta1/VMStaticScrape --api-versions operator.victoriametrics.com/v1beta1/VMUser --api-versions policy/v1 --api-versions policy/v1/PodDisruptionBudget --api-versions rbac.authorization.k8s.io/v1 --api-versions rbac.authorization.k8s.io/v1/ClusterRole --api-versions rbac.authorization.k8s.io/v1/ClusterRoleBinding --api-versions rbac.authorization.k8s.io/v1/Role --api-versions rbac.authorization.k8s.io/v1/RoleBinding --api-versions scheduling.k8s.io/v1 --api-versions scheduling.k8s.io/v1/PriorityClass --api-versions snapshot.storage.k8s.io/v1 --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotContent --api-versions snapshot.storage.k8s.io/v1beta1 --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotContent --api-versions storage.k8s.io/v1 --api-versions storage.k8s.io/v1/CSIDriver --api-versions storage.k8s.io/v1/CSINode --api-versions storage.k8s.io/v1/CSIStorageCapacity --api-versions storage.k8s.io/v1/StorageClass --api-versions storage.k8s.io/v1/VolumeAttachment --api-versions v1 --api-versions v1/ConfigMap --api-versions v1/Endpoints --api-versions v1/Event --api-versions v1/LimitRange --api-versions v1/Namespace --api-versions v1/Node --api-versions v1/PersistentVolume --api-versions v1/PersistentVolumeClaim --api-versions v1/Pod --api-versions v1/PodTemplate --api-versions v1/ReplicationController --api-versions v1/ResourceQuota --api-versions v1/Secret --api-versions v1/Service --api-versions v1/ServiceAccount --api-versions warden.gke.io/v1 --api-versions warden.gke.io/v1/Audit --include-crds + [ 303 -lt 2 ] + is_help . + false + helm_wrapper template . --name-template monitoring --kube-version 1.27 --values secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml --api-versions admissionregistration.k8s.io/v1 --api-versions admissionregistration.k8s.io/v1/MutatingWebhookConfiguration --api-versions admissionregistration.k8s.io/v1/ValidatingWebhookConfiguration --api-versions apiextensions.k8s.io/v1 --api-versions apiextensions.k8s.io/v1/CustomResourceDefinition --api-versions apiregistration.k8s.io/v1 --api-versions apiregistration.k8s.io/v1/APIService --api-versions apps/v1 --api-versions apps/v1/ControllerRevision --api-versions apps/v1/DaemonSet --api-versions apps/v1/Deployment --api-versions apps/v1/ReplicaSet --api-versions apps/v1/StatefulSet --api-versions argoproj.io/v1alpha1 --api-versions argoproj.io/v1alpha1/AppProject --api-versions argoproj.io/v1alpha1/Application --api-versions argoproj.io/v1alpha1/ApplicationSet --api-versions auto.gke.io/v1 --api-versions auto.gke.io/v1/AllowlistedV2Workload --api-versions auto.gke.io/v1/AllowlistedWorkload --api-versions auto.gke.io/v1alpha1 --api-versions auto.gke.io/v1alpha1/AllowlistedWorkload --api-versions autoscaling.gke.io/v1beta1 --api-versions autoscaling.gke.io/v1beta1/MultidimPodAutoscaler --api-versions autoscaling.k8s.io/v1 --api-versions autoscaling.k8s.io/v1/VerticalPodAutoscaler --api-versions autoscaling.k8s.io/v1beta2 --api-versions autoscaling.k8s.io/v1beta2/VerticalPodAutoscaler --api-versions autoscaling/v1 --api-versions autoscaling/v1/HorizontalPodAutoscaler --api-versions autoscaling/v2 --api-versions autoscaling/v2/HorizontalPodAutoscaler --api-versions batch/v1 --api-versions batch/v1/CronJob --api-versions batch/v1/Job --api-versions certificates.k8s.io/v1 --api-versions certificates.k8s.io/v1/CertificateSigningRequest --api-versions cloud.google.com/v1 --api-versions cloud.google.com/v1/BackendConfig --api-versions cloud.google.com/v1beta1 --api-versions cloud.google.com/v1beta1/BackendConfig --api-versions coordination.k8s.io/v1 --api-versions coordination.k8s.io/v1/Lease --api-versions discovery.k8s.io/v1 --api-versions discovery.k8s.io/v1/EndpointSlice --api-versions events.k8s.io/v1 --api-versions events.k8s.io/v1/Event --api-versions flowcontrol.apiserver.k8s.io/v1beta2 --api-versions flowcontrol.apiserver.k8s.io/v1beta2/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta2/PriorityLevelConfiguration --api-versions flowcontrol.apiserver.k8s.io/v1beta3 --api-versions flowcontrol.apiserver.k8s.io/v1beta3/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta3/PriorityLevelConfiguration --api-versions hub.gke.io/v1 --api-versions hub.gke.io/v1/Membership --api-versions internal.autoscaling.gke.io/v1 --api-versions internal.autoscaling.gke.io/v1/CapacityRequest --api-versions monitoring.googleapis.com/v1 --api-versions monitoring.googleapis.com/v1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1/ClusterRules --api-versions monitoring.googleapis.com/v1/GlobalRules --api-versions monitoring.googleapis.com/v1/OperatorConfig --api-versions monitoring.googleapis.com/v1/PodMonitoring --api-versions monitoring.googleapis.com/v1/Rules --api-versions monitoring.googleapis.com/v1alpha1 --api-versions monitoring.googleapis.com/v1alpha1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/ClusterRules --api-versions monitoring.googleapis.com/v1alpha1/GlobalRules --api-versions monitoring.googleapis.com/v1alpha1/OperatorConfig --api-versions monitoring.googleapis.com/v1alpha1/PodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/Rules --api-versions networking.gke.io/v1 --api-versions networking.gke.io/v1/GKENetworkParamSet --api-versions networking.gke.io/v1/ManagedCertificate --api-versions networking.gke.io/v1/Network --api-versions networking.gke.io/v1/ServiceAttachment --api-versions networking.gke.io/v1beta1 --api-versions networking.gke.io/v1beta1/FrontendConfig --api-versions networking.gke.io/v1beta1/ManagedCertificate --api-versions networking.gke.io/v1beta1/ServiceAttachment --api-versions networking.gke.io/v1beta1/ServiceNetworkEndpointGroup --api-versions networking.gke.io/v1beta2 --api-versions networking.gke.io/v1beta2/ManagedCertificate --api-versions networking.k8s.io/v1 --api-versions networking.k8s.io/v1/Ingress --api-versions networking.k8s.io/v1/IngressClass --api-versions networking.k8s.io/v1/NetworkPolicy --api-versions node.k8s.io/v1 --api-versions node.k8s.io/v1/RuntimeClass --api-versions nodemanagement.gke.io/v1alpha1 --api-versions nodemanagement.gke.io/v1alpha1/UpdateInfo --api-versions operator.victoriametrics.com/v1beta1 --api-versions operator.victoriametrics.com/v1beta1/VMAgent --api-versions operator.victoriametrics.com/v1beta1/VMAlert --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanager --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanagerConfig --api-versions operator.victoriametrics.com/v1beta1/VMAuth --api-versions operator.victoriametrics.com/v1beta1/VMCluster --api-versions operator.victoriametrics.com/v1beta1/VMNodeScrape --api-versions operator.victoriametrics.com/v1beta1/VMPodScrape --api-versions operator.victoriametrics.com/v1beta1/VMProbe --api-versions operator.victoriametrics.com/v1beta1/VMRule --api-versions operator.victoriametrics.com/v1beta1/VMServiceScrape --api-versions operator.victoriametrics.com/v1beta1/VMSingle --api-versions operator.victoriametrics.com/v1beta1/VMStaticScrape --api-versions operator.victoriametrics.com/v1beta1/VMUser --api-versions policy/v1 --api-versions policy/v1/PodDisruptionBudget --api-versions rbac.authorization.k8s.io/v1 --api-versions rbac.authorization.k8s.io/v1/ClusterRole --api-versions rbac.authorization.k8s.io/v1/ClusterRoleBinding --api-versions rbac.authorization.k8s.io/v1/Role --api-versions rbac.authorization.k8s.io/v1/RoleBinding --api-versions scheduling.k8s.io/v1 --api-versions scheduling.k8s.io/v1/PriorityClass --api-versions snapshot.storage.k8s.io/v1 --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotContent --api-versions snapshot.storage.k8s.io/v1beta1 --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotContent --api-versions storage.k8s.io/v1 --api-versions storage.k8s.io/v1/CSIDriver --api-versions storage.k8s.io/v1/CSINode --api-versions storage.k8s.io/v1/CSIStorageCapacity --api-versions storage.k8s.io/v1/StorageClass --api-versions storage.k8s.io/v1/VolumeAttachment --api-versions v1 --api-versions v1/ConfigMap --api-versions v1/Endpoints --api-versions v1/Event --api-versions v1/LimitRange --api-versions v1/Namespace --api-versions v1/Node --api-versions v1/PersistentVolume --api-versions v1/PersistentVolumeClaim --api-versions v1/Pod --api-versions v1/PodTemplate --api-versions v1/ReplicationController --api-versions v1/ResourceQuota --api-versions v1/Secret --api-versions v1/Service --api-versions v1/ServiceAccount --api-versions warden.gke.io/v1 --api-versions warden.gke.io/v1/Audit --include-crds + argc=303 + j=0 + [ 0 -lt 303 ] + [ -d template ] + [ -f template ] + set -- template . --name-template monitoring --kube-version 1.27 --values secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml --api-versions admissionregistration.k8s.io/v1 --api-versions admissionregistration.k8s.io/v1/MutatingWebhookConfiguration --api-versions admissionregistration.k8s.io/v1/ValidatingWebhookConfiguration --api-versions apiextensions.k8s.io/v1 --api-versions apiextensions.k8s.io/v1/CustomResourceDefinition --api-versions apiregistration.k8s.io/v1 --api-versions apiregistration.k8s.io/v1/APIService --api-versions apps/v1 --api-versions apps/v1/ControllerRevision --api-versions apps/v1/DaemonSet --api-versions apps/v1/Deployment --api-versions apps/v1/ReplicaSet --api-versions apps/v1/StatefulSet --api-versions argoproj.io/v1alpha1 --api-versions argoproj.io/v1alpha1/AppProject --api-versions argoproj.io/v1alpha1/Application --api-versions argoproj.io/v1alpha1/ApplicationSet --api-versions auto.gke.io/v1 --api-versions auto.gke.io/v1/AllowlistedV2Workload --api-versions auto.gke.io/v1/AllowlistedWorkload --api-versions auto.gke.io/v1alpha1 --api-versions auto.gke.io/v1alpha1/AllowlistedWorkload --api-versions autoscaling.gke.io/v1beta1 --api-versions autoscaling.gke.io/v1beta1/MultidimPodAutoscaler --api-versions autoscaling.k8s.io/v1 --api-versions autoscaling.k8s.io/v1/VerticalPodAutoscaler --api-versions autoscaling.k8s.io/v1beta2 --api-versions autoscaling.k8s.io/v1beta2/VerticalPodAutoscaler --api-versions autoscaling/v1 --api-versions autoscaling/v1/HorizontalPodAutoscaler --api-versions autoscaling/v2 --api-versions autoscaling/v2/HorizontalPodAutoscaler --api-versions batch/v1 --api-versions batch/v1/CronJob --api-versions batch/v1/Job --api-versions certificates.k8s.io/v1 --api-versions certificates.k8s.io/v1/CertificateSigningRequest --api-versions cloud.google.com/v1 --api-versions cloud.google.com/v1/BackendConfig --api-versions cloud.google.com/v1beta1 --api-versions cloud.google.com/v1beta1/BackendConfig --api-versions coordination.k8s.io/v1 --api-versions coordination.k8s.io/v1/Lease --api-versions discovery.k8s.io/v1 --api-versions discovery.k8s.io/v1/EndpointSlice --api-versions events.k8s.io/v1 --api-versions events.k8s.io/v1/Event --api-versions flowcontrol.apiserver.k8s.io/v1beta2 --api-versions flowcontrol.apiserver.k8s.io/v1beta2/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta2/PriorityLevelConfiguration --api-versions flowcontrol.apiserver.k8s.io/v1beta3 --api-versions flowcontrol.apiserver.k8s.io/v1beta3/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta3/PriorityLevelConfiguration --api-versions hub.gke.io/v1 --api-versions hub.gke.io/v1/Membership --api-versions internal.autoscaling.gke.io/v1 --api-versions internal.autoscaling.gke.io/v1/CapacityRequest --api-versions monitoring.googleapis.com/v1 --api-versions monitoring.googleapis.com/v1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1/ClusterRules --api-versions monitoring.googleapis.com/v1/GlobalRules --api-versions monitoring.googleapis.com/v1/OperatorConfig --api-versions monitoring.googleapis.com/v1/PodMonitoring --api-versions monitoring.googleapis.com/v1/Rules --api-versions monitoring.googleapis.com/v1alpha1 --api-versions monitoring.googleapis.com/v1alpha1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/ClusterRules --api-versions monitoring.googleapis.com/v1alpha1/GlobalRules --api-versions monitoring.googleapis.com/v1alpha1/OperatorConfig --api-versions monitoring.googleapis.com/v1alpha1/PodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/Rules --api-versions networking.gke.io/v1 --api-versions networking.gke.io/v1/GKENetworkParamSet --api-versions networking.gke.io/v1/ManagedCertificate --api-versions networking.gke.io/v1/Network --api-versions networking.gke.io/v1/ServiceAttachment --api-versions networking.gke.io/v1beta1 --api-versions networking.gke.io/v1beta1/FrontendConfig --api-versions networking.gke.io/v1beta1/ManagedCertificate --api-versions networking.gke.io/v1beta1/ServiceAttachment --api-versions networking.gke.io/v1beta1/ServiceNetworkEndpointGroup --api-versions networking.gke.io/v1beta2 --api-versions networking.gke.io/v1beta2/ManagedCertificate --api-versions networking.k8s.io/v1 --api-versions networking.k8s.io/v1/Ingress --api-versions networking.k8s.io/v1/IngressClass --api-versions networking.k8s.io/v1/NetworkPolicy --api-versions node.k8s.io/v1 --api-versions node.k8s.io/v1/RuntimeClass --api-versions nodemanagement.gke.io/v1alpha1 --api-versions nodemanagement.gke.io/v1alpha1/UpdateInfo --api-versions operator.victoriametrics.com/v1beta1 --api-versions operator.victoriametrics.com/v1beta1/VMAgent --api-versions operator.victoriametrics.com/v1beta1/VMAlert --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanager --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanagerConfig --api-versions operator.victoriametrics.com/v1beta1/VMAuth --api-versions operator.victoriametrics.com/v1beta1/VMCluster --api-versions operator.victoriametrics.com/v1beta1/VMNodeScrape --api-versions operator.victoriametrics.com/v1beta1/VMPodScrape --api-versions operator.victoriametrics.com/v1beta1/VMProbe --api-versions operator.victoriametrics.com/v1beta1/VMRule --api-versions operator.victoriametrics.com/v1beta1/VMServiceScrape --api-versions operator.victoriametrics.com/v1beta1/VMSingle --api-versions operator.victoriametrics.com/v1beta1/VMStaticScrape --api-versions operator.victoriametrics.com/v1beta1/VMUser --api-versions policy/v1 --api-versions policy/v1/PodDisruptionBudget --api-versions rbac.authorization.k8s.io/v1 --api-versions rbac.authorization.k8s.io/v1/ClusterRole --api-versions rbac.authorization.k8s.io/v1/ClusterRoleBinding --api-versions rbac.authorization.k8s.io/v1/Role --api-versions rbac.authorization.k8s.io/v1/RoleBinding --api-versions scheduling.k8s.io/v1 --api-versions scheduling.k8s.io/v1/PriorityClass --api-versions snapshot.storage.k8s.io/v1 --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotContent --api-versions snapshot.storage.k8s.io/v1beta1 --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotContent --api-versions storage.k8s.io/v1 --api-versions storage.k8s.io/v1/CSIDriver --api-versions storage.k8s.io/v1/CSINode --api-versions storage.k8s.io/v1/CSIStorageCapacity --api-versions storage.k8s.io/v1/StorageClass --api-versions storage.k8s.io/v1/VolumeAttachment --api-versions v1 --api-versions v1/ConfigMap --api-versions v1/Endpoints --api-versions v1/Event --api-versions v1/LimitRange --api-versions v1/Namespace --api-versions v1/Node --api-versions v1/PersistentVolume --api-versions v1/PersistentVolumeClaim --api-versions v1/Pod --api-versions v1/PodTemplate --api-versions v1/ReplicationController --api-versions v1/ResourceQuota --api-versions v1/Secret --api-versions v1/Service --api-versions v1/ServiceAccount --api-versions warden.gke.io/v1 --api-versions warden.gke.io/v1/Audit --include-crds template + shift + j=1 + [ 1 -lt 303 ] + [ -d . ] + _helm_winpath . + printf %s . + set -- . --name-template monitoring --kube-version 1.27 --values secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml --api-versions admissionregistration.k8s.io/v1 --api-versions admissionregistration.k8s.io/v1/MutatingWebhookConfiguration --api-versions admissionregistration.k8s.io/v1/ValidatingWebhookConfiguration --api-versions apiextensions.k8s.io/v1 --api-versions apiextensions.k8s.io/v1/CustomResourceDefinition --api-versions apiregistration.k8s.io/v1 --api-versions apiregistration.k8s.io/v1/APIService --api-versions apps/v1 --api-versions apps/v1/ControllerRevision --api-versions apps/v1/DaemonSet --api-versions apps/v1/Deployment --api-versions apps/v1/ReplicaSet --api-versions apps/v1/StatefulSet --api-versions argoproj.io/v1alpha1 --api-versions argoproj.io/v1alpha1/AppProject --api-versions argoproj.io/v1alpha1/Application --api-versions argoproj.io/v1alpha1/ApplicationSet --api-versions auto.gke.io/v1 --api-versions auto.gke.io/v1/AllowlistedV2Workload --api-versions auto.gke.io/v1/AllowlistedWorkload --api-versions auto.gke.io/v1alpha1 --api-versions auto.gke.io/v1alpha1/AllowlistedWorkload --api-versions autoscaling.gke.io/v1beta1 --api-versions autoscaling.gke.io/v1beta1/MultidimPodAutoscaler --api-versions autoscaling.k8s.io/v1 --api-versions autoscaling.k8s.io/v1/VerticalPodAutoscaler --api-versions autoscaling.k8s.io/v1beta2 --api-versions autoscaling.k8s.io/v1beta2/VerticalPodAutoscaler --api-versions autoscaling/v1 --api-versions autoscaling/v1/HorizontalPodAutoscaler --api-versions autoscaling/v2 --api-versions autoscaling/v2/HorizontalPodAutoscaler --api-versions batch/v1 --api-versions batch/v1/CronJob --api-versions batch/v1/Job --api-versions certificates.k8s.io/v1 --api-versions certificates.k8s.io/v1/CertificateSigningRequest --api-versions cloud.google.com/v1 --api-versions cloud.google.com/v1/BackendConfig --api-versions cloud.google.com/v1beta1 --api-versions cloud.google.com/v1beta1/BackendConfig --api-versions coordination.k8s.io/v1 --api-versions coordination.k8s.io/v1/Lease --api-versions discovery.k8s.io/v1 --api-versions discovery.k8s.io/v1/EndpointSlice --api-versions events.k8s.io/v1 --api-versions events.k8s.io/v1/Event --api-versions flowcontrol.apiserver.k8s.io/v1beta2 --api-versions flowcontrol.apiserver.k8s.io/v1beta2/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta2/PriorityLevelConfiguration --api-versions flowcontrol.apiserver.k8s.io/v1beta3 --api-versions flowcontrol.apiserver.k8s.io/v1beta3/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta3/PriorityLevelConfiguration --api-versions hub.gke.io/v1 --api-versions hub.gke.io/v1/Membership --api-versions internal.autoscaling.gke.io/v1 --api-versions internal.autoscaling.gke.io/v1/CapacityRequest --api-versions monitoring.googleapis.com/v1 --api-versions monitoring.googleapis.com/v1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1/ClusterRules --api-versions monitoring.googleapis.com/v1/GlobalRules --api-versions monitoring.googleapis.com/v1/OperatorConfig --api-versions monitoring.googleapis.com/v1/PodMonitoring --api-versions monitoring.googleapis.com/v1/Rules --api-versions monitoring.googleapis.com/v1alpha1 --api-versions monitoring.googleapis.com/v1alpha1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/ClusterRules --api-versions monitoring.googleapis.com/v1alpha1/GlobalRules --api-versions monitoring.googleapis.com/v1alpha1/OperatorConfig --api-versions monitoring.googleapis.com/v1alpha1/PodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/Rules --api-versions networking.gke.io/v1 --api-versions networking.gke.io/v1/GKENetworkParamSet --api-versions networking.gke.io/v1/ManagedCertificate --api-versions networking.gke.io/v1/Network --api-versions networking.gke.io/v1/ServiceAttachment --api-versions networking.gke.io/v1beta1 --api-versions networking.gke.io/v1beta1/FrontendConfig --api-versions networking.gke.io/v1beta1/ManagedCertificate --api-versions networking.gke.io/v1beta1/ServiceAttachment --api-versions networking.gke.io/v1beta1/ServiceNetworkEndpointGroup --api-versions networking.gke.io/v1beta2 --api-versions networking.gke.io/v1beta2/ManagedCertificate --api-versions networking.k8s.io/v1 --api-versions networking.k8s.io/v1/Ingress --api-versions networking.k8s.io/v1/IngressClass --api-versions networking.k8s.io/v1/NetworkPolicy --api-versions node.k8s.io/v1 --api-versions node.k8s.io/v1/RuntimeClass --api-versions nodemanagement.gke.io/v1alpha1 --api-versions nodemanagement.gke.io/v1alpha1/UpdateInfo --api-versions operator.victoriametrics.com/v1beta1 --api-versions operator.victoriametrics.com/v1beta1/VMAgent --api-versions operator.victoriametrics.com/v1beta1/VMAlert --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanager --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanagerConfig --api-versions operator.victoriametrics.com/v1beta1/VMAuth --api-versions operator.victoriametrics.com/v1beta1/VMCluster --api-versions operator.victoriametrics.com/v1beta1/VMNodeScrape --api-versions operator.victoriametrics.com/v1beta1/VMPodScrape --api-versions operator.victoriametrics.com/v1beta1/VMProbe --api-versions operator.victoriametrics.com/v1beta1/VMRule --api-versions operator.victoriametrics.com/v1beta1/VMServiceScrape --api-versions operator.victoriametrics.com/v1beta1/VMSingle --api-versions operator.victoriametrics.com/v1beta1/VMStaticScrape --api-versions operator.victoriametrics.com/v1beta1/VMUser --api-versions policy/v1 --api-versions policy/v1/PodDisruptionBudget --api-versions rbac.authorization.k8s.io/v1 --api-versions rbac.authorization.k8s.io/v1/ClusterRole --api-versions rbac.authorization.k8s.io/v1/ClusterRoleBinding --api-versions rbac.authorization.k8s.io/v1/Role --api-versions rbac.authorization.k8s.io/v1/RoleBinding --api-versions scheduling.k8s.io/v1 --api-versions scheduling.k8s.io/v1/PriorityClass --api-versions snapshot.storage.k8s.io/v1 --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotContent --api-versions snapshot.storage.k8s.io/v1beta1 --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotContent --api-versions storage.k8s.io/v1 --api-versions storage.k8s.io/v1/CSIDriver --api-versions storage.k8s.io/v1/CSINode --api-versions storage.k8s.io/v1/CSIStorageCapacity --api-versions storage.k8s.io/v1/StorageClass --api-versions storage.k8s.io/v1/VolumeAttachment --api-versions v1 --api-versions v1/ConfigMap --api-versions v1/Endpoints --api-versions v1/Event --api-versions v1/LimitRange --api-versions v1/Namespace --api-versions v1/Node --api-versions v1/PersistentVolume --api-versions v1/PersistentVolumeClaim --api-versions v1/Pod --api-versions v1/PodTemplate --api-versions v1/ReplicationController --api-versions v1/ResourceQuota --api-versions v1/Secret --api-versions v1/Service --api-versions v1/ServiceAccount --api-versions warden.gke.io/v1 --api-versions warden.gke.io/v1/Audit --include-crds template . + shift + j=2 + [ 2 -lt 303 ] + [ -d --name-template ] + [ -f --name-template ] + set -- --name-template monitoring --kube-version 1.27 --values secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml --api-versions admissionregistration.k8s.io/v1 --api-versions admissionregistration.k8s.io/v1/MutatingWebhookConfiguration --api-versions admissionregistration.k8s.io/v1/ValidatingWebhookConfiguration --api-versions apiextensions.k8s.io/v1 --api-versions apiextensions.k8s.io/v1/CustomResourceDefinition --api-versions apiregistration.k8s.io/v1 --api-versions apiregistration.k8s.io/v1/APIService --api-versions apps/v1 --api-versions apps/v1/ControllerRevision --api-versions apps/v1/DaemonSet --api-versions apps/v1/Deployment --api-versions apps/v1/ReplicaSet --api-versions apps/v1/StatefulSet --api-versions argoproj.io/v1alpha1 --api-versions argoproj.io/v1alpha1/AppProject --api-versions argoproj.io/v1alpha1/Application --api-versions argoproj.io/v1alpha1/ApplicationSet --api-versions auto.gke.io/v1 --api-versions auto.gke.io/v1/AllowlistedV2Workload --api-versions auto.gke.io/v1/AllowlistedWorkload --api-versions auto.gke.io/v1alpha1 --api-versions auto.gke.io/v1alpha1/AllowlistedWorkload --api-versions autoscaling.gke.io/v1beta1 --api-versions autoscaling.gke.io/v1beta1/MultidimPodAutoscaler --api-versions autoscaling.k8s.io/v1 --api-versions autoscaling.k8s.io/v1/VerticalPodAutoscaler --api-versions autoscaling.k8s.io/v1beta2 --api-versions autoscaling.k8s.io/v1beta2/VerticalPodAutoscaler --api-versions autoscaling/v1 --api-versions autoscaling/v1/HorizontalPodAutoscaler --api-versions autoscaling/v2 --api-versions autoscaling/v2/HorizontalPodAutoscaler --api-versions batch/v1 --api-versions batch/v1/CronJob --api-versions batch/v1/Job --api-versions certificates.k8s.io/v1 --api-versions certificates.k8s.io/v1/CertificateSigningRequest --api-versions cloud.google.com/v1 --api-versions cloud.google.com/v1/BackendConfig --api-versions cloud.google.com/v1beta1 --api-versions cloud.google.com/v1beta1/BackendConfig --api-versions coordination.k8s.io/v1 --api-versions coordination.k8s.io/v1/Lease --api-versions discovery.k8s.io/v1 --api-versions discovery.k8s.io/v1/EndpointSlice --api-versions events.k8s.io/v1 --api-versions events.k8s.io/v1/Event --api-versions flowcontrol.apiserver.k8s.io/v1beta2 --api-versions flowcontrol.apiserver.k8s.io/v1beta2/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta2/PriorityLevelConfiguration --api-versions flowcontrol.apiserver.k8s.io/v1beta3 --api-versions flowcontrol.apiserver.k8s.io/v1beta3/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta3/PriorityLevelConfiguration --api-versions hub.gke.io/v1 --api-versions hub.gke.io/v1/Membership --api-versions internal.autoscaling.gke.io/v1 --api-versions internal.autoscaling.gke.io/v1/CapacityRequest --api-versions monitoring.googleapis.com/v1 --api-versions monitoring.googleapis.com/v1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1/ClusterRules --api-versions monitoring.googleapis.com/v1/GlobalRules --api-versions monitoring.googleapis.com/v1/OperatorConfig --api-versions monitoring.googleapis.com/v1/PodMonitoring --api-versions monitoring.googleapis.com/v1/Rules --api-versions monitoring.googleapis.com/v1alpha1 --api-versions monitoring.googleapis.com/v1alpha1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/ClusterRules --api-versions monitoring.googleapis.com/v1alpha1/GlobalRules --api-versions monitoring.googleapis.com/v1alpha1/OperatorConfig --api-versions monitoring.googleapis.com/v1alpha1/PodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/Rules --api-versions networking.gke.io/v1 --api-versions networking.gke.io/v1/GKENetworkParamSet --api-versions networking.gke.io/v1/ManagedCertificate --api-versions networking.gke.io/v1/Network --api-versions networking.gke.io/v1/ServiceAttachment --api-versions networking.gke.io/v1beta1 --api-versions networking.gke.io/v1beta1/FrontendConfig --api-versions networking.gke.io/v1beta1/ManagedCertificate --api-versions networking.gke.io/v1beta1/ServiceAttachment --api-versions networking.gke.io/v1beta1/ServiceNetworkEndpointGroup --api-versions networking.gke.io/v1beta2 --api-versions networking.gke.io/v1beta2/ManagedCertificate --api-versions networking.k8s.io/v1 --api-versions networking.k8s.io/v1/Ingress --api-versions networking.k8s.io/v1/IngressClass --api-versions networking.k8s.io/v1/NetworkPolicy --api-versions node.k8s.io/v1 --api-versions node.k8s.io/v1/RuntimeClass --api-versions nodemanagement.gke.io/v1alpha1 --api-versions nodemanagement.gke.io/v1alpha1/UpdateInfo --api-versions operator.victoriametrics.com/v1beta1 --api-versions operator.victoriametrics.com/v1beta1/VMAgent --api-versions operator.victoriametrics.com/v1beta1/VMAlert --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanager --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanagerConfig --api-versions operator.victoriametrics.com/v1beta1/VMAuth --api-versions operator.victoriametrics.com/v1beta1/VMCluster --api-versions operator.victoriametrics.com/v1beta1/VMNodeScrape --api-versions operator.victoriametrics.com/v1beta1/VMPodScrape --api-versions operator.victoriametrics.com/v1beta1/VMProbe --api-versions operator.victoriametrics.com/v1beta1/VMRule --api-versions operator.victoriametrics.com/v1beta1/VMServiceScrape --api-versions operator.victoriametrics.com/v1beta1/VMSingle --api-versions operator.victoriametrics.com/v1beta1/VMStaticScrape --api-versions operator.victoriametrics.com/v1beta1/VMUser --api-versions policy/v1 --api-versions policy/v1/PodDisruptionBudget --api-versions rbac.authorization.k8s.io/v1 --api-versions rbac.authorization.k8s.io/v1/ClusterRole --api-versions rbac.authorization.k8s.io/v1/ClusterRoleBinding --api-versions rbac.authorization.k8s.io/v1/Role --api-versions rbac.authorization.k8s.io/v1/RoleBinding --api-versions scheduling.k8s.io/v1 --api-versions scheduling.k8s.io/v1/PriorityClass --api-versions snapshot.storage.k8s.io/v1 --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotContent --api-versions snapshot.storage.k8s.io/v1beta1 --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotContent --api-versions storage.k8s.io/v1 --api-versions storage.k8s.io/v1/CSIDriver --api-versions storage.k8s.io/v1/CSINode --api-versions storage.k8s.io/v1/CSIStorageCapacity --api-versions storage.k8s.io/v1/StorageClass --api-versions storage.k8s.io/v1/VolumeAttachment --api-versions v1 --api-versions v1/ConfigMap --api-versions v1/Endpoints --api-versions v1/Event --api-versions v1/LimitRange --api-versions v1/Namespace --api-versions v1/Node --api-versions v1/PersistentVolume --api-versions v1/PersistentVolumeClaim --api-versions v1/Pod --api-versions v1/PodTemplate --api-versions v1/ReplicationController --api-versions v1/ResourceQuota --api-versions v1/Secret --api-versions v1/Service --api-versions v1/ServiceAccount --api-versions warden.gke.io/v1 --api-versions warden.gke.io/v1/Audit --include-crds template . --name-template + shift + j=3 + [ 3 -lt 303 ] + [ -d monitoring ] + [ -f monitoring ] + set -- monitoring --kube-version 1.27 --values secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml --api-versions admissionregistration.k8s.io/v1 --api-versions admissionregistration.k8s.io/v1/MutatingWebhookConfiguration --api-versions admissionregistration.k8s.io/v1/ValidatingWebhookConfiguration --api-versions apiextensions.k8s.io/v1 --api-versions apiextensions.k8s.io/v1/CustomResourceDefinition --api-versions apiregistration.k8s.io/v1 --api-versions apiregistration.k8s.io/v1/APIService --api-versions apps/v1 --api-versions apps/v1/ControllerRevision --api-versions apps/v1/DaemonSet --api-versions apps/v1/Deployment --api-versions apps/v1/ReplicaSet --api-versions apps/v1/StatefulSet --api-versions argoproj.io/v1alpha1 --api-versions argoproj.io/v1alpha1/AppProject --api-versions argoproj.io/v1alpha1/Application --api-versions argoproj.io/v1alpha1/ApplicationSet --api-versions auto.gke.io/v1 --api-versions auto.gke.io/v1/AllowlistedV2Workload --api-versions auto.gke.io/v1/AllowlistedWorkload --api-versions auto.gke.io/v1alpha1 --api-versions auto.gke.io/v1alpha1/AllowlistedWorkload --api-versions autoscaling.gke.io/v1beta1 --api-versions autoscaling.gke.io/v1beta1/MultidimPodAutoscaler --api-versions autoscaling.k8s.io/v1 --api-versions autoscaling.k8s.io/v1/VerticalPodAutoscaler --api-versions autoscaling.k8s.io/v1beta2 --api-versions autoscaling.k8s.io/v1beta2/VerticalPodAutoscaler --api-versions autoscaling/v1 --api-versions autoscaling/v1/HorizontalPodAutoscaler --api-versions autoscaling/v2 --api-versions autoscaling/v2/HorizontalPodAutoscaler --api-versions batch/v1 --api-versions batch/v1/CronJob --api-versions batch/v1/Job --api-versions certificates.k8s.io/v1 --api-versions certificates.k8s.io/v1/CertificateSigningRequest --api-versions cloud.google.com/v1 --api-versions cloud.google.com/v1/BackendConfig --api-versions cloud.google.com/v1beta1 --api-versions cloud.google.com/v1beta1/BackendConfig --api-versions coordination.k8s.io/v1 --api-versions coordination.k8s.io/v1/Lease --api-versions discovery.k8s.io/v1 --api-versions discovery.k8s.io/v1/EndpointSlice --api-versions events.k8s.io/v1 --api-versions events.k8s.io/v1/Event --api-versions flowcontrol.apiserver.k8s.io/v1beta2 --api-versions flowcontrol.apiserver.k8s.io/v1beta2/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta2/PriorityLevelConfiguration --api-versions flowcontrol.apiserver.k8s.io/v1beta3 --api-versions flowcontrol.apiserver.k8s.io/v1beta3/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta3/PriorityLevelConfiguration --api-versions hub.gke.io/v1 --api-versions hub.gke.io/v1/Membership --api-versions internal.autoscaling.gke.io/v1 --api-versions internal.autoscaling.gke.io/v1/CapacityRequest --api-versions monitoring.googleapis.com/v1 --api-versions monitoring.googleapis.com/v1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1/ClusterRules --api-versions monitoring.googleapis.com/v1/GlobalRules --api-versions monitoring.googleapis.com/v1/OperatorConfig --api-versions monitoring.googleapis.com/v1/PodMonitoring --api-versions monitoring.googleapis.com/v1/Rules --api-versions monitoring.googleapis.com/v1alpha1 --api-versions monitoring.googleapis.com/v1alpha1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/ClusterRules --api-versions monitoring.googleapis.com/v1alpha1/GlobalRules --api-versions monitoring.googleapis.com/v1alpha1/OperatorConfig --api-versions monitoring.googleapis.com/v1alpha1/PodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/Rules --api-versions networking.gke.io/v1 --api-versions networking.gke.io/v1/GKENetworkParamSet --api-versions networking.gke.io/v1/ManagedCertificate --api-versions networking.gke.io/v1/Network --api-versions networking.gke.io/v1/ServiceAttachment --api-versions networking.gke.io/v1beta1 --api-versions networking.gke.io/v1beta1/FrontendConfig --api-versions networking.gke.io/v1beta1/ManagedCertificate --api-versions networking.gke.io/v1beta1/ServiceAttachment --api-versions networking.gke.io/v1beta1/ServiceNetworkEndpointGroup --api-versions networking.gke.io/v1beta2 --api-versions networking.gke.io/v1beta2/ManagedCertificate --api-versions networking.k8s.io/v1 --api-versions networking.k8s.io/v1/Ingress --api-versions networking.k8s.io/v1/IngressClass --api-versions networking.k8s.io/v1/NetworkPolicy --api-versions node.k8s.io/v1 --api-versions node.k8s.io/v1/RuntimeClass --api-versions nodemanagement.gke.io/v1alpha1 --api-versions nodemanagement.gke.io/v1alpha1/UpdateInfo --api-versions operator.victoriametrics.com/v1beta1 --api-versions operator.victoriametrics.com/v1beta1/VMAgent --api-versions operator.victoriametrics.com/v1beta1/VMAlert --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanager --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanagerConfig --api-versions operator.victoriametrics.com/v1beta1/VMAuth --api-versions operator.victoriametrics.com/v1beta1/VMCluster --api-versions operator.victoriametrics.com/v1beta1/VMNodeScrape --api-versions operator.victoriametrics.com/v1beta1/VMPodScrape --api-versions operator.victoriametrics.com/v1beta1/VMProbe --api-versions operator.victoriametrics.com/v1beta1/VMRule --api-versions operator.victoriametrics.com/v1beta1/VMServiceScrape --api-versions operator.victoriametrics.com/v1beta1/VMSingle --api-versions operator.victoriametrics.com/v1beta1/VMStaticScrape --api-versions operator.victoriametrics.com/v1beta1/VMUser --api-versions policy/v1 --api-versions policy/v1/PodDisruptionBudget --api-versions rbac.authorization.k8s.io/v1 --api-versions rbac.authorization.k8s.io/v1/ClusterRole --api-versions rbac.authorization.k8s.io/v1/ClusterRoleBinding --api-versions rbac.authorization.k8s.io/v1/Role --api-versions rbac.authorization.k8s.io/v1/RoleBinding --api-versions scheduling.k8s.io/v1 --api-versions scheduling.k8s.io/v1/PriorityClass --api-versions snapshot.storage.k8s.io/v1 --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotContent --api-versions snapshot.storage.k8s.io/v1beta1 --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotContent --api-versions storage.k8s.io/v1 --api-versions storage.k8s.io/v1/CSIDriver --api-versions storage.k8s.io/v1/CSINode --api-versions storage.k8s.io/v1/CSIStorageCapacity --api-versions storage.k8s.io/v1/StorageClass --api-versions storage.k8s.io/v1/VolumeAttachment --api-versions v1 --api-versions v1/ConfigMap --api-versions v1/Endpoints --api-versions v1/Event --api-versions v1/LimitRange --api-versions v1/Namespace --api-versions v1/Node --api-versions v1/PersistentVolume --api-versions v1/PersistentVolumeClaim --api-versions v1/Pod --api-versions v1/PodTemplate --api-versions v1/ReplicationController --api-versions v1/ResourceQuota --api-versions v1/Secret --api-versions v1/Service --api-versions v1/ServiceAccount --api-versions warden.gke.io/v1 --api-versions warden.gke.io/v1/Audit --include-crds template . --name-template monitoring + shift + j=4 + [ 4 -lt 303 ] + [ -d --kube-version ] + [ -f --kube-version ] + set -- --kube-version 1.27 --values secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml --api-versions admissionregistration.k8s.io/v1 --api-versions admissionregistration.k8s.io/v1/MutatingWebhookConfiguration --api-versions admissionregistration.k8s.io/v1/ValidatingWebhookConfiguration --api-versions apiextensions.k8s.io/v1 --api-versions apiextensions.k8s.io/v1/CustomResourceDefinition --api-versions apiregistration.k8s.io/v1 --api-versions apiregistration.k8s.io/v1/APIService --api-versions apps/v1 --api-versions apps/v1/ControllerRevision --api-versions apps/v1/DaemonSet --api-versions apps/v1/Deployment --api-versions apps/v1/ReplicaSet --api-versions apps/v1/StatefulSet --api-versions argoproj.io/v1alpha1 --api-versions argoproj.io/v1alpha1/AppProject --api-versions argoproj.io/v1alpha1/Application --api-versions argoproj.io/v1alpha1/ApplicationSet --api-versions auto.gke.io/v1 --api-versions auto.gke.io/v1/AllowlistedV2Workload --api-versions auto.gke.io/v1/AllowlistedWorkload --api-versions auto.gke.io/v1alpha1 --api-versions auto.gke.io/v1alpha1/AllowlistedWorkload --api-versions autoscaling.gke.io/v1beta1 --api-versions autoscaling.gke.io/v1beta1/MultidimPodAutoscaler --api-versions autoscaling.k8s.io/v1 --api-versions autoscaling.k8s.io/v1/VerticalPodAutoscaler --api-versions autoscaling.k8s.io/v1beta2 --api-versions autoscaling.k8s.io/v1beta2/VerticalPodAutoscaler --api-versions autoscaling/v1 --api-versions autoscaling/v1/HorizontalPodAutoscaler --api-versions autoscaling/v2 --api-versions autoscaling/v2/HorizontalPodAutoscaler --api-versions batch/v1 --api-versions batch/v1/CronJob --api-versions batch/v1/Job --api-versions certificates.k8s.io/v1 --api-versions certificates.k8s.io/v1/CertificateSigningRequest --api-versions cloud.google.com/v1 --api-versions cloud.google.com/v1/BackendConfig --api-versions cloud.google.com/v1beta1 --api-versions cloud.google.com/v1beta1/BackendConfig --api-versions coordination.k8s.io/v1 --api-versions coordination.k8s.io/v1/Lease --api-versions discovery.k8s.io/v1 --api-versions discovery.k8s.io/v1/EndpointSlice --api-versions events.k8s.io/v1 --api-versions events.k8s.io/v1/Event --api-versions flowcontrol.apiserver.k8s.io/v1beta2 --api-versions flowcontrol.apiserver.k8s.io/v1beta2/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta2/PriorityLevelConfiguration --api-versions flowcontrol.apiserver.k8s.io/v1beta3 --api-versions flowcontrol.apiserver.k8s.io/v1beta3/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta3/PriorityLevelConfiguration --api-versions hub.gke.io/v1 --api-versions hub.gke.io/v1/Membership --api-versions internal.autoscaling.gke.io/v1 --api-versions internal.autoscaling.gke.io/v1/CapacityRequest --api-versions monitoring.googleapis.com/v1 --api-versions monitoring.googleapis.com/v1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1/ClusterRules --api-versions monitoring.googleapis.com/v1/GlobalRules --api-versions monitoring.googleapis.com/v1/OperatorConfig --api-versions monitoring.googleapis.com/v1/PodMonitoring --api-versions monitoring.googleapis.com/v1/Rules --api-versions monitoring.googleapis.com/v1alpha1 --api-versions monitoring.googleapis.com/v1alpha1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/ClusterRules --api-versions monitoring.googleapis.com/v1alpha1/GlobalRules --api-versions monitoring.googleapis.com/v1alpha1/OperatorConfig --api-versions monitoring.googleapis.com/v1alpha1/PodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/Rules --api-versions networking.gke.io/v1 --api-versions networking.gke.io/v1/GKENetworkParamSet --api-versions networking.gke.io/v1/ManagedCertificate --api-versions networking.gke.io/v1/Network --api-versions networking.gke.io/v1/ServiceAttachment --api-versions networking.gke.io/v1beta1 --api-versions networking.gke.io/v1beta1/FrontendConfig --api-versions networking.gke.io/v1beta1/ManagedCertificate --api-versions networking.gke.io/v1beta1/ServiceAttachment --api-versions networking.gke.io/v1beta1/ServiceNetworkEndpointGroup --api-versions networking.gke.io/v1beta2 --api-versions networking.gke.io/v1beta2/ManagedCertificate --api-versions networking.k8s.io/v1 --api-versions networking.k8s.io/v1/Ingress --api-versions networking.k8s.io/v1/IngressClass --api-versions networking.k8s.io/v1/NetworkPolicy --api-versions node.k8s.io/v1 --api-versions node.k8s.io/v1/RuntimeClass --api-versions nodemanagement.gke.io/v1alpha1 --api-versions nodemanagement.gke.io/v1alpha1/UpdateInfo --api-versions operator.victoriametrics.com/v1beta1 --api-versions operator.victoriametrics.com/v1beta1/VMAgent --api-versions operator.victoriametrics.com/v1beta1/VMAlert --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanager --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanagerConfig --api-versions operator.victoriametrics.com/v1beta1/VMAuth --api-versions operator.victoriametrics.com/v1beta1/VMCluster --api-versions operator.victoriametrics.com/v1beta1/VMNodeScrape --api-versions operator.victoriametrics.com/v1beta1/VMPodScrape --api-versions operator.victoriametrics.com/v1beta1/VMProbe --api-versions operator.victoriametrics.com/v1beta1/VMRule --api-versions operator.victoriametrics.com/v1beta1/VMServiceScrape --api-versions operator.victoriametrics.com/v1beta1/VMSingle --api-versions operator.victoriametrics.com/v1beta1/VMStaticScrape --api-versions operator.victoriametrics.com/v1beta1/VMUser --api-versions policy/v1 --api-versions policy/v1/PodDisruptionBudget --api-versions rbac.authorization.k8s.io/v1 --api-versions rbac.authorization.k8s.io/v1/ClusterRole --api-versions rbac.authorization.k8s.io/v1/ClusterRoleBinding --api-versions rbac.authorization.k8s.io/v1/Role --api-versions rbac.authorization.k8s.io/v1/RoleBinding --api-versions scheduling.k8s.io/v1 --api-versions scheduling.k8s.io/v1/PriorityClass --api-versions snapshot.storage.k8s.io/v1 --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotContent --api-versions snapshot.storage.k8s.io/v1beta1 --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotContent --api-versions storage.k8s.io/v1 --api-versions storage.k8s.io/v1/CSIDriver --api-versions storage.k8s.io/v1/CSINode --api-versions storage.k8s.io/v1/CSIStorageCapacity --api-versions storage.k8s.io/v1/StorageClass --api-versions storage.k8s.io/v1/VolumeAttachment --api-versions v1 --api-versions v1/ConfigMap --api-versions v1/Endpoints --api-versions v1/Event --api-versions v1/LimitRange --api-versions v1/Namespace --api-versions v1/Node --api-versions v1/PersistentVolume --api-versions v1/PersistentVolumeClaim --api-versions v1/Pod --api-versions v1/PodTemplate --api-versions v1/ReplicationController --api-versions v1/ResourceQuota --api-versions v1/Secret --api-versions v1/Service --api-versions v1/ServiceAccount --api-versions warden.gke.io/v1 --api-versions warden.gke.io/v1/Audit --include-crds template . --name-template monitoring --kube-version + shift + j=5 + [ 5 -lt 303 ] + [ -d 1.27 ] + [ -f 1.27 ] + set -- 1.27 --values secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml --api-versions admissionregistration.k8s.io/v1 --api-versions admissionregistration.k8s.io/v1/MutatingWebhookConfiguration --api-versions admissionregistration.k8s.io/v1/ValidatingWebhookConfiguration --api-versions apiextensions.k8s.io/v1 --api-versions apiextensions.k8s.io/v1/CustomResourceDefinition --api-versions apiregistration.k8s.io/v1 --api-versions apiregistration.k8s.io/v1/APIService --api-versions apps/v1 --api-versions apps/v1/ControllerRevision --api-versions apps/v1/DaemonSet --api-versions apps/v1/Deployment --api-versions apps/v1/ReplicaSet --api-versions apps/v1/StatefulSet --api-versions argoproj.io/v1alpha1 --api-versions argoproj.io/v1alpha1/AppProject --api-versions argoproj.io/v1alpha1/Application --api-versions argoproj.io/v1alpha1/ApplicationSet --api-versions auto.gke.io/v1 --api-versions auto.gke.io/v1/AllowlistedV2Workload --api-versions auto.gke.io/v1/AllowlistedWorkload --api-versions auto.gke.io/v1alpha1 --api-versions auto.gke.io/v1alpha1/AllowlistedWorkload --api-versions autoscaling.gke.io/v1beta1 --api-versions autoscaling.gke.io/v1beta1/MultidimPodAutoscaler --api-versions autoscaling.k8s.io/v1 --api-versions autoscaling.k8s.io/v1/VerticalPodAutoscaler --api-versions autoscaling.k8s.io/v1beta2 --api-versions autoscaling.k8s.io/v1beta2/VerticalPodAutoscaler --api-versions autoscaling/v1 --api-versions autoscaling/v1/HorizontalPodAutoscaler --api-versions autoscaling/v2 --api-versions autoscaling/v2/HorizontalPodAutoscaler --api-versions batch/v1 --api-versions batch/v1/CronJob --api-versions batch/v1/Job --api-versions certificates.k8s.io/v1 --api-versions certificates.k8s.io/v1/CertificateSigningRequest --api-versions cloud.google.com/v1 --api-versions cloud.google.com/v1/BackendConfig --api-versions cloud.google.com/v1beta1 --api-versions cloud.google.com/v1beta1/BackendConfig --api-versions coordination.k8s.io/v1 --api-versions coordination.k8s.io/v1/Lease --api-versions discovery.k8s.io/v1 --api-versions discovery.k8s.io/v1/EndpointSlice --api-versions events.k8s.io/v1 --api-versions events.k8s.io/v1/Event --api-versions flowcontrol.apiserver.k8s.io/v1beta2 --api-versions flowcontrol.apiserver.k8s.io/v1beta2/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta2/PriorityLevelConfiguration --api-versions flowcontrol.apiserver.k8s.io/v1beta3 --api-versions flowcontrol.apiserver.k8s.io/v1beta3/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta3/PriorityLevelConfiguration --api-versions hub.gke.io/v1 --api-versions hub.gke.io/v1/Membership --api-versions internal.autoscaling.gke.io/v1 --api-versions internal.autoscaling.gke.io/v1/CapacityRequest --api-versions monitoring.googleapis.com/v1 --api-versions monitoring.googleapis.com/v1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1/ClusterRules --api-versions monitoring.googleapis.com/v1/GlobalRules --api-versions monitoring.googleapis.com/v1/OperatorConfig --api-versions monitoring.googleapis.com/v1/PodMonitoring --api-versions monitoring.googleapis.com/v1/Rules --api-versions monitoring.googleapis.com/v1alpha1 --api-versions monitoring.googleapis.com/v1alpha1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/ClusterRules --api-versions monitoring.googleapis.com/v1alpha1/GlobalRules --api-versions monitoring.googleapis.com/v1alpha1/OperatorConfig --api-versions monitoring.googleapis.com/v1alpha1/PodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/Rules --api-versions networking.gke.io/v1 --api-versions networking.gke.io/v1/GKENetworkParamSet --api-versions networking.gke.io/v1/ManagedCertificate --api-versions networking.gke.io/v1/Network --api-versions networking.gke.io/v1/ServiceAttachment --api-versions networking.gke.io/v1beta1 --api-versions networking.gke.io/v1beta1/FrontendConfig --api-versions networking.gke.io/v1beta1/ManagedCertificate --api-versions networking.gke.io/v1beta1/ServiceAttachment --api-versions networking.gke.io/v1beta1/ServiceNetworkEndpointGroup --api-versions networking.gke.io/v1beta2 --api-versions networking.gke.io/v1beta2/ManagedCertificate --api-versions networking.k8s.io/v1 --api-versions networking.k8s.io/v1/Ingress --api-versions networking.k8s.io/v1/IngressClass --api-versions networking.k8s.io/v1/NetworkPolicy --api-versions node.k8s.io/v1 --api-versions node.k8s.io/v1/RuntimeClass --api-versions nodemanagement.gke.io/v1alpha1 --api-versions nodemanagement.gke.io/v1alpha1/UpdateInfo --api-versions operator.victoriametrics.com/v1beta1 --api-versions operator.victoriametrics.com/v1beta1/VMAgent --api-versions operator.victoriametrics.com/v1beta1/VMAlert --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanager --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanagerConfig --api-versions operator.victoriametrics.com/v1beta1/VMAuth --api-versions operator.victoriametrics.com/v1beta1/VMCluster --api-versions operator.victoriametrics.com/v1beta1/VMNodeScrape --api-versions operator.victoriametrics.com/v1beta1/VMPodScrape --api-versions operator.victoriametrics.com/v1beta1/VMProbe --api-versions operator.victoriametrics.com/v1beta1/VMRule --api-versions operator.victoriametrics.com/v1beta1/VMServiceScrape --api-versions operator.victoriametrics.com/v1beta1/VMSingle --api-versions operator.victoriametrics.com/v1beta1/VMStaticScrape --api-versions operator.victoriametrics.com/v1beta1/VMUser --api-versions policy/v1 --api-versions policy/v1/PodDisruptionBudget --api-versions rbac.authorization.k8s.io/v1 --api-versions rbac.authorization.k8s.io/v1/ClusterRole --api-versions rbac.authorization.k8s.io/v1/ClusterRoleBinding --api-versions rbac.authorization.k8s.io/v1/Role --api-versions rbac.authorization.k8s.io/v1/RoleBinding --api-versions scheduling.k8s.io/v1 --api-versions scheduling.k8s.io/v1/PriorityClass --api-versions snapshot.storage.k8s.io/v1 --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotContent --api-versions snapshot.storage.k8s.io/v1beta1 --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotContent --api-versions storage.k8s.io/v1 --api-versions storage.k8s.io/v1/CSIDriver --api-versions storage.k8s.io/v1/CSINode --api-versions storage.k8s.io/v1/CSIStorageCapacity --api-versions storage.k8s.io/v1/StorageClass --api-versions storage.k8s.io/v1/VolumeAttachment --api-versions v1 --api-versions v1/ConfigMap --api-versions v1/Endpoints --api-versions v1/Event --api-versions v1/LimitRange --api-versions v1/Namespace --api-versions v1/Node --api-versions v1/PersistentVolume --api-versions v1/PersistentVolumeClaim --api-versions v1/Pod --api-versions v1/PodTemplate --api-versions v1/ReplicationController --api-versions v1/ResourceQuota --api-versions v1/Secret --api-versions v1/Service --api-versions v1/ServiceAccount --api-versions warden.gke.io/v1 --api-versions warden.gke.io/v1/Audit --include-crds template . --name-template monitoring --kube-version 1.27 + shift + j=6 + [ 6 -lt 303 ] + _1=--values + files=secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + set -- --values secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml --api-versions admissionregistration.k8s.io/v1 --api-versions admissionregistration.k8s.io/v1/MutatingWebhookConfiguration --api-versions admissionregistration.k8s.io/v1/ValidatingWebhookConfiguration --api-versions apiextensions.k8s.io/v1 --api-versions apiextensions.k8s.io/v1/CustomResourceDefinition --api-versions apiregistration.k8s.io/v1 --api-versions apiregistration.k8s.io/v1/APIService --api-versions apps/v1 --api-versions apps/v1/ControllerRevision --api-versions apps/v1/DaemonSet --api-versions apps/v1/Deployment --api-versions apps/v1/ReplicaSet --api-versions apps/v1/StatefulSet --api-versions argoproj.io/v1alpha1 --api-versions argoproj.io/v1alpha1/AppProject --api-versions argoproj.io/v1alpha1/Application --api-versions argoproj.io/v1alpha1/ApplicationSet --api-versions auto.gke.io/v1 --api-versions auto.gke.io/v1/AllowlistedV2Workload --api-versions auto.gke.io/v1/AllowlistedWorkload --api-versions auto.gke.io/v1alpha1 --api-versions auto.gke.io/v1alpha1/AllowlistedWorkload --api-versions autoscaling.gke.io/v1beta1 --api-versions autoscaling.gke.io/v1beta1/MultidimPodAutoscaler --api-versions autoscaling.k8s.io/v1 --api-versions autoscaling.k8s.io/v1/VerticalPodAutoscaler --api-versions autoscaling.k8s.io/v1beta2 --api-versions autoscaling.k8s.io/v1beta2/VerticalPodAutoscaler --api-versions autoscaling/v1 --api-versions autoscaling/v1/HorizontalPodAutoscaler --api-versions autoscaling/v2 --api-versions autoscaling/v2/HorizontalPodAutoscaler --api-versions batch/v1 --api-versions batch/v1/CronJob --api-versions batch/v1/Job --api-versions certificates.k8s.io/v1 --api-versions certificates.k8s.io/v1/CertificateSigningRequest --api-versions cloud.google.com/v1 --api-versions cloud.google.com/v1/BackendConfig --api-versions cloud.google.com/v1beta1 --api-versions cloud.google.com/v1beta1/BackendConfig --api-versions coordination.k8s.io/v1 --api-versions coordination.k8s.io/v1/Lease --api-versions discovery.k8s.io/v1 --api-versions discovery.k8s.io/v1/EndpointSlice --api-versions events.k8s.io/v1 --api-versions events.k8s.io/v1/Event --api-versions flowcontrol.apiserver.k8s.io/v1beta2 --api-versions flowcontrol.apiserver.k8s.io/v1beta2/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta2/PriorityLevelConfiguration --api-versions flowcontrol.apiserver.k8s.io/v1beta3 --api-versions flowcontrol.apiserver.k8s.io/v1beta3/FlowSchema --api-versions flowcontrol.apiserver.k8s.io/v1beta3/PriorityLevelConfiguration --api-versions hub.gke.io/v1 --api-versions hub.gke.io/v1/Membership --api-versions internal.autoscaling.gke.io/v1 --api-versions internal.autoscaling.gke.io/v1/CapacityRequest --api-versions monitoring.googleapis.com/v1 --api-versions monitoring.googleapis.com/v1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1/ClusterRules --api-versions monitoring.googleapis.com/v1/GlobalRules --api-versions monitoring.googleapis.com/v1/OperatorConfig --api-versions monitoring.googleapis.com/v1/PodMonitoring --api-versions monitoring.googleapis.com/v1/Rules --api-versions monitoring.googleapis.com/v1alpha1 --api-versions monitoring.googleapis.com/v1alpha1/ClusterPodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/ClusterRules --api-versions monitoring.googleapis.com/v1alpha1/GlobalRules --api-versions monitoring.googleapis.com/v1alpha1/OperatorConfig --api-versions monitoring.googleapis.com/v1alpha1/PodMonitoring --api-versions monitoring.googleapis.com/v1alpha1/Rules --api-versions networking.gke.io/v1 --api-versions networking.gke.io/v1/GKENetworkParamSet --api-versions networking.gke.io/v1/ManagedCertificate --api-versions networking.gke.io/v1/Network --api-versions networking.gke.io/v1/ServiceAttachment --api-versions networking.gke.io/v1beta1 --api-versions networking.gke.io/v1beta1/FrontendConfig --api-versions networking.gke.io/v1beta1/ManagedCertificate --api-versions networking.gke.io/v1beta1/ServiceAttachment --api-versions networking.gke.io/v1beta1/ServiceNetworkEndpointGroup --api-versions networking.gke.io/v1beta2 --api-versions networking.gke.io/v1beta2/ManagedCertificate --api-versions networking.k8s.io/v1 --api-versions networking.k8s.io/v1/Ingress --api-versions networking.k8s.io/v1/IngressClass --api-versions networking.k8s.io/v1/NetworkPolicy --api-versions node.k8s.io/v1 --api-versions node.k8s.io/v1/RuntimeClass --api-versions nodemanagement.gke.io/v1alpha1 --api-versions nodemanagement.gke.io/v1alpha1/UpdateInfo --api-versions operator.victoriametrics.com/v1beta1 --api-versions operator.victoriametrics.com/v1beta1/VMAgent --api-versions operator.victoriametrics.com/v1beta1/VMAlert --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanager --api-versions operator.victoriametrics.com/v1beta1/VMAlertmanagerConfig --api-versions operator.victoriametrics.com/v1beta1/VMAuth --api-versions operator.victoriametrics.com/v1beta1/VMCluster --api-versions operator.victoriametrics.com/v1beta1/VMNodeScrape --api-versions operator.victoriametrics.com/v1beta1/VMPodScrape --api-versions operator.victoriametrics.com/v1beta1/VMProbe --api-versions operator.victoriametrics.com/v1beta1/VMRule --api-versions operator.victoriametrics.com/v1beta1/VMServiceScrape --api-versions operator.victoriametrics.com/v1beta1/VMSingle --api-versions operator.victoriametrics.com/v1beta1/VMStaticScrape --api-versions operator.victoriametrics.com/v1beta1/VMUser --api-versions policy/v1 --api-versions policy/v1/PodDisruptionBudget --api-versions rbac.authorization.k8s.io/v1 --api-versions rbac.authorization.k8s.io/v1/ClusterRole --api-versions rbac.authorization.k8s.io/v1/ClusterRoleBinding --api-versions rbac.authorization.k8s.io/v1/Role --api-versions rbac.authorization.k8s.io/v1/RoleBinding --api-versions scheduling.k8s.io/v1 --api-versions scheduling.k8s.io/v1/PriorityClass --api-versions snapshot.storage.k8s.io/v1 --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1/VolumeSnapshotContent --api-versions snapshot.storage.k8s.io/v1beta1 --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshot --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotClass --api-versions snapshot.storage.k8s.io/v1beta1/VolumeSnapshotContent --api-versions storage.k8s.io/v1 --api-versions storage.k8s.io/v1/CSIDriver --api-versions storage.k8s.io/v1/CSINode --api-versions storage.k8s.io/v1/CSIStorageCapacity --api-versions storage.k8s.io/v1/StorageClass --api-versions storage.k8s.io/v1/VolumeAttachment --api-versions v1 --api-versions v1/ConfigMap --api-versions v1/Endpoints --api-versions v1/Event --api-versions v1/LimitRange --api-versions v1/Namespace --api-versions v1/Node --api-versions v1/PersistentVolume --api-versions v1/PersistentVolumeClaim --api-versions v1/Pod --api-versions v1/PodTemplate --api-versions v1/ReplicationController --api-versions v1/ResourceQuota --api-versions v1/Secret --api-versions v1/Service --api-versions v1/ServiceAccount --api-versions warden.gke.io/v1 --api-versions warden.gke.io/v1/Audit --include-crds template . --name-template monitoring --kube-version 1.27 --values + shift + j=7 + decrypted_files= + IFS= + printf %s secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + sed -E s/([^\\]),/\1\n/g + unset IFS + double_escape_need=0 + sops_type=yaml + opt_prefix= + [ secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml != secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml ] + [ secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml != secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml ] + load_secret_backend sops + backend=sops + [ sops = ] + [ != ] + [ -f /custom-tools/helm-plugins/helm-secrets/scripts/lib/backends/sops.sh ] + SECRET_BACKEND=sops + return + _file_get secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + _file_get_protocol secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + echo custom + file_type=custom + [ custom = local ] + _file_custom_get secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + _mktemp + [ 0 -eq 0 ] + mktemp /tmp/tmp.bo8fFWWxer/XXXXXX + _tmp_file=/tmp/tmp.bo8fFWWxer/yit9Vu + _helm_winpath /custom-tools/helm-plugins/helm-secrets/scripts/lib/file/helm-values-getter + printf %s /custom-tools/helm-plugins/helm-secrets/scripts/lib/file/helm-values-getter + GETTER_CHART_PATH=/custom-tools/helm-plugins/helm-secrets/scripts/lib/file/helm-values-getter + env -u HELM_DEBUG /usr/local/bin/helm template /custom-tools/helm-plugins/helm-secrets/scripts/lib/file/helm-values-getter --set-file content=secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + SCRIPT_DIR=/custom-tools/helm-plugins/helm-secrets/scripts + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/common.sh + set -euf + uname -s + [ -f /proc/version ] + grep -qi microsoft /proc/version + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/expand_vars_strict.sh + set -euf + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/file.sh + set -euf + VALUES_ALLOW_SYMLINKS=false + VALUES_ALLOW_ABSOLUTE_PATH=true + VALUES_ALLOW_PATH_TRAVERSAL=true + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/file/local.sh + set -euf + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/file/http.sh + set -euf + URL_VARIABLE_EXPANSION=false + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/file/custom.sh + set -euf + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/backend.sh + set -euf + ALLOWED_BACKENDS= + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/backends/noop.sh + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/backends/sops.sh + _SOPS=/custom-tools/sops + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/backends/vals.sh + set -euf + _VALS=/custom-tools/vals + . /custom-tools/helm-plugins/helm-secrets/scripts/lib/http.sh + set -euf + HELM_BIN=/usr/local/bin/helm + on_cygwin + false + mktemp -d + TMPDIR=/tmp/tmp.bo8fFWWxer/tmp.chwC4ymmNV + export TMPDIR + mkdir -p /tmp/tmp.bo8fFWWxer/tmp.chwC4ymmNV + [ -n ] + QUIET=false + SECRET_BACKEND=sops + SECRET_BACKEND_ARGS= + DEC_PREFIX= + DEC_SUFFIX=.dec + DEC_DIR= + IGNORE_MISSING_VALUES=false + EVALUATE_TEMPLATES=false + EVALUATE_TEMPLATES_DECODE_SECRETS=false + DECRYPT_SECRETS_IN_TMP_DIR=true + LOAD_GPG_KEYS=false + trap _trap EXIT + trap trap - EXIT; _trap; exit 1 HUP INT QUIT TERM + load_secret_backend sops + backend=sops + [ sops = ] + [ != ] + [ -f /custom-tools/helm-plugins/helm-secrets/scripts/lib/backends/sops.sh ] + SECRET_BACKEND=sops + return + DEFAULT_SECRET_BACKEND=sops + [ false != false ] + [ -n ] + true + . /custom-tools/helm-plugins/helm-secrets/scripts/commands/downloader.sh + set -euf + ALLOW_GPG_IMPORT=true + ALLOW_GPG_IMPORT_KUBERNETES=true + ALLOW_AGE_IMPORT=true + ALLOW_AGE_IMPORT_KUBERNETES=true + KEY_LOCATION_PREFIX= + . /custom-tools/helm-plugins/helm-secrets/scripts/commands/decrypt.sh + set -euf + downloader secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + _file_url=secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + [ true != true ] + _key_and_file=helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + [ helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml != helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml ] + [ helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml != helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml ] + printf %s helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + cut -d ? -f1 + _key_path=helm-secrets-private-keys/key.txt + printf %s helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + cut -d ? -f2- + file=../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + [ helm-secrets-private-keys/key.txt = ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml ] + _key_location_allowed helm-secrets-private-keys/key.txt + true + _age_init helm-secrets-private-keys/key.txt + export SOPS_AGE_KEY_FILE=helm-secrets-private-keys/key.txt + _file_get ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + _file_get_protocol ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + echo local + file_type=local + [ local = local ] + [ false = false ] + [ -L ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml ] + [ true = false ] + [ true = false ] + _file_local_get ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + _file_local_exists ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + test -f ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + printf %s ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + encrypted_filepath=../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + decrypt_helper ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml auto stdout + encrypted_file_path=../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + type=auto + output=stdout + backend_is_file_encrypted ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + _sops_backend_is_file_encrypted ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + _sops_backend_is_encrypted + grep -q mac.*,type:str] - + [ stdout = stdout ] + encrypted_file_dec= + backend_decrypt_file auto ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + _sops_backend_decrypt_file auto ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + type=auto + input=../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + output= + [ auto = auto ] + _sops_dec_get_type ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + grep -xq sops:\s* ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + echo yaml + type=yaml + [ ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml = ] + [ = ] + _sops_winpath ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + on_cygwin + false + on_wsl + false + printf %s ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + _sops --decrypt --input-type yaml --output-type yaml ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + set -- --decrypt --input-type yaml --output-type yaml ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + /custom-tools/sops --decrypt --input-type yaml --output-type yaml ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml Failed to get the data key required to decrypt the SOPS file. Group 0: FAILED age1tj9jmuptnjemw999nmqhxlrcuxl66nps4a2y8rz8kfxlfn44lunqvzh7df: FAILED - | failed to load age identities: failed to open | SOPS_AGE_KEY_FILE file: open | helm-secrets-private-keys/key.txt: no such file or directory Recovery failed because no master key was able to decrypt the file. In order for SOPS to recover the file, at least one key has to be successful, but none were. + [ = ] + [ != stdout ] + _file_dec_name ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + basename ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + _basename=secrets.enc.yaml + [ != ] + [ true = true ] + printf %s/%s%s%s /tmp/tmp.bo8fFWWxer/tmp.chwC4ymmNV secrets.enc.yaml .dec + rm -rf /tmp/tmp.bo8fFWWxer/tmp.chwC4ymmNV/secrets.enc.yaml.dec + fatal Error while decrypting file: %s ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + error Error while decrypting file: %s ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + log Error while decrypting file: %s ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + [ 2 -le 1 ] + format=Error while decrypting file: %s + shift + printf [helm-secrets] Error while decrypting file: %s\n ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml [helm-secrets] Error while decrypting file: ../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + exit 1 + _trap + command -v _trap_hook + [ -n ] + rm -rf /tmp/tmp.bo8fFWWxer/tmp.chwC4ymmNV Error: failed parsing --set-file data: plugin "scripts/run.sh downloader" exited with error + CONTENT= + fatal helm template command errored on value '%s' secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + error helm template command errored on value '%s' secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + log helm template command errored on value '%s' secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + [ 2 -le 1 ] + format=helm template command errored on value '%s' + shift + printf [helm-secrets] helm template command errored on value '%s'\n secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml [helm-secrets] helm template command errored on value 'secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml' + exit 1 + real_file= + [ false = true ] + fatal File does not exist: %s secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + error File does not exist: %s secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + log File does not exist: %s secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + [ 2 -le 1 ] + format=File does not exist: %s + shift + printf [helm-secrets] File does not exist: %s\n secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml [helm-secrets] File does not exist: secrets+age-import://helm-secrets-private-keys/key.txt?../../../../live/laku6-145607/asia-southeast1/staging-main/essentials/monitoring/secrets.enc.yaml + exit 1 + _trap + command -v _trap_hook + _trap_hook + [ -s /tmp/tmp.bo8fFWWxer/rCROye ] + [ -n ] + rm -rf /tmp/tmp.bo8fFWWxer Error: plugin "secrets" exited with error

2023-10-13_21-43-03

I can assure that the relative path from the git hosted chart to the secrets.yaml already correct.

and this is the updated helm values (partial) : 

repoServer:
...
  env:
    - name: HELM_PLUGINS
      value: /custom-tools/helm-plugins/
    - name: HELM_SECRETS_CURL_PATH
      value: /custom-tools/curl
    - name: HELM_SECRETS_SOPS_PATH
      value: /custom-tools/sops
    - name: HELM_SECRETS_VALS_PATH
      value: /custom-tools/vals
    - name: HELM_SECRETS_KUBECTL_PATH
      value: /custom-tools/kubectl
    - name: HELM_SECRETS_BACKEND
      value: sops
    - name: HELM_SECRETS_VALUES_ALLOW_SYMLINKS
      value: "false"
    - name: HELM_SECRETS_VALUES_ALLOW_ABSOLUTE_PATH
      value: "true"
    - name: HELM_SECRETS_VALUES_ALLOW_PATH_TRAVERSAL
      value: "true"
    - name: HELM_SECRETS_WRAPPER_ENABLED
      value: "true"
    - name: HELM_SECRETS_DECRYPT_SECRETS_IN_TMP_DIR
      value: "true"
    - name: HELM_SECRETS_HELM_PATH
      value: /usr/local/bin/helm
    - name: HELM_SECRETS_IGNORE_MISSING_VALUES
      value: "false"
    - name: HELM_SECRETS_DEBUG
      value: "true"
  volumes:
    - name: custom-tools
      emptyDir: {}
    - name: helm-secrets-private-keys
      secret:
        secretName: helm-secrets-private-keys
  volumeMounts:
    - mountPath: /custom-tools
      name: custom-tools
    - mountPath: /usr/local/sbin/helm
      subPath: helm
      name: custom-tools
    - mountPath: /usr/local/bin/kustomize
      name: custom-tools
      subPath: kustomize
    - mountPath: /usr/local/bin/ksops
      name: custom-tools
      subPath: ksops
    - mountPath: /helm-secrets-private-keys/
      name: helm-secrets-private-keys
...
jkroepke commented 1 year ago

to read the output with HELM_SECRETS_DEBUG=true search for + and replace with with \n +. Then you find this error:

Failed to get the data key required to decrypt the SOPS file. Group 0: FAILED age1tj9jmuptnjemw999nmqhxlrcuxl66nps4a2y8rz8kfxlfn44lunqvzh7df: FAILED - | failed to load age identities: failed to open | SOPS_AGE_KEY_FILE file: open | helm-secrets-private-keys/key.txt: no such file or directory Recovery failed because no master key was able to decrypt the file. In order for SOPS to recover the file, at least one key has to be successful, but none were.

Instead secrets+age-import://helm-secrets-private-keys/key.txt? , try secrets+age-import:///helm-secrets-private-keys/key.txt?

kholisrag commented 1 year ago

sorry, late update

Instead secrets+age-import://helm-secrets-private-keys/key.txt? , try secrets+age-import:///helm-secrets-private-keys/key.txt? my secrets using key.txt tho,

anyway Solved tho...

I do hard refresh with argocd helm chart config below

repoServer:
  pdb:
    enabled: true
  serviceAccount:
    create: true
    name: "argocd-repo-server"
  rbac:
    - apiGroups:
        - ""
      resources:
        - secrets
      verbs:
        - get
  env:
    - name: HELM_PLUGINS
      value: /custom-tools/helm-plugins/
    - name: HELM_SECRETS_CURL_PATH
      value: /custom-tools/curl
    - name: HELM_SECRETS_SOPS_PATH
      value: /custom-tools/sops
    - name: HELM_SECRETS_VALS_PATH
      value: /custom-tools/vals
    - name: HELM_SECRETS_KUBECTL_PATH
      value: /custom-tools/kubectl
    - name: HELM_SECRETS_BACKEND
      value: sops
    - name: HELM_SECRETS_ALLOWED_BACKENDS
      value: sops
    - name: HELM_SECRETS_VALUES_ALLOW_SYMLINKS
      value: "false"
    - name: HELM_SECRETS_VALUES_ALLOW_ABSOLUTE_PATH
      value: "true"
    - name: HELM_SECRETS_VALUES_ALLOW_PATH_TRAVERSAL
      value: "true"
    - name: HELM_SECRETS_WRAPPER_ENABLED
      value: "true"
    - name: HELM_SECRETS_DECRYPT_SECRETS_IN_TMP_DIR
      value: "true"
    - name: HELM_SECRETS_HELM_PATH
      value: /usr/local/bin/helm
    - name: HELM_SECRETS_IGNORE_MISSING_VALUES
      value: "false"
    - name: HELM_SECRETS_DEBUG
      value: "true"
  volumes:
    - name: custom-tools
      emptyDir: {}
    - name: helm-secrets-private-keys
      secret:
        secretName: helm-secrets-private-keys
  volumeMounts:
    - mountPath: /custom-tools
      name: custom-tools
    - mountPath: /usr/local/sbin/helm
      subPath: helm
      name: custom-tools
    - mountPath: /usr/local/bin/kustomize
      name: custom-tools
      subPath: kustomize
    - mountPath: /usr/local/bin/ksops
      name: custom-tools
      subPath: ksops
    - mountPath: /helm-secrets-private-keys/
      name: helm-secrets-private-keys
  initContainers:
    - name: helm-secrets
      image: alpine:latest
      imagePullPolicy: IfNotPresent
      command: [sh, -ec]
      env:
        - name: HELM_SECRETS_VERSION
          value: "4.5.1"
        - name: KUBECTL_VERSION
          value: "1.27.3"
        - name: VALS_VERSION
          value: "0.28.0"
        - name: SOPS_VERSION
          value: "3.8.1"
      args:
        - |
          mkdir -pv /custom-tools/helm-plugins
          wget -qO- https://github.com/jkroepke/helm-secrets/releases/download/v$${HELM_SECRETS_VERSION}/helm-secrets.tar.gz | tar -C /custom-tools/helm-plugins -xzf-;
          wget -qO /custom-tools/curl https://github.com/moparisthebest/static-curl/releases/latest/download/curl-amd64
          wget -qO /custom-tools/sops https://github.com/getsops/sops/releases/download/v$${SOPS_VERSION}/sops-v$${SOPS_VERSION}.linux.amd64
          wget -qO /custom-tools/kubectl https://dl.k8s.io/release/v$${KUBECTL_VERSION}/bin/linux/amd64/kubectl
          wget -qO- https://github.com/helmfile/vals/releases/download/v$${VALS_VERSION}/vals_$${VALS_VERSION}_linux_amd64.tar.gz | tar -xzf- -C /custom-tools/ vals;
          cp /custom-tools/helm-plugins/helm-secrets/scripts/wrapper/helm.sh /custom-tools/helm
          chmod +x /custom-tools/*
      volumeMounts:
        - mountPath: /custom-tools
          name: custom-tools
    - name: ksops
      image: viaductoss/ksops:v4.2.3
      command: ["/bin/sh", "-c"]
      args:
        - echo "Installing KSOPS...";
          mv ksops /custom-tools/;
          mv kustomize /custom-tools/;
          echo "Done.";
      volumeMounts:
        - mountPath: /custom-tools
          name: custom-tools

and do like below in the app manifest:

spec:
  ...
      valueFiles:
        - secrets+age-import:///helm-secrets-private-keys/key.txt?../../../../live/xxxx/secrets.enc.yaml
      valuesObject:
        global:
          enabled: true
...

I guess its because of the helm chart is using git based chart, not the hosted chart, the working directory is on the helm chart instead of the Application manifest